From: Hugo Landau Date: Thu, 15 Dec 2022 06:42:43 +0000 (+0000) Subject: QUIC Front End I/O API: Don't allow EPW to be enabled during AON X-Git-Tag: openssl-3.2.0-alpha1~1474 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfc227bd245c356aea11dfdec9fe0f3d66bca16e;p=thirdparty%2Fopenssl.git QUIC Front End I/O API: Don't allow EPW to be enabled during AON Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19703) --- diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 4b0c4dcd17d..c0484f190fe 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -46,6 +46,9 @@ SSL_write() returns successful, B bytes have been written and the next call to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating the behaviour of write(). +This mode cannot be enabled while in the middle of an incomplete write +operation. + =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index ac78ba87f1d..e59e6d85373 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -492,13 +492,6 @@ int ossl_quic_shutdown(SSL *s) } /* SSL_ctrl */ -static void fixup_mode_change(QUIC_CONNECTION *qc) -{ - /* If enabling EPW mode, cancel any AON write */ - if ((qc->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) - aon_write_finish(qc); -} - long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) { QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); @@ -508,12 +501,14 @@ long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_MODE: + /* Cannot enable EPW while AON write in progress. */ + if (qc->aon_write_in_progress) + larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; + qc->ssl_mode |= (uint32_t)larg; - fixup_mode_change(qc); return qc->ssl_mode; case SSL_CTRL_CLEAR_MODE: qc->ssl_mode &= ~(uint32_t)larg; - fixup_mode_change(qc); return qc->ssl_mode; default: return 0;