]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
QUIC: Update documentation for SSL_get_event_timeout
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b
TM		 1/*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
18#include "internal/time.h"
99e1cc7b 19
faa3a180
HL		 20typedef struct qctx_st QCTX;
21
cb5c208b 22static void aon_write_finish(QUIC_XSO *xso);
23c04709 23static int create_channel(QUIC_CONNECTION *qc);
21c80696 24static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 25static int qc_try_create_default_xso_for_write(QCTX *ctx);
26static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 27static void quic_lock(QUIC_CONNECTION *qc);
28static void quic_unlock(QUIC_CONNECTION *qc);
faa3a180 29static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 30static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 33static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
faa3a180 35static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
22d53c88
HL		 36
37/*
38 * QUIC Front-End I/O API: Common Utilities
39 * ========================================
40 */
41
42/*
43 * Block until a predicate is met.
44 *
45 * Precondition: Must have a channel.
d7b1fadd 46 * Precondition: Must hold channel lock (unchecked).
22d53c88 47 */
d7b1fadd 48QUIC_NEEDS_LOCK
22d53c88
HL		 49static int block_until_pred(QUIC_CONNECTION *qc,
50 int (*pred)(void *arg), void *pred_arg,
51 uint32_t flags)
52{
53 QUIC_REACTOR *rtor;
54
55 assert(qc->ch != NULL);
56
57 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 58 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 59 qc->mutex);
22d53c88
HL		 60}
61
faa3a180
HL		 62/*
63 * QCTX is a utility structure which provides information we commonly wish to
64 * unwrap upon an API call being dispatched to us, namely:
65 *
66 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
67 * was passed);
68 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
69 * a QCSO with a default stream was passed);
70 * - whether a QSSO was passed (xso == NULL must not be used to determine this
71 * because it may be non-NULL when a QCSO is passed if that QCSO has a
72 * default stream).
73 */
74struct qctx_st {
75 QUIC_CONNECTION *qc;
76 QUIC_XSO *xso;
77 int is_stream;
78};
79
22d53c88
HL		 80/*
81 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 82 * rather than via ERR. Note that normal errors must always be raised while
83 * holding a lock.
22d53c88 84 */
faa3a180
HL		 85QUIC_NEEDS_LOCK
86static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 87 int err)
88{
faa3a180
HL		 89 if (ctx->is_stream)
90 ctx->xso->last_error = err;
91 else
92 ctx->qc->last_error = err;
93
22d53c88
HL		 94 return 0;
95}
96
97/*
98 * Raise a 'non-normal' error, meaning any error that is not reported via
99 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 100 *
101 * qc should be provided if available. In exceptional circumstances when qc is
102 * not known NULL may be passed. This should generally only happen when an
103 * expect_...() function defined below fails, which generally indicates a
104 * dispatch error or caller error.
faa3a180
HL		 105 *
106 * ctx should be NULL if the connection lock is not held.
22d53c88 107 */
faa3a180 108static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 109 const char *file,
110 int line,
111 const char *func,
112 int reason,
113 const char *fmt,
114 ...)
115{
116 va_list args;
117
118 ERR_new();
119 ERR_set_debug(file, line, func);
120
121 va_start(args, fmt);
122 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
123 va_end(args);
124
faa3a180
HL		 125 if (ctx != NULL) {
126 if (ctx->is_stream && ctx->xso != NULL)
127 ctx->xso->last_error = SSL_ERROR_SSL;
128 else if (!ctx->is_stream && ctx->qc != NULL)
129 ctx->qc->last_error = SSL_ERROR_SSL;
130 }
e88cdb8e 131
22d53c88
HL		 132 return 0;
133}
134
faa3a180
HL		 135#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
136 quic_raise_normal_error((ctx), (err))
22d53c88 137
faa3a180
HL		 138#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
139 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 140 OPENSSL_FILE, OPENSSL_LINE, \
141 OPENSSL_FUNC, \
142 (reason), \
143 (msg))
144
e88cdb8e
HL		 145/*
146 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
147 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
148 *
149 * After this returns 1, all fields of the passed QCTX are initialised.
150 * Returns 0 on failure. This function is intended to be used to provide API
151 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 152 */
e88cdb8e 153static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 154{
e88cdb8e
HL		 155 QUIC_CONNECTION *qc;
156 QUIC_XSO *xso;
157
158 ctx->qc = NULL;
159 ctx->xso = NULL;
160 ctx->is_stream = 0;
161
162 if (s == NULL)
8b7be3aa 163 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 164
e88cdb8e
HL		 165 switch (s->type) {
166 case SSL_TYPE_QUIC_CONNECTION:
167 qc = (QUIC_CONNECTION *)s;
168 ctx->qc = qc;
cb5c208b 169 ctx->xso = qc->default_xso;
e88cdb8e
HL		 170 ctx->is_stream = 0;
171 return 1;
172
173 case SSL_TYPE_QUIC_XSO:
174 xso = (QUIC_XSO *)s;
cb5c208b 175 ctx->qc = xso->conn;
e88cdb8e
HL		 176 ctx->xso = xso;
177 ctx->is_stream = 1;
178 return 1;
179
180 default:
181 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
182 }
183}
184
185/*
186 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
187 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
188 * stream.
21c80696
HL		 189 *
190 * remote_init determines if we expect the default XSO to be remotely created or
191 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 192 *
193 * Channel mutex is acquired and retained on success.
e88cdb8e 194 */
8b7be3aa
HL		 195QUIC_ACQUIRES_LOCK
196static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
197 QCTX *ctx)
e88cdb8e
HL		 198{
199 if (!expect_quic(s, ctx))
200 return 0;
201
8b7be3aa
HL		 202 quic_lock(ctx->qc);
203
21c80696 204 if (ctx->xso == NULL && remote_init >= 0) {
8b7be3aa 205 if (ossl_quic_channel_is_term_any(ctx->qc->ch)) {
faa3a180 206 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 207 goto err;
208 }
209
210 /* If we haven't finished the handshake, try to advance it. */
faa3a180 211 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 212 /* ossl_quic_do_handshake raised error here */
213 goto err;
214
215 if (remote_init == 0) {
faa3a180 216 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 217 goto err;
218 } else {
faa3a180 219 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 220 goto err;
221 }
222
21c80696
HL		 223 ctx->xso = ctx->qc->default_xso;
224 }
225
8b7be3aa 226 if (ctx->xso == NULL) {
faa3a180 227 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 228 goto err;
229 }
230
231 return 1; /* lock held */
e88cdb8e 232
8b7be3aa
HL		 233err:
234 quic_unlock(ctx->qc);
235 return 0;
e88cdb8e 236}
22d53c88 237
e88cdb8e
HL		 238/*
239 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
240 * be non-NULL if the QCSO has a default stream.
241 */
23c04709 242static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
e88cdb8e
HL		 243{
244 if (!expect_quic(s, ctx))
245 return 0;
246
247 if (ctx->is_stream)
faa3a180 248 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 249
250 return 1;
22d53c88
HL		 251}
252
4847599b
HL		 253/*
254 * Ensures that the channel mutex is held for a method which touches channel
255 * state.
256 *
257 * Precondition: Channel mutex is not held (unchecked)
258 */
20f45743 259static void quic_lock(QUIC_CONNECTION *qc)
4847599b 260{
629b408c 261#if defined(OPENSSL_THREADS)
ffce2946 262 ossl_crypto_mutex_lock(qc->mutex);
629b408c 263#endif
4847599b
HL		 264}
265
266/* Precondition: Channel mutex is held (unchecked) */
267QUIC_NEEDS_LOCK
268static void quic_unlock(QUIC_CONNECTION *qc)
269{
629b408c 270#if defined(OPENSSL_THREADS)
ffce2946 271 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 272#endif
4847599b
HL		 273}
274
275
22d53c88
HL		 276/*
277 * QUIC Front-End I/O API: Initialization
278 * ======================================
279 *
280 * SSL_new => ossl_quic_new
281 * ossl_quic_init
282 * SSL_reset => ossl_quic_reset
283 * SSL_clear => ossl_quic_clear
284 * ossl_quic_deinit
285 * SSL_free => ossl_quic_free
286 *
287 */
288
289/* SSL_new */
38b051a1
TM		 290SSL *ossl_quic_new(SSL_CTX *ctx)
291{
22d53c88
HL		 292 QUIC_CONNECTION *qc = NULL;
293 SSL *ssl_base = NULL;
a7f41885 294 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 295
296 qc = OPENSSL_zalloc(sizeof(*qc));
297 if (qc == NULL)
298 goto err;
299
22d53c88
HL		 300 /* Initialise the QUIC_CONNECTION's stub header. */
301 ssl_base = &qc->ssl;
a7f41885 302 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 303 ssl_base = NULL;
38b051a1
TM		 304 goto err;
305 }
38b051a1 306
4e3a55fd 307 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
a7f41885
MC		 308 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
309 goto err;
a7f41885 310
629b408c 311#if defined(OPENSSL_THREADS)
ffce2946 312 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
4847599b 313 goto err;
629b408c 314#endif
4847599b 315
629b408c 316#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 317 qc->is_thread_assisted
318 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 319#endif
f2f7c4f1 320
dfb9ae14
HL		 321 qc->as_server = 0; /* TODO(QUIC): server support */
322 qc->as_server_state = qc->as_server;
323
8b7be3aa 324 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696
HL		 325 qc->default_ssl_mode = qc->ssl.ctx->mode;
326 qc->default_blocking = 1;
83df44ae 327 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 328 qc->last_error = SSL_ERROR_NONE;
a7f41885 329
23c04709
HL		 330 if (!create_channel(qc))
331 goto err;
332
5cf99b40
MC		 333 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
334 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
335
995ff282
HL		 336 qc_update_reject_policy(qc);
337
21c80696
HL		 338 /*
339 * We do not create the default XSO yet. The reason for this is that the
340 * stream ID of the default XSO will depend on whether the stream is client
341 * or server-initiated, which depends on who transmits first. Since we do
342 * not know whether the application will be using a client-transmits-first
343 * or server-transmits-first protocol, we defer default XSO creation until
344 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
345 * we take that as a cue that the client is expecting a server-initiated
346 * stream, and vice versa if SSL_write() is called first.
