QUIC: Allow application to trigger TXKU

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
author: Hugo Landau <hlandau@openssl.org> 2023-06-12 14:13:33 +0100
committer: Pauli <pauli@openssl.org> 2023-06-16 09:26:48 +1000
commit: 2525109f90cf3a91a909621266ec6854a83805e2 (patch)
tree: 685dd38b75e74de35c0a1739f4b5f4771fbeccf0 /ssl
parent: 692a3cab11932d2aaa7b1b628cacc513ba73a5e5 (diff)
2 files changed, 61 insertions, 0 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 548fcbc89e..4f379e32ed 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1558,6 +1558,7 @@ SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
  *   (BIO/)SSL_write            => ossl_quic_write
  *         SSL_pending          => ossl_quic_pending
  *         SSL_stream_conclude  => ossl_quic_conn_stream_conclude
+ *         SSL_key_update       => ossl_quic_key_update
  */
 
 /* SSL_get_error */
@@ -2689,6 +2690,56 @@ int ossl_quic_get_conn_close_info(SSL *ssl,
 }
 
 /*
+ * SSL_key_update
+ * --------------
+ */
+int ossl_quic_key_update(SSL *ssl, int update_type)
+{
+    QCTX ctx;
+
+    if (!expect_quic_conn_only(ssl, &ctx))
+        return 0;
+
+    switch (update_type) {
+    case SSL_KEY_UPDATE_NOT_REQUESTED:
+        /*
+         * QUIC signals peer key update implicily by triggering a local
+         * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
+         */
+    case SSL_KEY_UPDATE_REQUESTED:
+        break;
+
+    default:
+        /* Unknown type - error. */
+        return 0;
+    }
+
+    quic_lock(ctx.qc);
+
+    /* Attempt to perform a TXKU. */
+    if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
+        quic_unlock(ctx.qc);
+        return 0;
+    }
+
+    quic_unlock(ctx.qc);
+    return 1;
+}
+
+/*
+ * SSL_get_key_update_type
+ * -----------------------
+ */
+int ossl_quic_get_key_update_type(const SSL *s)
+{
+    /*
+     * We always handle key updates immediately so a key update is never
+     * pending.
+     */
+    return SSL_KEY_UPDATE_NONE;
+}
+
+/*
  * QUIC Front-End I/O API: SSL_CTX Management
  * ==========================================
  */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index bad54e0955..1894be7d59 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2727,6 +2727,11 @@ int SSL_key_update(SSL *s, int updatetype)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
 
+#ifndef OPENSSL_NO_QUIC
+    if (IS_QUIC(s))
+        return ossl_quic_key_update(s, updatetype);
+#endif
+
     if (sc == NULL)
         return 0;
 
@@ -2760,6 +2765,11 @@ int SSL_get_key_update_type(const SSL *s)
 {
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
+#ifndef OPENSSL_NO_QUIC
+    if (IS_QUIC(s))
+        return ossl_quic_get_key_update_type(s);
+#endif
+
     if (sc == NULL)
         return 0;
author	Hugo Landau <hlandau@openssl.org>	2023-06-12 14:13:33 +0100
committer	Pauli <pauli@openssl.org>	2023-06-16 09:26:48 +1000
commit	2525109f90cf3a91a909621266ec6854a83805e2 (patch)
tree	685dd38b75e74de35c0a1739f4b5f4771fbeccf0 /ssl
parent	692a3cab11932d2aaa7b1b628cacc513ba73a5e5 (diff)