]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
QUIC Documentation: Rename SSL_tick, SSL_get_tick_timeout
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b
TM		 1/*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
18#include "internal/time.h"
99e1cc7b 19
faa3a180
HL		 20typedef struct qctx_st QCTX;
21
cb5c208b 22static void aon_write_finish(QUIC_XSO *xso);
23c04709 23static int create_channel(QUIC_CONNECTION *qc);
21c80696 24static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 25static int qc_try_create_default_xso_for_write(QCTX *ctx);
26static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 27static void quic_lock(QUIC_CONNECTION *qc);
28static void quic_unlock(QUIC_CONNECTION *qc);
faa3a180 29static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 30static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 33static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
faa3a180 35static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
22d53c88
HL		 36
37/*
38 * QUIC Front-End I/O API: Common Utilities
39 * ========================================
40 */
41
42/*
43 * Block until a predicate is met.
44 *
45 * Precondition: Must have a channel.
d7b1fadd 46 * Precondition: Must hold channel lock (unchecked).
22d53c88 47 */
d7b1fadd 48QUIC_NEEDS_LOCK
22d53c88
HL		 49static int block_until_pred(QUIC_CONNECTION *qc,
50 int (*pred)(void *arg), void *pred_arg,
51 uint32_t flags)
52{
53 QUIC_REACTOR *rtor;
54
55 assert(qc->ch != NULL);
56
57 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 58 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 59 qc->mutex);
22d53c88
HL		 60}
61
faa3a180
HL		 62/*
63 * QCTX is a utility structure which provides information we commonly wish to
64 * unwrap upon an API call being dispatched to us, namely:
65 *
66 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
67 * was passed);
68 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
69 * a QCSO with a default stream was passed);
70 * - whether a QSSO was passed (xso == NULL must not be used to determine this
71 * because it may be non-NULL when a QCSO is passed if that QCSO has a
72 * default stream).
73 */
74struct qctx_st {
75 QUIC_CONNECTION *qc;
76 QUIC_XSO *xso;
77 int is_stream;
78};
79
22d53c88
HL		 80/*
81 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 82 * rather than via ERR. Note that normal errors must always be raised while
83 * holding a lock.
22d53c88 84 */
faa3a180
HL		 85QUIC_NEEDS_LOCK
86static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 87 int err)
88{
faa3a180
HL		 89 if (ctx->is_stream)
90 ctx->xso->last_error = err;
91 else
92 ctx->qc->last_error = err;
93
22d53c88
HL		 94 return 0;
95}
96
97/*
98 * Raise a 'non-normal' error, meaning any error that is not reported via
99 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 100 *
101 * qc should be provided if available. In exceptional circumstances when qc is
102 * not known NULL may be passed. This should generally only happen when an
103 * expect_...() function defined below fails, which generally indicates a
104 * dispatch error or caller error.
faa3a180
HL		 105 *
106 * ctx should be NULL if the connection lock is not held.
22d53c88 107 */
faa3a180 108static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 109 const char *file,
110 int line,
111 const char *func,
112 int reason,
113 const char *fmt,
114 ...)
115{
116 va_list args;
117
118 ERR_new();
119 ERR_set_debug(file, line, func);
120
121 va_start(args, fmt);
122 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
123 va_end(args);
124
faa3a180
HL		 125 if (ctx != NULL) {
126 if (ctx->is_stream && ctx->xso != NULL)
127 ctx->xso->last_error = SSL_ERROR_SSL;
128 else if (!ctx->is_stream && ctx->qc != NULL)
129 ctx->qc->last_error = SSL_ERROR_SSL;
130 }
e88cdb8e 131
22d53c88
HL		 132 return 0;
133}
134
faa3a180
HL		 135#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
136 quic_raise_normal_error((ctx), (err))
22d53c88 137
faa3a180
HL		 138#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
139 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 140 OPENSSL_FILE, OPENSSL_LINE, \
141 OPENSSL_FUNC, \
142 (reason), \
143 (msg))
144
e88cdb8e
HL		 145/*
146 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
147 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
148 *
149 * After this returns 1, all fields of the passed QCTX are initialised.
150 * Returns 0 on failure. This function is intended to be used to provide API
151 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 152 */
e88cdb8e 153static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 154{
e88cdb8e
HL		 155 QUIC_CONNECTION *qc;
156 QUIC_XSO *xso;
157
158 ctx->qc = NULL;
159 ctx->xso = NULL;
160 ctx->is_stream = 0;
161
162 if (s == NULL)
8b7be3aa 163 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 164
e88cdb8e
HL		 165 switch (s->type) {
166 case SSL_TYPE_QUIC_CONNECTION:
167 qc = (QUIC_CONNECTION *)s;
168 ctx->qc = qc;
cb5c208b 169 ctx->xso = qc->default_xso;
e88cdb8e
HL		 170 ctx->is_stream = 0;
171 return 1;
172
173 case SSL_TYPE_QUIC_XSO:
174 xso = (QUIC_XSO *)s;
cb5c208b 175 ctx->qc = xso->conn;
e88cdb8e
HL		 176 ctx->xso = xso;
177 ctx->is_stream = 1;
178 return 1;
179
180 default:
181 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
182 }
183}
184
185/*
186 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
187 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
188 * stream.
21c80696
HL		 189 *
190 * remote_init determines if we expect the default XSO to be remotely created or
191 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 192 *
193 * Channel mutex is acquired and retained on success.
e88cdb8e 194 */
8b7be3aa
HL		 195QUIC_ACQUIRES_LOCK
196static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
197 QCTX *ctx)
e88cdb8e
HL		 198{
199 if (!expect_quic(s, ctx))
200 return 0;
201
8b7be3aa
HL		 202 quic_lock(ctx->qc);
203
21c80696 204 if (ctx->xso == NULL && remote_init >= 0) {
8b7be3aa 205 if (ossl_quic_channel_is_term_any(ctx->qc->ch)) {
faa3a180 206 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 207 goto err;
208 }
209
210 /* If we haven't finished the handshake, try to advance it. */
faa3a180 211 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 212 /* ossl_quic_do_handshake raised error here */
213 goto err;
214
215 if (remote_init == 0) {
faa3a180 216 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 217 goto err;
218 } else {
faa3a180 219 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 220 goto err;
221 }
222
21c80696
HL		 223 ctx->xso = ctx->qc->default_xso;
224 }
225
8b7be3aa 226 if (ctx->xso == NULL) {
faa3a180 227 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 228 goto err;
229 }
230
231 return 1; /* lock held */
e88cdb8e 232
8b7be3aa
HL		 233err:
234 quic_unlock(ctx->qc);
235 return 0;
e88cdb8e 236}
22d53c88 237
e88cdb8e
HL		 238/*
239 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
240 * be non-NULL if the QCSO has a default stream.
241 */
23c04709 242static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
e88cdb8e
HL		 243{
244 if (!expect_quic(s, ctx))
245 return 0;
246
247 if (ctx->is_stream)
faa3a180 248 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 249
250 return 1;
22d53c88
HL		 251}
252
4847599b
HL		 253/*
254 * Ensures that the channel mutex is held for a method which touches channel
255 * state.
