From: Neil Horman Date: Fri, 10 Jan 2025 17:20:40 +0000 (-0500) Subject: rename new_pending_ssl to new_pending_conn X-Git-Tag: openssl-3.5.0-alpha1~263 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7502df20bcc4fab6d292b54a7674356448a94d55;p=thirdparty%2Fopenssl.git rename new_pending_ssl to new_pending_conn Make it clear its only announcing connections, not streams Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/26361) --- diff --git a/doc/build.info b/doc/build.info index 1ddd7085078..4a4cf94b437 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2383,10 +2383,10 @@ DEPEND[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.po GENERATE[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.pod DEPEND[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod GENERATE[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod -DEPEND[html/man3/SSL_CTX_set_new_pending_ssl_cb.html]=man3/SSL_CTX_set_new_pending_ssl_cb.pod -GENERATE[html/man3/SSL_CTX_set_new_pending_ssl_cb.html]=man3/SSL_CTX_set_new_pending_ssl_cb.pod -DEPEND[man/man3/SSL_CTX_set_new_pending_ssl_cb.3]=man3/SSL_CTX_set_new_pending_ssl_cb.pod -GENERATE[man/man3/SSL_CTX_set_new_pending_ssl_cb.3]=man3/SSL_CTX_set_new_pending_ssl_cb.pod +DEPEND[html/man3/SSL_CTX_set_new_pending_conn_cb.html]=man3/SSL_CTX_set_new_pending_conn_cb.pod +GENERATE[html/man3/SSL_CTX_set_new_pending_conn_cb.html]=man3/SSL_CTX_set_new_pending_conn_cb.pod +DEPEND[man/man3/SSL_CTX_set_new_pending_conn_cb.3]=man3/SSL_CTX_set_new_pending_conn_cb.pod +GENERATE[man/man3/SSL_CTX_set_new_pending_conn_cb.3]=man3/SSL_CTX_set_new_pending_conn_cb.pod DEPEND[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod GENERATE[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod DEPEND[man/man3/SSL_CTX_set_num_tickets.3]=man3/SSL_CTX_set_num_tickets.pod @@ -3641,7 +3641,7 @@ html/man3/SSL_CTX_set_max_cert_list.html \ html/man3/SSL_CTX_set_min_proto_version.html \ html/man3/SSL_CTX_set_mode.html \ html/man3/SSL_CTX_set_msg_callback.html \ -html/man3/SSL_CTX_set_new_pending_ssl_cb.html \ +html/man3/SSL_CTX_set_new_pending_conn_cb.html \ html/man3/SSL_CTX_set_num_tickets.html \ html/man3/SSL_CTX_set_options.html \ html/man3/SSL_CTX_set_psk_client_callback.html \ @@ -4313,7 +4313,7 @@ man/man3/SSL_CTX_set_max_cert_list.3 \ man/man3/SSL_CTX_set_min_proto_version.3 \ man/man3/SSL_CTX_set_mode.3 \ man/man3/SSL_CTX_set_msg_callback.3 \ -man/man3/SSL_CTX_set_new_pending_ssl_cb.3 \ +man/man3/SSL_CTX_set_new_pending_conn_cb.3 \ man/man3/SSL_CTX_set_num_tickets.3 \ man/man3/SSL_CTX_set_options.3 \ man/man3/SSL_CTX_set_psk_client_callback.3 \ diff --git a/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod new file mode 100644 index 00000000000..a50b3029843 --- /dev/null +++ b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +SSL_CTX_set_new_pending_conn_cb, SSL_set_new_pending_conn_cb_fn - callback function to report creation of QUIC connection SSL objects + +=head1 SYNOPSIS + + typedef int (*SSL_set_new_pending_conn_cb_fn)(SSL_CTX *c, SSL *new_ssl, + void *arg); + void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, + SSL_set_new_pending_conn_cb_fn *f, + void *arg); + +=head1 DESCRIPTION + +SSL_CTX_set_new_pending_conn_cb() sets the new_pending_conn callback function and +associated application data argument I. When using the QUIC transport, TLS +handshake processing may occur independently from the thread which accepts the +connection that the handshake is establishing. As such, B objects +representing the connection may be allocated and initialized prior to a call to +SSL_accept_connection(). This registered callback may be used to decorate the +preallocated B object or create other associations with its parent +B prior to a call to SSL_accept_connection(). + +=head1 RETURN VALUES + +SSL_CTX_set_new_pending_conn_cb() returns no value. + +SSL_set_new_pending_conn_cb_fn() returns an integer value. A return value of +0 indicates that the QUIC stack must discard this newly created B object, +implying that the associated new connection will not be available for handling +on a subsequent call to SSL_accept_connection(). A nonzero return +value is treated as success, allowing the new connection to be enqueued to the +accept queue. + +=head1 HISTORY + +SSL_CTX_set_new_pending_conn_cb() was added in OpenSSL 3.5 + +=head1 COPYRIGHT + +Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/SSL_CTX_set_new_pending_ssl_cb.pod b/doc/man3/SSL_CTX_set_new_pending_ssl_cb.pod deleted file mode 100644 index e4433ed2e9c..00000000000 --- a/doc/man3/SSL_CTX_set_new_pending_ssl_cb.pod +++ /dev/null @@ -1,48 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_new_pending_ssl_cb - callback function to report creation of QUIC connection SSL objects - -=head1 SYNOPSIS - - typedef int (*SSL_set_new_pending_ssl_cb_fn)(SSL_CTX *c, SSL *new_ssl, - void *arg); - void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c, - SSL_set_new_pending_ssl_cb_fn *f, - void *arg); - -=head1 DESCRIPTION - -SSL_CTX_set_new_pending_ssl_cb() sets the new_pending_ssl callback function and -associated application data argument I. When using the QUIC transport, TLS -handshake processing may occur independently from the thread which accepts the -connection that the handshake is establishing. As such, B objects -representing the connection may be allocated and initialized prior to a call to -SSL_accept_connection(). - -=head1 RETURN VALUES - -SSL_CTX_set_new_pending_ssl_cb() returns no value. - -SSL_set_new_pending_ssl_cb_fn() must return an integer value. A return value of -0 indicates that the QUIC stack should discard this newly created B object, -implying that the associated new connection will not be available for handling -on a subsequent call to SSL_accept_connection(). Any other non-zero return -value is treated as success, allowing the new connection to be enqueued to the -accept queue. - -=head1 HISTORY - -SSL_CTX_set_new_pending_ssl_cb() was added in OpenSSL 3.5.0 - -=head1 COPYRIGHT - -Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 839d49370b4..c62b9497730 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1907,10 +1907,10 @@ OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, void *arg); -typedef int (*SSL_new_pending_ssl_cb_fn) (SSL_CTX *ctx, SSL *new_ssl, +typedef int (*SSL_new_pending_conn_cb_fn) (SSL_CTX *ctx, SSL *new_ssl, void *arg); -void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c, SSL_new_pending_ssl_cb_fn cb, - void *arg); +void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb, + void *arg); int SSL_client_hello_isv2(SSL *s); unsigned int SSL_client_hello_get0_legacy_version(SSL *s); diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index 8ade740af34..36877ab8063 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -472,12 +472,12 @@ static SSL *port_new_handshake_layer(QUIC_PORT *port, QUIC_CHANNEL *ch) if (qc != NULL) qc->tls = tls; - if (ql != NULL && ql->obj.ssl.ctx->new_pending_ssl_cb != NULL) - if (!ql->obj.ssl.ctx->new_pending_ssl_cb(ql->obj.ssl.ctx, user_ssl, - ql->obj.ssl.ctx->new_pending_ssl_arg)) { + if (ql != NULL && ql->obj.ssl.ctx->new_pending_conn_cb != NULL) + if (!ql->obj.ssl.ctx->new_pending_conn_cb(ql->obj.ssl.ctx, user_ssl, + ql->obj.ssl.ctx->new_pending_conn_arg)) { SSL_free(tls); return NULL; - } + } /* Override the user_ssl of the inner connection. */ tls_conn->s3.flags |= TLS1_FLAGS_QUIC; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a09c1911138..3dd8376d6d6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -6685,11 +6685,11 @@ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, c->client_hello_cb_arg = arg; } -void SSL_CTX_set_new_pending_ssl_cb(SSL_CTX *c, SSL_new_pending_ssl_cb_fn cb, - void *arg) +void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb, + void *arg) { - c->new_pending_ssl_cb = cb; - c->new_pending_ssl_arg = arg; + c->new_pending_conn_cb = cb; + c->new_pending_conn_arg = arg; } int SSL_client_hello_isv2(SSL *s) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 2a96198d78a..7cf82e717a6 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -990,8 +990,8 @@ struct ssl_ctx_st { void *client_hello_cb_arg; /* Callback to announce new pending ssl objects in the accept queue */ - SSL_new_pending_ssl_cb_fn new_pending_ssl_cb; - void *new_pending_ssl_arg; + SSL_new_pending_conn_cb_fn new_pending_conn_cb; + void *new_pending_conn_arg; /* TLS extensions. */ struct { diff --git a/test/radix/quic_ops.c b/test/radix/quic_ops.c index 0b7647dd018..5f7b1406805 100644 --- a/test/radix/quic_ops.c +++ b/test/radix/quic_ops.c @@ -204,7 +204,7 @@ DEF_FUNC(hf_new_ssl) goto err; } else if (is_server) { - SSL_CTX_set_new_pending_ssl_cb(ctx, new_pending_cb, NULL); + SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL); SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL); check_pending_match = 1; if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0))) diff --git a/util/other.syms b/util/other.syms index f619a5501dd..546173d0456 100644 --- a/util/other.syms +++ b/util/other.syms @@ -118,6 +118,7 @@ SSL_psk_client_cb_func datatype SSL_psk_find_session_cb_func datatype SSL_psk_server_cb_func datatype SSL_psk_use_session_cb_func datatype +SSL_set_new_pending_conn_cb_fn datatype SSL_verify_cb datatype UI datatype UI_METHOD datatype