Add flag to determine how quic accepts connections

The flag defaults to 0 (unknown), and gets set to
1 (using SSL_accept_ex), or -1 (using SSL_accpet_connection)

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27397)

diff --git a/include/internal/quic_port.h b/include/internal/quic_port.h
index 6a4dde81da9be2c2a5a971281a6a691c2bc8b1d2..bf8edda1ae87565475af5fde288a4e2a075ae23a 100644 (file)
--- a/include/internal/quic_port.h
+++ b/include/internal/quic_port.h
@@ -159,6 +159,11 @@ size_t ossl_quic_port_get_num_incoming_channels(const QUIC_PORT *port);
 /* Sets if incoming connections should currently be allowed. */
 void ossl_quic_port_set_allow_incoming(QUIC_PORT *port, int allow_incoming);
 
+/* Sets flag to indicate we are using SSL_listen_ex to get connections */
+void ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff);
+
+int ossl_quic_port_get_using_peeloff(QUIC_PORT *port);
+
 /* Returns 1 if we are using addressed mode on the read side. */
 int ossl_quic_port_is_addressed_r(const QUIC_PORT *port);
 

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 51cabf3fd9014e656534d7fbdf268be52e8f78dc..c141fa705274c5d9c9ec7db389c18145010ed6cb 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4643,12 +4643,21 @@ int ossl_quic_peeloff_conn(SSL *listener, SSL *new_conn)
         return 0;
 
     qctx_lock_for_io(&lctx);
+    if (ossl_quic_port_get_using_peeloff(lctx.ql->port) == -1) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+                                    "This listener is using SSL_accept_connection");
+        ret = -1;
+        goto out;
+    }
+
+    ossl_quic_port_set_using_peeloff(lctx.ql->port, 1);
     new_ch = ossl_quic_port_pop_incoming(lctx.ql->port);
     if (new_ch != NULL) {
         /*
          * Do our cloning work here
          */
     }
+out:
     qctx_unlock(&lctx);
     return ret;
 }
@@ -4689,6 +4698,14 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     if (!ql_listen(ctx.ql))
         goto out;
 
+    if (ossl_quic_get_using_peeloff(ctx.ql->port) == 1) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+                                    "This listener is using SSL_accept_ex");
+        goto out; 
+    }
+    
+    ossl_quic_set_using_peeloff(ctx.ql->port, -1);
+
     /* Wait for an incoming connection if needed. */
     new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
     if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 1fc05092137672b3be4d4cae67f16b0eb7e020a4..8264699f872bba370b89e636ac8111f006833970 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -648,6 +648,16 @@ void ossl_quic_port_set_allow_incoming(QUIC_PORT *port, int allow_incoming)
     port->allow_incoming = allow_incoming;
 }
 
+void ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff)
+{
+    port->using_peeloff = using_peeloff;
+}
+
+int ossl_quic_port_get_using_peeloff(QUIC_PORT *port)
+{
+    return port->using_peeloff;
+}
+
 /*
  * QUIC Port: Ticker-Mutator
  * =========================

diff --git a/ssl/quic/quic_port_local.h b/ssl/quic/quic_port_local.h
index e36272a94d6119a64578f0d7ea10ff1655531d6e..39a9094e2cf7005063fa9c8701152f2e97c621df 100644 (file)
--- a/ssl/quic/quic_port_local.h
+++ b/ssl/quic/quic_port_local.h
@@ -114,6 +114,9 @@ struct quic_port_st {
     /* Has the BIO been changed since we last updated reactor pollability? */
     unsigned int                    bio_changed                     : 1;
 
+    /* Are we using SSL_listen_ex to peeloff connections */
+    unsigned int                    using_peeloff;
+
     /* AES-256 GCM context for token encryption */
     EVP_CIPHER_CTX *token_ctx;
 };