256 *
257 * Precondition: Channel mutex is not held (unchecked)
258 */
20f45743 259static void quic_lock(QUIC_CONNECTION *qc)
4847599b 260{
629b408c 261#if defined(OPENSSL_THREADS)
ffce2946 262 ossl_crypto_mutex_lock(qc->mutex);
629b408c 263#endif
4847599b
HL		 264}
265
266/* Precondition: Channel mutex is held (unchecked) */
267QUIC_NEEDS_LOCK
268static void quic_unlock(QUIC_CONNECTION *qc)
269{
629b408c 270#if defined(OPENSSL_THREADS)
ffce2946 271 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 272#endif
4847599b
HL		 273}
274
275
22d53c88
HL		 276/*
277 * QUIC Front-End I/O API: Initialization
278 * ======================================
279 *
280 * SSL_new => ossl_quic_new
281 * ossl_quic_init
282 * SSL_reset => ossl_quic_reset
283 * SSL_clear => ossl_quic_clear
284 * ossl_quic_deinit
285 * SSL_free => ossl_quic_free
286 *
287 */
288
289/* SSL_new */
38b051a1
TM		 290SSL *ossl_quic_new(SSL_CTX *ctx)
291{
22d53c88
HL		 292 QUIC_CONNECTION *qc = NULL;
293 SSL *ssl_base = NULL;
a7f41885 294 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 295
296 qc = OPENSSL_zalloc(sizeof(*qc));
297 if (qc == NULL)
298 goto err;
299
22d53c88
HL		 300 /* Initialise the QUIC_CONNECTION's stub header. */
301 ssl_base = &qc->ssl;
a7f41885 302 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 303 ssl_base = NULL;
38b051a1
TM		 304 goto err;
305 }
38b051a1 306
4e3a55fd 307 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
a7f41885
MC		 308 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
309 goto err;
a7f41885 310
629b408c 311#if defined(OPENSSL_THREADS)
ffce2946 312 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
4847599b 313 goto err;
629b408c 314#endif
4847599b 315
629b408c 316#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 317 qc->is_thread_assisted
318 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 319#endif
f2f7c4f1 320
dfb9ae14
HL		 321 qc->as_server = 0; /* TODO(QUIC): server support */
322 qc->as_server_state = qc->as_server;
323
8b7be3aa 324 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696
HL		 325 qc->default_ssl_mode = qc->ssl.ctx->mode;
326 qc->default_blocking = 1;
83df44ae 327 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 328 qc->last_error = SSL_ERROR_NONE;
a7f41885 329
23c04709
HL		 330 if (!create_channel(qc))
331 goto err;
332
5cf99b40
MC		 333 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
334 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
335
995ff282
HL		 336 qc_update_reject_policy(qc);
337
21c80696
HL		 338 /*
339 * We do not create the default XSO yet. The reason for this is that the
340 * stream ID of the default XSO will depend on whether the stream is client
341 * or server-initiated, which depends on who transmits first. Since we do
342 * not know whether the application will be using a client-transmits-first
343 * or server-transmits-first protocol, we defer default XSO creation until
344 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
345 * we take that as a cue that the client is expecting a server-initiated
346 * stream, and vice versa if SSL_write() is called first.
347 */
22d53c88
HL		 348 return ssl_base;
349
38b051a1 350err:
2dbc39de 351 if (qc != NULL) {
629b408c
HL		 352#if defined(OPENSSL_THREADS)
353 ossl_crypto_mutex_free(qc->mutex);
354#endif
2dbc39de
HL		 355 ossl_quic_channel_free(qc->ch);
356 SSL_free(qc->tls);
357 }
22d53c88 358 OPENSSL_free(qc);
38b051a1
TM		 359 return NULL;
360}
361
22d53c88 362/* SSL_free */
a8489257 363QUIC_TAKES_LOCK
22d53c88
HL		 364void ossl_quic_free(SSL *s)
365{
072328dd 366 QCTX ctx;
9cab4bd5 367 int is_default;
22d53c88 368
072328dd
HL		 369 /* We should never be called on anything but a QSO. */
370 if (!expect_quic(s, &ctx))
22d53c88
HL		 371 return;
372
22b1a96f
HL		 373 quic_lock(ctx.qc);
374
2dbc39de
HL		 375 if (ctx.is_stream) {
376 /*
377 * When a QSSO is freed, the XSO is freed immediately, because the XSO
378 * itself only contains API personality layer data. However the
379 * underlying QUIC_STREAM is not freed immediately but is instead marked
380 * as deleted for later collection.
381 */
382
2dbc39de
HL		 383 assert(ctx.qc->num_xso > 0);
384 --ctx.qc->num_xso;
385
9aaafc26
HL		 386 /* If a stream's send part has not been finished, auto-reset it. */
387 if (ctx.xso->stream->sstream != NULL
388 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
389 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
390 ctx.xso->stream, 0);
2dbc39de 391
9aaafc26
HL		 392 /* Do STOP_SENDING for the receive part, if applicable. */
393 if (ctx.xso->stream->rstream != NULL)
394 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
395 ctx.xso->stream, 0);
f20fdd16
HL		 396
397 /* Update stream state. */
9aaafc26
HL		 398 ctx.xso->stream->deleted = 1;
399 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 400 ctx.xso->stream);
401
9cab4bd5 402 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 403 quic_unlock(ctx.qc);
404
9cab4bd5
HL		 405 /*
406 * Unref the connection in most cases; the XSO has a ref to the QC and
407 * not vice versa. But for a default XSO, to avoid circular references,
408 * the QC refs the XSO but the XSO does not ref the QC. If we are the
409 * default XSO, we only get here when the QC is being torn down anyway,
410 * so don't call SSL_free(qc) as we are already in it.
411 */
412 if (!is_default)
413 SSL_free(&ctx.qc->ssl);
414
2dbc39de
HL		 415 /* Note: SSL_free calls OPENSSL_free(xso) for us */
416 return;
417 }
418
2dbc39de
HL		 419 /*
420 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
421 * stage, but is freed during the channel free when the whole QSM is freed.
422 */
21c80696
HL		 423 if (ctx.qc->default_xso != NULL) {
424 QUIC_XSO *xso = ctx.qc->default_xso;
425
426 quic_unlock(ctx.qc);
427 SSL_free(&xso->ssl);
428 quic_lock(ctx.qc);
9cab4bd5 429 ctx.qc->default_xso = NULL;
21c80696 430 }
2dbc39de
HL		 431
432 /* Ensure we have no remaining XSOs. */
433 assert(ctx.qc->num_xso == 0);
434
629b408c 435#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 436 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
437 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
438 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 439 }
629b408c 440#endif
f2f7c4f1 441
072328dd 442 ossl_quic_channel_free(ctx.qc->ch);
22d53c88 443
072328dd
HL		 444 BIO_free(ctx.qc->net_rbio);
445 BIO_free(ctx.qc->net_wbio);
d1ac77b1 446
22d53c88 447 /* Note: SSL_free calls OPENSSL_free(qc) for us */
a7f41885 448
072328dd 449 SSL_free(ctx.qc->tls);
45b7c7e0 450 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 451#if defined(OPENSSL_THREADS)
45b7c7e0 452 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 453#endif
22d53c88
HL		 454}
455
456/* SSL method init */
38b051a1 457int ossl_quic_init(SSL *s)
99e1cc7b 458{
22d53c88
HL		 459 /* Same op as SSL_clear, forward the call. */
460 return ossl_quic_clear(s);
99e1cc7b
TM		 461}
462
22d53c88 463/* SSL method deinit */
38b051a1
TM		 464void ossl_quic_deinit(SSL *s)
465{
22d53c88 466 /* No-op. */
38b051a1
TM		 467}
468
22d53c88
HL		 469/* SSL_reset */
470int ossl_quic_reset(SSL *s)
471{
072328dd 472 QCTX ctx;
22d53c88 473
072328dd 474 if (!expect_quic(s, &ctx))
22d53c88
HL		 475 return 0;
476
c8b3fdc2 477 /* TODO(QUIC); Currently a no-op. */
22d53c88
HL		 478 return 1;
479}
480
481/* SSL_clear */
482int ossl_quic_clear(SSL *s)
99e1cc7b 483{
072328dd 484 QCTX ctx;
38b051a1 485
072328dd 486 if (!expect_quic(s, &ctx))
22d53c88
HL		 487 return 0;
488
c8b3fdc2 489 /* TODO(QUIC): Currently a no-op. */
22d53c88
HL		 490 return 1;
491}
38b051a1 492
b212d554
HL		 493void ossl_quic_conn_set_override_now_cb(SSL *s,
494 OSSL_TIME (*now_cb)(void *arg),
495 void *now_cb_arg)
496{
072328dd 497 QCTX ctx;
b212d554 498
072328dd
HL		 499 if (!expect_quic(s, &ctx))
500 return;
501
502 ctx.qc->override_now_cb = now_cb;
503 ctx.qc->override_now_cb_arg = now_cb_arg;
b212d554
HL		 504}
505
3b1ab5a3
HL		 506void ossl_quic_conn_force_assist_thread_wake(SSL *s)
507{
072328dd
HL		 508 QCTX ctx;
509
510 if (!expect_quic(s, &ctx))
511 return;
3b1ab5a3 512
629b408c 513#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 514 if (ctx.qc->is_thread_assisted && ctx.qc->started)
515 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 516#endif
3b1ab5a3
HL		 517}
518
995ff282
HL		 519QUIC_NEEDS_LOCK
520static void qc_touch_default_xso(QUIC_CONNECTION *qc)
521{
522 qc->default_xso_created = 1;
523 qc_update_reject_policy(qc);
524}
525
9cab4bd5
HL		 526/*
527 * Changes default XSO. Allows caller to keep reference to the old default XSO
528 * (if any). Reference to new XSO is transferred from caller.
529 */
995ff282 530QUIC_NEEDS_LOCK
9cab4bd5
HL		 531static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
532 int touch,
533 QUIC_XSO **old_xso)
995ff282 534{
9cab4bd5
HL		 535 int refs;
536
537 *old_xso = NULL;
538
539 if (qc->default_xso != xso) {
540 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
541
542 qc->default_xso = xso;
543
544 if (xso == NULL) {
545 /*
546 * Changing to not having a default XSO. XSO becomes standalone and
547 * now has a ref to the QC.
548 */
549 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
550 return;
551 } else {
552 /*
553 * Changing from not having a default XSO to having one. The new XSO
554 * will have had a reference to the QC we need to drop to avoid a
555 * circular reference.
3a61a96c
HL		 556 *
557 * Currently we never change directly from one default XSO to
558 * another, though this function would also still be correct if this
559 * weren't the case.
9cab4bd5 560 */
3a61a96c
HL		 561 assert(*old_xso == NULL);
562
9cab4bd5
HL		 563 CRYPTO_DOWN_REF(&qc->ssl.references, &refs, &qc->ssl.lock);
564 assert(refs > 0);
565 }
566 }
567
995ff282
HL		 568 if (touch)
569 qc_touch_default_xso(qc);
570}
571
9cab4bd5
HL		 572/*
573 * Changes default XSO, releasing the reference to any previous default XSO.
574 * Reference to new XSO is transferred from caller.
575 */
576QUIC_NEEDS_LOCK
577static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
578{
579 QUIC_XSO *old_xso = NULL;
580
581 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
582
583 if (old_xso != NULL)
584 SSL_free(&old_xso->ssl);
585}
586
22d53c88
HL		 587/*
588 * QUIC Front-End I/O API: Network BIO Configuration
589 * =================================================
590 *
591 * Handling the different BIOs is difficult:
592 *
593 * - It is more or less a requirement that we use non-blocking network I/O;
594 * we need to be able to have timeouts on recv() calls, and make best effort
595 * (non blocking) send() and recv() calls.
596 *
597 * The only sensible way to do this is to configure the socket into
598 * non-blocking mode. We could try to do select() before calling send() or
599 * recv() to get a guarantee that the call will not block, but this will
600 * probably run into issues with buggy OSes which generate spurious socket
601 * readiness events. In any case, relying on this to work reliably does not
602 * seem sane.
603 *
604 * Timeouts could be handled via setsockopt() socket timeout options, but
605 * this depends on OS support and adds another syscall to every network I/O
606 * operation. It also has obvious thread safety concerns if we want to move
607 * to concurrent use of a single socket at some later date.
608 *
609 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
610 * be made non-blocking. However some OSes (e.g. Windows) do not support
611 * this, so we cannot rely on this.
612 *
613 * As such, we need to configure any FD in non-blocking mode. This may
614 * confound users who pass a blocking socket to libssl. However, in practice
615 * it would be extremely strange for a user of QUIC to pass an FD to us,
616 * then also try and send receive traffic on the same socket(!). Thus the
617 * impact of this should be limited, and can be documented.
618 *
619 * - We support both blocking and non-blocking operation in terms of the API
620 * presented to the user. One prospect is to set the blocking mode based on
621 * whether the socket passed to us was already in blocking mode. However,
622 * Windows has no API for determining if a socket is in blocking mode (!),
623 * therefore this cannot be done portably. Currently therefore we expose an
624 * explicit API call to set this, and default to blocking mode.
625 *
626 * - We need to determine our initial destination UDP address. The "natural"
627 * way for a user to do this is to set the peer variable on a BIO_dgram.
628 * However, this has problems because BIO_dgram's peer variable is used for
629 * both transmission and reception. This means it can be constantly being
630 * changed to a malicious value (e.g. if some random unrelated entity on the
631 * network starts sending traffic to us) on every read call. This is not a
632 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
633 * calls only, which do not use this variable. However, we do need to let
634 * the user specify the peer in a 'normal' manner. The compromise here is
635 * that we grab the current peer value set at the time the write BIO is set
636 * and do not read the value again.
637 *
638 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
639 * Currently we do this by only supporting non-blocking mode.
640 *
641 */
642
643/*
644 * Determines what initial destination UDP address we should use, if possible.
645 * If this fails the client must set the destination address manually, or use a
646 * BIO which does not need a destination address.
647 */
648static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
649{
75b2920a 650 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
22d53c88
HL		 651 return 0;
652
653 return 1;
654}
655
072328dd 656void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 657{
072328dd
HL		 658 QCTX ctx;
659
660 if (!expect_quic(s, &ctx))
661 return;
662
663 if (ctx.qc->net_rbio == net_rbio)
38b051a1 664 return;
38b051a1 665
23c04709 666 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
22d53c88
HL		 667 return;
668
072328dd
HL		 669 BIO_free(ctx.qc->net_rbio);
670 ctx.qc->net_rbio = net_rbio;
22d53c88
HL		 671
672 /*
673 * If what we have is not pollable (e.g. a BIO_dgram_pair) disable blocking
674 * mode as we do not support it for non-pollable BIOs.
675 */
676 if (net_rbio != NULL) {
677 BIO_POLL_DESCRIPTOR d = {0};
678
679 if (!BIO_get_rpoll_descriptor(net_rbio, &d)
680 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 681 ctx.qc->blocking = 0;
682 ctx.qc->default_blocking = 0;
072328dd 683 ctx.qc->can_poll_net_rbio = 0;
22d53c88 684 } else {
072328dd 685 ctx.qc->can_poll_net_rbio = 1;
22d53c88
HL		 686 }
687 }
99e1cc7b
TM		 688}
689
072328dd 690void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 691{
072328dd
HL		 692 QCTX ctx;
693
694 if (!expect_quic(s, &ctx))
22d53c88
HL		 695 return;
696
072328dd 697 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 698 return;
699
23c04709 700 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
072328dd
HL		 701 return;
702
703 BIO_free(ctx.qc->net_wbio);
704 ctx.qc->net_wbio = net_wbio;
22d53c88
HL		 705
706 if (net_wbio != NULL) {
707 BIO_POLL_DESCRIPTOR d = {0};
38b051a1 708
22d53c88
HL		 709 if (!BIO_get_wpoll_descriptor(net_wbio, &d)
710 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 711 ctx.qc->blocking = 0;
712 ctx.qc->default_blocking = 0;
072328dd 713 ctx.qc->can_poll_net_wbio = 0;
22d53c88 714 } else {
072328dd 715 ctx.qc->can_poll_net_wbio = 1;
22d53c88 716 }
38b051a1 717
22d53c88
HL		 718 /*
719 * If we do not have a peer address yet, and we have not started trying
720 * to connect yet, try to autodetect one.
721 */
072328dd
HL		 722 if (BIO_ADDR_family(&ctx.qc->init_peer_addr) == AF_UNSPEC
723 && !ctx.qc->started) {
724 if (!csm_analyse_init_peer_addr(net_wbio, &ctx.qc->init_peer_addr))
22d53c88 725 /* best effort */
072328dd 726 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88 727
23c04709
HL		 728 ossl_quic_channel_set_peer_addr(ctx.qc->ch,
729 &ctx.qc->init_peer_addr);
22d53c88 730 }
38b051a1 731 }
22d53c88 732}
38b051a1 733
072328dd 734BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 735{
072328dd
HL		 736 QCTX ctx;
737
738 if (!expect_quic(s, &ctx))
739 return NULL;
740
741 return ctx.qc->net_rbio;
38b051a1
TM		 742}
743
072328dd 744BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 745{
072328dd
HL		 746 QCTX ctx;
747
748 if (!expect_quic(s, &ctx))
749 return NULL;
750
751 return ctx.qc->net_wbio;
22d53c88
HL		 752}
753
072328dd 754int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 755{
072328dd
HL		 756 QCTX ctx;
757
758 if (!expect_quic(s, &ctx))
759 return 0;
760
cb5c208b
HL		 761 if (ctx.is_stream)
762 return ctx.xso->blocking;
763
072328dd 764 return ctx.qc->blocking;
22d53c88
HL		 765}
766
072328dd 767int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 768{
072328dd
HL		 769 QCTX ctx;
770
771 if (!expect_quic(s, &ctx))
772 return 0;
773
22d53c88
HL		 774 /* Cannot enable blocking mode if we do not have pollable FDs. */
775 if (blocking != 0 &&
072328dd 776 (!ctx.qc->can_poll_net_rbio || !ctx.qc->can_poll_net_wbio))
faa3a180 777 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
22d53c88 778
cb5c208b
HL		 779 if (!ctx.is_stream) {
780 /*
781 * If called on a QCSO, update default and connection-level blocking
782 * modes.