347 */
22d53c88
HL		 348 return ssl_base;
349
38b051a1 350err:
2dbc39de 351 if (qc != NULL) {
629b408c
HL		 352#if defined(OPENSSL_THREADS)
353 ossl_crypto_mutex_free(qc->mutex);
354#endif
2dbc39de
HL		 355 ossl_quic_channel_free(qc->ch);
356 SSL_free(qc->tls);
357 }
22d53c88 358 OPENSSL_free(qc);
38b051a1
TM		 359 return NULL;
360}
361
22d53c88 362/* SSL_free */
a8489257 363QUIC_TAKES_LOCK
22d53c88
HL		 364void ossl_quic_free(SSL *s)
365{
072328dd 366 QCTX ctx;
9cab4bd5 367 int is_default;
22d53c88 368
072328dd
HL		 369 /* We should never be called on anything but a QSO. */
370 if (!expect_quic(s, &ctx))
22d53c88
HL		 371 return;
372
22b1a96f
HL		 373 quic_lock(ctx.qc);
374
2dbc39de
HL		 375 if (ctx.is_stream) {
376 /*
377 * When a QSSO is freed, the XSO is freed immediately, because the XSO
378 * itself only contains API personality layer data. However the
379 * underlying QUIC_STREAM is not freed immediately but is instead marked
380 * as deleted for later collection.
381 */
382
2dbc39de
HL		 383 assert(ctx.qc->num_xso > 0);
384 --ctx.qc->num_xso;
385
9aaafc26
HL		 386 /* If a stream's send part has not been finished, auto-reset it. */
387 if (ctx.xso->stream->sstream != NULL
388 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
389 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
390 ctx.xso->stream, 0);
2dbc39de 391
9aaafc26
HL		 392 /* Do STOP_SENDING for the receive part, if applicable. */
393 if (ctx.xso->stream->rstream != NULL)
394 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
395 ctx.xso->stream, 0);
f20fdd16
HL		 396
397 /* Update stream state. */
9aaafc26
HL		 398 ctx.xso->stream->deleted = 1;
399 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 400 ctx.xso->stream);
401
9cab4bd5 402 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 403 quic_unlock(ctx.qc);
404
9cab4bd5
HL		 405 /*
406 * Unref the connection in most cases; the XSO has a ref to the QC and
407 * not vice versa. But for a default XSO, to avoid circular references,
408 * the QC refs the XSO but the XSO does not ref the QC. If we are the
409 * default XSO, we only get here when the QC is being torn down anyway,
410 * so don't call SSL_free(qc) as we are already in it.
411 */
412 if (!is_default)
413 SSL_free(&ctx.qc->ssl);
414
2dbc39de
HL		 415 /* Note: SSL_free calls OPENSSL_free(xso) for us */
416 return;
417 }
418
2dbc39de
HL		 419 /*
420 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
421 * stage, but is freed during the channel free when the whole QSM is freed.
422 */
21c80696
HL		 423 if (ctx.qc->default_xso != NULL) {
424 QUIC_XSO *xso = ctx.qc->default_xso;
425
426 quic_unlock(ctx.qc);
427 SSL_free(&xso->ssl);
428 quic_lock(ctx.qc);
9cab4bd5 429 ctx.qc->default_xso = NULL;
21c80696 430 }
2dbc39de
HL		 431
432 /* Ensure we have no remaining XSOs. */
433 assert(ctx.qc->num_xso == 0);
434
629b408c 435#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 436 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
437 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
438 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 439 }
629b408c 440#endif
f2f7c4f1 441
072328dd 442 ossl_quic_channel_free(ctx.qc->ch);
22d53c88 443
072328dd
HL		 444 BIO_free(ctx.qc->net_rbio);
445 BIO_free(ctx.qc->net_wbio);
d1ac77b1 446
22d53c88 447 /* Note: SSL_free calls OPENSSL_free(qc) for us */
a7f41885 448
072328dd 449 SSL_free(ctx.qc->tls);
45b7c7e0 450 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 451#if defined(OPENSSL_THREADS)
45b7c7e0 452 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 453#endif
22d53c88
HL		 454}
455
456/* SSL method init */
38b051a1 457int ossl_quic_init(SSL *s)
99e1cc7b 458{
22d53c88
HL		 459 /* Same op as SSL_clear, forward the call. */
460 return ossl_quic_clear(s);
99e1cc7b
TM		 461}
462
22d53c88 463/* SSL method deinit */
38b051a1
TM		 464void ossl_quic_deinit(SSL *s)
465{
22d53c88 466 /* No-op. */
38b051a1
TM		 467}
468
22d53c88
HL		 469/* SSL_reset */
470int ossl_quic_reset(SSL *s)
471{
072328dd 472 QCTX ctx;
22d53c88 473
072328dd 474 if (!expect_quic(s, &ctx))
22d53c88
HL		 475 return 0;
476
c8b3fdc2 477 /* TODO(QUIC); Currently a no-op. */
22d53c88
HL		 478 return 1;
479}
480
481/* SSL_clear */
482int ossl_quic_clear(SSL *s)
99e1cc7b 483{
072328dd 484 QCTX ctx;
38b051a1 485
072328dd 486 if (!expect_quic(s, &ctx))
22d53c88
HL		 487 return 0;
488
c8b3fdc2 489 /* TODO(QUIC): Currently a no-op. */
22d53c88
HL		 490 return 1;
491}
38b051a1 492
b212d554
HL		 493void ossl_quic_conn_set_override_now_cb(SSL *s,
494 OSSL_TIME (*now_cb)(void *arg),
495 void *now_cb_arg)
496{
072328dd 497 QCTX ctx;
b212d554 498
072328dd
HL		 499 if (!expect_quic(s, &ctx))
500 return;
501
502 ctx.qc->override_now_cb = now_cb;
503 ctx.qc->override_now_cb_arg = now_cb_arg;
b212d554
HL		 504}
505
3b1ab5a3
HL		 506void ossl_quic_conn_force_assist_thread_wake(SSL *s)
507{
072328dd
HL		 508 QCTX ctx;
509
510 if (!expect_quic(s, &ctx))
511 return;
3b1ab5a3 512
629b408c 513#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 514 if (ctx.qc->is_thread_assisted && ctx.qc->started)
515 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 516#endif
3b1ab5a3
HL		 517}
518
995ff282
HL		 519QUIC_NEEDS_LOCK
520static void qc_touch_default_xso(QUIC_CONNECTION *qc)
521{
522 qc->default_xso_created = 1;
523 qc_update_reject_policy(qc);
524}
525
9cab4bd5
HL		 526/*
527 * Changes default XSO. Allows caller to keep reference to the old default XSO
528 * (if any). Reference to new XSO is transferred from caller.
529 */
995ff282 530QUIC_NEEDS_LOCK
9cab4bd5
HL		 531static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
532 int touch,
533 QUIC_XSO **old_xso)
995ff282 534{
9cab4bd5
HL		 535 int refs;
536
537 *old_xso = NULL;
538
539 if (qc->default_xso != xso) {
540 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
541
542 qc->default_xso = xso;
543
544 if (xso == NULL) {
545 /*
546 * Changing to not having a default XSO. XSO becomes standalone and
547 * now has a ref to the QC.
548 */
549 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
550 return;
551 } else {
552 /*
553 * Changing from not having a default XSO to having one. The new XSO
554 * will have had a reference to the QC we need to drop to avoid a
555 * circular reference.
3a61a96c
HL		 556 *
557 * Currently we never change directly from one default XSO to
558 * another, though this function would also still be correct if this
559 * weren't the case.
9cab4bd5 560 */
3a61a96c
HL		 561 assert(*old_xso == NULL);
562
9cab4bd5
HL		 563 CRYPTO_DOWN_REF(&qc->ssl.references, &refs, &qc->ssl.lock);
564 assert(refs > 0);
565 }
566 }
567
995ff282
HL		 568 if (touch)
569 qc_touch_default_xso(qc);
570}
571
9cab4bd5
HL		 572/*
573 * Changes default XSO, releasing the reference to any previous default XSO.
574 * Reference to new XSO is transferred from caller.
575 */
576QUIC_NEEDS_LOCK
577static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
578{
579 QUIC_XSO *old_xso = NULL;
580
581 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
582
583 if (old_xso != NULL)
584 SSL_free(&old_xso->ssl);
585}
586
22d53c88
HL		 587/*
588 * QUIC Front-End I/O API: Network BIO Configuration
589 * =================================================
590 *
591 * Handling the different BIOs is difficult:
592 *
593 * - It is more or less a requirement that we use non-blocking network I/O;
594 * we need to be able to have timeouts on recv() calls, and make best effort
595 * (non blocking) send() and recv() calls.
596 *
597 * The only sensible way to do this is to configure the socket into
598 * non-blocking mode. We could try to do select() before calling send() or
599 * recv() to get a guarantee that the call will not block, but this will
600 * probably run into issues with buggy OSes which generate spurious socket
601 * readiness events. In any case, relying on this to work reliably does not
602 * seem sane.
603 *
604 * Timeouts could be handled via setsockopt() socket timeout options, but
605 * this depends on OS support and adds another syscall to every network I/O
606 * operation. It also has obvious thread safety concerns if we want to move
607 * to concurrent use of a single socket at some later date.
608 *
609 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
610 * be made non-blocking. However some OSes (e.g. Windows) do not support
611 * this, so we cannot rely on this.
612 *
613 * As such, we need to configure any FD in non-blocking mode. This may
614 * confound users who pass a blocking socket to libssl. However, in practice
615 * it would be extremely strange for a user of QUIC to pass an FD to us,
616 * then also try and send receive traffic on the same socket(!). Thus the
617 * impact of this should be limited, and can be documented.
618 *
619 * - We support both blocking and non-blocking operation in terms of the API
620 * presented to the user. One prospect is to set the blocking mode based on
621 * whether the socket passed to us was already in blocking mode. However,
622 * Windows has no API for determining if a socket is in blocking mode (!),
623 * therefore this cannot be done portably. Currently therefore we expose an
624 * explicit API call to set this, and default to blocking mode.
625 *
626 * - We need to determine our initial destination UDP address. The "natural"
627 * way for a user to do this is to set the peer variable on a BIO_dgram.
628 * However, this has problems because BIO_dgram's peer variable is used for
629 * both transmission and reception. This means it can be constantly being
630 * changed to a malicious value (e.g. if some random unrelated entity on the
631 * network starts sending traffic to us) on every read call. This is not a
632 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
633 * calls only, which do not use this variable. However, we do need to let
634 * the user specify the peer in a 'normal' manner. The compromise here is
635 * that we grab the current peer value set at the time the write BIO is set
636 * and do not read the value again.
637 *
638 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
639 * Currently we do this by only supporting non-blocking mode.
640 *
641 */
642
643/*
644 * Determines what initial destination UDP address we should use, if possible.
645 * If this fails the client must set the destination address manually, or use a
646 * BIO which does not need a destination address.
