]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
QUIC CHANNEL: Enforce the RX packet forgery limit
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b
TM		 1/*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
18#include "internal/time.h"
99e1cc7b 19
faa3a180
HL		 20typedef struct qctx_st QCTX;
21
cb5c208b 22static void aon_write_finish(QUIC_XSO *xso);
23c04709 23static int create_channel(QUIC_CONNECTION *qc);
21c80696 24static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 25static int qc_try_create_default_xso_for_write(QCTX *ctx);
26static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 27static void quic_lock(QUIC_CONNECTION *qc);
28static void quic_unlock(QUIC_CONNECTION *qc);
faa3a180 29static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 30static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 33static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
faa3a180 35static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
22d53c88
HL		 36
37/*
38 * QUIC Front-End I/O API: Common Utilities
39 * ========================================
40 */
41
42/*
43 * Block until a predicate is met.
44 *
45 * Precondition: Must have a channel.
d7b1fadd 46 * Precondition: Must hold channel lock (unchecked).
22d53c88 47 */
d7b1fadd 48QUIC_NEEDS_LOCK
22d53c88
HL		 49static int block_until_pred(QUIC_CONNECTION *qc,
50 int (*pred)(void *arg), void *pred_arg,
51 uint32_t flags)
52{
53 QUIC_REACTOR *rtor;
54
55 assert(qc->ch != NULL);
56
57 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 58 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 59 qc->mutex);
22d53c88
HL		 60}
61
e3e9794a
HL		 62static OSSL_TIME get_time(QUIC_CONNECTION *qc)
63{
64 if (qc->override_now_cb != NULL)
65 return qc->override_now_cb(qc->override_now_cb_arg);
66 else
67 return ossl_time_now();
68}
69
70static OSSL_TIME get_time_cb(void *arg)
71{
72 QUIC_CONNECTION *qc = arg;
73
74 return get_time(qc);
75}
76
faa3a180
HL		 77/*
78 * QCTX is a utility structure which provides information we commonly wish to
79 * unwrap upon an API call being dispatched to us, namely:
80 *
81 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
82 * was passed);
83 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
84 * a QCSO with a default stream was passed);
85 * - whether a QSSO was passed (xso == NULL must not be used to determine this
86 * because it may be non-NULL when a QCSO is passed if that QCSO has a
87 * default stream).
88 */
89struct qctx_st {
90 QUIC_CONNECTION *qc;
91 QUIC_XSO *xso;
92 int is_stream;
93};
94
22d53c88
HL		 95/*
96 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 97 * rather than via ERR. Note that normal errors must always be raised while
98 * holding a lock.
22d53c88 99 */
faa3a180
HL		 100QUIC_NEEDS_LOCK
101static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 102 int err)
103{
faa3a180
HL		 104 if (ctx->is_stream)
105 ctx->xso->last_error = err;
106 else
107 ctx->qc->last_error = err;
108
22d53c88
HL		 109 return 0;
110}
111
112/*
113 * Raise a 'non-normal' error, meaning any error that is not reported via
114 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 115 *
116 * qc should be provided if available. In exceptional circumstances when qc is
117 * not known NULL may be passed. This should generally only happen when an
118 * expect_...() function defined below fails, which generally indicates a
119 * dispatch error or caller error.
faa3a180
HL		 120 *
121 * ctx should be NULL if the connection lock is not held.
22d53c88 122 */
faa3a180 123static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 124 const char *file,
125 int line,
126 const char *func,
127 int reason,
128 const char *fmt,
129 ...)
130{
131 va_list args;
132
133 ERR_new();
134 ERR_set_debug(file, line, func);
135
136 va_start(args, fmt);
137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
138 va_end(args);
139
faa3a180
HL		 140 if (ctx != NULL) {
141 if (ctx->is_stream && ctx->xso != NULL)
142 ctx->xso->last_error = SSL_ERROR_SSL;
143 else if (!ctx->is_stream && ctx->qc != NULL)
144 ctx->qc->last_error = SSL_ERROR_SSL;
145 }
e88cdb8e 146
22d53c88
HL		 147 return 0;
148}
149
faa3a180
HL		 150#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
151 quic_raise_normal_error((ctx), (err))
22d53c88 152
faa3a180
HL		 153#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
154 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 155 OPENSSL_FILE, OPENSSL_LINE, \
156 OPENSSL_FUNC, \
157 (reason), \
158 (msg))
159
e88cdb8e
HL		 160/*
161 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
162 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
163 *
164 * After this returns 1, all fields of the passed QCTX are initialised.
165 * Returns 0 on failure. This function is intended to be used to provide API
166 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 167 */
e88cdb8e 168static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 169{
e88cdb8e
HL		 170 QUIC_CONNECTION *qc;
171 QUIC_XSO *xso;
172
173 ctx->qc = NULL;
174 ctx->xso = NULL;
175 ctx->is_stream = 0;
176
177 if (s == NULL)
8b7be3aa 178 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 179
e88cdb8e
HL		 180 switch (s->type) {
181 case SSL_TYPE_QUIC_CONNECTION:
182 qc = (QUIC_CONNECTION *)s;
183 ctx->qc = qc;
cb5c208b 184 ctx->xso = qc->default_xso;
e88cdb8e
HL		 185 ctx->is_stream = 0;
186 return 1;
187
188 case SSL_TYPE_QUIC_XSO:
189 xso = (QUIC_XSO *)s;
cb5c208b 190 ctx->qc = xso->conn;
e88cdb8e
HL		 191 ctx->xso = xso;
192 ctx->is_stream = 1;
193 return 1;
194
195 default:
196 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
197 }
198}
199
200/*
201 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
202 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
203 * stream.
21c80696
HL		 204 *
205 * remote_init determines if we expect the default XSO to be remotely created or
206 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 207 *
208 * Channel mutex is acquired and retained on success.
e88cdb8e 209 */
8b7be3aa
HL		 210QUIC_ACQUIRES_LOCK
211static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
212 QCTX *ctx)
e88cdb8e
HL		 213{
214 if (!expect_quic(s, ctx))
215 return 0;
216
8b7be3aa
HL		 217 quic_lock(ctx->qc);
218
21c80696 219 if (ctx->xso == NULL && remote_init >= 0) {
8b7be3aa 220 if (ossl_quic_channel_is_term_any(ctx->qc->ch)) {
faa3a180 221 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 222 goto err;
223 }
224
225 /* If we haven't finished the handshake, try to advance it. */
faa3a180 226 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 227 /* ossl_quic_do_handshake raised error here */
228 goto err;
229
230 if (remote_init == 0) {
faa3a180 231 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 232 goto err;
233 } else {
faa3a180 234 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 235 goto err;
236 }
237
21c80696
HL		 238 ctx->xso = ctx->qc->default_xso;
239 }
240
8b7be3aa 241 if (ctx->xso == NULL) {
faa3a180 242 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 243 goto err;
244 }
245
246 return 1; /* lock held */
e88cdb8e 247
8b7be3aa
HL		 248err:
249 quic_unlock(ctx->qc);
250 return 0;
e88cdb8e 251}
22d53c88 252
e88cdb8e
HL		 253/*
254 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
255 * be non-NULL if the QCSO has a default stream.
256 */
23c04709 257static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
e88cdb8e
HL		 258{
259 if (!expect_quic(s, ctx))
260 return 0;
261
262 if (ctx->is_stream)
faa3a180 263 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 264
265 return 1;
22d53c88
HL		 266}
267
4847599b
HL		 268/*
269 * Ensures that the channel mutex is held for a method which touches channel
270 * state.
271 *
272 * Precondition: Channel mutex is not held (unchecked)
273 */
20f45743 274static void quic_lock(QUIC_CONNECTION *qc)
4847599b 275{
629b408c 276#if defined(OPENSSL_THREADS)
ffce2946 277 ossl_crypto_mutex_lock(qc->mutex);
629b408c 278#endif
4847599b
HL		 279}
280
281/* Precondition: Channel mutex is held (unchecked) */
282QUIC_NEEDS_LOCK
283static void quic_unlock(QUIC_CONNECTION *qc)
284{
629b408c 285#if defined(OPENSSL_THREADS)
ffce2946 286 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 287#endif
4847599b
HL		 288}
289
290
22d53c88
HL		 291/*
292 * QUIC Front-End I/O API: Initialization
293 * ======================================
294 *
295 * SSL_new => ossl_quic_new
296 * ossl_quic_init
297 * SSL_reset => ossl_quic_reset
298 * SSL_clear => ossl_quic_clear
299 * ossl_quic_deinit
300 * SSL_free => ossl_quic_free
301 *
302 */
303
304/* SSL_new */
38b051a1
TM		 305SSL *ossl_quic_new(SSL_CTX *ctx)
306{
22d53c88
HL		 307 QUIC_CONNECTION *qc = NULL;
308 SSL *ssl_base = NULL;
a7f41885 309 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 310
311 qc = OPENSSL_zalloc(sizeof(*qc));
312 if (qc == NULL)
313 goto err;
314
22d53c88
HL		 315 /* Initialise the QUIC_CONNECTION's stub header. */
316 ssl_base = &qc->ssl;
a7f41885 317 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 318 ssl_base = NULL;
38b051a1
TM		 319 goto err;
320 }
38b051a1 321
4e3a55fd 322 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
a7f41885
MC		 323 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
324 goto err;
a7f41885 325
629b408c 326#if defined(OPENSSL_THREADS)
ffce2946 327 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
4847599b 328 goto err;
629b408c 329#endif
4847599b 330
629b408c 331#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 332 qc->is_thread_assisted
333 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 334#endif
f2f7c4f1 335
dfb9ae14
HL		 336 qc->as_server = 0; /* TODO(QUIC): server support */
337 qc->as_server_state = qc->as_server;
338
8b7be3aa 339 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696
HL		 340 qc->default_ssl_mode = qc->ssl.ctx->mode;
341 qc->default_blocking = 1;
83df44ae 342 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 343 qc->last_error = SSL_ERROR_NONE;
a7f41885 344
23c04709
HL		 345 if (!create_channel(qc))
346 goto err;
347
5cf99b40
MC		 348 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
349 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
350
995ff282
HL		 351 qc_update_reject_policy(qc);
352
21c80696
HL		 353 /*
354 * We do not create the default XSO yet. The reason for this is that the
355 * stream ID of the default XSO will depend on whether the stream is client
356 * or server-initiated, which depends on who transmits first. Since we do
357 * not know whether the application will be using a client-transmits-first
358 * or server-transmits-first protocol, we defer default XSO creation until
359 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
360 * we take that as a cue that the client is expecting a server-initiated
361 * stream, and vice versa if SSL_write() is called first.
362 */
22d53c88
HL		 363 return ssl_base;
364
38b051a1 365err:
2dbc39de 366 if (qc != NULL) {
629b408c
HL		 367#if defined(OPENSSL_THREADS)
368 ossl_crypto_mutex_free(qc->mutex);
369#endif
2dbc39de
HL		 370 ossl_quic_channel_free(qc->ch);
371 SSL_free(qc->tls);
372 }
22d53c88 373 OPENSSL_free(qc);
38b051a1
TM		 374 return NULL;
375}
376
22d53c88 377/* SSL_free */
a8489257 378QUIC_TAKES_LOCK
22d53c88
HL		 379void ossl_quic_free(SSL *s)
380{
072328dd 381 QCTX ctx;
9cab4bd5 382 int is_default;
22d53c88 383
072328dd
HL		 384 /* We should never be called on anything but a QSO. */
385 if (!expect_quic(s, &ctx))
22d53c88
HL		 386 return;
387
22b1a96f
HL		 388 quic_lock(ctx.qc);
389
2dbc39de
HL		 390 if (ctx.is_stream) {
391 /*
392 * When a QSSO is freed, the XSO is freed immediately, because the XSO
393 * itself only contains API personality layer data. However the
394 * underlying QUIC_STREAM is not freed immediately but is instead marked
395 * as deleted for later collection.
396 */
397
2dbc39de
HL		 398 assert(ctx.qc->num_xso > 0);
399 --ctx.qc->num_xso;
400
9aaafc26
HL		 401 /* If a stream's send part has not been finished, auto-reset it. */
402 if (ctx.xso->stream->sstream != NULL
403 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
404 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
405 ctx.xso->stream, 0);
2dbc39de 406
9aaafc26
HL		 407 /* Do STOP_SENDING for the receive part, if applicable. */
408 if (ctx.xso->stream->rstream != NULL)
409 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
410 ctx.xso->stream, 0);
f20fdd16
HL		 411
412 /* Update stream state. */
9aaafc26
HL		 413 ctx.xso->stream->deleted = 1;
414 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 415 ctx.xso->stream);
416
9cab4bd5 417 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 418 quic_unlock(ctx.qc);
419
9cab4bd5
HL		 420 /*
421 * Unref the connection in most cases; the XSO has a ref to the QC and
422 * not vice versa. But for a default XSO, to avoid circular references,
423 * the QC refs the XSO but the XSO does not ref the QC. If we are the
424 * default XSO, we only get here when the QC is being torn down anyway,
425 * so don't call SSL_free(qc) as we are already in it.
426 */
427 if (!is_default)
428 SSL_free(&ctx.qc->ssl);
429
2dbc39de
HL		 430 /* Note: SSL_free calls OPENSSL_free(xso) for us */
431 return;
432 }
433
2dbc39de
HL		 434 /*
435 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
436 * stage, but is freed during the channel free when the whole QSM is freed.
437 */
21c80696
HL		 438 if (ctx.qc->default_xso != NULL) {
439 QUIC_XSO *xso = ctx.qc->default_xso;
440
441 quic_unlock(ctx.qc);
442 SSL_free(&xso->ssl);
443 quic_lock(ctx.qc);
9cab4bd5 444 ctx.qc->default_xso = NULL;
21c80696 445 }
2dbc39de
HL		 446
447 /* Ensure we have no remaining XSOs. */
448 assert(ctx.qc->num_xso == 0);
449
629b408c 450#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 451 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
452 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
453 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 454 }
629b408c 455#endif
f2f7c4f1 456
072328dd 457 ossl_quic_channel_free(ctx.qc->ch);
22d53c88 458
072328dd
HL		 459 BIO_free(ctx.qc->net_rbio);
460 BIO_free(ctx.qc->net_wbio);
d1ac77b1 461
22d53c88 462 /* Note: SSL_free calls OPENSSL_free(qc) for us */
a7f41885 463
072328dd 464 SSL_free(ctx.qc->tls);
45b7c7e0 465 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 466#if defined(OPENSSL_THREADS)
45b7c7e0 467 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 468#endif
22d53c88
HL		 469}
470
471/* SSL method init */
38b051a1 472int ossl_quic_init(SSL *s)
99e1cc7b 473{
22d53c88
HL		 474 /* Same op as SSL_clear, forward the call. */
475 return ossl_quic_clear(s);
99e1cc7b
TM		 476}
477
22d53c88 478/* SSL method deinit */
38b051a1
TM		 479void ossl_quic_deinit(SSL *s)
480{
22d53c88 481 /* No-op. */
38b051a1
TM		 482}
483
22d53c88
HL		 484/* SSL_reset */
485int ossl_quic_reset(SSL *s)
486{
072328dd 487 QCTX ctx;
22d53c88 488
072328dd 489 if (!expect_quic(s, &ctx))
22d53c88
HL		 490 return 0;
491
c8b3fdc2 492 /* TODO(QUIC); Currently a no-op. */
22d53c88
HL		 493 return 1;
494}
495
496/* SSL_clear */
497int ossl_quic_clear(SSL *s)
99e1cc7b 498{
072328dd 499 QCTX ctx;
38b051a1 500
072328dd 501 if (!expect_quic(s, &ctx))
22d53c88
HL		 502 return 0;
503
c8b3fdc2 504 /* TODO(QUIC): Currently a no-op. */
22d53c88
HL		 505 return 1;
506}
38b051a1 507
e3e9794a
HL		 508int ossl_quic_conn_set_override_now_cb(SSL *s,
509 OSSL_TIME (*now_cb)(void *arg),
510 void *now_cb_arg)
b212d554 511{
072328dd 512 QCTX ctx;
b212d554 513
072328dd 514 if (!expect_quic(s, &ctx))
e3e9794a
HL		 515 return 0;
516
517 quic_lock(ctx.qc);
072328dd
HL		 518
519 ctx.qc->override_now_cb = now_cb;
520 ctx.qc->override_now_cb_arg = now_cb_arg;
e3e9794a
HL		 521
522 quic_unlock(ctx.qc);
523 return 1;
b212d554
HL		 524}
525
3b1ab5a3
HL		 526void ossl_quic_conn_force_assist_thread_wake(SSL *s)
527{
072328dd
HL		 528 QCTX ctx;
529
530 if (!expect_quic(s, &ctx))
531 return;
3b1ab5a3 532
629b408c 533#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 534 if (ctx.qc->is_thread_assisted && ctx.qc->started)
535 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 536#endif
3b1ab5a3
HL		 537}
538
995ff282
HL		 539QUIC_NEEDS_LOCK
540static void qc_touch_default_xso(QUIC_CONNECTION *qc)
541{
542 qc->default_xso_created = 1;
543 qc_update_reject_policy(qc);
544}
545
9cab4bd5
HL		 546/*
547 * Changes default XSO. Allows caller to keep reference to the old default XSO
548 * (if any). Reference to new XSO is transferred from caller.
549 */
995ff282 550QUIC_NEEDS_LOCK
9cab4bd5
HL		 551static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
552 int touch,
553 QUIC_XSO **old_xso)
995ff282 554{
9cab4bd5
HL		 555 int refs;
556
557 *old_xso = NULL;
558
559 if (qc->default_xso != xso) {
560 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
561
562 qc->default_xso = xso;
563
564 if (xso == NULL) {
565 /*
566 * Changing to not having a default XSO. XSO becomes standalone and
567 * now has a ref to the QC.
568 */
569 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
570 return;
571 } else {
572 /*
573 * Changing from not having a default XSO to having one. The new XSO
574 * will have had a reference to the QC we need to drop to avoid a
575 * circular reference.
3a61a96c
HL		 576 *
577 * Currently we never change directly from one default XSO to
578 * another, though this function would also still be correct if this
579 * weren't the case.
9cab4bd5 580 */
3a61a96c
HL		 581 assert(*old_xso == NULL);
582
9cab4bd5
HL		 583 CRYPTO_DOWN_REF(&qc->ssl.references, &refs, &qc->ssl.lock);
584 assert(refs > 0);
585 }
586 }
587
995ff282
HL		 588 if (touch)
589 qc_touch_default_xso(qc);
590}
591
9cab4bd5
HL		 592/*
593 * Changes default XSO, releasing the reference to any previous default XSO.
594 * Reference to new XSO is transferred from caller.
595 */
596QUIC_NEEDS_LOCK
597static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
598{
599 QUIC_XSO *old_xso = NULL;
600
601 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
602
603 if (old_xso != NULL)
604 SSL_free(&old_xso->ssl);
605}
606
22d53c88
HL		 607/*
608 * QUIC Front-End I/O API: Network BIO Configuration
609 * =================================================
610 *
611 * Handling the different BIOs is difficult:
612 *
613 * - It is more or less a requirement that we use non-blocking network I/O;
614 * we need to be able to have timeouts on recv() calls, and make best effort
615 * (non blocking) send() and recv() calls.
616 *
617 * The only sensible way to do this is to configure the socket into
618 * non-blocking mode. We could try to do select() before calling send() or
619 * recv() to get a guarantee that the call will not block, but this will
620 * probably run into issues with buggy OSes which generate spurious socket
621 * readiness events. In any case, relying on this to work reliably does not
622 * seem sane.
623 *
624 * Timeouts could be handled via setsockopt() socket timeout options, but
625 * this depends on OS support and adds another syscall to every network I/O
626 * operation. It also has obvious thread safety concerns if we want to move
627 * to concurrent use of a single socket at some later date.
628 *
629 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
630 * be made non-blocking. However some OSes (e.g. Windows) do not support
631 * this, so we cannot rely on this.
632 *
633 * As such, we need to configure any FD in non-blocking mode. This may
634 * confound users who pass a blocking socket to libssl. However, in practice
635 * it would be extremely strange for a user of QUIC to pass an FD to us,
636 * then also try and send receive traffic on the same socket(!). Thus the
637 * impact of this should be limited, and can be documented.
638 *
639 * - We support both blocking and non-blocking operation in terms of the API
640 * presented to the user. One prospect is to set the blocking mode based on
641 * whether the socket passed to us was already in blocking mode. However,
642 * Windows has no API for determining if a socket is in blocking mode (!),
643 * therefore this cannot be done portably. Currently therefore we expose an
644 * explicit API call to set this, and default to blocking mode.
645 *
646 * - We need to determine our initial destination UDP address. The "natural"
647 * way for a user to do this is to set the peer variable on a BIO_dgram.
648 * However, this has problems because BIO_dgram's peer variable is used for
649 * both transmission and reception. This means it can be constantly being
650 * changed to a malicious value (e.g. if some random unrelated entity on the
651 * network starts sending traffic to us) on every read call. This is not a
652 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
653 * calls only, which do not use this variable. However, we do need to let
654 * the user specify the peer in a 'normal' manner. The compromise here is
655 * that we grab the current peer value set at the time the write BIO is set
656 * and do not read the value again.
657 *
658 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
659 * Currently we do this by only supporting non-blocking mode.
660 *
661 */
662
663/*
664 * Determines what initial destination UDP address we should use, if possible.
665 * If this fails the client must set the destination address manually, or use a
666 * BIO which does not need a destination address.
667 */
668static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
669{
75b2920a 670 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
22d53c88
HL		 671 return 0;
672
673 return 1;
674}
675
072328dd 676void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 677{
072328dd
HL		 678 QCTX ctx;
679
680 if (!expect_quic(s, &ctx))
681 return;
682
683 if (ctx.qc->net_rbio == net_rbio)
38b051a1 684 return;
38b051a1 685
23c04709 686 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
22d53c88
HL		 687 return;
688
072328dd
HL		 689 BIO_free(ctx.qc->net_rbio);
690 ctx.qc->net_rbio = net_rbio;
22d53c88
HL		 691
692 /*
693 * If what we have is not pollable (e.g. a BIO_dgram_pair) disable blocking
694 * mode as we do not support it for non-pollable BIOs.
695 */
696 if (net_rbio != NULL) {
697 BIO_POLL_DESCRIPTOR d = {0};
698
699 if (!BIO_get_rpoll_descriptor(net_rbio, &d)
700 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 701 ctx.qc->blocking = 0;
702 ctx.qc->default_blocking = 0;
072328dd 703 ctx.qc->can_poll_net_rbio = 0;
22d53c88 704 } else {
072328dd 705 ctx.qc->can_poll_net_rbio = 1;
22d53c88
HL		 706 }
707 }
99e1cc7b
TM		 708}
709
072328dd 710void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 711{
072328dd
HL		 712 QCTX ctx;
713
714 if (!expect_quic(s, &ctx))
22d53c88
HL		 715 return;
716
072328dd 717 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 718 return;
719
23c04709 720 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
072328dd
HL		 721 return;
722
723 BIO_free(ctx.qc->net_wbio);
724 ctx.qc->net_wbio = net_wbio;
22d53c88
HL		 725
726 if (net_wbio != NULL) {
727 BIO_POLL_DESCRIPTOR d = {0};
38b051a1 728
22d53c88
HL		 729 if (!BIO_get_wpoll_descriptor(net_wbio, &d)
730 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 731 ctx.qc->blocking = 0;
732 ctx.qc->default_blocking = 0;
072328dd 733 ctx.qc->can_poll_net_wbio = 0;
22d53c88 734 } else {
072328dd 735 ctx.qc->can_poll_net_wbio = 1;
22d53c88 736 }
38b051a1 737
22d53c88
HL		 738 /*
739 * If we do not have a peer address yet, and we have not started trying
740 * to connect yet, try to autodetect one.
741 */
072328dd
HL		 742 if (BIO_ADDR_family(&ctx.qc->init_peer_addr) == AF_UNSPEC
743 && !ctx.qc->started) {
744 if (!csm_analyse_init_peer_addr(net_wbio, &ctx.qc->init_peer_addr))
22d53c88 745 /* best effort */
072328dd 746 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88 747
23c04709
HL		 748 ossl_quic_channel_set_peer_addr(ctx.qc->ch,
749 &ctx.qc->init_peer_addr);
22d53c88 750 }
38b051a1 751 }
22d53c88 752}
38b051a1 753
072328dd 754BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 755{
072328dd
HL		 756 QCTX ctx;
757
758 if (!expect_quic(s, &ctx))
759 return NULL;
760
761 return ctx.qc->net_rbio;
38b051a1
TM		 762}
763
072328dd 764BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 765{
072328dd
HL		 766 QCTX ctx;
767
768 if (!expect_quic(s, &ctx))
769 return NULL;
770
771 return ctx.qc->net_wbio;
22d53c88
HL		 772}
773
072328dd 774int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 775{
072328dd
HL		 776 QCTX ctx;
777
778 if (!expect_quic(s, &ctx))
779 return 0;
780
cb5c208b
HL		 781 if (ctx.is_stream)
782 return ctx.xso->blocking;
783
072328dd 784 return ctx.qc->blocking;
22d53c88
HL		 785}
786
072328dd 787int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 788{
072328dd
HL		 789 QCTX ctx;
790
791 if (!expect_quic(s, &ctx))
792 return 0;
793
22d53c88
HL		 794 /* Cannot enable blocking mode if we do not have pollable FDs. */
795 if (blocking != 0 &&
072328dd 796 (!ctx.qc->can_poll_net_rbio || !ctx.qc->can_poll_net_wbio))
faa3a180 797 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
22d53c88 798
cb5c208b
HL		 799 if (!ctx.is_stream) {
800 /*
801 * If called on a QCSO, update default and connection-level blocking
802 * modes.
803 */
804 ctx.qc->blocking = (blocking != 0);
805 ctx.qc->default_blocking = ctx.qc->blocking;
806 }
807
808 if (ctx.xso != NULL)
809 /*
810 * If called on a QSSO or QCSO with a default XSO, update blocking
811 * mode.
812 */
813 ctx.xso->blocking = (blocking != 0);
814
99e1cc7b
TM		 815 return 1;
816}
817
072328dd 818int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 819 const BIO_ADDR *peer_addr)
99e1cc7b 820{
072328dd
HL		 821 QCTX ctx;
822
823 if (!expect_quic(s, &ctx))
824 return 0;
825
826 if (ctx.qc->started)
faa3a180 827 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
22d53c88 828 NULL);
38b051a1 829
22d53c88 830 if (peer_addr == NULL) {
072328dd 831 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 832 return 1;
833 }
38b051a1 834
072328dd 835 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 836 return 1;
837}
838
22d53c88
HL		 839/*
840 * QUIC Front-End I/O API: Asynchronous I/O Management
841 * ===================================================
842 *
6084e04b
HL		 843 * (BIO/)SSL_handle_events => ossl_quic_handle_events
844 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
22d53c88
HL		 845 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
846 *
847 */
848
849/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 850static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 851{
22d53c88
HL		 852 return qc->blocking;
853}
38b051a1 854
cb5c208b
HL		 855static int xso_blocking_mode(const QUIC_XSO *xso)
856{
857 return xso->blocking
858 && xso->conn->can_poll_net_rbio
859 && xso->conn->can_poll_net_wbio;
860}
861
b626a0f1 862/* SSL_handle_events; performs QUIC I/O and timeout processing. */
a8489257 863QUIC_TAKES_LOCK
6084e04b 864int ossl_quic_handle_events(SSL *s)
22d53c88 865{
072328dd
HL		 866 QCTX ctx;
867
868 if (!expect_quic(s, &ctx))
869 return 0;
870
871 quic_lock(ctx.qc);
072328dd
HL		 872 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
873 quic_unlock(ctx.qc);
99e1cc7b
TM		 874 return 1;
875}
876
22d53c88 877/*
6084e04b 878 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
b626a0f1
HL		 879 * should next have events handled by the application by calling
880 * SSL_handle_events(). tv is set to 0 if the object should have events handled
881 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
882 * the value of *tv is undefined.
22d53c88 883 */
a8489257 884QUIC_TAKES_LOCK
7ea49713 885int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
99e1cc7b 886{
072328dd 887 QCTX ctx;
a1660c94 888 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 889
072328dd
HL		 890 if (!expect_quic(s, &ctx))
891 return 0;
a8489257 892
072328dd
HL		 893 quic_lock(ctx.qc);
894
23c04709
HL		 895 deadline
896 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 897
898 if (ossl_time_is_infinite(deadline)) {
7ea49713
HL		 899 *is_infinite = 1;
900
901 /*
902 * Robustness against faulty applications that don't check *is_infinite;
903 * harmless long timeout.
904 */
905 tv->tv_sec = 1000000;
22d53c88 906 tv->tv_usec = 0;
7ea49713 907
072328dd 908 quic_unlock(ctx.qc);
22d53c88
HL		 909 return 1;
910 }
911
e3e9794a 912 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
7ea49713 913 *is_infinite = 0;
072328dd 914 quic_unlock(ctx.qc);
22d53c88
HL		 915 return 1;
916}
917
918/* SSL_get_rpoll_descriptor */
072328dd 919int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 920{
072328dd
HL		 921 QCTX ctx;
922
923 if (!expect_quic(s, &ctx))
e44795bd
TM		 924 return 0;
925
072328dd
HL		 926 if (desc == NULL || ctx.qc->net_rbio == NULL)
927 return 0;
928
929 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 930}
931
22d53c88 932/* SSL_get_wpoll_descriptor */
072328dd 933int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 934{
072328dd
HL		 935 QCTX ctx;
936
937 if (!expect_quic(s, &ctx))
938 return 0;
939
940 if (desc == NULL || ctx.qc->net_wbio == NULL)
22d53c88
HL		 941 return 0;
942
072328dd 943 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 944}
945
b639475a 946/* SSL_net_read_desired */
a8489257 947QUIC_TAKES_LOCK
072328dd 948int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 949{
072328dd 950 QCTX ctx;
a8489257
HL		 951 int ret;
952
072328dd
HL		 953 if (!expect_quic(s, &ctx))
954 return 0;
955
956 quic_lock(ctx.qc);
072328dd
HL		 957 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
958 quic_unlock(ctx.qc);
a8489257 959 return ret;
22d53c88 960}
e44795bd 961
b639475a 962/* SSL_net_write_desired */
a8489257 963QUIC_TAKES_LOCK
072328dd 964int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 965{
a8489257 966 int ret;
072328dd
HL		 967 QCTX ctx;
968
969 if (!expect_quic(s, &ctx))
970 return 0;
a8489257 971
072328dd 972 quic_lock(ctx.qc);
072328dd
HL		 973 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
974 quic_unlock(ctx.qc);
a8489257 975 return ret;
99e1cc7b
TM		 976}
977
22d53c88
HL		 978/*
979 * QUIC Front-End I/O API: Connection Lifecycle Operations
980 * =======================================================
981 *
982 * SSL_do_handshake => ossl_quic_do_handshake
983 * SSL_set_connect_state => ossl_quic_set_connect_state
984 * SSL_set_accept_state => ossl_quic_set_accept_state
985 * SSL_shutdown => ossl_quic_shutdown
986 * SSL_ctrl => ossl_quic_ctrl
987 * (BIO/)SSL_connect => ossl_quic_connect
988 * (BIO/)SSL_accept => ossl_quic_accept
989 *
990 */
991
992/* SSL_shutdown */
e8043229 993static int quic_shutdown_wait(void *arg)
99e1cc7b 994{
e8043229 995 QUIC_CONNECTION *qc = arg;
22d53c88 996
23c04709 997 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 998}
22d53c88 999
a8489257 1000QUIC_TAKES_LOCK
072328dd 1001int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 1002 const SSL_SHUTDOWN_EX_ARGS *args,
1003 size_t args_len)
1004{
a8489257 1005 int ret;
072328dd 1006 QCTX ctx;
a8489257 1007
072328dd
HL		 1008 if (!expect_quic(s, &ctx))
1009 return 0;
1010
cb5c208b
HL		 1011 if (ctx.is_stream)
1012 /* TODO(QUIC): Semantics currently undefined for QSSOs */
1013 return -1;
1014
072328dd 1015 quic_lock(ctx.qc);
a8489257 1016
072328dd 1017 ossl_quic_channel_local_close(ctx.qc->ch,
e8043229
HL		 1018 args != NULL ? args->quic_error_code : 0);
1019
1d40b151 1020 /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
e8043229 1021
072328dd
HL		 1022 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1023 quic_unlock(ctx.qc);
e8043229 1024 return 1;
a8489257 1025 }
e8043229 1026
cb5c208b 1027 if (qc_blocking_mode(ctx.qc) && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0)
072328dd 1028 block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
e8043229 1029 else
072328dd 1030 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
e8043229 1031
072328dd
HL		 1032 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1033 quic_unlock(ctx.qc);
a8489257 1034 return ret;
99e1cc7b
TM		 1035}
1036
22d53c88 1037/* SSL_ctrl */
e44795bd 1038long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1039{
072328dd 1040 QCTX ctx;
38b051a1 1041
072328dd 1042 if (!expect_quic(s, &ctx))
38b051a1
TM		 1043 return 0;
1044
22d53c88
HL		 1045 switch (cmd) {
1046 case SSL_CTRL_MODE:
cb5c208b
HL		 1047 /* If called on a QCSO, update the default mode. */
1048 if (!ctx.is_stream)
1049 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1050
1051 /*
1052 * If we were called on a QSSO or have a default stream, we also update
1053 * that.
1054 */
1055 if (ctx.xso != NULL) {
1056 /* Cannot enable EPW while AON write in progress. */
1057 if (ctx.xso->aon_write_in_progress)
1058 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1059
1060 ctx.xso->ssl_mode |= (uint32_t)larg;
1061 return ctx.xso->ssl_mode;
1062 }
dfc227bd 1063
cb5c208b 1064 return ctx.qc->default_ssl_mode;
22d53c88 1065 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1066 if (!ctx.is_stream)
1067 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1068
1069 if (ctx.xso != NULL) {
1070 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1071 return ctx.xso->ssl_mode;
1072 }
1073
1074 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1075
1076 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
5cf99b40 1077 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
63dfde87
MC		 1078 /* This ctrl also needs to be passed to the internal SSL object */
1079 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1080
2f90ea3d
HL		 1081 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1082 {
1083 int is_infinite;
1084
1085 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1086 return 0;
1087
1088 return !is_infinite;
1089 }
1090 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1091 /* For legacy compatibility with DTLS calls. */
1092 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
22d53c88 1093 default:
f8ffab0d 1094 /* Probably a TLS related ctrl. Defer to our internal SSL object */
072328dd 1095 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
08e49012 1096 }
22d53c88
HL		 1097}
1098
1099/* SSL_set_connect_state */
072328dd 1100void ossl_quic_set_connect_state(SSL *s)
22d53c88 1101{
072328dd
HL		 1102 QCTX ctx;
1103
1104 if (!expect_quic(s, &ctx))
1105 return;
1106
22d53c88 1107 /* Cannot be changed after handshake started */
cb5c208b 1108 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1109 return;
1110
dfb9ae14 1111 ctx.qc->as_server_state = 0;
22d53c88
HL		 1112}
1113
1114/* SSL_set_accept_state */
072328dd 1115void ossl_quic_set_accept_state(SSL *s)
22d53c88 1116{
072328dd
HL		 1117 QCTX ctx;
1118
1119 if (!expect_quic(s, &ctx))
1120 return;
1121
22d53c88 1122 /* Cannot be changed after handshake started */
cb5c208b 1123 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1124 return;
1125
dfb9ae14 1126 ctx.qc->as_server_state = 1;
22d53c88
HL		 1127}
1128
1129/* SSL_do_handshake */
1130struct quic_handshake_wait_args {
1131 QUIC_CONNECTION *qc;
1132};
1133
1134static int quic_handshake_wait(void *arg)
1135{
1136 struct quic_handshake_wait_args *args = arg;
1137
1138 if (!ossl_quic_channel_is_active(args->qc->ch))
1139 return -1;
1140
1141 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1142 return 1;
1143
99e1cc7b
TM		 1144 return 0;
1145}
1146
22d53c88 1147static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1148{
22d53c88 1149 assert(qc->ch != NULL);
08e49012 1150
d1ac77b1
HL		 1151 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1152 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
22d53c88
HL		 1153 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1154 return 0;
1155
1156 return 1;
1157}
1158
4847599b 1159QUIC_NEEDS_LOCK
23c04709 1160static int create_channel(QUIC_CONNECTION *qc)
22d53c88
HL		 1161{
1162 QUIC_CHANNEL_ARGS args = {0};
1163
5cf99b40
MC		 1164 args.libctx = qc->ssl.ctx->libctx;
1165 args.propq = qc->ssl.ctx->propq;
1166 args.is_server = qc->as_server;
1167 args.tls = qc->tls;
1168 args.mutex = qc->mutex;
e3e9794a
HL		 1169 args.now_cb = get_time_cb;
1170 args.now_cb_arg = qc;
22d53c88
HL		 1171
1172 qc->ch = ossl_quic_channel_new(&args);
1173 if (qc->ch == NULL)
1174 return 0;
1175
e8043229
HL		 1176 return 1;
1177}
1178
1179/*
1180 * Creates a channel and configures it with the information we have accumulated
1181 * via calls made to us from the application prior to starting a handshake
1182 * attempt.
1183 */
4847599b 1184QUIC_NEEDS_LOCK
23c04709 1185static int ensure_channel_started(QUIC_CONNECTION *qc)
e8043229 1186{
ffce2946 1187 if (!qc->started) {
ffce2946
HL		 1188 if (!configure_channel(qc)
1189 || !ossl_quic_channel_start(qc->ch))
1190 goto err;
f2f7c4f1 1191
629b408c 1192#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946
HL		 1193 if (qc->is_thread_assisted)
1194 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch))
1195 goto err;
629b408c 1196#endif
ffce2946
HL		 1197 }
1198
22d53c88
HL		 1199 qc->started = 1;
1200 return 1;
f2f7c4f1
HL		 1201
1202err:
1203 ossl_quic_channel_free(qc->ch);
1204 qc->ch = NULL;
1205 return 0;
99e1cc7b
TM		 1206}
1207
4a530180 1208QUIC_NEEDS_LOCK
faa3a180 1209static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1210{
22d53c88 1211 int ret;
faa3a180 1212 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1213
23c04709 1214 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1215 /* Handshake already completed. */
4a530180 1216 return 1;
ca41f6b7 1217
23c04709 1218 if (ossl_quic_channel_is_term_any(qc->ch))
faa3a180 1219 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1220
ca41f6b7 1221 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
22d53c88 1222 /* Peer address must have been set. */
faa3a180 1223 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
4a530180 1224 return -1; /* Non-protocol error */
ca41f6b7 1225 }
22d53c88 1226
dfb9ae14 1227 if (qc->as_server != qc->as_server_state) {
23c04709 1228 /* TODO(QUIC): Must match the method used to create the QCSO */
faa3a180 1229 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1230 return -1; /* Non-protocol error */
ca41f6b7 1231 }
22d53c88 1232
ca41f6b7 1233 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1234 /* Need read and write BIOs. */
faa3a180 1235 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1236 return -1; /* Non-protocol error */
ca41f6b7 1237 }
22d53c88
HL		 1238
1239 /*
1240 * Start connection process. Note we may come here multiple times in
1241 * non-blocking mode, which is fine.
1242 */
23c04709 1243 if (!ensure_channel_started(qc)) {
faa3a180 1244 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1245 return -1; /* Non-protocol error */
ca41f6b7 1246 }
22d53c88 1247
4a530180 1248 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1249 /* The handshake is now done. */
4a530180 1250 return 1;
22d53c88 1251
cb5c208b 1252 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1253 /* In blocking mode, wait for the handshake to complete. */
1254 struct quic_handshake_wait_args args;
1255
1256 args.qc = qc;
1257
1258 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
ca41f6b7 1259 if (!ossl_quic_channel_is_active(qc->ch)) {
faa3a180 1260 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1261 return 0; /* Shutdown before completion */
ca41f6b7 1262 } else if (ret <= 0) {
faa3a180 1263 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1264 return -1; /* Non-protocol error */
ca41f6b7 1265 }
22d53c88
HL		 1266
1267 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1268 return 1;
22d53c88 1269 } else {
ca41f6b7 1270 /* Try to advance the reactor. */
ccd31037 1271 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
ca41f6b7 1272
4a530180 1273 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1274 /* The handshake is now done. */
4a530180 1275 return 1;
ca41f6b7 1276
22d53c88 1277 /* Otherwise, indicate that the handshake isn't done yet. */
faa3a180 1278 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
4a530180 1279 return -1; /* Non-protocol error */
22d53c88 1280 }
4a530180 1281}
a8489257 1282
4a530180 1283QUIC_TAKES_LOCK
072328dd 1284int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1285{
1286 int ret;
072328dd 1287 QCTX ctx;
4a530180 1288
072328dd
HL		 1289 if (!expect_quic(s, &ctx))
1290 return 0;
1291
1292 quic_lock(ctx.qc);
4a530180 1293
faa3a180 1294 ret = quic_do_handshake(&ctx);
072328dd 1295 quic_unlock(ctx.qc);
a8489257 1296 return ret;
99e1cc7b
TM		 1297}
1298
22d53c88
HL		 1299/* SSL_connect */
1300int ossl_quic_connect(SSL *s)
99e1cc7b 1301{
22d53c88 1302 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1303 ossl_quic_set_connect_state(s);
22d53c88
HL		 1304
1305 /* Begin or continue the handshake */
072328dd 1306 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1307}
1308
22d53c88
HL		 1309/* SSL_accept */
1310int ossl_quic_accept(SSL *s)
99e1cc7b 1311{
22d53c88 1312 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1313 ossl_quic_set_accept_state(s);
22d53c88
HL		 1314
1315 /* Begin or continue the handshake */
072328dd 1316 return ossl_quic_do_handshake(s);
99e1cc7b 1317}
e44795bd 1318
cb5c208b
HL		 1319/*
1320 * QUIC Front-End I/O API: Stream Lifecycle Operations
1321 * ===================================================
1322 *
1323 * SSL_stream_new => ossl_quic_conn_stream_new
1324 *
1325 */
21c80696
HL		 1326
1327/*
1328 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1329 * default XSO was created. Returns 0 if it was not (e.g. because it already
1330 * exists). Note that this is NOT an error condition.
1331 */
1332QUIC_NEEDS_LOCK
faa3a180 1333static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1334{
8b7be3aa 1335 uint64_t flags = 0;
faa3a180 1336 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1337
8b7be3aa
HL		 1338 if (qc->default_xso_created
1339 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1340 /*
1341 * We only do this once. If the user detaches a previously created
1342 * default XSO we don't auto-create another one.
1343 */
faa3a180 1344 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1345
8b7be3aa
HL		 1346 /* Create a locally-initiated stream. */
1347 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1348 flags |= SSL_STREAM_FLAG_UNI;
1349
faa3a180 1350 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1351 /*needs_lock=*/0),
995ff282 1352 /*touch=*/0);
8b7be3aa 1353 if (qc->default_xso == NULL)
faa3a180 1354 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1355
995ff282 1356 qc_touch_default_xso(qc);
8b7be3aa
HL		 1357 return 1;
1358}
1359
1360struct quic_wait_for_stream_args {
1361 QUIC_CONNECTION *qc;
1362 QUIC_STREAM *qs;
faa3a180 1363 QCTX *ctx;
8b7be3aa
HL		 1364 uint64_t expect_id;
1365};
1366
1367QUIC_NEEDS_LOCK
1368static int quic_wait_for_stream(void *arg)
1369{
1370 struct quic_wait_for_stream_args *args = arg;
1371
1372 if (!ossl_quic_channel_is_active(args->qc->ch)) {
1373 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1374 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1375 return -1;
1376 }
1377
1378 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1379 args->expect_id | QUIC_STREAM_DIR_BIDI);
1380 if (args->qs == NULL)
1381 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1382 args->expect_id | QUIC_STREAM_DIR_UNI);
1383
8b7be3aa
HL		 1384 if (args->qs != NULL)
1385 return 1; /* stream now exists */
1386
1387 return 0; /* did not get a stream, keep trying */
1388}
1389
1390QUIC_NEEDS_LOCK
faa3a180 1391static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1392{
1393 /* Called on a QCSO and we don't currently have a default stream. */
1394 uint64_t expect_id;
faa3a180 1395 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1396 QUIC_STREAM *qs;
1397 int res;
1398 struct quic_wait_for_stream_args wargs;
1399
1400 /*
1401 * If default stream functionality is disabled or we already detached
1402 * one, don't make another default stream and just fail.
1403 */
1404 if (qc->default_xso_created
1405 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1406 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1407
1408 /*
1409 * The peer may have opened a stream since we last ticked. So tick and
1410 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1411 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1412 * first stream created by a peer must have an ordinal of 0.
1413 */
1414 expect_id = qc->as_server
1415 ? QUIC_STREAM_INITIATOR_CLIENT
1416 : QUIC_STREAM_INITIATOR_SERVER;
1417
8b7be3aa 1418 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1419 expect_id | QUIC_STREAM_DIR_BIDI);
1420 if (qs == NULL)
1421 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1422 expect_id | QUIC_STREAM_DIR_UNI);
1423
8b7be3aa
HL		 1424 if (qs == NULL) {
1425 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1426
1427 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1428 expect_id);
1429 }
1430
1431 if (qs == NULL) {
1432 if (!qc_blocking_mode(qc))
1433 /* Non-blocking mode, so just bail immediately. */
faa3a180 1434 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1435
1436 /* Block until we have a stream. */
1437 wargs.qc = qc;
1438 wargs.qs = NULL;
faa3a180 1439 wargs.ctx = ctx;
8b7be3aa
HL		 1440 wargs.expect_id = expect_id;
1441
1442 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1443 if (res == 0)
faa3a180 1444 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1445 else if (res < 0 || wargs.qs == NULL)
1446 /* quic_wait_for_stream raised error here */
21c80696 1447 return 0;
8b7be3aa
HL		 1448
1449 qs = wargs.qs;
21c80696
HL		 1450 }
1451
8b7be3aa
HL		 1452 /*
1453 * We now have qs != NULL. Make it the default stream, creating the
1454 * necessary XSO.
1455 */
995ff282 1456 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1457 if (qc->default_xso == NULL)
faa3a180 1458 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1459
995ff282 1460 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1461 return 1;
1462}
1463
1464QUIC_NEEDS_LOCK
1465static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1466{
1467 QUIC_XSO *xso = NULL;
1468
1469 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL)
1470 goto err;
1471
1472 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO))
1473 goto err;
1474
9cab4bd5
HL		 1475 /* XSO refs QC */
1476 if (!SSL_up_ref(&qc->ssl))
1477 goto err;
1478
21c80696
HL		 1479 xso->conn = qc;
1480 xso->blocking = qc->default_blocking;
1481 xso->ssl_mode = qc->default_ssl_mode;
faa3a180 1482 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1483
1484 xso->stream = qs;
1485
1486 ++qc->num_xso;
1487 return xso;
1488
1489err:
1490 OPENSSL_free(xso);
1491 return NULL;
1492}
1493
13ac037d 1494/* locking depends on need_lock */
faa3a180 1495static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1496{
faa3a180 1497 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1498 QUIC_XSO *xso = NULL;
21c80696 1499 QUIC_STREAM *qs = NULL;
2dbc39de 1500 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
cb5c208b 1501
13ac037d
HL		 1502 if (need_lock)
1503 quic_lock(qc);
2dbc39de 1504
13ac037d 1505 if (ossl_quic_channel_is_term_any(qc->ch)) {
faa3a180 1506 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 1507 goto err;
1508 }
1509
13ac037d 1510 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
21c80696 1511 if (qs == NULL)
2dbc39de 1512 goto err;
cb5c208b 1513
13ac037d 1514 xso = create_xso_from_stream(qc, qs);
21c80696 1515 if (xso == NULL)
cb5c208b
HL		 1516 goto err;
1517
13ac037d
HL		 1518 qc_touch_default_xso(qc); /* inhibits default XSO */
1519 if (need_lock)
1520 quic_unlock(qc);
1521
cb5c208b
HL		 1522 return &xso->ssl;
1523
1524err:
1525 OPENSSL_free(xso);
13ac037d
HL		 1526 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1527 if (need_lock)
1528 quic_unlock(qc);
1529
cb5c208b 1530 return NULL;
13ac037d
HL		 1531
1532}
1533
1534QUIC_TAKES_LOCK
1535SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1536{
1537 QCTX ctx;
1538
1539 if (!expect_quic_conn_only(s, &ctx))
1540 return NULL;
1541
faa3a180 1542 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 1543}
1544
22d53c88
HL		 1545/*
1546 * QUIC Front-End I/O API: Steady-State Operations
1547 * ===============================================
1548 *
1549 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1550 * is, the functions used during the established phase of a QUIC connection
1551 * (e.g. SSL_read, SSL_write).
1552 *
1553 * Each function must handle both blocking and non-blocking modes. As discussed
1554 * above, all QUIC I/O is implemented using non-blocking mode internally.
1555 *
1556 * SSL_get_error => partially implemented by ossl_quic_get_error
1557 * (BIO/)SSL_read => ossl_quic_read
1558 * (BIO/)SSL_write => ossl_quic_write
1559 * SSL_pending => ossl_quic_pending
a9979965 1560 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
22d53c88
HL		 1561 */
1562
1563/* SSL_get_error */
072328dd 1564int ossl_quic_get_error(const SSL *s, int i)
e44795bd 1565{
072328dd
HL		 1566 QCTX ctx;
1567
1568 if (!expect_quic(s, &ctx))
1569 return 0;
1570
faa3a180 1571 return ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
e44795bd
TM		 1572}
1573
22d53c88
HL		 1574/*
1575 * SSL_write
1576 * ---------
1577 *
1578 * The set of functions below provide the implementation of the public SSL_write
1579 * function. We must handle:
1580 *
1581 * - both blocking and non-blocking operation at the application level,
1582 * depending on how we are configured;
1583 *
1584 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1585 *
1586 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1587 *
1588 */
4847599b 1589QUIC_NEEDS_LOCK
cb5c208b 1590static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
22d53c88
HL		 1591{
1592 /*
1593 * We have appended at least one byte to the stream.
1594 * Potentially mark stream as active, depending on FC.
1595 */
1596 if (did_append)
cb5c208b
HL		 1597 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1598 xso->stream);
22d53c88
HL		 1599
1600 /*
1601 * Try and send.
1602 *
1603 * TODO(QUIC): It is probably inefficient to try and do this immediately,
1604 * plus we should eventually consider Nagle's algorithm.
1605 */
1606 if (do_tick)
cb5c208b 1607 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 1608}
1609
1610struct quic_write_again_args {
cb5c208b 1611 QUIC_XSO *xso;
22d53c88
HL		 1612 const unsigned char *buf;
1613 size_t len;
1614 size_t total_written;
1615};
1616
4847599b 1617QUIC_NEEDS_LOCK
22d53c88
HL		 1618static int quic_write_again(void *arg)
1619{
1620 struct quic_write_again_args *args = arg;
1621 size_t actual_written = 0;
1622
cb5c208b 1623 if (!ossl_quic_channel_is_active(args->xso->conn->ch))
22d53c88
HL		 1624 /* If connection is torn down due to an error while blocking, stop. */
1625 return -2;
1626
cb5c208b 1627 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
22d53c88
HL		 1628 args->buf, args->len, &actual_written))
1629 return -2;
1630
cb5c208b 1631 quic_post_write(args->xso, actual_written > 0, 0);
22d53c88
HL		 1632
1633 args->buf += actual_written;
1634 args->len -= actual_written;
1635 args->total_written += actual_written;
1636
3f0c310b 1637 if (args->len == 0)
22d53c88
HL		 1638 /* Written everything, done. */
1639 return 1;
1640
1641 /* Not written everything yet, keep trying. */
1642 return 0;
1643}
1644
4847599b 1645QUIC_NEEDS_LOCK
faa3a180 1646static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
22d53c88 1647 size_t *written)
e44795bd 1648{
22d53c88 1649 int res;
faa3a180 1650 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1651 struct quic_write_again_args args;
1652 size_t actual_written = 0;
1653
1654 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1655 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
22d53c88
HL		 1656 &actual_written)) {
1657 /* Stream already finished or allocation error. */
1658 *written = 0;
faa3a180 1659 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1660 }
1661
cb5c208b 1662 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1663
1664 if (actual_written == len) {
1665 /* Managed to append everything on the first try. */
1666 *written = actual_written;
1667 return 1;
1668 }
1669
1670 /*
1671 * We did not manage to append all of the data immediately, so the stream
1672 * buffer has probably filled up. This means we need to block until some of
1673 * it is freed up.
1674 */
cb5c208b 1675 args.xso = xso;
22d53c88
HL		 1676 args.buf = (const unsigned char *)buf + actual_written;
1677 args.len = len - actual_written;
1678 args.total_written = 0;
1679
cb5c208b 1680 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 1681 if (res <= 0) {
cb5c208b 1682 if (!ossl_quic_channel_is_active(xso->conn->ch))
faa3a180 1683 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1684 else
faa3a180 1685 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1686 }
1687
1688 *written = args.total_written;
e44795bd
TM		 1689 return 1;
1690}
1691
ca41f6b7
HL		 1692/*
1693 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
1694 * write semantics.
1695 */
cb5c208b 1696static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 1697 size_t buf_len, size_t already_sent)
1698{
cb5c208b 1699 assert(!xso->aon_write_in_progress);
22d53c88 1700
cb5c208b
HL		 1701 xso->aon_write_in_progress = 1;
1702 xso->aon_buf_base = buf;
1703 xso->aon_buf_pos = already_sent;
1704 xso->aon_buf_len = buf_len;
22d53c88
HL		 1705}
1706
cb5c208b 1707static void aon_write_finish(QUIC_XSO *xso)
22d53c88 1708{
cb5c208b
HL		 1709 xso->aon_write_in_progress = 0;
1710 xso->aon_buf_base = NULL;
1711 xso->aon_buf_pos = 0;
1712 xso->aon_buf_len = 0;
22d53c88
HL		 1713}
1714
4847599b 1715QUIC_NEEDS_LOCK
faa3a180 1716static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
22d53c88 1717 size_t len, size_t *written)
e44795bd 1718{
faa3a180 1719 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1720 const void *actual_buf;
1721 size_t actual_len, actual_written = 0;
1722 int accept_moving_buffer
cb5c208b 1723 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 1724
cb5c208b 1725 if (xso->aon_write_in_progress) {
22d53c88
HL		 1726 /*
1727 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 1728 * manage to append all data to the SSTREAM and we have Enable Partial
1729 * Write (EPW) mode disabled.)
22d53c88 1730 */
cb5c208b
HL		 1731 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
1732 || len != xso->aon_buf_len)
22d53c88
HL		 1733 /*
1734 * Pointer must not have changed if we are not in accept moving
1735 * buffer mode. Length must never change.
1736 */
faa3a180 1737 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 1738
cb5c208b
HL		 1739 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
1740 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 1741 assert(actual_len > 0);
1742 } else {
1743 actual_buf = buf;
1744 actual_len = len;
1745 }
1746
1747 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1748 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
22d53c88
HL		 1749 &actual_written)) {
1750 /* Stream already finished or allocation error. */
1751 *written = 0;
faa3a180 1752 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1753 }
1754
cb5c208b 1755 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1756
1757 if (actual_written == actual_len) {
1758 /* We have sent everything. */
cb5c208b 1759 if (xso->aon_write_in_progress) {
22d53c88
HL		 1760 /*
1761 * We have sent everything, and we were in the middle of an AON
1762 * write. The output write length is the total length of the AON
1763 * buffer, not however many bytes we managed to write to the stream
1764 * in this call.
1765 */
cb5c208b
HL		 1766 *written = xso->aon_buf_len;
1767 aon_write_finish(xso);
22d53c88
HL		 1768 } else {
1769 *written = actual_written;
1770 }
1771
1772 return 1;
1773 }
1774
cb5c208b 1775 if (xso->aon_write_in_progress) {
22d53c88
HL		 1776 /*
1777 * AON write is in progress but we have not written everything yet. We
1778 * may have managed to send zero bytes, or some number of bytes less
1779 * than the total remaining which need to be appended during this
1780 * AON operation.
1781 */
cb5c208b
HL		 1782 xso->aon_buf_pos += actual_written;
1783 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 1784 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 1785 }
1786
08e49012 1787 /*
22d53c88
HL		 1788 * Not in an existing AON operation but partial write is not enabled, so we
1789 * need to begin a new AON operation. However we needn't bother if we didn't
1790 * actually append anything.
08e49012 1791 */
22d53c88 1792 if (actual_written > 0)
cb5c208b 1793 aon_write_begin(xso, buf, len, actual_written);
e44795bd 1794
22d53c88
HL		 1795 /*
1796 * AON - We do not publicly admit to having appended anything until AON
1797 * completes.
1798 */
1799 *written = 0;
faa3a180 1800 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 1801}
1802
4847599b 1803QUIC_NEEDS_LOCK
faa3a180 1804static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
22d53c88 1805 size_t *written)
e44795bd 1806{
faa3a180
HL		 1807 QUIC_XSO *xso = ctx->xso;
1808
22d53c88 1809 /* Simple best effort operation. */
cb5c208b 1810 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
22d53c88
HL		 1811 /* Stream already finished or allocation error. */
1812 *written = 0;
faa3a180 1813 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1814 }
1815
cb5c208b 1816 quic_post_write(xso, *written > 0, 1);
e44795bd
TM		 1817 return 1;
1818}
d5ab48a1 1819
a8489257 1820QUIC_TAKES_LOCK
22d53c88 1821int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
d5ab48a1 1822{
a8489257 1823 int ret;
072328dd
HL		 1824 QCTX ctx;
1825 int partial_write;
22d53c88
HL		 1826
1827 *written = 0;
1828
8b7be3aa
HL		 1829 if (len == 0)
1830 return 1;
22d53c88 1831
8b7be3aa
HL		 1832 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
1833 return 0;
a8489257 1834
cb5c208b 1835 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 1836
23c04709 1837 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1838 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1839 goto out;
1840 }
22d53c88 1841
ca41f6b7
HL		 1842 /*
1843 * If we haven't finished the handshake, try to advance it.
1844 * We don't accept writes until the handshake is completed.
1845 */
faa3a180 1846 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1847 ret = 0;
1848 goto out;
1849 }
ca41f6b7 1850
cb5c208b 1851 if (ctx.xso->stream == NULL || ctx.xso->stream->sstream == NULL) {
faa3a180 1852 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1853 goto out;
1854 }
22d53c88 1855
cb5c208b 1856 if (xso_blocking_mode(ctx.xso))
faa3a180 1857 ret = quic_write_blocking(&ctx, buf, len, written);
22d53c88 1858 else if (partial_write)
faa3a180 1859 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
22d53c88 1860 else
faa3a180 1861 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
a8489257
HL		 1862
1863out:
072328dd 1864 quic_unlock(ctx.qc);
a8489257 1865 return ret;
d5ab48a1
RL		 1866}
1867
1868/*
22d53c88
HL		 1869 * SSL_read
1870 * --------
d5ab48a1 1871 */
22d53c88 1872struct quic_read_again_args {
faa3a180 1873 QCTX *ctx;
22d53c88
HL		 1874 QUIC_STREAM *stream;
1875 void *buf;
1876 size_t len;
1877 size_t *bytes_read;
1878 int peek;
1879};
1880
4847599b 1881QUIC_NEEDS_LOCK
faa3a180 1882static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 1883 QUIC_STREAM *stream,
1884 void *buf, size_t buf_len,
1885 size_t *bytes_read,
1886 int peek)
d5ab48a1 1887{
22d53c88 1888 int is_fin = 0;
faa3a180 1889 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1890
a9979965
HL		 1891 /* If the receive part of the stream is over, issue EOF. */
1892 if (stream->recv_fin_retired)
faa3a180 1893 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
a9979965 1894
22d53c88 1895 if (stream->rstream == NULL)
faa3a180 1896 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1897
1898 if (peek) {
1899 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
1900 bytes_read, &is_fin))
faa3a180 1901 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1902
1903 } else {
1904 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
1905 bytes_read, &is_fin))
faa3a180 1906 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1907 }
1908
1909 if (!peek) {
1910 if (*bytes_read > 0) {
1911 /*
1912 * We have read at least one byte from the stream. Inform stream-level
1913 * RXFC of the retirement of controlled bytes. Update the active stream
1914 * status (the RXFC may now want to emit a frame granting more credit to
1915 * the peer).
1916 */
1917 OSSL_RTT_INFO rtt_info;
d50e750e 1918
22d53c88
HL		 1919 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1920
cb5c208b 1921 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 1922 rtt_info.smoothed_rtt))
faa3a180 1923 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1924 }
1925
1926 if (is_fin)
1927 stream->recv_fin_retired = 1;
1928
1929 if (*bytes_read > 0)
1930 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 1931 stream);
22d53c88
HL		 1932 }
1933
d5ab48a1
RL		 1934 return 1;
1935}
1936
4847599b 1937QUIC_NEEDS_LOCK
22d53c88 1938static int quic_read_again(void *arg)
d5ab48a1 1939{
22d53c88
HL		 1940 struct quic_read_again_args *args = arg;
1941
faa3a180 1942 if (!ossl_quic_channel_is_active(args->ctx->qc->ch)) {
22d53c88 1943 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1944 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 1945 return -1;
a9979965 1946 }
22d53c88 1947
faa3a180 1948 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 1949 args->buf, args->len, args->bytes_read,
1950 args->peek))
1951 return -1;
1952
1953 if (*args->bytes_read > 0)
1954 /* got at least one byte, the SSL_read op can finish now */
1955 return 1;
1956
81b6b43c 1957 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 1958}
1959
a8489257 1960QUIC_TAKES_LOCK
22d53c88 1961static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 1962{
a8489257 1963 int ret, res;
072328dd 1964 QCTX ctx;
22d53c88
HL		 1965 struct quic_read_again_args args;
1966
1967 *bytes_read = 0;
1968
8b7be3aa 1969 if (!expect_quic(s, &ctx))
22d53c88
HL		 1970 return 0;
1971
072328dd 1972 quic_lock(ctx.qc);
a8489257 1973
23c04709 1974 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1975 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1976 goto out;
1977 }
22d53c88 1978
a9979965 1979 /* If we haven't finished the handshake, try to advance it. */
faa3a180 1980 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1981 ret = 0; /* ossl_quic_do_handshake raised error here */
1982 goto out;
1983 }
22d53c88 1984
8b7be3aa
HL		 1985 if (ctx.xso == NULL) {
1986 /*
1987 * Called on a QCSO and we don't currently have a default stream.
1988 *
1989 * Wait until we get a stream initiated by the peer (blocking mode) or
1990 * fail if we don't have one yet (non-blocking mode).
1991 */
faa3a180 1992 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 1993 ret = 0; /* error already raised here */
1994 goto out;
1995 }
1996
1997 ctx.xso = ctx.qc->default_xso;
1998 }
1999
cb5c208b 2000 if (ctx.xso->stream == NULL) {
faa3a180 2001 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 2002 goto out;
2003 }
22d53c88 2004
faa3a180 2005 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 2006 ret = 0; /* quic_read_actual raised error here */
2007 goto out;
2008 }
22d53c88
HL		 2009
2010 if (*bytes_read > 0) {
2011 /*
2012 * Even though we succeeded, tick the reactor here to ensure we are
2013 * handling other aspects of the QUIC connection.
2014 */
072328dd 2015 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 2016 ret = 1;
cb5c208b 2017 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 2018 /*
2019 * We were not able to read anything immediately, so our stream
2020 * buffer is empty. This means we need to block until we get
2021 * at least one byte.
2022 */
faa3a180 2023 args.ctx = &ctx;
cb5c208b 2024 args.stream = ctx.xso->stream;
22d53c88
HL		 2025 args.buf = buf;
2026 args.len = len;
2027 args.bytes_read = bytes_read;
2028 args.peek = peek;
2029
072328dd 2030 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 2031 if (res == 0) {
faa3a180 2032 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 2033 goto out;
2034 } else if (res < 0) {
2035 ret = 0; /* quic_read_again raised error here */
2036 goto out;
2037 }
22d53c88 2038
a8489257 2039 ret = 1;
af8b52cf
HL		 2040 } else {
2041 /* We did not get any bytes and are not in blocking mode. */
faa3a180 2042 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2043 }
a8489257
HL		 2044
2045out:
072328dd 2046 quic_unlock(ctx.qc);
a8489257 2047 return ret;
d5ab48a1
RL		 2048}
2049
22d53c88
HL		 2050int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2051{
2052 return quic_read(s, buf, len, bytes_read, 0);
2053}
2054
2055int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2056{
2057 return quic_read(s, buf, len, bytes_read, 1);
2058}
2059
2060/*
2061 * SSL_pending
2062 * -----------
2063 */
a8489257 2064QUIC_TAKES_LOCK
072328dd 2065static size_t ossl_quic_pending_int(const SSL *s)
22d53c88 2066{
072328dd 2067 QCTX ctx;
433d107a 2068 size_t avail = 0;
22d53c88
HL		 2069 int fin = 0;
2070
8b7be3aa 2071 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
22d53c88
HL		 2072 return 0;
2073
cb5c208b 2074 if (ctx.xso->stream == NULL || ctx.xso->stream->rstream == NULL)
22d53c88 2075 /* Cannot raise errors here because we are const, just fail. */
a8489257 2076 goto out;
22d53c88 2077
cb5c208b 2078 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2079 avail = 0;
22d53c88 2080
a8489257 2081out:
072328dd 2082 quic_unlock(ctx.qc);
22d53c88
HL		 2083 return avail;
2084}
2085
560470b5
MC		 2086size_t ossl_quic_pending(const SSL *s)
2087{
072328dd 2088 return ossl_quic_pending_int(s);
560470b5
MC		 2089}
2090
072328dd 2091int ossl_quic_has_pending(const SSL *s)
560470b5 2092{
072328dd 2093 return ossl_quic_pending_int(s) > 0;
560470b5
MC		 2094}
2095
a9979965
HL		 2096/*
2097 * SSL_stream_conclude
2098 * -------------------
2099 */
a8489257 2100QUIC_TAKES_LOCK
072328dd 2101int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2102{
072328dd
HL		 2103 QCTX ctx;
2104 QUIC_STREAM *qs;
2105
8b7be3aa 2106 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
072328dd
HL		 2107 return 0;
2108
cb5c208b 2109 qs = ctx.xso->stream;
a9979965 2110
a8489257 2111 if (qs == NULL || qs->sstream == NULL) {
072328dd 2112 quic_unlock(ctx.qc);
a8489257
HL		 2113 return 0;
2114 }
2115
072328dd 2116 if (!ossl_quic_channel_is_active(ctx.qc->ch)
a8489257 2117 || ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2118 quic_unlock(ctx.qc);
a9979965 2119 return 1;
a8489257 2120 }
a9979965
HL		 2121
2122 ossl_quic_sstream_fin(qs->sstream);
cb5c208b 2123 quic_post_write(ctx.xso, 1, 1);
072328dd 2124 quic_unlock(ctx.qc);
a9979965
HL		 2125 return 1;
2126}
2127
553a4e00
HL		 2128/*
2129 * SSL_inject_net_dgram
2130 * --------------------
2131 */
5129e594 2132QUIC_TAKES_LOCK
553a4e00
HL		 2133int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2134 size_t buf_len,
2135 const BIO_ADDR *peer,
2136 const BIO_ADDR *local)
2137{
5129e594 2138 int ret;
072328dd 2139 QCTX ctx;
553a4e00
HL		 2140 QUIC_DEMUX *demux;
2141
072328dd 2142 if (!expect_quic(s, &ctx))
553a4e00
HL		 2143 return 0;
2144
072328dd 2145 quic_lock(ctx.qc);
5129e594 2146
072328dd 2147 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2148 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2149
072328dd 2150 quic_unlock(ctx.qc);
5129e594 2151 return ret;
553a4e00
HL		 2152}
2153
020d0389
HL		 2154/*
2155 * SSL_get0_connection
2156 * -------------------
2157 */
2158SSL *ossl_quic_get0_connection(SSL *s)
2159{
2160 QCTX ctx;
2161
2162 if (!expect_quic(s, &ctx))
2163 return NULL;
2164
2165 return &ctx.qc->ssl;
2166}
2167
1bca3f1b
HL		 2168/*
2169 * SSL_get_stream_type
2170 * -------------------
2171 */
2172int ossl_quic_get_stream_type(SSL *s)
2173{
2174 QCTX ctx;
2175
2176 if (!expect_quic(s, &ctx))
59c5c016 2177 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2178
2179 if (ctx.xso == NULL) {
2180 /*
59c5c016
HL		 2181 * If deferred XSO creation has yet to occur, proceed according to the
2182 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2183 * what kind of stream will be created yet, so return BIDI on the basis
2184 * that at this time, the client still has the option of calling
2185 * SSL_read() or SSL_write() first.
1bca3f1b 2186 */
59c5c016
HL		 2187 if (ctx.qc->default_xso_created
2188 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2189 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2190 else
2191 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2192 }
2193
2194 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2195 return SSL_STREAM_TYPE_BIDI;
2196
2197 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2198 return SSL_STREAM_TYPE_READ;
2199 else
2200 return SSL_STREAM_TYPE_WRITE;
2201}
2202
19cb0887
HL		 2203/*
2204 * SSL_get_stream_id
2205 * -----------------
2206 */
cb68ce9f 2207QUIC_TAKES_LOCK
19cb0887
HL		 2208uint64_t ossl_quic_get_stream_id(SSL *s)
2209{
2210 QCTX ctx;
8b7be3aa 2211 uint64_t id;
19cb0887 2212
8b7be3aa 2213 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
19cb0887
HL		 2214 return UINT64_MAX;
2215
8b7be3aa
HL		 2216 id = ctx.xso->stream->id;
2217 quic_unlock(ctx.qc);
2218
2219 return id;
2220}
2221
2222/*
2223 * SSL_set_default_stream_mode
2224 * ---------------------------
2225 */
cb68ce9f 2226QUIC_TAKES_LOCK
8b7be3aa
HL		 2227int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2228{
2229 QCTX ctx;
2230
2231 if (!expect_quic_conn_only(s, &ctx))
2232 return 0;
2233
2234 quic_lock(ctx.qc);
2235
2236 if (ctx.qc->default_xso_created)
faa3a180 2237 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2238 "too late to change default stream mode");
2239
2240 switch (mode) {
2241 case SSL_DEFAULT_STREAM_MODE_NONE:
2242 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2243 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2244 ctx.qc->default_stream_mode = mode;
2245 break;
2246 default:
2247 quic_unlock(ctx.qc);
faa3a180 2248 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8b7be3aa
HL		 2249 "bad default stream type");
2250 }
2251
2252 quic_unlock(ctx.qc);
2253 return 1;
2254}
2255
2256/*
2257 * SSL_detach_stream
2258 * -----------------
2259 */
cb68ce9f 2260QUIC_TAKES_LOCK
8b7be3aa
HL		 2261SSL *ossl_quic_detach_stream(SSL *s)
2262{
2263 QCTX ctx;
9cab4bd5 2264 QUIC_XSO *xso = NULL;
8b7be3aa
HL		 2265
2266 if (!expect_quic_conn_only(s, &ctx))
2267 return NULL;
2268
2269 quic_lock(ctx.qc);
2270
8b7be3aa 2271 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 2272 /* QC ref to any default XSO is transferred to us and to caller. */
2273 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 2274
2275 quic_unlock(ctx.qc);
2276
9cab4bd5 2277 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 2278}
2279
2280/*
2281 * SSL_attach_stream
2282 * -----------------
2283 */
cb68ce9f 2284QUIC_TAKES_LOCK
8b7be3aa
HL		 2285int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2286{
2287 QCTX ctx;
9cab4bd5
HL		 2288 QUIC_XSO *xso;
2289 int nref;
8b7be3aa
HL		 2290
2291 if (!expect_quic_conn_only(conn, &ctx))
2292 return 0;
2293
2294 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
faa3a180 2295 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8b7be3aa
HL		 2296 "stream to attach must be a valid QUIC stream");
2297
9cab4bd5
HL		 2298 xso = (QUIC_XSO *)stream;
2299
8b7be3aa
HL		 2300 quic_lock(ctx.qc);
2301
2302 if (ctx.qc->default_xso != NULL) {
2303 quic_unlock(ctx.qc);
faa3a180 2304 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2305 "connection already has a default stream");
2306 }
2307
9cab4bd5
HL		 2308 /*
2309 * It is a caller error for the XSO being attached as a default XSO to have
2310 * more than one ref.