783 */
784 ctx.qc->blocking = (blocking != 0);
785 ctx.qc->default_blocking = ctx.qc->blocking;
786 }
787
788 if (ctx.xso != NULL)
789 /*
790 * If called on a QSSO or QCSO with a default XSO, update blocking
791 * mode.
792 */
793 ctx.xso->blocking = (blocking != 0);
794
99e1cc7b
TM		 795 return 1;
796}
797
072328dd 798int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 799 const BIO_ADDR *peer_addr)
99e1cc7b 800{
072328dd
HL		 801 QCTX ctx;
802
803 if (!expect_quic(s, &ctx))
804 return 0;
805
806 if (ctx.qc->started)
faa3a180 807 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
22d53c88 808 NULL);
38b051a1 809
22d53c88 810 if (peer_addr == NULL) {
072328dd 811 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 812 return 1;
813 }
38b051a1 814
072328dd 815 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 816 return 1;
817}
818
22d53c88
HL		 819/*
820 * QUIC Front-End I/O API: Asynchronous I/O Management
821 * ===================================================
822 *
823 * (BIO/)SSL_tick => ossl_quic_tick
824 * (BIO/)SSL_get_tick_timeout => ossl_quic_get_tick_timeout
825 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
826 *
827 */
828
829/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 830static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 831{
22d53c88
HL		 832 return qc->blocking;
833}
38b051a1 834
cb5c208b
HL		 835static int xso_blocking_mode(const QUIC_XSO *xso)
836{
837 return xso->blocking
838 && xso->conn->can_poll_net_rbio
839 && xso->conn->can_poll_net_wbio;
840}
841
22d53c88 842/* SSL_tick; ticks the reactor. */
a8489257 843QUIC_TAKES_LOCK
072328dd 844int ossl_quic_tick(SSL *s)
22d53c88 845{
072328dd
HL		 846 QCTX ctx;
847
848 if (!expect_quic(s, &ctx))
849 return 0;
850
851 quic_lock(ctx.qc);
072328dd
HL		 852 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
853 quic_unlock(ctx.qc);
99e1cc7b
TM		 854 return 1;
855}
856
22d53c88
HL		 857/*
858 * SSL_get_tick_timeout. Get the time in milliseconds until the SSL object
859 * should be ticked by the application by calling SSL_tick(). tv is set to 0 if
860 * the object should be ticked immediately and tv->tv_sec is set to -1 if no
861 * timeout is currently active.
862 */
a8489257 863QUIC_TAKES_LOCK
072328dd 864int ossl_quic_get_tick_timeout(SSL *s, struct timeval *tv)
99e1cc7b 865{
072328dd 866 QCTX ctx;
a1660c94 867 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 868
072328dd
HL		 869 if (!expect_quic(s, &ctx))
870 return 0;
a8489257 871
072328dd
HL		 872 quic_lock(ctx.qc);
873
23c04709
HL		 874 deadline
875 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 876
877 if (ossl_time_is_infinite(deadline)) {
878 tv->tv_sec = -1;
879 tv->tv_usec = 0;
072328dd 880 quic_unlock(ctx.qc);
22d53c88
HL		 881 return 1;
882 }
883
a1660c94 884 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, ossl_time_now()));
072328dd 885 quic_unlock(ctx.qc);
22d53c88
HL		 886 return 1;
887}
888
889/* SSL_get_rpoll_descriptor */
072328dd 890int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 891{
072328dd
HL		 892 QCTX ctx;
893
894 if (!expect_quic(s, &ctx))
e44795bd
TM		 895 return 0;
896
072328dd
HL		 897 if (desc == NULL || ctx.qc->net_rbio == NULL)
898 return 0;
899
900 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 901}
902
22d53c88 903/* SSL_get_wpoll_descriptor */
072328dd 904int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 905{
072328dd
HL		 906 QCTX ctx;
907
908 if (!expect_quic(s, &ctx))
909 return 0;
910
911 if (desc == NULL || ctx.qc->net_wbio == NULL)
22d53c88
HL		 912 return 0;
913
072328dd 914 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 915}
916
b639475a 917/* SSL_net_read_desired */
a8489257 918QUIC_TAKES_LOCK
072328dd 919int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 920{
072328dd 921 QCTX ctx;
a8489257
HL		 922 int ret;
923
072328dd
HL		 924 if (!expect_quic(s, &ctx))
925 return 0;
926
927 quic_lock(ctx.qc);
072328dd
HL		 928 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
929 quic_unlock(ctx.qc);
a8489257 930 return ret;
22d53c88 931}
e44795bd 932
b639475a 933/* SSL_net_write_desired */
a8489257 934QUIC_TAKES_LOCK
072328dd 935int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 936{
a8489257 937 int ret;
072328dd
HL		 938 QCTX ctx;
939
940 if (!expect_quic(s, &ctx))
941 return 0;
a8489257 942
072328dd 943 quic_lock(ctx.qc);
072328dd
HL		 944 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
945 quic_unlock(ctx.qc);
a8489257 946 return ret;
99e1cc7b
TM		 947}
948
22d53c88
HL		 949/*
950 * QUIC Front-End I/O API: Connection Lifecycle Operations
951 * =======================================================
952 *
953 * SSL_do_handshake => ossl_quic_do_handshake
954 * SSL_set_connect_state => ossl_quic_set_connect_state
955 * SSL_set_accept_state => ossl_quic_set_accept_state
956 * SSL_shutdown => ossl_quic_shutdown
957 * SSL_ctrl => ossl_quic_ctrl
958 * (BIO/)SSL_connect => ossl_quic_connect
959 * (BIO/)SSL_accept => ossl_quic_accept
960 *
961 */
962
963/* SSL_shutdown */
e8043229 964static int quic_shutdown_wait(void *arg)
99e1cc7b 965{
e8043229 966 QUIC_CONNECTION *qc = arg;
22d53c88 967
23c04709 968 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 969}
22d53c88 970
a8489257 971QUIC_TAKES_LOCK
072328dd 972int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 973 const SSL_SHUTDOWN_EX_ARGS *args,
974 size_t args_len)
975{
a8489257 976 int ret;
072328dd 977 QCTX ctx;
a8489257 978
072328dd
HL		 979 if (!expect_quic(s, &ctx))
980 return 0;
981
cb5c208b
HL		 982 if (ctx.is_stream)
983 /* TODO(QUIC): Semantics currently undefined for QSSOs */
984 return -1;
985
072328dd 986 quic_lock(ctx.qc);
a8489257 987
072328dd 988 ossl_quic_channel_local_close(ctx.qc->ch,
e8043229
HL		 989 args != NULL ? args->quic_error_code : 0);
990
1d40b151 991 /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
e8043229 992
072328dd
HL		 993 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
994 quic_unlock(ctx.qc);
e8043229 995 return 1;
a8489257 996 }
e8043229 997
cb5c208b 998 if (qc_blocking_mode(ctx.qc) && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0)
072328dd 999 block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
e8043229 1000 else
072328dd 1001 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
e8043229 1002
072328dd
HL		 1003 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1004 quic_unlock(ctx.qc);
a8489257 1005 return ret;
99e1cc7b
TM		 1006}
1007
22d53c88 1008/* SSL_ctrl */
e44795bd 1009long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1010{
072328dd 1011 QCTX ctx;
38b051a1 1012
072328dd 1013 if (!expect_quic(s, &ctx))
38b051a1
TM		 1014 return 0;
1015
22d53c88
HL		 1016 switch (cmd) {
1017 case SSL_CTRL_MODE:
cb5c208b
HL		 1018 /* If called on a QCSO, update the default mode. */
1019 if (!ctx.is_stream)
1020 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1021
1022 /*
1023 * If we were called on a QSSO or have a default stream, we also update
1024 * that.