647 */
648static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
649{
75b2920a 650 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
22d53c88
HL		 651 return 0;
652
653 return 1;
654}
655
072328dd 656void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 657{
072328dd
HL		 658 QCTX ctx;
659
660 if (!expect_quic(s, &ctx))
661 return;
662
663 if (ctx.qc->net_rbio == net_rbio)
38b051a1 664 return;
38b051a1 665
23c04709 666 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
22d53c88
HL		 667 return;
668
072328dd
HL		 669 BIO_free(ctx.qc->net_rbio);
670 ctx.qc->net_rbio = net_rbio;
22d53c88
HL		 671
672 /*
673 * If what we have is not pollable (e.g. a BIO_dgram_pair) disable blocking
674 * mode as we do not support it for non-pollable BIOs.
675 */
676 if (net_rbio != NULL) {
677 BIO_POLL_DESCRIPTOR d = {0};
678
679 if (!BIO_get_rpoll_descriptor(net_rbio, &d)
680 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 681 ctx.qc->blocking = 0;
682 ctx.qc->default_blocking = 0;
072328dd 683 ctx.qc->can_poll_net_rbio = 0;
22d53c88 684 } else {
072328dd 685 ctx.qc->can_poll_net_rbio = 1;
22d53c88
HL		 686 }
687 }
99e1cc7b
TM		 688}
689
072328dd 690void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 691{
072328dd
HL		 692 QCTX ctx;
693
694 if (!expect_quic(s, &ctx))
22d53c88
HL		 695 return;
696
072328dd 697 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 698 return;
699
23c04709 700 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
072328dd
HL		 701 return;
702
703 BIO_free(ctx.qc->net_wbio);
704 ctx.qc->net_wbio = net_wbio;
22d53c88
HL		 705
706 if (net_wbio != NULL) {
707 BIO_POLL_DESCRIPTOR d = {0};
38b051a1 708
22d53c88
HL		 709 if (!BIO_get_wpoll_descriptor(net_wbio, &d)
710 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 711 ctx.qc->blocking = 0;
712 ctx.qc->default_blocking = 0;
072328dd 713 ctx.qc->can_poll_net_wbio = 0;
22d53c88 714 } else {
072328dd 715 ctx.qc->can_poll_net_wbio = 1;
22d53c88 716 }
38b051a1 717
22d53c88
HL		 718 /*
719 * If we do not have a peer address yet, and we have not started trying
720 * to connect yet, try to autodetect one.
721 */
072328dd
HL		 722 if (BIO_ADDR_family(&ctx.qc->init_peer_addr) == AF_UNSPEC
723 && !ctx.qc->started) {
724 if (!csm_analyse_init_peer_addr(net_wbio, &ctx.qc->init_peer_addr))
22d53c88 725 /* best effort */
072328dd 726 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88 727
23c04709
HL		 728 ossl_quic_channel_set_peer_addr(ctx.qc->ch,
729 &ctx.qc->init_peer_addr);
22d53c88 730 }
38b051a1 731 }
22d53c88 732}
38b051a1 733
072328dd 734BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 735{
072328dd
HL		 736 QCTX ctx;
737
738 if (!expect_quic(s, &ctx))
739 return NULL;
740
741 return ctx.qc->net_rbio;
38b051a1
TM		 742}
743
072328dd 744BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 745{
072328dd
HL		 746 QCTX ctx;
747
748 if (!expect_quic(s, &ctx))
749 return NULL;
750
751 return ctx.qc->net_wbio;
22d53c88
HL		 752}
753
072328dd 754int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 755{
072328dd
HL		 756 QCTX ctx;
757
758 if (!expect_quic(s, &ctx))
759 return 0;
760
cb5c208b
HL		 761 if (ctx.is_stream)
762 return ctx.xso->blocking;
763
072328dd 764 return ctx.qc->blocking;
22d53c88
HL		 765}
766
072328dd 767int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 768{
072328dd
HL		 769 QCTX ctx;
770
771 if (!expect_quic(s, &ctx))
772 return 0;
773
22d53c88
HL		 774 /* Cannot enable blocking mode if we do not have pollable FDs. */
775 if (blocking != 0 &&
072328dd 776 (!ctx.qc->can_poll_net_rbio || !ctx.qc->can_poll_net_wbio))
faa3a180 777 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
22d53c88 778
cb5c208b
HL		 779 if (!ctx.is_stream) {
780 /*
781 * If called on a QCSO, update default and connection-level blocking
782 * modes.
783 */
784 ctx.qc->blocking = (blocking != 0);
785 ctx.qc->default_blocking = ctx.qc->blocking;
786 }
787
788 if (ctx.xso != NULL)
789 /*
790 * If called on a QSSO or QCSO with a default XSO, update blocking
791 * mode.
792 */
793 ctx.xso->blocking = (blocking != 0);
794
99e1cc7b
TM		 795 return 1;
796}
797
072328dd 798int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 799 const BIO_ADDR *peer_addr)
99e1cc7b 800{
072328dd
HL		 801 QCTX ctx;
802
803 if (!expect_quic(s, &ctx))
804 return 0;
805
806 if (ctx.qc->started)
faa3a180 807 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
22d53c88 808 NULL);
38b051a1 809
22d53c88 810 if (peer_addr == NULL) {
072328dd 811 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 812 return 1;
813 }
38b051a1 814
072328dd 815 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 816 return 1;
817}
818
22d53c88
HL		 819/*
820 * QUIC Front-End I/O API: Asynchronous I/O Management
821 * ===================================================
822 *
6084e04b
HL		 823 * (BIO/)SSL_handle_events => ossl_quic_handle_events
824 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
22d53c88
HL		 825 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
826 *
827 */
828
829/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 830static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 831{
22d53c88
HL		 832 return qc->blocking;
833}
38b051a1 834
cb5c208b
HL		 835static int xso_blocking_mode(const QUIC_XSO *xso)
836{
837 return xso->blocking
838 && xso->conn->can_poll_net_rbio
839 && xso->conn->can_poll_net_wbio;
840}
841
6084e04b 842/* SSL_handle_events; handles events by ticking the reactor. */
a8489257 843QUIC_TAKES_LOCK
6084e04b 844int ossl_quic_handle_events(SSL *s)
22d53c88 845{
072328dd
HL		 846 QCTX ctx;
847
848 if (!expect_quic(s, &ctx))
849 return 0;
850
851 quic_lock(ctx.qc);
072328dd
HL		 852 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
853 quic_unlock(ctx.qc);
99e1cc7b
TM		 854 return 1;
855}
856
22d53c88 857/*
6084e04b
HL		 858 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
859 * should be ticked by the application by calling SSL_handle_events(). tv is set
7ea49713
HL		 860 * to 0 if the object should be ticked immediately. If no timeout is currently
861 * active, *is_infinite is set to 1 and the value of *tv is undefined.
22d53c88 862 */
a8489257 863QUIC_TAKES_LOCK
7ea49713 864int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
99e1cc7b 865{
072328dd 866 QCTX ctx;
a1660c94 867 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 868
072328dd
HL		 869 if (!expect_quic(s, &ctx))
870 return 0;
a8489257 871
072328dd
HL		 872 quic_lock(ctx.qc);
873
23c04709
HL		 874 deadline
875 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 876
877 if (ossl_time_is_infinite(deadline)) {
7ea49713
HL		 878 *is_infinite = 1;
879
880 /*
881 * Robustness against faulty applications that don't check *is_infinite;
882 * harmless long timeout.
883 */
884 tv->tv_sec = 1000000;
22d53c88 885 tv->tv_usec = 0;
7ea49713 886
072328dd 887 quic_unlock(ctx.qc);
22d53c88
HL		 888 return 1;
889 }
890
a1660c94 891 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, ossl_time_now()));
7ea49713 892 *is_infinite = 0;
072328dd 893 quic_unlock(ctx.qc);
22d53c88
HL		 894 return 1;
895}
896
897/* SSL_get_rpoll_descriptor */
072328dd 898int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 899{
072328dd
HL		 900 QCTX ctx;
901
902 if (!expect_quic(s, &ctx))
e44795bd
TM		 903 return 0;
904
072328dd
HL		 905 if (desc == NULL || ctx.qc->net_rbio == NULL)
906 return 0;
907
908 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 909}
910
22d53c88 911/* SSL_get_wpoll_descriptor */
072328dd 912int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 913{
072328dd
HL		 914 QCTX ctx;
915
916 if (!expect_quic(s, &ctx))
917 return 0;
918
919 if (desc == NULL || ctx.qc->net_wbio == NULL)
22d53c88
HL		 920 return 0;
921
072328dd 922 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 923}
924
b639475a 925/* SSL_net_read_desired */
a8489257 926QUIC_TAKES_LOCK
072328dd 927int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 928{
072328dd 929 QCTX ctx;
a8489257
HL		 930 int ret;
931
072328dd
HL		 932 if (!expect_quic(s, &ctx))
933 return 0;
934
935 quic_lock(ctx.qc);
072328dd
HL		 936 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
937 quic_unlock(ctx.qc);
a8489257 938 return ret;
22d53c88 939}
e44795bd 940
b639475a 941/* SSL_net_write_desired */
a8489257 942QUIC_TAKES_LOCK
072328dd 943int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 944{
a8489257 945 int ret;
072328dd
HL		 946 QCTX ctx;
947
948 if (!expect_quic(s, &ctx))
949 return 0;
a8489257 950
072328dd 951 quic_lock(ctx.qc);
072328dd
HL		 952 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
953 quic_unlock(ctx.qc);
a8489257 954 return ret;
99e1cc7b
TM		 955}
956
22d53c88
HL		 957/*
958 * QUIC Front-End I/O API: Connection Lifecycle Operations
959 * =======================================================
960 *
961 * SSL_do_handshake => ossl_quic_do_handshake
962 * SSL_set_connect_state => ossl_quic_set_connect_state
963 * SSL_set_accept_state => ossl_quic_set_accept_state
964 * SSL_shutdown => ossl_quic_shutdown
965 * SSL_ctrl => ossl_quic_ctrl
966 * (BIO/)SSL_connect => ossl_quic_connect
967 * (BIO/)SSL_accept => ossl_quic_accept
968 *
969 */
970
971/* SSL_shutdown */
e8043229 972static int quic_shutdown_wait(void *arg)
99e1cc7b 973{
e8043229 974 QUIC_CONNECTION *qc = arg;
22d53c88 975
23c04709 976 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 977}
22d53c88 978
a8489257 979QUIC_TAKES_LOCK
072328dd 980int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 981 const SSL_SHUTDOWN_EX_ARGS *args,
982 size_t args_len)
983{
a8489257 984 int ret;
072328dd 985 QCTX ctx;
a8489257 986
072328dd
HL		 987 if (!expect_quic(s, &ctx))
988 return 0;
989
cb5c208b
HL		 990 if (ctx.is_stream)
991 /* TODO(QUIC): Semantics currently undefined for QSSOs */
992 return -1;
993
072328dd 994 quic_lock(ctx.qc);
a8489257 995
072328dd 996 ossl_quic_channel_local_close(ctx.qc->ch,
e8043229
HL		 997 args != NULL ? args->quic_error_code : 0);
998
1d40b151 999 /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
e8043229 1000
072328dd
HL		 1001 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1002 quic_unlock(ctx.qc);
e8043229 1003 return 1;
a8489257 1004 }
e8043229 1005
cb5c208b 1006 if (qc_blocking_mode(ctx.qc) && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0)
072328dd 1007 block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
e8043229 1008 else
072328dd 1009 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
e8043229 1010
072328dd
HL		 1011 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1012 quic_unlock(ctx.qc);
a8489257 1013 return ret;
99e1cc7b
TM		 1014}
1015
22d53c88 1016/* SSL_ctrl */
e44795bd 1017long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1018{
072328dd 1019 QCTX ctx;
38b051a1 1020
072328dd 1021 if (!expect_quic(s, &ctx))
38b051a1
TM		 1022 return 0;
1023
22d53c88
HL		 1024 switch (cmd) {
1025 case SSL_CTRL_MODE:
cb5c208b
HL		 1026 /* If called on a QCSO, update the default mode. */
1027 if (!ctx.is_stream)
1028 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1029
1030 /*
1031 * If we were called on a QSSO or have a default stream, we also update
1032 * that.
