From: Hugo Landau <hlandau@openssl.org>
Date: Wed, 30 Aug 2023 12:09:13 +0000 (+0100)
Subject: QUIC APL: Allow stream origin to be queried
X-Git-Tag: openssl-3.2.0-alpha1~57
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d2e9e12b23fe331b71abe8c201f2610266090dde;p=thirdparty%2Fopenssl.git

QUIC APL: Allow stream origin to be queried

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
---

diff --git a/doc/man3/SSL_get_stream_id.pod b/doc/man3/SSL_get_stream_id.pod
index 86ec2d96218..42ee08c814d 100644
--- a/doc/man3/SSL_get_stream_id.pod
+++ b/doc/man3/SSL_get_stream_id.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 SSL_get_stream_id, SSL_get_stream_type, SSL_STREAM_TYPE_NONE,
-SSL_STREAM_TYPE_READ, SSL_STREAM_TYPE_WRITE, SSL_STREAM_TYPE_BIDI - get QUIC
-stream ID and stream type information
+SSL_STREAM_TYPE_READ, SSL_STREAM_TYPE_WRITE, SSL_STREAM_TYPE_BIDI,
+SSL_is_stream_local - get QUIC stream ID and stream type information
 
 =head1 SYNOPSIS
 
@@ -18,6 +18,8 @@ stream ID and stream type information
  #define SSL_STREAM_TYPE_WRITE
  int SSL_get_stream_type(SSL *ssl);
 
+ int SSL_is_stream_local(SSL *ssl);
+
 =head1 DESCRIPTION
 
 The SSL_get_stream_id() function returns the QUIC stream ID for a QUIC stream
@@ -55,12 +57,16 @@ from.
 
 =back
 
+The SSL_is_stream_local() function determines whether a stream was locally
+created.
+
 =head1 NOTES
 
 While QUICv1 assigns specific meaning to the low two bits of a QUIC stream ID,
 QUIC stream IDs in future versions of QUIC are not required to have the same
 semantics. Do not determine stream properties using these bits. Instead, use
-SSL_get_stream_type() to determine the stream type.
+SSL_get_stream_type() to determine the stream type and SSL_get_stream_origin()
+to determine the stream initiator.
 
 The SSL_get_stream_type() identifies the type of a QUIC stream based on its
 identity, and does not indicate whether an operation can currently be
@@ -79,6 +85,11 @@ always below 2**62.
 
 SSL_get_stream_type() returns one of the B<SSL_STREAM_TYPE> values.
 
+SSL_is_stream_local() returns 1 if called on a QUIC stream SSL object which
+represents a stream which was locally initiated. It returns 0 if called on a
+QUIC stream SSL object which represents a stream which was remotely initiated by
+a peer, and -1 if called on any other kind of SSL object.
+
 =head1 SEE ALSO
 
 L<SSL_new_stream(3)>, L<SSL_accept_stream(3)>
diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h
index 6bddc8a6788..f815ba54359 100644
--- a/include/internal/quic_ssl.h
+++ b/include/internal/quic_ssl.h
@@ -73,6 +73,7 @@ __owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags);
 __owur SSL *ossl_quic_get0_connection(SSL *s);
 __owur int ossl_quic_get_stream_type(SSL *s);
 __owur uint64_t ossl_quic_get_stream_id(SSL *s);
+__owur int ossl_quic_is_stream_local(SSL *s);
 __owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode);
 __owur SSL *ossl_quic_detach_stream(SSL *s);
 __owur int ossl_quic_attach_stream(SSL *conn, SSL *stream);
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 37d192f7558..f0a00583ecf 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -2278,6 +2278,7 @@ __owur int SSL_is_connection(SSL *s);
 __owur int SSL_get_stream_type(SSL *s);
 
 __owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
 
 #define SSL_DEFAULT_STREAM_MODE_NONE        0
 #define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index bf1c412a091..acb51fc858b 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -2807,6 +2807,25 @@ uint64_t ossl_quic_get_stream_id(SSL *s)
     return id;
 }
 
+/*
+ * SSL_is_stream_local
+ * -------------------
+ */
+QUIC_TAKES_LOCK
+int ossl_quic_is_stream_local(SSL *s)
+{
+    QCTX ctx;
+    int is_local;
+
+    if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
+        return -1;
+
+    is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
+    quic_unlock(ctx.qc);
+
+    return is_local;
+}
+
 /*
  * SSL_set_default_stream_mode
  * ---------------------------
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 06efb4380ac..b83f11fa5b4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -7474,6 +7474,18 @@ uint64_t SSL_get_stream_id(SSL *s)
 #endif
 }
 
+int SSL_is_stream_local(SSL *s)
+{
+#ifndef OPENSSL_NO_QUIC
+    if (!IS_QUIC(s))
+        return -1;
+
+    return ossl_quic_is_stream_local(s);
+#else
+    return -1;
+#endif
+}
+
 int SSL_set_default_stream_mode(SSL *s, uint32_t mode)
 {
 #ifndef OPENSSL_NO_QUIC
diff --git a/util/libssl.num b/util/libssl.num
index 1cb0558ac6b..225064943ba 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -576,3 +576,4 @@ SSL_set_incoming_stream_policy          ?	3_2_0	EXIST::FUNCTION:
 SSL_handle_events                       ?	3_2_0	EXIST::FUNCTION:
 SSL_get_event_timeout                   ?	3_2_0	EXIST::FUNCTION:
 SSL_get0_group_name                     ?	3_2_0	EXIST::FUNCTION:
+SSL_is_stream_local                     ?	3_2_0	EXIST::FUNCTION: