QUIC APL: Allow stream origin to be queried

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)

diff --git a/doc/man3/SSL_get_stream_id.pod b/doc/man3/SSL_get_stream_id.pod
index 86ec2d96218f4686372ee55ad07be561ed458d56..42ee08c814d94ef61c00cdce3f62a5ed33658462 100644 (file)
--- a/doc/man3/SSL_get_stream_id.pod
+++ b/doc/man3/SSL_get_stream_id.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 SSL_get_stream_id, SSL_get_stream_type, SSL_STREAM_TYPE_NONE,
-SSL_STREAM_TYPE_READ, SSL_STREAM_TYPE_WRITE, SSL_STREAM_TYPE_BIDI - get QUIC
-stream ID and stream type information
+SSL_STREAM_TYPE_READ, SSL_STREAM_TYPE_WRITE, SSL_STREAM_TYPE_BIDI,
+SSL_is_stream_local - get QUIC stream ID and stream type information
 
 =head1 SYNOPSIS
 
@@ -18,6 +18,8 @@ stream ID and stream type information
  #define SSL_STREAM_TYPE_WRITE
  int SSL_get_stream_type(SSL *ssl);
 
+ int SSL_is_stream_local(SSL *ssl);
+
 =head1 DESCRIPTION
 
 The SSL_get_stream_id() function returns the QUIC stream ID for a QUIC stream
@@ -55,12 +57,16 @@ from.
 
 =back
 
+The SSL_is_stream_local() function determines whether a stream was locally
+created.
+
 =head1 NOTES
 
 While QUICv1 assigns specific meaning to the low two bits of a QUIC stream ID,
 QUIC stream IDs in future versions of QUIC are not required to have the same
 semantics. Do not determine stream properties using these bits. Instead, use
-SSL_get_stream_type() to determine the stream type.
+SSL_get_stream_type() to determine the stream type and SSL_get_stream_origin()
+to determine the stream initiator.
 
 The SSL_get_stream_type() identifies the type of a QUIC stream based on its
 identity, and does not indicate whether an operation can currently be
@@ -79,6 +85,11 @@ always below 2**62.
 
 SSL_get_stream_type() returns one of the B<SSL_STREAM_TYPE> values.
 
+SSL_is_stream_local() returns 1 if called on a QUIC stream SSL object which
+represents a stream which was locally initiated. It returns 0 if called on a
+QUIC stream SSL object which represents a stream which was remotely initiated by
+a peer, and -1 if called on any other kind of SSL object.
+
 =head1 SEE ALSO
 
 L<SSL_new_stream(3)>, L<SSL_accept_stream(3)>

diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h
index 6bddc8a67880ce65645b6a66d7b8fd970106681f..f815ba5435951fec46b9c504c6fbd31fdc14653f 100644 (file)
--- a/include/internal/quic_ssl.h
+++ b/include/internal/quic_ssl.h
@@ -73,6 +73,7 @@ __owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags);
 __owur SSL *ossl_quic_get0_connection(SSL *s);
 __owur int ossl_quic_get_stream_type(SSL *s);
 __owur uint64_t ossl_quic_get_stream_id(SSL *s);
+__owur int ossl_quic_is_stream_local(SSL *s);
 __owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode);
 __owur SSL *ossl_quic_detach_stream(SSL *s);
 __owur int ossl_quic_attach_stream(SSL *conn, SSL *stream);

diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 37d192f7558e19fff06955c764e0994b8bba7121..f0a00583ecff1a224511bf50caaac710b177c4ab 100644 (file)
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -2278,6 +2278,7 @@ __owur int SSL_is_connection(SSL *s);
 __owur int SSL_get_stream_type(SSL *s);
 
 __owur uint64_t SSL_get_stream_id(SSL *s);
+__owur int SSL_is_stream_local(SSL *s);
 
 #define SSL_DEFAULT_STREAM_MODE_NONE        0
 #define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI   1

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index bf1c412a091682c4cc9c7e53e52e9b5382acd09b..acb51fc858bf617b3de057e73beed6491afe582a 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -2807,6 +2807,25 @@ uint64_t ossl_quic_get_stream_id(SSL *s)
     return id;
 }
 
+/*
+ * SSL_is_stream_local
+ * -------------------
+ */
+QUIC_TAKES_LOCK
+int ossl_quic_is_stream_local(SSL *s)
+{
+    QCTX ctx;
+    int is_local;
+
+    if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
+        return -1;
+
+    is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
+    quic_unlock(ctx.qc);
+
+    return is_local;
+}
+
 /*
  * SSL_set_default_stream_mode
  * ---------------------------

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 06efb4380acf591cbefdf69031210b54996ad7f4..b83f11fa5b4a070e4b2dc1e3c74ab01d23fbd027 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -7474,6 +7474,18 @@ uint64_t SSL_get_stream_id(SSL *s)
 #endif
 }
 
+int SSL_is_stream_local(SSL *s)
+{
+#ifndef OPENSSL_NO_QUIC
+    if (!IS_QUIC(s))
+        return -1;
+
+    return ossl_quic_is_stream_local(s);
+#else
+    return -1;
+#endif
+}
+
 int SSL_set_default_stream_mode(SSL *s, uint32_t mode)
 {
 #ifndef OPENSSL_NO_QUIC

diff --git a/util/libssl.num b/util/libssl.num
index 1cb0558ac6b4c17644ee080a546526e5f4db9133..225064943ba31fa91b2bdb85ded53da99e5190d8 100644 (file)
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -576,3 +576,4 @@ SSL_set_incoming_stream_policy          ?   3_2_0   EXIST::FUNCTION:
 SSL_handle_events                       ?      3_2_0   EXIST::FUNCTION:
 SSL_get_event_timeout                   ?      3_2_0   EXIST::FUNCTION:
 SSL_get0_group_name                     ?      3_2_0   EXIST::FUNCTION:
+SSL_is_stream_local                     ?      3_2_0   EXIST::FUNCTION: