From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 24 Jan 2023 10:34:00 +0000 (+0000)
Subject: QUIC FIN Support: Various fixes
X-Git-Tag: openssl-3.2.0-alpha1~1370
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d40b151e252490e2187235d50228119c2b6f6d5;p=thirdparty%2Fopenssl.git

QUIC FIN Support: Various fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)
---

diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod
index f60f427bf6f..08864364cc6 100644
--- a/doc/man3/SSL_shutdown.pod
+++ b/doc/man3/SSL_shutdown.pod
@@ -99,8 +99,8 @@ For more information see L<SSL_CTX_set_options(3)>.
 
 SSL_shutdown_ex() is an extended version of SSL_shutdown(). If non-NULL, I<args>
 must point to a B<SSL_SHUTDOWN_EX_ARGS> structure and I<args_len> must be set to
-I<sizeof(SSL_SHUTDOWN_EX_ARGS)>. The B<SSL_SHUTDOWN_EX_ARGS> structure must be
-zero-initialized. If B<args> is NULL, the behaviour is the same as passing a
+C<sizeof(SSL_SHUTDOWN_EX_ARGS)>. The B<SSL_SHUTDOWN_EX_ARGS> structure must be
+zero-initialized. If I<args> is NULL, the behaviour is the same as passing a
 zero-initialised B<SSL_SHUTDOWN_EX_ARGS> structure. When used with a non-QUIC
 SSL object, the arguments are ignored and the call functions identically to
 SSL_shutdown().
@@ -124,7 +124,7 @@ call to SSL_shutdown_ex() for a given QUIC connection SSL object.
 
 When using QUIC, how an application uses SSL_shutdown() or SSL_shutdown_ex() has
 implications for whether QUIC closes a connection in an RFC-compliant manner.
-For discussion these issues, and for discussion of the I<flags> argument, see
+For discussion of these issues, and for discussion of the I<flags> argument, see
 B<QUIC-SPECIFIC SHUTDOWN CONSIDERATIONS> below.
 
 =head2 First to close the connection
@@ -172,10 +172,10 @@ shutdown process is considered complete. An exception to this is streams which
 terminated in a non-normal fashion, for example due to a stream reset; only
 streams which are non-terminated or which terminated in a normal fashion have
 their pending send buffers flushed in this manner. This behaviour can be skipped
-by setting the B<SSL_SHUTDOWN_FLAG_IMMEDIATE> flag; in this case, data remaining
-in stream send buffers may not be transmitted to the peer. This flag may be used
-when a non-normal application condition has occurred and the delivery of data
-written to streams via L<SSL_write(3)> is no longer relevant.
+by setting the B<SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH> flag; in this case, data
+remaining in stream send buffers may not be transmitted to the peer. This flag
+may be used when a non-normal application condition has occurred and the
+delivery of data written to streams via L<SSL_write(3)> is no longer relevant.
 
 Aspects of how QUIC handles connection closure must be taken into account by
 applications. Ordinarily, QUIC expects a connection to continue to be serviced
@@ -207,7 +207,7 @@ down.
 =item Rapid shutdown mode
 
 In this mode, the peer is notified of connection closure on a best effort basis
-by sending a single QUIC packet. If that QUIC packet i slost, the peer will not
+by sending a single QUIC packet. If that QUIC packet is lost, the peer will not
 know that the connection has terminated until the negotiated idle timeout (if
 any) expires.
 
@@ -269,6 +269,10 @@ L<SSL_CTX_set_quiet_shutdown(3)>, L<SSL_CTX_set_options(3)>
 L<SSL_clear(3)>, L<SSL_free(3)>,
 L<ssl(7)>, L<bio(7)>
 
+=head1 HISTORY
+
+The SSL_shutdown_ex() function was added in OpenSSL 3.2.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/SSL_stream_conclude.pod b/doc/man3/SSL_stream_conclude.pod
index 88294a87593..a4da6ef1f78 100644
--- a/doc/man3/SSL_stream_conclude.pod
+++ b/doc/man3/SSL_stream_conclude.pod
@@ -27,7 +27,7 @@ When calling this on a stream, the receive part of the stream remains
 unaffected, and the peer may continue to send data until it also signals the end
 of the stream. Thus, SSL_read() can still be used.
 
-B<flags> is reserved and should be set to 0.
+I<flags> is reserved and should be set to 0.
 
 Only the first call to this function has any effect for a given stream;
 subsequent calls are no-ops. This is considered a success case.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index a8a28e26e78..b669cec8883 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -2263,8 +2263,8 @@ typedef struct ssl_shutdown_ex_args_st {
     const char  *quic_reason;
 } SSL_SHUTDOWN_EX_ARGS;
 
-#define SSL_SHUTDOWN_FLAG_RAPID         (1U << 0)
-#define SSL_SHUTDOWN_FLAG_IMMEDIATE     (1U << 1)
+#define SSL_SHUTDOWN_FLAG_RAPID             (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH   (1U << 1)
 
 __owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
                            const SSL_SHUTDOWN_EX_ARGS *args,
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 8fe55758131..5448e32e73f 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -504,7 +504,7 @@ int ossl_quic_conn_shutdown(QUIC_CONNECTION *qc, uint64_t flags,
     ossl_quic_channel_local_close(qc->ch,
                                   args != NULL ? args->quic_error_code : 0);
 
-    /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_IMMEDIATE */
+    /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
 
     if (ossl_quic_channel_is_terminated(qc->ch))
         return 1;
@@ -757,7 +757,6 @@ int ossl_quic_accept(SSL *s)
  *   (BIO/)SSL_write            => ossl_quic_write
  *         SSL_pending          => ossl_quic_pending
  *         SSL_stream_conclude  => ossl_quic_conn_stream_conclude
- *
  */
 
 /* SSL_get_error */