2311 */
2312 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref, &xso->ssl.lock)) {
2313 quic_unlock(ctx.qc);
faa3a180 2314 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
9cab4bd5
HL		 2315 "ref");
2316 }
2317
2318 if (nref != 1) {
2319 quic_unlock(ctx.qc);
faa3a180 2320 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
9cab4bd5
HL		 2321 "stream being attached must have "
2322 "only 1 reference");
2323 }
2324
2325 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 2326 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 2327 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 2328
2329 quic_unlock(ctx.qc);
2330 return 1;
19cb0887
HL		 2331}
2332
8a90df34 2333/*
83df44ae
HL		 2334 * SSL_set_incoming_stream_policy
2335 * ------------------------------
8a90df34 2336 */
995ff282 2337QUIC_NEEDS_LOCK
83df44ae 2338static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 2339{
83df44ae
HL		 2340 switch (qc->incoming_stream_policy) {
2341 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 2342 if ((qc->default_xso == NULL && !qc->default_xso_created)
2343 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 2344 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 2345 else
83df44ae 2346 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 2347
2348 default:
83df44ae 2349 return qc->incoming_stream_policy;
995ff282
HL		 2350 }
2351}
2352
2353QUIC_NEEDS_LOCK
2354static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2355{
83df44ae
HL		 2356 int policy = qc_get_effective_incoming_stream_policy(qc);
2357 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 2358
2359 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2360 enable_reject,
83df44ae 2361 qc->incoming_stream_aec);
995ff282
HL		 2362}
2363
cb68ce9f 2364QUIC_TAKES_LOCK
83df44ae
HL		 2365int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2366 uint64_t aec)
8a90df34
HL		 2367{
2368 int ret = 1;
2369 QCTX ctx;
2370
2371 if (!expect_quic_conn_only(s, &ctx))
2372 return 0;
2373
2374 quic_lock(ctx.qc);
2375
2376 switch (policy) {
83df44ae
HL		 2377 case SSL_INCOMING_STREAM_POLICY_AUTO:
2378 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2379 case SSL_INCOMING_STREAM_POLICY_REJECT:
2380 ctx.qc->incoming_stream_policy = policy;
2381 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 2382 break;
2383
2384 default:
2385 ret = 0;
2386 break;
2387 }
2388
995ff282 2389 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 2390 quic_unlock(ctx.qc);
2391 return ret;
2392}
2393
cb68ce9f
HL		 2394/*
2395 * SSL_accept_stream
2396 * -----------------
2397 */
cb68ce9f 2398struct wait_for_incoming_stream_args {
faa3a180 2399 QCTX *ctx;
cb68ce9f
HL		 2400 QUIC_STREAM *qs;
2401};
2402
2403QUIC_NEEDS_LOCK
2404static int wait_for_incoming_stream(void *arg)
2405{
2406 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 2407 QUIC_CONNECTION *qc = args->ctx->qc;
2408 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 2409
faa3a180 2410 if (!ossl_quic_channel_is_active(qc->ch)) {
cb68ce9f 2411 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2412 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 2413 return -1;
2414 }
2415
2416 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2417 if (args->qs != NULL)
2418 return 1; /* got a stream */
2419
2420 return 0; /* did not get a stream, keep trying */
2421}
2422
2423QUIC_TAKES_LOCK
2424SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2425{
2426 QCTX ctx;
2427 int ret;
2428 SSL *new_s = NULL;
2429 QUIC_STREAM_MAP *qsm;
2430 QUIC_STREAM *qs;
2431 QUIC_XSO *xso;
90cecc40 2432 OSSL_RTT_INFO rtt_info;
cb68ce9f
HL		 2433
2434 if (!expect_quic_conn_only(s, &ctx))
2435 return NULL;
2436
2437 quic_lock(ctx.qc);
2438
83df44ae
HL		 2439 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2440 == SSL_INCOMING_STREAM_POLICY_REJECT)
cb68ce9f
HL		 2441 goto out;
2442
2443 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2444
2445 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2446 if (qs == NULL) {
2447 if (qc_blocking_mode(ctx.qc)
2448 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2449 struct wait_for_incoming_stream_args args;
2450
faa3a180 2451 args.ctx = &ctx;
cb68ce9f
HL		 2452 args.qs = NULL;
2453
2454 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2455 if (ret == 0) {
faa3a180 2456 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 2457 goto out;
2458 } else if (ret < 0 || args.qs == NULL) {
2459 goto out;
2460 }
2461
2462 qs = args.qs;
2463 } else {
2464 goto out;
2465 }
2466 }
2467
2468 xso = create_xso_from_stream(ctx.qc, qs);
2469 if (xso == NULL)
2470 goto out;
2471
90cecc40
HL		 2472 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2473 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2474 rtt_info.smoothed_rtt);
cb68ce9f
HL		 2475 new_s = &xso->ssl;
2476
2477 /* Calling this function inhibits default XSO autocreation. */
995ff282 2478 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 2479
2480out:
2481 quic_unlock(ctx.qc);
2482 return new_s;
2483}
2484
2485/*
2486 * SSL_get_accept_stream_queue_len
2487 * -------------------------------
2488 */
2489QUIC_TAKES_LOCK
2490size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
2491{
2492 QCTX ctx;
2493 size_t v;
2494
2495 if (!expect_quic_conn_only(s, &ctx))
2496 return 0;
2497
2498 quic_lock(ctx.qc);
2499
2500 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
2501
2502 quic_unlock(ctx.qc);
2503 return v;
2504}
2505
c3a04ea2
HL		 2506/*
2507 * SSL_stream_reset
2508 * ----------------
2509 */
2510int ossl_quic_stream_reset(SSL *ssl,
2511 const SSL_STREAM_RESET_ARGS *args,
2512 size_t args_len)
2513{
2514 QCTX ctx;
2515 QUIC_STREAM_MAP *qsm;
2516 QUIC_STREAM *qs;
2517 uint64_t error_code;
2518
2519 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, &ctx))
2520 return 0;
2521
2522 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2523 qs = ctx.xso->stream;
2524 error_code = (args != NULL ? args->quic_error_code : 0);
2525
2526 ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
2527
2528 quic_unlock(ctx.qc);
2529 return 1;
2530}
2531
2532/*
2533 * SSL_get_stream_read_state
2534 * -------------------------
2535 */
2536static void quic_classify_stream(QUIC_CONNECTION *qc,
2537 QUIC_STREAM *qs,
2538 int is_write,
2539 int *state,
2540 uint64_t *app_error_code)
2541{
2542 int local_init;
2543 uint64_t final_size;
2544
2545 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
2546
2547 if (app_error_code != NULL)
2548 *app_error_code = UINT64_MAX;
2549 else
2550 app_error_code = &final_size; /* throw away value */
2551
2552 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
2553 /*
2554 * Unidirectional stream and this direction of transmission doesn't
2555 * exist.
2556 */
2557 *state = SSL_STREAM_STATE_WRONG_DIR;
2558 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
2559 /* Connection already closed. */
2560 *state = SSL_STREAM_STATE_CONN_CLOSED;
2561 } else if (!is_write && qs->recv_fin_retired) {
2562 /* Application has read a FIN. */
2563 *state = SSL_STREAM_STATE_FINISHED;
2564 } else if ((!is_write && qs->stop_sending)
2565 || (is_write && qs->reset_stream)) {
2566 /*
2567 * Stream has been reset locally. FIN takes precedence over this for the
2568 * read case as the application need not care if the stream is reset
2569 * after a FIN has been successfully processed.
2570 */
2571 *state = SSL_STREAM_STATE_RESET_LOCAL;
2572 *app_error_code = !is_write
2573 ? qs->stop_sending_aec
2574 : qs->reset_stream_aec;
2575 } else if ((!is_write && qs->peer_reset_stream)
2576 || (is_write && qs->peer_stop_sending)) {
2577 /*
2578 * Stream has been reset remotely. */
2579 *state = SSL_STREAM_STATE_RESET_REMOTE;
2580 *app_error_code = !is_write
2581 ? qs->peer_reset_stream_aec
2582 : qs->peer_stop_sending_aec;
2583 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
2584 &final_size)) {
2585 /*
2586 * Stream has been finished. Stream reset takes precedence over this for
2587 * the write case as peer may not have received all data.
2588 */
2589 *state = SSL_STREAM_STATE_FINISHED;
2590 } else {
2591 /* Stream still healthy. */
2592 *state = SSL_STREAM_STATE_OK;
2593 }
2594}
2595
2596static int quic_get_stream_state(SSL *ssl, int is_write)
2597{
2598 QCTX ctx;
2599 int state;
2600
2601 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2602 return SSL_STREAM_STATE_NONE;
2603
2604 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
2605 quic_unlock(ctx.qc);
2606 return state;
2607}
2608
2609int ossl_quic_get_stream_read_state(SSL *ssl)
2610{
2611 return quic_get_stream_state(ssl, /*is_write=*/0);
2612}
2613
2614/*
2615 * SSL_get_stream_write_state
2616 * --------------------------
2617 */
2618int ossl_quic_get_stream_write_state(SSL *ssl)
2619{
2620 return quic_get_stream_state(ssl, /*is_write=*/1);
2621}
2622
2623/*
2624 * SSL_get_stream_read_error_code
2625 * ------------------------------
2626 */
2627static int quic_get_stream_error_code(SSL *ssl, int is_write,
2628 uint64_t *app_error_code)
2629{
2630 QCTX ctx;
2631 int state;
2632
2633 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2634 return -1;
2635
2636 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
2637 &state, app_error_code);
2638
2639 quic_unlock(ctx.qc);
2640 switch (state) {
2641 case SSL_STREAM_STATE_FINISHED:
2642 return 0;
2643 case SSL_STREAM_STATE_RESET_LOCAL:
2644 case SSL_STREAM_STATE_RESET_REMOTE:
2645 return 1;
2646 default:
2647 return -1;
2648 }
2649}
2650
2651int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
2652{
2653 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
2654}
2655
2656/*
2657 * SSL_get_stream_write_error_code
2658 * -------------------------------
2659 */
2660int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
2661{
2662 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
2663}
2664
2665/*
2666 * SSL_get_conn_close_info
2667 * -----------------------
2668 */
2669int ossl_quic_get_conn_close_info(SSL *ssl,
2670 SSL_CONN_CLOSE_INFO *info,
2671 size_t info_len)
2672{
2673 QCTX ctx;
2674 const QUIC_TERMINATE_CAUSE *tc;
2675
2676 if (!expect_quic_conn_only(ssl, &ctx))
2677 return -1;
2678
2679 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
2680 if (tc == NULL)
2681 return 0;
2682
2683 info->error_code = tc->error_code;
2684 info->reason = NULL; /* TODO(QUIC): Wire reason */
2685 info->reason_len = 0;
2686 info->is_local = !tc->remote;
2687 info->is_transport = !tc->app;
2688 return 1;
2689}
2690
22d53c88
HL		 2691/*
2692 * QUIC Front-End I/O API: SSL_CTX Management
2693 * ==========================================
2694 */
2695
2696long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2697{
2698 switch (cmd) {
2699 default:
8a1a6d6d 2700 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 2701 }
2702}
2703
2704long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2705{
63dfde87
MC		 2706 QCTX ctx;
2707
2708 if (!expect_quic_conn_only(s, &ctx))
2709 return 0;
2710
2711 switch (cmd) {
2712 case SSL_CTRL_SET_MSG_CALLBACK:
5cf99b40
MC		 2713 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
2714 &ctx.qc->ssl);
63dfde87
MC		 2715 /* This callback also needs to be set on the internal SSL object */
2716 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
2717
2718 default:
2719 /* Probably a TLS related ctrl. Defer to our internal SSL object */
2720 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
2721 }
22d53c88
HL		 2722}
2723
2724long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2725{
8a1a6d6d 2726 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 2727}
2728
2729int ossl_quic_renegotiate_check(SSL *ssl, int initok)
2730{
2731 /* We never do renegotiation. */
2732 return 0;
2733}
2734
2735/*
d518854c
MC		 2736 * These functions define the TLSv1.2 (and below) ciphers that are supported by
2737 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 2738 */
22d53c88
HL		 2739
2740int ossl_quic_num_ciphers(void)
2741{
d518854c 2742 return 0;
22d53c88
HL		 2743}
2744
2745const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
2746{
d518854c 2747 return NULL;
d5ab48a1 2748}
A mirror of the official openssl repository