1025 */
1026 if (ctx.xso != NULL) {
1027 /* Cannot enable EPW while AON write in progress. */
1028 if (ctx.xso->aon_write_in_progress)
1029 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1030
1031 ctx.xso->ssl_mode |= (uint32_t)larg;
1032 return ctx.xso->ssl_mode;
1033 }
dfc227bd 1034
cb5c208b 1035 return ctx.qc->default_ssl_mode;
22d53c88 1036 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1037 if (!ctx.is_stream)
1038 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1039
1040 if (ctx.xso != NULL) {
1041 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1042 return ctx.xso->ssl_mode;
1043 }
1044
1045 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1046
1047 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
5cf99b40 1048 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
63dfde87
MC		 1049 /* This ctrl also needs to be passed to the internal SSL object */
1050 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1051
22d53c88 1052 default:
f8ffab0d 1053 /* Probably a TLS related ctrl. Defer to our internal SSL object */
072328dd 1054 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
08e49012 1055 }
22d53c88
HL		 1056}
1057
1058/* SSL_set_connect_state */
072328dd 1059void ossl_quic_set_connect_state(SSL *s)
22d53c88 1060{
072328dd
HL		 1061 QCTX ctx;
1062
1063 if (!expect_quic(s, &ctx))
1064 return;
1065
22d53c88 1066 /* Cannot be changed after handshake started */
cb5c208b 1067 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1068 return;
1069
dfb9ae14 1070 ctx.qc->as_server_state = 0;
22d53c88
HL		 1071}
1072
1073/* SSL_set_accept_state */
072328dd 1074void ossl_quic_set_accept_state(SSL *s)
22d53c88 1075{
072328dd
HL		 1076 QCTX ctx;
1077
1078 if (!expect_quic(s, &ctx))
1079 return;
1080
22d53c88 1081 /* Cannot be changed after handshake started */
cb5c208b 1082 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1083 return;
1084
dfb9ae14 1085 ctx.qc->as_server_state = 1;
22d53c88
HL		 1086}
1087
1088/* SSL_do_handshake */
1089struct quic_handshake_wait_args {
1090 QUIC_CONNECTION *qc;
1091};
1092
1093static int quic_handshake_wait(void *arg)
1094{
1095 struct quic_handshake_wait_args *args = arg;
1096
1097 if (!ossl_quic_channel_is_active(args->qc->ch))
1098 return -1;
1099
1100 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1101 return 1;
1102
99e1cc7b
TM		 1103 return 0;
1104}
1105
22d53c88 1106static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1107{
22d53c88 1108 assert(qc->ch != NULL);
08e49012 1109
d1ac77b1
HL		 1110 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1111 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
22d53c88
HL		 1112 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1113 return 0;
1114
1115 return 1;
1116}
1117
4847599b 1118QUIC_NEEDS_LOCK
23c04709 1119static int create_channel(QUIC_CONNECTION *qc)
22d53c88
HL		 1120{
1121 QUIC_CHANNEL_ARGS args = {0};
1122
5cf99b40
MC		 1123 args.libctx = qc->ssl.ctx->libctx;
1124 args.propq = qc->ssl.ctx->propq;
1125 args.is_server = qc->as_server;
1126 args.tls = qc->tls;
1127 args.mutex = qc->mutex;
1128 args.now_cb = qc->override_now_cb;
1129 args.now_cb_arg = qc->override_now_cb_arg;
22d53c88
HL		 1130
1131 qc->ch = ossl_quic_channel_new(&args);
1132 if (qc->ch == NULL)
1133 return 0;
1134
e8043229
HL		 1135 return 1;
1136}
1137
1138/*
1139 * Creates a channel and configures it with the information we have accumulated
1140 * via calls made to us from the application prior to starting a handshake
1141 * attempt.
1142 */
4847599b 1143QUIC_NEEDS_LOCK
23c04709 1144static int ensure_channel_started(QUIC_CONNECTION *qc)
e8043229 1145{
ffce2946 1146 if (!qc->started) {
ffce2946
HL		 1147 if (!configure_channel(qc)
1148 || !ossl_quic_channel_start(qc->ch))
1149 goto err;
f2f7c4f1 1150
629b408c 1151#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946
HL		 1152 if (qc->is_thread_assisted)
1153 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch))
1154 goto err;
629b408c 1155#endif
ffce2946
HL		 1156 }
1157
22d53c88
HL		 1158 qc->started = 1;
1159 return 1;
f2f7c4f1
HL		 1160
1161err:
1162 ossl_quic_channel_free(qc->ch);
1163 qc->ch = NULL;
1164 return 0;
99e1cc7b
TM		 1165}
1166
4a530180 1167QUIC_NEEDS_LOCK
faa3a180 1168static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1169{
22d53c88 1170 int ret;
faa3a180 1171 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1172
23c04709 1173 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1174 /* Handshake already completed. */
4a530180 1175 return 1;
ca41f6b7 1176
23c04709 1177 if (ossl_quic_channel_is_term_any(qc->ch))
faa3a180 1178 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1179
ca41f6b7 1180 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
22d53c88 1181 /* Peer address must have been set. */
faa3a180 1182 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
4a530180 1183 return -1; /* Non-protocol error */
ca41f6b7 1184 }
22d53c88 1185
dfb9ae14 1186 if (qc->as_server != qc->as_server_state) {
23c04709 1187 /* TODO(QUIC): Must match the method used to create the QCSO */
faa3a180 1188 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1189 return -1; /* Non-protocol error */
ca41f6b7 1190 }
22d53c88 1191
ca41f6b7 1192 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1193 /* Need read and write BIOs. */
faa3a180 1194 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1195 return -1; /* Non-protocol error */
ca41f6b7 1196 }
22d53c88
HL		 1197
1198 /*
1199 * Start connection process. Note we may come here multiple times in
1200 * non-blocking mode, which is fine.
1201 */
23c04709 1202 if (!ensure_channel_started(qc)) {
faa3a180 1203 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1204 return -1; /* Non-protocol error */
ca41f6b7 1205 }
22d53c88 1206
4a530180 1207 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1208 /* The handshake is now done. */
4a530180 1209 return 1;
22d53c88 1210
cb5c208b 1211 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1212 /* In blocking mode, wait for the handshake to complete. */
1213 struct quic_handshake_wait_args args;
1214
1215 args.qc = qc;
1216
1217 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
ca41f6b7 1218 if (!ossl_quic_channel_is_active(qc->ch)) {
faa3a180 1219 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1220 return 0; /* Shutdown before completion */
ca41f6b7 1221 } else if (ret <= 0) {
faa3a180 1222 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1223 return -1; /* Non-protocol error */
ca41f6b7 1224 }
22d53c88
HL		 1225
1226 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1227 return 1;
22d53c88 1228 } else {
ca41f6b7 1229 /* Try to advance the reactor. */
ccd31037 1230 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
ca41f6b7 1231
4a530180 1232 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1233 /* The handshake is now done. */
4a530180 1234 return 1;
ca41f6b7 1235
22d53c88 1236 /* Otherwise, indicate that the handshake isn't done yet. */
faa3a180 1237 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
4a530180 1238 return -1; /* Non-protocol error */
22d53c88 1239 }
4a530180 1240}
a8489257 1241
4a530180 1242QUIC_TAKES_LOCK
072328dd 1243int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1244{
1245 int ret;
072328dd 1246 QCTX ctx;
4a530180 1247
072328dd
HL		 1248 if (!expect_quic(s, &ctx))
1249 return 0;
1250
1251 quic_lock(ctx.qc);
4a530180 1252
faa3a180 1253 ret = quic_do_handshake(&ctx);
072328dd 1254 quic_unlock(ctx.qc);
a8489257 1255 return ret;
99e1cc7b
TM		 1256}
1257
22d53c88
HL		 1258/* SSL_connect */
1259int ossl_quic_connect(SSL *s)
99e1cc7b 1260{
22d53c88 1261 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1262 ossl_quic_set_connect_state(s);
22d53c88
HL		 1263
1264 /* Begin or continue the handshake */
072328dd 1265 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1266}
1267
22d53c88
HL		 1268/* SSL_accept */
1269int ossl_quic_accept(SSL *s)
99e1cc7b 1270{
22d53c88 1271 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1272 ossl_quic_set_accept_state(s);
22d53c88
HL		 1273
1274 /* Begin or continue the handshake */
072328dd 1275 return ossl_quic_do_handshake(s);
99e1cc7b 1276}
e44795bd 1277
cb5c208b
HL		 1278/*
1279 * QUIC Front-End I/O API: Stream Lifecycle Operations
1280 * ===================================================
1281 *
1282 * SSL_stream_new => ossl_quic_conn_stream_new
1283 *
1284 */
21c80696
HL		 1285
1286/*
1287 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1288 * default XSO was created. Returns 0 if it was not (e.g. because it already
1289 * exists). Note that this is NOT an error condition.