1033 */
1034 if (ctx.xso != NULL) {
1035 /* Cannot enable EPW while AON write in progress. */
1036 if (ctx.xso->aon_write_in_progress)
1037 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1038
1039 ctx.xso->ssl_mode |= (uint32_t)larg;
1040 return ctx.xso->ssl_mode;
1041 }
dfc227bd 1042
cb5c208b 1043 return ctx.qc->default_ssl_mode;
22d53c88 1044 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1045 if (!ctx.is_stream)
1046 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1047
1048 if (ctx.xso != NULL) {
1049 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1050 return ctx.xso->ssl_mode;
1051 }
1052
1053 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1054
1055 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
5cf99b40 1056 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
63dfde87
MC		 1057 /* This ctrl also needs to be passed to the internal SSL object */
1058 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1059
22d53c88 1060 default:
f8ffab0d 1061 /* Probably a TLS related ctrl. Defer to our internal SSL object */
072328dd 1062 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
08e49012 1063 }
22d53c88
HL		 1064}
1065
1066/* SSL_set_connect_state */
072328dd 1067void ossl_quic_set_connect_state(SSL *s)
22d53c88 1068{
072328dd
HL		 1069 QCTX ctx;
1070
1071 if (!expect_quic(s, &ctx))
1072 return;
1073
22d53c88 1074 /* Cannot be changed after handshake started */
cb5c208b 1075 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1076 return;
1077
dfb9ae14 1078 ctx.qc->as_server_state = 0;
22d53c88
HL		 1079}
1080
1081/* SSL_set_accept_state */
072328dd 1082void ossl_quic_set_accept_state(SSL *s)
22d53c88 1083{
072328dd
HL		 1084 QCTX ctx;
1085
1086 if (!expect_quic(s, &ctx))
1087 return;
1088
22d53c88 1089 /* Cannot be changed after handshake started */
cb5c208b 1090 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1091 return;
1092
dfb9ae14 1093 ctx.qc->as_server_state = 1;
22d53c88
HL		 1094}
1095
1096/* SSL_do_handshake */
1097struct quic_handshake_wait_args {
1098 QUIC_CONNECTION *qc;
1099};
1100
1101static int quic_handshake_wait(void *arg)
1102{
1103 struct quic_handshake_wait_args *args = arg;
1104
1105 if (!ossl_quic_channel_is_active(args->qc->ch))
1106 return -1;
1107
1108 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1109 return 1;
1110
99e1cc7b
TM		 1111 return 0;
1112}
1113
22d53c88 1114static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1115{
22d53c88 1116 assert(qc->ch != NULL);
08e49012 1117
d1ac77b1
HL		 1118 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1119 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
22d53c88
HL		 1120 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1121 return 0;
1122
1123 return 1;
1124}
1125
4847599b 1126QUIC_NEEDS_LOCK
23c04709 1127static int create_channel(QUIC_CONNECTION *qc)
22d53c88
HL		 1128{
1129 QUIC_CHANNEL_ARGS args = {0};
1130
5cf99b40
MC		 1131 args.libctx = qc->ssl.ctx->libctx;
1132 args.propq = qc->ssl.ctx->propq;
1133 args.is_server = qc->as_server;
1134 args.tls = qc->tls;
1135 args.mutex = qc->mutex;
1136 args.now_cb = qc->override_now_cb;
1137 args.now_cb_arg = qc->override_now_cb_arg;
22d53c88
HL		 1138
1139 qc->ch = ossl_quic_channel_new(&args);
1140 if (qc->ch == NULL)
1141 return 0;
1142
e8043229
HL		 1143 return 1;
1144}
1145
1146/*
1147 * Creates a channel and configures it with the information we have accumulated
1148 * via calls made to us from the application prior to starting a handshake
1149 * attempt.
1150 */
4847599b 1151QUIC_NEEDS_LOCK
23c04709 1152static int ensure_channel_started(QUIC_CONNECTION *qc)
e8043229 1153{
ffce2946 1154 if (!qc->started) {
ffce2946
HL		 1155 if (!configure_channel(qc)
1156 || !ossl_quic_channel_start(qc->ch))
1157 goto err;
f2f7c4f1 1158
629b408c 1159#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946
HL		 1160 if (qc->is_thread_assisted)
1161 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch))
1162 goto err;
629b408c 1163#endif
ffce2946
HL		 1164 }
1165
22d53c88
HL		 1166 qc->started = 1;
1167 return 1;
f2f7c4f1
HL		 1168
1169err:
1170 ossl_quic_channel_free(qc->ch);
1171 qc->ch = NULL;
1172 return 0;
99e1cc7b
TM		 1173}
1174
4a530180 1175QUIC_NEEDS_LOCK
faa3a180 1176static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1177{
22d53c88 1178 int ret;
faa3a180 1179 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1180
23c04709 1181 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1182 /* Handshake already completed. */
4a530180 1183 return 1;
ca41f6b7 1184
23c04709 1185 if (ossl_quic_channel_is_term_any(qc->ch))
faa3a180 1186 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1187
ca41f6b7 1188 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
22d53c88 1189 /* Peer address must have been set. */
faa3a180 1190 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
4a530180 1191 return -1; /* Non-protocol error */
ca41f6b7 1192 }
22d53c88 1193
dfb9ae14 1194 if (qc->as_server != qc->as_server_state) {
23c04709 1195 /* TODO(QUIC): Must match the method used to create the QCSO */
faa3a180 1196 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1197 return -1; /* Non-protocol error */
ca41f6b7 1198 }
22d53c88 1199
ca41f6b7 1200 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1201 /* Need read and write BIOs. */
faa3a180 1202 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1203 return -1; /* Non-protocol error */
ca41f6b7 1204 }
22d53c88
HL		 1205
1206 /*
1207 * Start connection process. Note we may come here multiple times in
1208 * non-blocking mode, which is fine.
1209 */
23c04709 1210 if (!ensure_channel_started(qc)) {
faa3a180 1211 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1212 return -1; /* Non-protocol error */
ca41f6b7 1213 }
22d53c88 1214
4a530180 1215 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1216 /* The handshake is now done. */
4a530180 1217 return 1;
22d53c88 1218
cb5c208b 1219 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1220 /* In blocking mode, wait for the handshake to complete. */
1221 struct quic_handshake_wait_args args;
1222
1223 args.qc = qc;
1224
1225 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
ca41f6b7 1226 if (!ossl_quic_channel_is_active(qc->ch)) {
faa3a180 1227 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1228 return 0; /* Shutdown before completion */
ca41f6b7 1229 } else if (ret <= 0) {
faa3a180 1230 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1231 return -1; /* Non-protocol error */
ca41f6b7 1232 }
22d53c88
HL		 1233
1234 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1235 return 1;
22d53c88 1236 } else {
ca41f6b7 1237 /* Try to advance the reactor. */
ccd31037 1238 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
ca41f6b7 1239
4a530180 1240 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1241 /* The handshake is now done. */
4a530180 1242 return 1;
ca41f6b7 1243
22d53c88 1244 /* Otherwise, indicate that the handshake isn't done yet. */
faa3a180 1245 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
4a530180 1246 return -1; /* Non-protocol error */
22d53c88 1247 }
4a530180 1248}
a8489257 1249
4a530180 1250QUIC_TAKES_LOCK
072328dd 1251int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1252{
1253 int ret;
072328dd 1254 QCTX ctx;
4a530180 1255
072328dd
HL		 1256 if (!expect_quic(s, &ctx))
1257 return 0;
1258
1259 quic_lock(ctx.qc);
4a530180 1260
faa3a180 1261 ret = quic_do_handshake(&ctx);
072328dd 1262 quic_unlock(ctx.qc);
a8489257 1263 return ret;
99e1cc7b
TM		 1264}
1265
22d53c88
HL		 1266/* SSL_connect */
1267int ossl_quic_connect(SSL *s)
99e1cc7b 1268{
22d53c88 1269 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1270 ossl_quic_set_connect_state(s);
22d53c88
HL		 1271
1272 /* Begin or continue the handshake */
072328dd 1273 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1274}
1275
22d53c88
HL		 1276/* SSL_accept */
1277int ossl_quic_accept(SSL *s)
99e1cc7b 1278{
22d53c88 1279 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1280 ossl_quic_set_accept_state(s);
22d53c88
HL		 1281
1282 /* Begin or continue the handshake */
072328dd 1283 return ossl_quic_do_handshake(s);
99e1cc7b 1284}
e44795bd 1285
cb5c208b
HL		 1286/*
1287 * QUIC Front-End I/O API: Stream Lifecycle Operations
1288 * ===================================================
1289 *
1290 * SSL_stream_new => ossl_quic_conn_stream_new
1291 *
1292 */
21c80696
HL		 1293
1294/*
1295 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1296 * default XSO was created. Returns 0 if it was not (e.g. because it already
1297 * exists). Note that this is NOT an error condition.
1298 */
1299QUIC_NEEDS_LOCK
faa3a180 1300static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1301{
8b7be3aa 1302 uint64_t flags = 0;
faa3a180 1303 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1304
8b7be3aa
HL		 1305 if (qc->default_xso_created
1306 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1307 /*
1308 * We only do this once. If the user detaches a previously created
1309 * default XSO we don't auto-create another one.
