From: Hugo Landau Date: Thu, 15 Feb 2024 09:14:41 +0000 (+0000) Subject: QUIC: Define error code for stateless reset X-Git-Tag: openssl-3.3.0-alpha1~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f02bbd5a6e7157faefb944ac5f11e0f6b024740;p=thirdparty%2Fopenssl.git QUIC: Define error code for stateless reset Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/23598) --- diff --git a/doc/man3/SSL_get_conn_close_info.pod b/doc/man3/SSL_get_conn_close_info.pod index bb5bc72b7a6..badb3bf7a64 100644 --- a/doc/man3/SSL_get_conn_close_info.pod +++ b/doc/man3/SSL_get_conn_close_info.pod @@ -23,7 +23,8 @@ OSSL_QUIC_ERR_AEAD_LIMIT_REACHED, OSSL_QUIC_ERR_NO_VIABLE_PATH, OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN, OSSL_QUIC_ERR_CRYPTO_ERR_END, -OSSL_QUIC_ERR_CRYPTO_ERR +OSSL_QUIC_ERR_CRYPTO_ERR, +OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT - get information about why a QUIC connection was closed =head1 SYNOPSIS @@ -67,6 +68,8 @@ OSSL_QUIC_ERR_CRYPTO_ERR #define OSSL_QUIC_ERR_CRYPTO_ERR(X) + #define OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT + =head1 DESCRIPTION The SSL_get_conn_close_info() function provides information about why and how a @@ -124,6 +127,29 @@ by the local or remote application. =back +The B macro definitions provide the QUIC transport error codes as +defined by RFC 9000. The OSSL_QUIC_ERR_CRYPTO_ERR() macro can be used to convert +a TLS alert code into a QUIC transport error code by mapping it into the range +reserved for such codes by RFC 9000. This range begins at +B and ends at B +inclusive. + +=head1 NON-STANDARD TRANSPORT ERROR CODES + +Some conditions which can cause QUIC connection termination are not signalled on +the wire and therefore do not have standard error codes. OpenSSL indicates these +errors via SSL_get_conn_close_info() by setting B +and using one of the following error values. These codes are specific to +OpenSSL, and cannot be sent over the wire, as they are above 2**62. + +=over 4 + +=item B + +The connection was terminated immediately due to the idle timeout expiring. + +=back + =head1 RETURN VALUES SSL_get_conn_close_info() returns 1 on success and 0 on failure. This function diff --git a/include/openssl/quic.h b/include/openssl/quic.h index 853b944316e..f66d6432618 100644 --- a/include/openssl/quic.h +++ b/include/openssl/quic.h @@ -58,6 +58,10 @@ __owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void); # define OSSL_QUIC_ERR_CRYPTO_ERR(X) \ (OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN + (X)) +/* Local errors. */ +# define OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT \ + ((uint64_t)0xFFFFFFFFFFFFFFFFULL) + # ifdef __cplusplus } # endif diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 9bab5d005b5..5bc08fad915 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -3325,7 +3325,7 @@ static void ch_on_idle_timeout(QUIC_CHANNEL *ch) * TERMINATED anyway. */ ch->terminate_cause.app = 0; - ch->terminate_cause.error_code = UINT64_MAX; + ch->terminate_cause.error_code = OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT; ch->terminate_cause.frame_type = 0; ch_record_state_transition(ch, QUIC_CHANNEL_STATE_TERMINATED); diff --git a/util/other.syms b/util/other.syms index b12aba44e66..e8a813c9bb0 100644 --- a/util/other.syms +++ b/util/other.syms @@ -510,6 +510,7 @@ OSSL_QUIC_ERR_NO_VIABLE_PATH define OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN define OSSL_QUIC_ERR_CRYPTO_ERR_END define OSSL_QUIC_ERR_CRYPTO_ERR define +OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT define PEM_FLAG_EAY_COMPATIBLE define PEM_FLAG_ONLY_B64 define PEM_FLAG_SECURE define