1290 */
1291QUIC_NEEDS_LOCK
faa3a180 1292static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1293{
8b7be3aa 1294 uint64_t flags = 0;
faa3a180 1295 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1296
8b7be3aa
HL		 1297 if (qc->default_xso_created
1298 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1299 /*
1300 * We only do this once. If the user detaches a previously created
1301 * default XSO we don't auto-create another one.
1302 */
faa3a180 1303 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1304
8b7be3aa
HL		 1305 /* Create a locally-initiated stream. */
1306 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1307 flags |= SSL_STREAM_FLAG_UNI;
1308
faa3a180 1309 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1310 /*needs_lock=*/0),
995ff282 1311 /*touch=*/0);
8b7be3aa 1312 if (qc->default_xso == NULL)
faa3a180 1313 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1314
995ff282 1315 qc_touch_default_xso(qc);
8b7be3aa
HL		 1316 return 1;
1317}
1318
1319struct quic_wait_for_stream_args {
1320 QUIC_CONNECTION *qc;
1321 QUIC_STREAM *qs;
faa3a180 1322 QCTX *ctx;
8b7be3aa
HL		 1323 uint64_t expect_id;
1324};
1325
1326QUIC_NEEDS_LOCK
1327static int quic_wait_for_stream(void *arg)
1328{
1329 struct quic_wait_for_stream_args *args = arg;
1330
1331 if (!ossl_quic_channel_is_active(args->qc->ch)) {
1332 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1333 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1334 return -1;
1335 }
1336
1337 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1338 args->expect_id | QUIC_STREAM_DIR_BIDI);
1339 if (args->qs == NULL)
1340 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1341 args->expect_id | QUIC_STREAM_DIR_UNI);
1342
8b7be3aa
HL		 1343 if (args->qs != NULL)
1344 return 1; /* stream now exists */
1345
1346 return 0; /* did not get a stream, keep trying */
1347}
1348
1349QUIC_NEEDS_LOCK
faa3a180 1350static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1351{
1352 /* Called on a QCSO and we don't currently have a default stream. */
1353 uint64_t expect_id;
faa3a180 1354 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1355 QUIC_STREAM *qs;
1356 int res;
1357 struct quic_wait_for_stream_args wargs;
1358
1359 /*
1360 * If default stream functionality is disabled or we already detached
1361 * one, don't make another default stream and just fail.
1362 */
1363 if (qc->default_xso_created
1364 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1365 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1366
1367 /*
1368 * The peer may have opened a stream since we last ticked. So tick and
1369 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1370 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1371 * first stream created by a peer must have an ordinal of 0.
1372 */
1373 expect_id = qc->as_server
1374 ? QUIC_STREAM_INITIATOR_CLIENT
1375 : QUIC_STREAM_INITIATOR_SERVER;
1376
8b7be3aa 1377 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1378 expect_id | QUIC_STREAM_DIR_BIDI);
1379 if (qs == NULL)
1380 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1381 expect_id | QUIC_STREAM_DIR_UNI);
1382
8b7be3aa
HL		 1383 if (qs == NULL) {
1384 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1385
1386 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1387 expect_id);
1388 }
1389
1390 if (qs == NULL) {
1391 if (!qc_blocking_mode(qc))
1392 /* Non-blocking mode, so just bail immediately. */
faa3a180 1393 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1394
1395 /* Block until we have a stream. */
1396 wargs.qc = qc;
1397 wargs.qs = NULL;
faa3a180 1398 wargs.ctx = ctx;
8b7be3aa
HL		 1399 wargs.expect_id = expect_id;
1400
1401 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1402 if (res == 0)
faa3a180 1403 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1404 else if (res < 0 || wargs.qs == NULL)
1405 /* quic_wait_for_stream raised error here */
21c80696 1406 return 0;
8b7be3aa
HL		 1407
1408 qs = wargs.qs;
21c80696
HL		 1409 }
1410
8b7be3aa
HL		 1411 /*
1412 * We now have qs != NULL. Make it the default stream, creating the
1413 * necessary XSO.
1414 */
995ff282 1415 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1416 if (qc->default_xso == NULL)
faa3a180 1417 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1418
995ff282 1419 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1420 return 1;
1421}
1422
1423QUIC_NEEDS_LOCK
1424static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1425{
1426 QUIC_XSO *xso = NULL;
1427
1428 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL)
1429 goto err;
1430
1431 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO))
1432 goto err;
1433
9cab4bd5
HL		 1434 /* XSO refs QC */
1435 if (!SSL_up_ref(&qc->ssl))
1436 goto err;
1437
21c80696
HL		 1438 xso->conn = qc;
1439 xso->blocking = qc->default_blocking;
1440 xso->ssl_mode = qc->default_ssl_mode;
faa3a180 1441 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1442
1443 xso->stream = qs;
1444
1445 ++qc->num_xso;
1446 return xso;
1447
1448err:
1449 OPENSSL_free(xso);
1450 return NULL;
1451}
1452
13ac037d 1453/* locking depends on need_lock */
faa3a180 1454static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1455{
faa3a180 1456 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1457 QUIC_XSO *xso = NULL;
21c80696 1458 QUIC_STREAM *qs = NULL;
2dbc39de 1459 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
cb5c208b 1460
13ac037d
HL		 1461 if (need_lock)
1462 quic_lock(qc);
2dbc39de 1463
13ac037d 1464 if (ossl_quic_channel_is_term_any(qc->ch)) {
faa3a180 1465 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 1466 goto err;
1467 }
1468
13ac037d 1469 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
21c80696 1470 if (qs == NULL)
2dbc39de 1471 goto err;
cb5c208b 1472
13ac037d 1473 xso = create_xso_from_stream(qc, qs);
21c80696 1474 if (xso == NULL)
cb5c208b
HL		 1475 goto err;
1476
13ac037d
HL		 1477 qc_touch_default_xso(qc); /* inhibits default XSO */
1478 if (need_lock)
1479 quic_unlock(qc);
1480
cb5c208b
HL		 1481 return &xso->ssl;
1482
1483err:
1484 OPENSSL_free(xso);
13ac037d
HL		 1485 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1486 if (need_lock)
1487 quic_unlock(qc);
1488
cb5c208b 1489 return NULL;
13ac037d
HL		 1490
1491}
1492
1493QUIC_TAKES_LOCK
1494SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1495{
1496 QCTX ctx;
1497
1498 if (!expect_quic_conn_only(s, &ctx))
1499 return NULL;
1500
faa3a180 1501 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 1502}
1503
22d53c88
HL		 1504/*
1505 * QUIC Front-End I/O API: Steady-State Operations
1506 * ===============================================
1507 *
1508 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1509 * is, the functions used during the established phase of a QUIC connection
1510 * (e.g. SSL_read, SSL_write).
1511 *
1512 * Each function must handle both blocking and non-blocking modes. As discussed
1513 * above, all QUIC I/O is implemented using non-blocking mode internally.