1310 */
faa3a180 1311 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1312
8b7be3aa
HL		 1313 /* Create a locally-initiated stream. */
1314 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1315 flags |= SSL_STREAM_FLAG_UNI;
1316
faa3a180 1317 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1318 /*needs_lock=*/0),
995ff282 1319 /*touch=*/0);
8b7be3aa 1320 if (qc->default_xso == NULL)
faa3a180 1321 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1322
995ff282 1323 qc_touch_default_xso(qc);
8b7be3aa
HL		 1324 return 1;
1325}
1326
1327struct quic_wait_for_stream_args {
1328 QUIC_CONNECTION *qc;
1329 QUIC_STREAM *qs;
faa3a180 1330 QCTX *ctx;
8b7be3aa
HL		 1331 uint64_t expect_id;
1332};
1333
1334QUIC_NEEDS_LOCK
1335static int quic_wait_for_stream(void *arg)
1336{
1337 struct quic_wait_for_stream_args *args = arg;
1338
1339 if (!ossl_quic_channel_is_active(args->qc->ch)) {
1340 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1341 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1342 return -1;
1343 }
1344
1345 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1346 args->expect_id | QUIC_STREAM_DIR_BIDI);
1347 if (args->qs == NULL)
1348 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1349 args->expect_id | QUIC_STREAM_DIR_UNI);
1350
8b7be3aa
HL		 1351 if (args->qs != NULL)
1352 return 1; /* stream now exists */
1353
1354 return 0; /* did not get a stream, keep trying */
1355}
1356
1357QUIC_NEEDS_LOCK
faa3a180 1358static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1359{
1360 /* Called on a QCSO and we don't currently have a default stream. */
1361 uint64_t expect_id;
faa3a180 1362 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1363 QUIC_STREAM *qs;
1364 int res;
1365 struct quic_wait_for_stream_args wargs;
1366
1367 /*
1368 * If default stream functionality is disabled or we already detached
1369 * one, don't make another default stream and just fail.
1370 */
1371 if (qc->default_xso_created
1372 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1373 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1374
1375 /*
1376 * The peer may have opened a stream since we last ticked. So tick and
1377 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1378 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1379 * first stream created by a peer must have an ordinal of 0.
1380 */
1381 expect_id = qc->as_server
1382 ? QUIC_STREAM_INITIATOR_CLIENT
1383 : QUIC_STREAM_INITIATOR_SERVER;
1384
8b7be3aa 1385 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1386 expect_id | QUIC_STREAM_DIR_BIDI);
1387 if (qs == NULL)
1388 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1389 expect_id | QUIC_STREAM_DIR_UNI);
1390
8b7be3aa
HL		 1391 if (qs == NULL) {
1392 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1393
1394 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1395 expect_id);
1396 }
1397
1398 if (qs == NULL) {
1399 if (!qc_blocking_mode(qc))
1400 /* Non-blocking mode, so just bail immediately. */
faa3a180 1401 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1402
1403 /* Block until we have a stream. */
1404 wargs.qc = qc;
1405 wargs.qs = NULL;
faa3a180 1406 wargs.ctx = ctx;
8b7be3aa
HL		 1407 wargs.expect_id = expect_id;
1408
1409 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1410 if (res == 0)
faa3a180 1411 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1412 else if (res < 0 || wargs.qs == NULL)
1413 /* quic_wait_for_stream raised error here */
21c80696 1414 return 0;
8b7be3aa
HL		 1415
1416 qs = wargs.qs;
21c80696
HL		 1417 }
1418
8b7be3aa
HL		 1419 /*
1420 * We now have qs != NULL. Make it the default stream, creating the
1421 * necessary XSO.
1422 */
995ff282 1423 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1424 if (qc->default_xso == NULL)
faa3a180 1425 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1426
995ff282 1427 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1428 return 1;
1429}
1430
1431QUIC_NEEDS_LOCK
1432static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1433{
1434 QUIC_XSO *xso = NULL;
1435
1436 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL)
1437 goto err;
1438
1439 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO))
1440 goto err;
1441
9cab4bd5
HL		 1442 /* XSO refs QC */
1443 if (!SSL_up_ref(&qc->ssl))
1444 goto err;
1445
21c80696
HL		 1446 xso->conn = qc;
1447 xso->blocking = qc->default_blocking;
1448 xso->ssl_mode = qc->default_ssl_mode;
faa3a180 1449 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1450
1451 xso->stream = qs;
1452
1453 ++qc->num_xso;
1454 return xso;
1455
1456err:
1457 OPENSSL_free(xso);
1458 return NULL;
1459}
1460
13ac037d 1461/* locking depends on need_lock */
faa3a180 1462static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1463{
faa3a180 1464 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1465 QUIC_XSO *xso = NULL;
21c80696 1466 QUIC_STREAM *qs = NULL;
2dbc39de 1467 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
cb5c208b 1468
13ac037d
HL		 1469 if (need_lock)
1470 quic_lock(qc);
2dbc39de 1471
13ac037d 1472 if (ossl_quic_channel_is_term_any(qc->ch)) {
faa3a180 1473 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 1474 goto err;
1475 }
1476
13ac037d 1477 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
21c80696 1478 if (qs == NULL)
2dbc39de 1479 goto err;
cb5c208b 1480
13ac037d 1481 xso = create_xso_from_stream(qc, qs);
21c80696 1482 if (xso == NULL)
cb5c208b
HL		 1483 goto err;
1484
13ac037d
HL		 1485 qc_touch_default_xso(qc); /* inhibits default XSO */
1486 if (need_lock)
1487 quic_unlock(qc);
1488
cb5c208b
HL		 1489 return &xso->ssl;
1490
1491err:
1492 OPENSSL_free(xso);
13ac037d
HL		 1493 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1494 if (need_lock)
1495 quic_unlock(qc);
1496
cb5c208b 1497 return NULL;
13ac037d
HL		 1498
1499}
1500
1501QUIC_TAKES_LOCK
1502SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1503{
1504 QCTX ctx;
1505
1506 if (!expect_quic_conn_only(s, &ctx))
1507 return NULL;
1508
faa3a180 1509 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 1510}
1511
22d53c88
HL		 1512/*
1513 * QUIC Front-End I/O API: Steady-State Operations
1514 * ===============================================
1515 *
1516 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1517 * is, the functions used during the established phase of a QUIC connection
1518 * (e.g. SSL_read, SSL_write).
1519 *
1520 * Each function must handle both blocking and non-blocking modes. As discussed
1521 * above, all QUIC I/O is implemented using non-blocking mode internally.
1522 *
1523 * SSL_get_error => partially implemented by ossl_quic_get_error
1524 * (BIO/)SSL_read => ossl_quic_read
1525 * (BIO/)SSL_write => ossl_quic_write
1526 * SSL_pending => ossl_quic_pending
a9979965 1527 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
22d53c88
HL		 1528 */
1529
1530/* SSL_get_error */
072328dd 1531int ossl_quic_get_error(const SSL *s, int i)
e44795bd 1532{
072328dd
HL		 1533 QCTX ctx;
1534
1535 if (!expect_quic(s, &ctx))
1536 return 0;
1537
faa3a180 1538 return ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
e44795bd
TM		 1539}
1540
22d53c88
HL		 1541/*
1542 * SSL_write
1543 * ---------
1544 *
1545 * The set of functions below provide the implementation of the public SSL_write
1546 * function. We must handle:
1547 *
1548 * - both blocking and non-blocking operation at the application level,
1549 * depending on how we are configured;
1550 *
1551 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1552 *
1553 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1554 *
1555 */
4847599b 1556QUIC_NEEDS_LOCK
cb5c208b 1557static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
22d53c88
HL		 1558{
1559 /*
1560 * We have appended at least one byte to the stream.
1561 * Potentially mark stream as active, depending on FC.
1562 */
1563 if (did_append)
cb5c208b
HL		 1564 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1565 xso->stream);
22d53c88
HL		 1566
1567 /*
1568 * Try and send.
1569 *
1570 * TODO(QUIC): It is probably inefficient to try and do this immediately,
1571 * plus we should eventually consider Nagle's algorithm.
1572 */
1573 if (do_tick)
cb5c208b 1574 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 1575}
1576
1577struct quic_write_again_args {
cb5c208b 1578 QUIC_XSO *xso;
22d53c88
HL		 1579 const unsigned char *buf;
1580 size_t len;
1581 size_t total_written;
1582};
1583
4847599b 1584QUIC_NEEDS_LOCK
22d53c88
HL		 1585static int quic_write_again(void *arg)
1586{
1587 struct quic_write_again_args *args = arg;
1588 size_t actual_written = 0;
1589
cb5c208b 1590 if (!ossl_quic_channel_is_active(args->xso->conn->ch))
22d53c88
HL		 1591 /* If connection is torn down due to an error while blocking, stop. */
1592 return -2;
1593
cb5c208b 1594 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
22d53c88
HL		 1595 args->buf, args->len, &actual_written))
1596 return -2;
1597
cb5c208b 1598 quic_post_write(args->xso, actual_written > 0, 0);
22d53c88
HL		 1599
1600 args->buf += actual_written;
1601 args->len -= actual_written;
1602 args->total_written += actual_written;
1603
3f0c310b 1604 if (args->len == 0)
22d53c88
HL		 1605 /* Written everything, done. */
1606 return 1;
1607
1608 /* Not written everything yet, keep trying. */
1609 return 0;
1610}
1611
4847599b 1612QUIC_NEEDS_LOCK
faa3a180 1613static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
22d53c88 1614 size_t *written)
e44795bd 1615{
22d53c88 1616 int res;
faa3a180 1617 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1618 struct quic_write_again_args args;
1619 size_t actual_written = 0;
1620
1621 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1622 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
22d53c88
HL		 1623 &actual_written)) {
1624 /* Stream already finished or allocation error. */
1625 *written = 0;
faa3a180 1626 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1627 }
1628
cb5c208b 1629 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1630
1631 if (actual_written == len) {
1632 /* Managed to append everything on the first try. */
1633 *written = actual_written;
1634 return 1;
1635 }
1636
1637 /*
1638 * We did not manage to append all of the data immediately, so the stream
1639 * buffer has probably filled up. This means we need to block until some of
1640 * it is freed up.
1641 */
cb5c208b 1642 args.xso = xso;
22d53c88
HL		 1643 args.buf = (const unsigned char *)buf + actual_written;
1644 args.len = len - actual_written;
1645 args.total_written = 0;
1646
cb5c208b 1647 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 1648 if (res <= 0) {
cb5c208b 1649 if (!ossl_quic_channel_is_active(xso->conn->ch))
faa3a180 1650 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1651 else
faa3a180 1652 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1653 }
1654
1655 *written = args.total_written;
e44795bd
TM		 1656 return 1;
1657}
1658
ca41f6b7
HL		 1659/*
1660 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
1661 * write semantics.
