From dfc227bd245c356aea11dfdec9fe0f3d66bca16e Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Thu, 15 Dec 2022 06:42:43 +0000 Subject: [PATCH] QUIC Front End I/O API: Don't allow EPW to be enabled during AON Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19703) --- doc/man3/SSL_CTX_set_mode.pod | 3 +++ ssl/quic/quic_impl.c | 13 ++++--------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 4b0c4dcd17d..c0484f190fe 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -46,6 +46,9 @@ SSL_write() returns successful, B bytes have been written and the next call to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating the behaviour of write(). +This mode cannot be enabled while in the middle of an incomplete write +operation. + =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index ac78ba87f1d..e59e6d85373 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -492,13 +492,6 @@ int ossl_quic_shutdown(SSL *s) } /* SSL_ctrl */ -static void fixup_mode_change(QUIC_CONNECTION *qc) -{ - /* If enabling EPW mode, cancel any AON write */ - if ((qc->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) - aon_write_finish(qc); -} - long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) { QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); @@ -508,12 +501,14 @@ long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_MODE: + /* Cannot enable EPW while AON write in progress. */ + if (qc->aon_write_in_progress) + larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; + qc->ssl_mode |= (uint32_t)larg; - fixup_mode_change(qc); return qc->ssl_mode; case SSL_CTRL_CLEAR_MODE: qc->ssl_mode &= ~(uint32_t)larg; - fixup_mode_change(qc); return qc->ssl_mode; default: return 0; -- 2.47.2