QUIC Front End I/O API: Don't allow EPW to be enabled during AON

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod
index 4b0c4dcd17d5bf0268e0036b98a4cf1f694f1658..c0484f190fe20239730fc9ded6b4f5ca8895588d 100644 (file)
--- a/doc/man3/SSL_CTX_set_mode.pod
+++ b/doc/man3/SSL_CTX_set_mode.pod
@@ -46,6 +46,9 @@ SSL_write() returns successful, B<r> bytes have been written and the next call
 to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating
 the behaviour of write().
 
+This mode cannot be enabled while in the middle of an incomplete write
+operation.
+
 =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
 
 Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index ac78ba87f1d68647ee2ffc42ef5a95c4ab7d2d6c..e59e6d85373d4e8bd2d4d31d3f77ef3a1e2c8c16 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -492,13 +492,6 @@ int ossl_quic_shutdown(SSL *s)
 }
 
 /* SSL_ctrl */
-static void fixup_mode_change(QUIC_CONNECTION *qc)
-{
-    /* If enabling EPW mode, cancel any AON write */
-    if ((qc->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0)
-        aon_write_finish(qc);
-}
-
 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
     QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
@@ -508,12 +501,14 @@ long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
 
     switch (cmd) {
     case SSL_CTRL_MODE:
+        /* Cannot enable EPW while AON write in progress. */
+        if (qc->aon_write_in_progress)
+            larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+
         qc->ssl_mode |= (uint32_t)larg;
-        fixup_mode_change(qc);
         return qc->ssl_mode;
     case SSL_CTRL_CLEAR_MODE:
         qc->ssl_mode &= ~(uint32_t)larg;
-        fixup_mode_change(qc);
         return qc->ssl_mode;
     default:
         return 0;