1662 */
cb5c208b 1663static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 1664 size_t buf_len, size_t already_sent)
1665{
cb5c208b 1666 assert(!xso->aon_write_in_progress);
22d53c88 1667
cb5c208b
HL		 1668 xso->aon_write_in_progress = 1;
1669 xso->aon_buf_base = buf;
1670 xso->aon_buf_pos = already_sent;
1671 xso->aon_buf_len = buf_len;
22d53c88
HL		 1672}
1673
cb5c208b 1674static void aon_write_finish(QUIC_XSO *xso)
22d53c88 1675{
cb5c208b
HL		 1676 xso->aon_write_in_progress = 0;
1677 xso->aon_buf_base = NULL;
1678 xso->aon_buf_pos = 0;
1679 xso->aon_buf_len = 0;
22d53c88
HL		 1680}
1681
4847599b 1682QUIC_NEEDS_LOCK
faa3a180 1683static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
22d53c88 1684 size_t len, size_t *written)
e44795bd 1685{
faa3a180 1686 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1687 const void *actual_buf;
1688 size_t actual_len, actual_written = 0;
1689 int accept_moving_buffer
cb5c208b 1690 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 1691
cb5c208b 1692 if (xso->aon_write_in_progress) {
22d53c88
HL		 1693 /*
1694 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 1695 * manage to append all data to the SSTREAM and we have Enable Partial
1696 * Write (EPW) mode disabled.)
22d53c88 1697 */
cb5c208b
HL		 1698 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
1699 || len != xso->aon_buf_len)
22d53c88
HL		 1700 /*
1701 * Pointer must not have changed if we are not in accept moving
1702 * buffer mode. Length must never change.
1703 */
faa3a180 1704 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 1705
cb5c208b
HL		 1706 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
1707 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 1708 assert(actual_len > 0);
1709 } else {
1710 actual_buf = buf;
1711 actual_len = len;
1712 }
1713
1714 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1715 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
22d53c88
HL		 1716 &actual_written)) {
1717 /* Stream already finished or allocation error. */
1718 *written = 0;
faa3a180 1719 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1720 }
1721
cb5c208b 1722 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1723
1724 if (actual_written == actual_len) {
1725 /* We have sent everything. */
cb5c208b 1726 if (xso->aon_write_in_progress) {
22d53c88
HL		 1727 /*
1728 * We have sent everything, and we were in the middle of an AON
1729 * write. The output write length is the total length of the AON
1730 * buffer, not however many bytes we managed to write to the stream
1731 * in this call.
1732 */
cb5c208b
HL		 1733 *written = xso->aon_buf_len;
1734 aon_write_finish(xso);
22d53c88
HL		 1735 } else {
1736 *written = actual_written;
1737 }
1738
1739 return 1;
1740 }
1741
cb5c208b 1742 if (xso->aon_write_in_progress) {
22d53c88
HL		 1743 /*
1744 * AON write is in progress but we have not written everything yet. We
1745 * may have managed to send zero bytes, or some number of bytes less
1746 * than the total remaining which need to be appended during this
1747 * AON operation.
1748 */
cb5c208b
HL		 1749 xso->aon_buf_pos += actual_written;
1750 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 1751 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 1752 }
1753
08e49012 1754 /*
22d53c88
HL		 1755 * Not in an existing AON operation but partial write is not enabled, so we
1756 * need to begin a new AON operation. However we needn't bother if we didn't
1757 * actually append anything.
08e49012 1758 */
22d53c88 1759 if (actual_written > 0)
cb5c208b 1760 aon_write_begin(xso, buf, len, actual_written);
e44795bd 1761
22d53c88
HL		 1762 /*
1763 * AON - We do not publicly admit to having appended anything until AON
1764 * completes.
1765 */
1766 *written = 0;
faa3a180 1767 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 1768}
1769
4847599b 1770QUIC_NEEDS_LOCK
faa3a180 1771static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
22d53c88 1772 size_t *written)
e44795bd 1773{
faa3a180
HL		 1774 QUIC_XSO *xso = ctx->xso;
1775
22d53c88 1776 /* Simple best effort operation. */
cb5c208b 1777 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
22d53c88
HL		 1778 /* Stream already finished or allocation error. */
1779 *written = 0;
faa3a180 1780 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1781 }
1782
cb5c208b 1783 quic_post_write(xso, *written > 0, 1);
e44795bd
TM		 1784 return 1;
1785}
d5ab48a1 1786
a8489257 1787QUIC_TAKES_LOCK
22d53c88 1788int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
d5ab48a1 1789{
a8489257 1790 int ret;
072328dd
HL		 1791 QCTX ctx;
1792 int partial_write;
22d53c88
HL		 1793
1794 *written = 0;
1795
8b7be3aa
HL		 1796 if (len == 0)
1797 return 1;
22d53c88 1798
8b7be3aa
HL		 1799 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
1800 return 0;
a8489257 1801
cb5c208b 1802 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 1803
23c04709 1804 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1805 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1806 goto out;
1807 }
22d53c88 1808
ca41f6b7
HL		 1809 /*
1810 * If we haven't finished the handshake, try to advance it.
1811 * We don't accept writes until the handshake is completed.
1812 */
faa3a180 1813 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1814 ret = 0;
1815 goto out;
1816 }
ca41f6b7 1817
cb5c208b 1818 if (ctx.xso->stream == NULL || ctx.xso->stream->sstream == NULL) {
faa3a180 1819 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1820 goto out;
1821 }
22d53c88 1822
cb5c208b 1823 if (xso_blocking_mode(ctx.xso))
faa3a180 1824 ret = quic_write_blocking(&ctx, buf, len, written);
22d53c88 1825 else if (partial_write)
faa3a180 1826 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
22d53c88 1827 else
faa3a180 1828 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
a8489257
HL		 1829
1830out:
072328dd 1831 quic_unlock(ctx.qc);
a8489257 1832 return ret;
d5ab48a1
RL		 1833}
1834
1835/*
22d53c88
HL		 1836 * SSL_read
1837 * --------
d5ab48a1 1838 */
22d53c88 1839struct quic_read_again_args {
faa3a180 1840 QCTX *ctx;
22d53c88
HL		 1841 QUIC_STREAM *stream;
1842 void *buf;
1843 size_t len;
1844 size_t *bytes_read;
1845 int peek;
1846};
1847
4847599b 1848QUIC_NEEDS_LOCK
faa3a180 1849static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 1850 QUIC_STREAM *stream,
1851 void *buf, size_t buf_len,
1852 size_t *bytes_read,
1853 int peek)
d5ab48a1 1854{
22d53c88 1855 int is_fin = 0;
faa3a180 1856 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1857
a9979965
HL		 1858 /* If the receive part of the stream is over, issue EOF. */
1859 if (stream->recv_fin_retired)
faa3a180 1860 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
a9979965 1861
22d53c88 1862 if (stream->rstream == NULL)
faa3a180 1863 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1864
1865 if (peek) {
1866 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
1867 bytes_read, &is_fin))
faa3a180 1868 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1869
1870 } else {
1871 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
1872 bytes_read, &is_fin))
faa3a180 1873 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1874 }
1875
1876 if (!peek) {
1877 if (*bytes_read > 0) {
1878 /*
1879 * We have read at least one byte from the stream. Inform stream-level
1880 * RXFC of the retirement of controlled bytes. Update the active stream
1881 * status (the RXFC may now want to emit a frame granting more credit to
1882 * the peer).
1883 */
1884 OSSL_RTT_INFO rtt_info;
d50e750e 1885
22d53c88
HL		 1886 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1887
cb5c208b 1888 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 1889 rtt_info.smoothed_rtt))
faa3a180 1890 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1891 }
1892
1893 if (is_fin)
1894 stream->recv_fin_retired = 1;
1895
1896 if (*bytes_read > 0)
1897 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 1898 stream);
22d53c88
HL		 1899 }
1900
d5ab48a1
RL		 1901 return 1;
1902}
1903
4847599b 1904QUIC_NEEDS_LOCK
22d53c88 1905static int quic_read_again(void *arg)
d5ab48a1 1906{
22d53c88
HL		 1907 struct quic_read_again_args *args = arg;
1908
faa3a180 1909 if (!ossl_quic_channel_is_active(args->ctx->qc->ch)) {
22d53c88 1910 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1911 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 1912 return -1;
a9979965 1913 }
22d53c88 1914
faa3a180 1915 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 1916 args->buf, args->len, args->bytes_read,
1917 args->peek))
1918 return -1;
1919
1920 if (*args->bytes_read > 0)
1921 /* got at least one byte, the SSL_read op can finish now */
1922 return 1;
1923
81b6b43c 1924 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 1925}
1926
a8489257 1927QUIC_TAKES_LOCK
22d53c88 1928static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 1929{
a8489257 1930 int ret, res;
072328dd 1931 QCTX ctx;
22d53c88
HL		 1932 struct quic_read_again_args args;
1933
1934 *bytes_read = 0;
1935
8b7be3aa 1936 if (!expect_quic(s, &ctx))
22d53c88
HL		 1937 return 0;
1938
072328dd 1939 quic_lock(ctx.qc);
a8489257 1940
23c04709 1941 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1942 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1943 goto out;
1944 }
22d53c88 1945
a9979965 1946 /* If we haven't finished the handshake, try to advance it. */
faa3a180 1947 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1948 ret = 0; /* ossl_quic_do_handshake raised error here */
1949 goto out;
1950 }
22d53c88 1951
8b7be3aa
HL		 1952 if (ctx.xso == NULL) {
1953 /*
1954 * Called on a QCSO and we don't currently have a default stream.
1955 *
1956 * Wait until we get a stream initiated by the peer (blocking mode) or
1957 * fail if we don't have one yet (non-blocking mode).
1958 */
faa3a180 1959 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 1960 ret = 0; /* error already raised here */
1961 goto out;
1962 }
1963
1964 ctx.xso = ctx.qc->default_xso;
1965 }
1966
cb5c208b 1967 if (ctx.xso->stream == NULL) {
faa3a180 1968 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1969 goto out;
1970 }
22d53c88 1971
faa3a180 1972 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 1973 ret = 0; /* quic_read_actual raised error here */
1974 goto out;
1975 }
22d53c88
HL		 1976
1977 if (*bytes_read > 0) {
1978 /*
1979 * Even though we succeeded, tick the reactor here to ensure we are
1980 * handling other aspects of the QUIC connection.
1981 */
072328dd 1982 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 1983 ret = 1;
cb5c208b 1984 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 1985 /*
1986 * We were not able to read anything immediately, so our stream
1987 * buffer is empty. This means we need to block until we get
1988 * at least one byte.