1514 *
1515 * SSL_get_error => partially implemented by ossl_quic_get_error
1516 * (BIO/)SSL_read => ossl_quic_read
1517 * (BIO/)SSL_write => ossl_quic_write
1518 * SSL_pending => ossl_quic_pending
a9979965 1519 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
22d53c88
HL		 1520 */
1521
1522/* SSL_get_error */
072328dd 1523int ossl_quic_get_error(const SSL *s, int i)
e44795bd 1524{
072328dd
HL		 1525 QCTX ctx;
1526
1527 if (!expect_quic(s, &ctx))
1528 return 0;
1529
faa3a180 1530 return ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
e44795bd
TM		 1531}
1532
22d53c88
HL		 1533/*
1534 * SSL_write
1535 * ---------
1536 *
1537 * The set of functions below provide the implementation of the public SSL_write
1538 * function. We must handle:
1539 *
1540 * - both blocking and non-blocking operation at the application level,
1541 * depending on how we are configured;
1542 *
1543 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1544 *
1545 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1546 *
1547 */
4847599b 1548QUIC_NEEDS_LOCK
cb5c208b 1549static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
22d53c88
HL		 1550{
1551 /*
1552 * We have appended at least one byte to the stream.
1553 * Potentially mark stream as active, depending on FC.
1554 */
1555 if (did_append)
cb5c208b
HL		 1556 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1557 xso->stream);
22d53c88
HL		 1558
1559 /*
1560 * Try and send.
1561 *
1562 * TODO(QUIC): It is probably inefficient to try and do this immediately,
1563 * plus we should eventually consider Nagle's algorithm.
1564 */
1565 if (do_tick)
cb5c208b 1566 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 1567}
1568
1569struct quic_write_again_args {
cb5c208b 1570 QUIC_XSO *xso;
22d53c88
HL		 1571 const unsigned char *buf;
1572 size_t len;
1573 size_t total_written;
1574};
1575
4847599b 1576QUIC_NEEDS_LOCK
22d53c88
HL		 1577static int quic_write_again(void *arg)
1578{
1579 struct quic_write_again_args *args = arg;
1580 size_t actual_written = 0;
1581
cb5c208b 1582 if (!ossl_quic_channel_is_active(args->xso->conn->ch))
22d53c88
HL		 1583 /* If connection is torn down due to an error while blocking, stop. */
1584 return -2;
1585
cb5c208b 1586 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
22d53c88
HL		 1587 args->buf, args->len, &actual_written))
1588 return -2;
1589
cb5c208b 1590 quic_post_write(args->xso, actual_written > 0, 0);
22d53c88
HL		 1591
1592 args->buf += actual_written;
1593 args->len -= actual_written;
1594 args->total_written += actual_written;
1595
3f0c310b 1596 if (args->len == 0)
22d53c88
HL		 1597 /* Written everything, done. */
1598 return 1;
1599
1600 /* Not written everything yet, keep trying. */
1601 return 0;
1602}
1603
4847599b 1604QUIC_NEEDS_LOCK
faa3a180 1605static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
22d53c88 1606 size_t *written)
e44795bd 1607{
22d53c88 1608 int res;
faa3a180 1609 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1610 struct quic_write_again_args args;
1611 size_t actual_written = 0;
1612
1613 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1614 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
22d53c88
HL		 1615 &actual_written)) {
1616 /* Stream already finished or allocation error. */
1617 *written = 0;
faa3a180 1618 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1619 }
1620
cb5c208b 1621 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1622
1623 if (actual_written == len) {
1624 /* Managed to append everything on the first try. */
1625 *written = actual_written;
1626 return 1;
1627 }
1628
1629 /*
1630 * We did not manage to append all of the data immediately, so the stream
1631 * buffer has probably filled up. This means we need to block until some of
1632 * it is freed up.
1633 */
cb5c208b 1634 args.xso = xso;
22d53c88
HL		 1635 args.buf = (const unsigned char *)buf + actual_written;
1636 args.len = len - actual_written;
1637 args.total_written = 0;
1638
cb5c208b 1639 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 1640 if (res <= 0) {
cb5c208b 1641 if (!ossl_quic_channel_is_active(xso->conn->ch))
faa3a180 1642 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1643 else
faa3a180 1644 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1645 }
1646
1647 *written = args.total_written;
e44795bd
TM		 1648 return 1;
1649}
1650
ca41f6b7
HL		 1651/*
1652 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
1653 * write semantics.
1654 */
cb5c208b 1655static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 1656 size_t buf_len, size_t already_sent)
1657{
cb5c208b 1658 assert(!xso->aon_write_in_progress);
22d53c88 1659
cb5c208b
HL		 1660 xso->aon_write_in_progress = 1;
1661 xso->aon_buf_base = buf;
1662 xso->aon_buf_pos = already_sent;
1663 xso->aon_buf_len = buf_len;
22d53c88
HL		 1664}
1665
cb5c208b 1666static void aon_write_finish(QUIC_XSO *xso)
22d53c88 1667{
cb5c208b
HL		 1668 xso->aon_write_in_progress = 0;
1669 xso->aon_buf_base = NULL;
1670 xso->aon_buf_pos = 0;
1671 xso->aon_buf_len = 0;
22d53c88
HL		 1672}
1673
4847599b 1674QUIC_NEEDS_LOCK
faa3a180 1675static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
22d53c88 1676 size_t len, size_t *written)
e44795bd 1677{
faa3a180 1678 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1679 const void *actual_buf;
1680 size_t actual_len, actual_written = 0;
1681 int accept_moving_buffer
cb5c208b 1682 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 1683
cb5c208b 1684 if (xso->aon_write_in_progress) {
22d53c88
HL		 1685 /*
1686 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 1687 * manage to append all data to the SSTREAM and we have Enable Partial
1688 * Write (EPW) mode disabled.)
22d53c88 1689 */
cb5c208b
HL		 1690 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
1691 || len != xso->aon_buf_len)
22d53c88
HL		 1692 /*
1693 * Pointer must not have changed if we are not in accept moving
1694 * buffer mode. Length must never change.
1695 */
faa3a180 1696 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 1697
cb5c208b
HL		 1698 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
1699 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 1700 assert(actual_len > 0);
1701 } else {
1702 actual_buf = buf;
1703 actual_len = len;
1704 }
1705
1706 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1707 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
22d53c88
HL		 1708 &actual_written)) {
1709 /* Stream already finished or allocation error. */
1710 *written = 0;
faa3a180 1711 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1712 }
1713
cb5c208b 1714 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1715
1716 if (actual_written == actual_len) {
1717 /* We have sent everything. */
cb5c208b 1718 if (xso->aon_write_in_progress) {
22d53c88
HL		 1719 /*
1720 * We have sent everything, and we were in the middle of an AON
1721 * write. The output write length is the total length of the AON
1722 * buffer, not however many bytes we managed to write to the stream
1723 * in this call.
1724 */
cb5c208b
HL		 1725 *written = xso->aon_buf_len;
1726 aon_write_finish(xso);
22d53c88
HL		 1727 } else {
1728 *written = actual_written;
1729 }
1730
1731 return 1;
1732 }
1733
cb5c208b 1734 if (xso->aon_write_in_progress) {
22d53c88
HL		 1735 /*
1736 * AON write is in progress but we have not written everything yet. We
1737 * may have managed to send zero bytes, or some number of bytes less
1738 * than the total remaining which need to be appended during this
1739 * AON operation.
1740 */
cb5c208b
HL		 1741 xso->aon_buf_pos += actual_written;
1742 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 1743 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 1744 }
1745
08e49012 1746 /*
22d53c88
HL		 1747 * Not in an existing AON operation but partial write is not enabled, so we
1748 * need to begin a new AON operation. However we needn't bother if we didn't
1749 * actually append anything.
08e49012 1750 */
22d53c88 1751 if (actual_written > 0)
cb5c208b 1752 aon_write_begin(xso, buf, len, actual_written);
e44795bd 1753
22d53c88
HL		 1754 /*
1755 * AON - We do not publicly admit to having appended anything until AON
1756 * completes.
