/* Sets if incoming connections should currently be allowed. */
void ossl_quic_port_set_allow_incoming(QUIC_PORT *port, int allow_incoming);
-/* Sets flag to indicate we are using SSL_listen_ex to get connections */
-void ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff);
-
-int ossl_quic_port_get_using_peeloff(QUIC_PORT *port);
+#define PEELOFF_LISTEN -1
+#define PEELOFF_ACCEPT 1
+#define PEELOFF_UNSET 0
+/*
+ * Sets flag to indicate we are using SSL_listen_ex to get connections
+ * returns 1 if set was successful, or 0 if the set fails
+ */
+int ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff);
/* Returns 1 if we are using addressed mode on the read side. */
int ossl_quic_port_is_addressed_r(const QUIC_PORT *port);
{
SSL_free(ch->tls);
ch->tls = ssl;
+#ifndef OPENSSL_NO_QLOG
+ /*
+ * If we're using qlog, make sure the tls get further configured properly
+ */
+ ch->use_qlog = 1;
+ if (ch->tls->ctx->qlog_title != NULL)
+ ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title);
+#endif
+
}
static void free_buf_mem(unsigned char *buf, size_t buf_len, void *arg)
return -1;
qctx_lock_for_io(&lctx);
- if (ossl_quic_port_get_using_peeloff(lctx.ql->port) == -1) {
+
+ if (!ossl_quic_port_set_using_peeloff(lctx.ql->port, PEELOFF_LISTEN)) {
QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
"This listener is using SSL_accept_connection");
ret = -1;
goto out;
}
-
- ossl_quic_port_set_using_peeloff(lctx.ql->port, 1);
+
new_ch = ossl_quic_port_pop_incoming(lctx.ql->port);
if (new_ch != NULL) {
qc = cctx.qc;
if (!ql_listen(ctx.ql))
goto out;
- if (ossl_quic_port_get_using_peeloff(ctx.ql->port) == 1) {
+ if (!ossl_quic_port_set_using_peeloff(ctx.ql->port, PEELOFF_ACCEPT)) {
QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
- "This listener is using SSL_accept_ex");
+ "This listener is using SSL_listen_ex");
goto out;
+
}
- ossl_quic_port_set_using_peeloff(ctx.ql->port, -1);
-
/* Wait for an incoming connection if needed. */
new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
if (tls != NULL) {
ch->tls = tls;
} else {
- if (ossl_quic_port_get_using_peeloff(port) <= 0) {
- ossl_quic_port_set_using_peeloff(port, -1);
+ if (ossl_quic_port_set_using_peeloff(port, PEELOFF_ACCEPT)) {
/*
* We're using the normal SSL_accept_connection_path
*/
ch->tls = port_new_handshake_layer(port, ch);
} else {
/*
- * We're deferring user ssl creation until SSL_accept_ex is called
+ * We're deferring user ssl creation until SSL_listen_ex is called
*/
ch->tls = NULL;
}
* If we're using qlog, make sure the tls get further configured properly
*/
ch->use_qlog = 1;
- if (ch->tls && ch->tls->ctx->qlog_title != NULL) {
+ if (ch->tls != NULL && ch->tls->ctx->qlog_title != NULL) {
if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
OPENSSL_free(ch);
return NULL;
port->allow_incoming = allow_incoming;
}
-void ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff)
+int ossl_quic_port_set_using_peeloff(QUIC_PORT *port, int using_peeloff)
{
- port->using_peeloff = using_peeloff;
-}
-int ossl_quic_port_get_using_peeloff(QUIC_PORT *port)
-{
- return port->using_peeloff;
+ /*
+ * Peeloff state must be one of PEELOFF_LISTEN or PEELOFF_ACCEPT
+ */
+ if (using_peeloff != PEELOFF_LISTEN && using_peeloff != PEELOFF_ACCEPT)
+ return 0;
+
+ /*
+ * We can only set the peeloff state if its not already been set
+ * or if we're setting it to the already set value
+ * i.e. this is a trapdoor, once we set using_peeloff to LISTEN or ACCEPT
+ * Then the only thing we can set that port too in the future is the same value.
+ */
+ if (port->using_peeloff != using_peeloff && port->using_peeloff != PEELOFF_UNSET)
+ return 0;
+ port->using_peeloff = using_peeloff;
+ return 1;
}
/*
unsigned int bio_changed : 1;
/* Are we using SSL_listen_ex to peeloff connections */
- unsigned int using_peeloff;
+ int using_peeloff;
/* AES-256 GCM context for token encryption */
EVP_CIPHER_CTX *token_ctx;
projects / thirdparty / openssl.git / commitdiff