1989 */
faa3a180 1990 args.ctx = &ctx;
cb5c208b 1991 args.stream = ctx.xso->stream;
22d53c88
HL		 1992 args.buf = buf;
1993 args.len = len;
1994 args.bytes_read = bytes_read;
1995 args.peek = peek;
1996
072328dd 1997 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 1998 if (res == 0) {
faa3a180 1999 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 2000 goto out;
2001 } else if (res < 0) {
2002 ret = 0; /* quic_read_again raised error here */
2003 goto out;
2004 }
22d53c88 2005
a8489257 2006 ret = 1;
af8b52cf
HL		 2007 } else {
2008 /* We did not get any bytes and are not in blocking mode. */
faa3a180 2009 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2010 }
a8489257
HL		 2011
2012out:
072328dd 2013 quic_unlock(ctx.qc);
a8489257 2014 return ret;
d5ab48a1
RL		 2015}
2016
22d53c88
HL		 2017int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2018{
2019 return quic_read(s, buf, len, bytes_read, 0);
2020}
2021
2022int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2023{
2024 return quic_read(s, buf, len, bytes_read, 1);
2025}
2026
2027/*
2028 * SSL_pending
2029 * -----------
2030 */
a8489257 2031QUIC_TAKES_LOCK
072328dd 2032static size_t ossl_quic_pending_int(const SSL *s)
22d53c88 2033{
072328dd 2034 QCTX ctx;
433d107a 2035 size_t avail = 0;
22d53c88
HL		 2036 int fin = 0;
2037
8b7be3aa 2038 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
22d53c88
HL		 2039 return 0;
2040
cb5c208b 2041 if (ctx.xso->stream == NULL || ctx.xso->stream->rstream == NULL)
22d53c88 2042 /* Cannot raise errors here because we are const, just fail. */
a8489257 2043 goto out;
22d53c88 2044
cb5c208b 2045 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2046 avail = 0;
22d53c88 2047
a8489257 2048out:
072328dd 2049 quic_unlock(ctx.qc);
22d53c88
HL		 2050 return avail;
2051}
2052
560470b5
MC		 2053size_t ossl_quic_pending(const SSL *s)
2054{
072328dd 2055 return ossl_quic_pending_int(s);
560470b5
MC		 2056}
2057
072328dd 2058int ossl_quic_has_pending(const SSL *s)
560470b5 2059{
072328dd 2060 return ossl_quic_pending_int(s) > 0;
560470b5
MC		 2061}
2062
a9979965
HL		 2063/*
2064 * SSL_stream_conclude
2065 * -------------------
2066 */
a8489257 2067QUIC_TAKES_LOCK
072328dd 2068int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2069{
072328dd
HL		 2070 QCTX ctx;
2071 QUIC_STREAM *qs;
2072
8b7be3aa 2073 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
072328dd
HL		 2074 return 0;
2075
cb5c208b 2076 qs = ctx.xso->stream;
a9979965 2077
a8489257 2078 if (qs == NULL || qs->sstream == NULL) {
072328dd 2079 quic_unlock(ctx.qc);
a8489257
HL		 2080 return 0;
2081 }
2082
072328dd 2083 if (!ossl_quic_channel_is_active(ctx.qc->ch)
a8489257 2084 || ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2085 quic_unlock(ctx.qc);
a9979965 2086 return 1;
a8489257 2087 }
a9979965
HL		 2088
2089 ossl_quic_sstream_fin(qs->sstream);
cb5c208b 2090 quic_post_write(ctx.xso, 1, 1);
072328dd 2091 quic_unlock(ctx.qc);
a9979965
HL		 2092 return 1;
2093}
2094
553a4e00
HL		 2095/*
2096 * SSL_inject_net_dgram
2097 * --------------------
2098 */
5129e594 2099QUIC_TAKES_LOCK
553a4e00
HL		 2100int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2101 size_t buf_len,
2102 const BIO_ADDR *peer,
2103 const BIO_ADDR *local)
2104{
5129e594 2105 int ret;
072328dd 2106 QCTX ctx;
553a4e00
HL		 2107 QUIC_DEMUX *demux;
2108
072328dd 2109 if (!expect_quic(s, &ctx))
553a4e00
HL		 2110 return 0;
2111
072328dd 2112 quic_lock(ctx.qc);
5129e594 2113
072328dd 2114 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2115 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2116
072328dd 2117 quic_unlock(ctx.qc);
5129e594 2118 return ret;
553a4e00
HL		 2119}
2120
020d0389
HL		 2121/*
2122 * SSL_get0_connection
2123 * -------------------
2124 */
2125SSL *ossl_quic_get0_connection(SSL *s)
2126{
2127 QCTX ctx;
2128
2129 if (!expect_quic(s, &ctx))
2130 return NULL;
2131
2132 return &ctx.qc->ssl;
2133}
2134
1bca3f1b
HL		 2135/*
2136 * SSL_get_stream_type
2137 * -------------------
2138 */
2139int ossl_quic_get_stream_type(SSL *s)
2140{
2141 QCTX ctx;
2142
2143 if (!expect_quic(s, &ctx))
59c5c016 2144 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2145
2146 if (ctx.xso == NULL) {
2147 /*
59c5c016
HL		 2148 * If deferred XSO creation has yet to occur, proceed according to the
2149 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2150 * what kind of stream will be created yet, so return BIDI on the basis
2151 * that at this time, the client still has the option of calling
2152 * SSL_read() or SSL_write() first.
1bca3f1b 2153 */
59c5c016
HL		 2154 if (ctx.qc->default_xso_created
2155 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2156 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2157 else
2158 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2159 }
2160
2161 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2162 return SSL_STREAM_TYPE_BIDI;
2163
2164 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2165 return SSL_STREAM_TYPE_READ;
2166 else
2167 return SSL_STREAM_TYPE_WRITE;
2168}
2169
19cb0887
HL		 2170/*
2171 * SSL_get_stream_id
2172 * -----------------
2173 */
cb68ce9f 2174QUIC_TAKES_LOCK
19cb0887
HL		 2175uint64_t ossl_quic_get_stream_id(SSL *s)
2176{
2177 QCTX ctx;
8b7be3aa 2178 uint64_t id;
19cb0887 2179
8b7be3aa 2180 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
19cb0887
HL		 2181 return UINT64_MAX;
2182
8b7be3aa
HL		 2183 id = ctx.xso->stream->id;
2184 quic_unlock(ctx.qc);
2185
2186 return id;
2187}
2188
2189/*
2190 * SSL_set_default_stream_mode
2191 * ---------------------------
2192 */
cb68ce9f 2193QUIC_TAKES_LOCK
8b7be3aa
HL		 2194int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2195{
2196 QCTX ctx;
2197
2198 if (!expect_quic_conn_only(s, &ctx))
2199 return 0;
2200
2201 quic_lock(ctx.qc);
2202
2203 if (ctx.qc->default_xso_created)
faa3a180 2204 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2205 "too late to change default stream mode");
2206
2207 switch (mode) {
2208 case SSL_DEFAULT_STREAM_MODE_NONE:
2209 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2210 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2211 ctx.qc->default_stream_mode = mode;
2212 break;
2213 default:
2214 quic_unlock(ctx.qc);
faa3a180 2215 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8b7be3aa
HL		 2216 "bad default stream type");
2217 }
2218
2219 quic_unlock(ctx.qc);
2220 return 1;
2221}
2222
2223/*
2224 * SSL_detach_stream
2225 * -----------------
2226 */
cb68ce9f 2227QUIC_TAKES_LOCK
8b7be3aa
HL		 2228SSL *ossl_quic_detach_stream(SSL *s)
2229{
2230 QCTX ctx;
9cab4bd5 2231 QUIC_XSO *xso = NULL;
8b7be3aa
HL		 2232
2233 if (!expect_quic_conn_only(s, &ctx))
2234 return NULL;
2235
2236 quic_lock(ctx.qc);
2237
8b7be3aa 2238 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 2239 /* QC ref to any default XSO is transferred to us and to caller. */
2240 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 2241
2242 quic_unlock(ctx.qc);
2243
9cab4bd5 2244 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 2245}
2246
2247/*
2248 * SSL_attach_stream
2249 * -----------------
2250 */
cb68ce9f 2251QUIC_TAKES_LOCK
8b7be3aa
HL		 2252int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2253{
2254 QCTX ctx;
9cab4bd5
HL		 2255 QUIC_XSO *xso;
2256 int nref;
8b7be3aa
HL		 2257
2258 if (!expect_quic_conn_only(conn, &ctx))
2259 return 0;
2260
2261 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
faa3a180 2262 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8b7be3aa
HL		 2263 "stream to attach must be a valid QUIC stream");
2264
9cab4bd5
HL		 2265 xso = (QUIC_XSO *)stream;
2266
8b7be3aa
HL		 2267 quic_lock(ctx.qc);
2268
2269 if (ctx.qc->default_xso != NULL) {
2270 quic_unlock(ctx.qc);
faa3a180 2271 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2272 "connection already has a default stream");
2273 }
2274
9cab4bd5
HL		 2275 /*
2276 * It is a caller error for the XSO being attached as a default XSO to have
2277 * more than one ref.
2278 */
2279 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref, &xso->ssl.lock)) {
2280 quic_unlock(ctx.qc);
faa3a180 2281 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
9cab4bd5
HL		 2282 "ref");
2283 }
2284
2285 if (nref != 1) {
2286 quic_unlock(ctx.qc);
faa3a180 2287 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
9cab4bd5
HL		 2288 "stream being attached must have "
2289 "only 1 reference");
2290 }
2291
2292 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 2293 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 2294 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 2295
2296 quic_unlock(ctx.qc);
2297 return 1;
19cb0887
HL		 2298}
2299
8a90df34 2300/*
83df44ae
HL		 2301 * SSL_set_incoming_stream_policy
2302 * ------------------------------
8a90df34 2303 */
995ff282 2304QUIC_NEEDS_LOCK
83df44ae 2305static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 2306{
83df44ae
HL		 2307 switch (qc->incoming_stream_policy) {
2308 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 2309 if ((qc->default_xso == NULL && !qc->default_xso_created)
2310 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 2311 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 2312 else
83df44ae 2313 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 2314
2315 default:
83df44ae 2316 return qc->incoming_stream_policy;
995ff282
HL		 2317 }
2318}
2319
2320QUIC_NEEDS_LOCK
2321static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2322{
83df44ae
HL		 2323 int policy = qc_get_effective_incoming_stream_policy(qc);
2324 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 2325
2326 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2327 enable_reject,
83df44ae 2328 qc->incoming_stream_aec);
995ff282
HL		 2329}
2330
cb68ce9f 2331QUIC_TAKES_LOCK
83df44ae
HL		 2332int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2333 uint64_t aec)
8a90df34
HL		 2334{
2335 int ret = 1;
2336 QCTX ctx;
2337
2338 if (!expect_quic_conn_only(s, &ctx))
2339 return 0;
2340
2341 quic_lock(ctx.qc);
2342
2343 switch (policy) {
83df44ae
HL		 2344 case SSL_INCOMING_STREAM_POLICY_AUTO:
2345 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2346 case SSL_INCOMING_STREAM_POLICY_REJECT:
2347 ctx.qc->incoming_stream_policy = policy;
2348 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 2349 break;
2350
2351 default:
2352 ret = 0;
2353 break;
2354 }
2355
995ff282 2356 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 2357 quic_unlock(ctx.qc);
2358 return ret;
2359}
2360
cb68ce9f
HL		 2361/*
2362 * SSL_accept_stream
2363 * -----------------
2364 */
cb68ce9f 2365struct wait_for_incoming_stream_args {
faa3a180 2366 QCTX *ctx;
cb68ce9f
HL		 2367 QUIC_STREAM *qs;
2368};
2369
2370QUIC_NEEDS_LOCK
2371static int wait_for_incoming_stream(void *arg)
2372{
2373 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 2374 QUIC_CONNECTION *qc = args->ctx->qc;
2375 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 2376
faa3a180 2377 if (!ossl_quic_channel_is_active(qc->ch)) {
cb68ce9f 2378 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2379 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 2380 return -1;
2381 }
2382
2383 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2384 if (args->qs != NULL)
2385 return 1; /* got a stream */
2386
2387 return 0; /* did not get a stream, keep trying */
2388}
2389
2390QUIC_TAKES_LOCK
2391SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2392{
2393 QCTX ctx;
2394 int ret;
2395 SSL *new_s = NULL;
2396 QUIC_STREAM_MAP *qsm;
2397 QUIC_STREAM *qs;
2398 QUIC_XSO *xso;
90cecc40 2399 OSSL_RTT_INFO rtt_info;
cb68ce9f
HL		 2400
2401 if (!expect_quic_conn_only(s, &ctx))
2402 return NULL;
2403
2404 quic_lock(ctx.qc);
2405
83df44ae
HL		 2406 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2407 == SSL_INCOMING_STREAM_POLICY_REJECT)
cb68ce9f
HL		 2408 goto out;
2409
2410 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2411
2412 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2413 if (qs == NULL) {
2414 if (qc_blocking_mode(ctx.qc)
2415 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2416 struct wait_for_incoming_stream_args args;
2417
faa3a180 2418 args.ctx = &ctx;
cb68ce9f
HL		 2419 args.qs = NULL;
2420
2421 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2422 if (ret == 0) {
faa3a180 2423 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 2424 goto out;
2425 } else if (ret < 0 || args.qs == NULL) {
2426 goto out;
2427 }
2428
2429 qs = args.qs;
2430 } else {
2431 goto out;
2432 }
2433 }
2434
2435 xso = create_xso_from_stream(ctx.qc, qs);
2436 if (xso == NULL)
2437 goto out;
2438
90cecc40
HL		 2439 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2440 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2441 rtt_info.smoothed_rtt);
cb68ce9f
HL		 2442 new_s = &xso->ssl;
2443
2444 /* Calling this function inhibits default XSO autocreation. */
995ff282 2445 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 2446
2447out:
2448 quic_unlock(ctx.qc);
2449 return new_s;
2450}
2451
2452/*
2453 * SSL_get_accept_stream_queue_len
2454 * -------------------------------
2455 */
2456QUIC_TAKES_LOCK
2457size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
2458{
2459 QCTX ctx;
2460 size_t v;
2461
2462 if (!expect_quic_conn_only(s, &ctx))
2463 return 0;
2464
2465 quic_lock(ctx.qc);
2466
2467 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
2468
2469 quic_unlock(ctx.qc);
2470 return v;
2471}
2472
c3a04ea2
HL		 2473/*
2474 * SSL_stream_reset
2475 * ----------------
2476 */
2477int ossl_quic_stream_reset(SSL *ssl,
2478 const SSL_STREAM_RESET_ARGS *args,
2479 size_t args_len)
2480{
2481 QCTX ctx;
2482 QUIC_STREAM_MAP *qsm;
2483 QUIC_STREAM *qs;
2484 uint64_t error_code;
2485
2486 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, &ctx))
2487 return 0;
2488
2489 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2490 qs = ctx.xso->stream;
2491 error_code = (args != NULL ? args->quic_error_code : 0);
2492
2493 ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
2494
2495 quic_unlock(ctx.qc);
2496 return 1;
2497}
2498
2499/*
2500 * SSL_get_stream_read_state
2501 * -------------------------
2502 */
2503static void quic_classify_stream(QUIC_CONNECTION *qc,
2504 QUIC_STREAM *qs,
2505 int is_write,
2506 int *state,
2507 uint64_t *app_error_code)
2508{
2509 int local_init;
2510 uint64_t final_size;
2511
2512 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
2513
2514 if (app_error_code != NULL)
2515 *app_error_code = UINT64_MAX;
2516 else
2517 app_error_code = &final_size; /* throw away value */
2518
2519 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
2520 /*
2521 * Unidirectional stream and this direction of transmission doesn't
2522 * exist.
2523 */
2524 *state = SSL_STREAM_STATE_WRONG_DIR;
2525 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
2526 /* Connection already closed. */
2527 *state = SSL_STREAM_STATE_CONN_CLOSED;
2528 } else if (!is_write && qs->recv_fin_retired) {
2529 /* Application has read a FIN. */
2530 *state = SSL_STREAM_STATE_FINISHED;
2531 } else if ((!is_write && qs->stop_sending)
2532 || (is_write && qs->reset_stream)) {
2533 /*
2534 * Stream has been reset locally. FIN takes precedence over this for the
2535 * read case as the application need not care if the stream is reset
2536 * after a FIN has been successfully processed.
2537 */
2538 *state = SSL_STREAM_STATE_RESET_LOCAL;
2539 *app_error_code = !is_write
2540 ? qs->stop_sending_aec
2541 : qs->reset_stream_aec;
2542 } else if ((!is_write && qs->peer_reset_stream)
2543 || (is_write && qs->peer_stop_sending)) {
2544 /*
2545 * Stream has been reset remotely. */
2546 *state = SSL_STREAM_STATE_RESET_REMOTE;
2547 *app_error_code = !is_write
2548 ? qs->peer_reset_stream_aec
2549 : qs->peer_stop_sending_aec;
2550 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
2551 &final_size)) {
2552 /*
2553 * Stream has been finished. Stream reset takes precedence over this for
2554 * the write case as peer may not have received all data.
2555 */
2556 *state = SSL_STREAM_STATE_FINISHED;
2557 } else {
2558 /* Stream still healthy. */
2559 *state = SSL_STREAM_STATE_OK;
2560 }
2561}
2562
2563static int quic_get_stream_state(SSL *ssl, int is_write)
2564{
2565 QCTX ctx;
2566 int state;
2567
2568 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2569 return SSL_STREAM_STATE_NONE;
2570
2571 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
2572 quic_unlock(ctx.qc);
2573 return state;
2574}
2575
2576int ossl_quic_get_stream_read_state(SSL *ssl)
2577{
2578 return quic_get_stream_state(ssl, /*is_write=*/0);
2579}
2580
2581/*
2582 * SSL_get_stream_write_state
2583 * --------------------------
2584 */
2585int ossl_quic_get_stream_write_state(SSL *ssl)
2586{
2587 return quic_get_stream_state(ssl, /*is_write=*/1);
2588}
2589
2590/*
2591 * SSL_get_stream_read_error_code
2592 * ------------------------------
2593 */
2594static int quic_get_stream_error_code(SSL *ssl, int is_write,
2595 uint64_t *app_error_code)
2596{
2597 QCTX ctx;
2598 int state;
2599
2600 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2601 return -1;
2602
2603 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
2604 &state, app_error_code);
2605
2606 quic_unlock(ctx.qc);
2607 switch (state) {
2608 case SSL_STREAM_STATE_FINISHED:
2609 return 0;
2610 case SSL_STREAM_STATE_RESET_LOCAL:
2611 case SSL_STREAM_STATE_RESET_REMOTE:
2612 return 1;
2613 default:
2614 return -1;
2615 }
2616}
2617
2618int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
2619{
2620 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
2621}
2622
2623/*
2624 * SSL_get_stream_write_error_code
2625 * -------------------------------
2626 */
2627int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
2628{
2629 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
2630}
2631
2632/*
2633 * SSL_get_conn_close_info
2634 * -----------------------
2635 */
2636int ossl_quic_get_conn_close_info(SSL *ssl,
2637 SSL_CONN_CLOSE_INFO *info,
2638 size_t info_len)
2639{
2640 QCTX ctx;
2641 const QUIC_TERMINATE_CAUSE *tc;
2642
2643 if (!expect_quic_conn_only(ssl, &ctx))
2644 return -1;
2645
2646 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
2647 if (tc == NULL)
2648 return 0;
2649
2650 info->error_code = tc->error_code;
2651 info->reason = NULL; /* TODO(QUIC): Wire reason */
2652 info->reason_len = 0;
2653 info->is_local = !tc->remote;
2654 info->is_transport = !tc->app;
2655 return 1;
2656}
2657
22d53c88
HL		 2658/*
2659 * QUIC Front-End I/O API: SSL_CTX Management
2660 * ==========================================
2661 */
2662
2663long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2664{
2665 switch (cmd) {
2666 default:
8a1a6d6d 2667 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 2668 }
2669}
2670
2671long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2672{
63dfde87
MC		 2673 QCTX ctx;
2674
2675 if (!expect_quic_conn_only(s, &ctx))
2676 return 0;
2677
2678 switch (cmd) {
2679 case SSL_CTRL_SET_MSG_CALLBACK:
5cf99b40
MC		 2680 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
2681 &ctx.qc->ssl);
63dfde87
MC		 2682 /* This callback also needs to be set on the internal SSL object */
2683 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
2684
2685 default:
2686 /* Probably a TLS related ctrl. Defer to our internal SSL object */
2687 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
2688 }
22d53c88
HL		 2689}
2690
2691long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2692{
8a1a6d6d 2693 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 2694}
2695
2696int ossl_quic_renegotiate_check(SSL *ssl, int initok)
2697{
2698 /* We never do renegotiation. */
2699 return 0;
2700}
2701
2702/*
d518854c
MC		 2703 * These functions define the TLSv1.2 (and below) ciphers that are supported by
2704 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 2705 */
22d53c88
HL		 2706
2707int ossl_quic_num_ciphers(void)
2708{
d518854c 2709 return 0;
22d53c88
HL		 2710}
2711
2712const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
2713{
d518854c 2714 return NULL;
d5ab48a1 2715}
A mirror of the official openssl repository