1757 */
1758 *written = 0;
faa3a180 1759 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 1760}
1761
4847599b 1762QUIC_NEEDS_LOCK
faa3a180 1763static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
22d53c88 1764 size_t *written)
e44795bd 1765{
faa3a180
HL		 1766 QUIC_XSO *xso = ctx->xso;
1767
22d53c88 1768 /* Simple best effort operation. */
cb5c208b 1769 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
22d53c88
HL		 1770 /* Stream already finished or allocation error. */
1771 *written = 0;
faa3a180 1772 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1773 }
1774
cb5c208b 1775 quic_post_write(xso, *written > 0, 1);
e44795bd
TM		 1776 return 1;
1777}
d5ab48a1 1778
a8489257 1779QUIC_TAKES_LOCK
22d53c88 1780int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
d5ab48a1 1781{
a8489257 1782 int ret;
072328dd
HL		 1783 QCTX ctx;
1784 int partial_write;
22d53c88
HL		 1785
1786 *written = 0;
1787
8b7be3aa
HL		 1788 if (len == 0)
1789 return 1;
22d53c88 1790
8b7be3aa
HL		 1791 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
1792 return 0;
a8489257 1793
cb5c208b 1794 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 1795
23c04709 1796 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1797 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1798 goto out;
1799 }
22d53c88 1800
ca41f6b7
HL		 1801 /*
1802 * If we haven't finished the handshake, try to advance it.
1803 * We don't accept writes until the handshake is completed.
1804 */
faa3a180 1805 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1806 ret = 0;
1807 goto out;
1808 }
ca41f6b7 1809
cb5c208b 1810 if (ctx.xso->stream == NULL || ctx.xso->stream->sstream == NULL) {
faa3a180 1811 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1812 goto out;
1813 }
22d53c88 1814
cb5c208b 1815 if (xso_blocking_mode(ctx.xso))
faa3a180 1816 ret = quic_write_blocking(&ctx, buf, len, written);
22d53c88 1817 else if (partial_write)
faa3a180 1818 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
22d53c88 1819 else
faa3a180 1820 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
a8489257
HL		 1821
1822out:
072328dd 1823 quic_unlock(ctx.qc);
a8489257 1824 return ret;
d5ab48a1
RL		 1825}
1826
1827/*
22d53c88
HL		 1828 * SSL_read
1829 * --------
d5ab48a1 1830 */
22d53c88 1831struct quic_read_again_args {
faa3a180 1832 QCTX *ctx;
22d53c88
HL		 1833 QUIC_STREAM *stream;
1834 void *buf;
1835 size_t len;
1836 size_t *bytes_read;
1837 int peek;
1838};
1839
4847599b 1840QUIC_NEEDS_LOCK
faa3a180 1841static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 1842 QUIC_STREAM *stream,
1843 void *buf, size_t buf_len,
1844 size_t *bytes_read,
1845 int peek)
d5ab48a1 1846{
22d53c88 1847 int is_fin = 0;
faa3a180 1848 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1849
a9979965
HL		 1850 /* If the receive part of the stream is over, issue EOF. */
1851 if (stream->recv_fin_retired)
faa3a180 1852 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
a9979965 1853
22d53c88 1854 if (stream->rstream == NULL)
faa3a180 1855 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1856
1857 if (peek) {
1858 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
1859 bytes_read, &is_fin))
faa3a180 1860 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1861
1862 } else {
1863 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
1864 bytes_read, &is_fin))
faa3a180 1865 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1866 }
1867
1868 if (!peek) {
1869 if (*bytes_read > 0) {
1870 /*
1871 * We have read at least one byte from the stream. Inform stream-level
1872 * RXFC of the retirement of controlled bytes. Update the active stream
1873 * status (the RXFC may now want to emit a frame granting more credit to
1874 * the peer).
1875 */
1876 OSSL_RTT_INFO rtt_info;
d50e750e 1877
22d53c88
HL		 1878 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1879
cb5c208b 1880 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 1881 rtt_info.smoothed_rtt))
faa3a180 1882 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1883 }
1884
1885 if (is_fin)
1886 stream->recv_fin_retired = 1;
1887
1888 if (*bytes_read > 0)
1889 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 1890 stream);
22d53c88
HL		 1891 }
1892
d5ab48a1
RL		 1893 return 1;
1894}
1895
4847599b 1896QUIC_NEEDS_LOCK
22d53c88 1897static int quic_read_again(void *arg)
d5ab48a1 1898{
22d53c88
HL		 1899 struct quic_read_again_args *args = arg;
1900
faa3a180 1901 if (!ossl_quic_channel_is_active(args->ctx->qc->ch)) {
22d53c88 1902 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1903 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 1904 return -1;
a9979965 1905 }
22d53c88 1906
faa3a180 1907 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 1908 args->buf, args->len, args->bytes_read,
1909 args->peek))
1910 return -1;
1911
1912 if (*args->bytes_read > 0)
1913 /* got at least one byte, the SSL_read op can finish now */
1914 return 1;
1915
81b6b43c 1916 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 1917}
1918
a8489257 1919QUIC_TAKES_LOCK
22d53c88 1920static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 1921{
a8489257 1922 int ret, res;
072328dd 1923 QCTX ctx;
22d53c88
HL		 1924 struct quic_read_again_args args;
1925
1926 *bytes_read = 0;
1927
8b7be3aa 1928 if (!expect_quic(s, &ctx))
22d53c88
HL		 1929 return 0;
1930
072328dd 1931 quic_lock(ctx.qc);
a8489257 1932
23c04709 1933 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1934 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1935 goto out;
1936 }
22d53c88 1937
a9979965 1938 /* If we haven't finished the handshake, try to advance it. */
faa3a180 1939 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1940 ret = 0; /* ossl_quic_do_handshake raised error here */
1941 goto out;
1942 }
22d53c88 1943
8b7be3aa
HL		 1944 if (ctx.xso == NULL) {
1945 /*
1946 * Called on a QCSO and we don't currently have a default stream.
1947 *
1948 * Wait until we get a stream initiated by the peer (blocking mode) or
1949 * fail if we don't have one yet (non-blocking mode).
1950 */
faa3a180 1951 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 1952 ret = 0; /* error already raised here */
1953 goto out;
1954 }
1955
1956 ctx.xso = ctx.qc->default_xso;
1957 }
1958
cb5c208b 1959 if (ctx.xso->stream == NULL) {
faa3a180 1960 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1961 goto out;
1962 }
22d53c88 1963
faa3a180 1964 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 1965 ret = 0; /* quic_read_actual raised error here */
1966 goto out;
1967 }
22d53c88
HL		 1968
1969 if (*bytes_read > 0) {
1970 /*
1971 * Even though we succeeded, tick the reactor here to ensure we are
1972 * handling other aspects of the QUIC connection.
1973 */
072328dd 1974 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 1975 ret = 1;
cb5c208b 1976 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 1977 /*
1978 * We were not able to read anything immediately, so our stream
1979 * buffer is empty. This means we need to block until we get
1980 * at least one byte.
1981 */
faa3a180 1982 args.ctx = &ctx;
cb5c208b 1983 args.stream = ctx.xso->stream;
22d53c88
HL		 1984 args.buf = buf;
1985 args.len = len;
1986 args.bytes_read = bytes_read;
1987 args.peek = peek;
1988
072328dd 1989 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 1990 if (res == 0) {
faa3a180 1991 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1992 goto out;
1993 } else if (res < 0) {
1994 ret = 0; /* quic_read_again raised error here */
1995 goto out;
1996 }
22d53c88 1997
a8489257 1998 ret = 1;
af8b52cf
HL		 1999 } else {
2000 /* We did not get any bytes and are not in blocking mode. */
faa3a180 2001 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2002 }
a8489257
HL		 2003
2004out:
072328dd 2005 quic_unlock(ctx.qc);
a8489257 2006 return ret;
d5ab48a1
RL		 2007}
2008
22d53c88
HL		 2009int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2010{
2011 return quic_read(s, buf, len, bytes_read, 0);
2012}
2013
2014int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2015{
2016 return quic_read(s, buf, len, bytes_read, 1);
2017}
2018
2019/*
2020 * SSL_pending
2021 * -----------
2022 */
a8489257 2023QUIC_TAKES_LOCK
072328dd 2024static size_t ossl_quic_pending_int(const SSL *s)
22d53c88 2025{
072328dd 2026 QCTX ctx;
433d107a 2027 size_t avail = 0;
22d53c88
HL		 2028 int fin = 0;
2029
8b7be3aa 2030 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
22d53c88
HL		 2031 return 0;
2032
cb5c208b 2033 if (ctx.xso->stream == NULL || ctx.xso->stream->rstream == NULL)
22d53c88 2034 /* Cannot raise errors here because we are const, just fail. */
a8489257 2035 goto out;
22d53c88 2036
cb5c208b 2037 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2038 avail = 0;
22d53c88 2039
a8489257 2040out:
072328dd 2041 quic_unlock(ctx.qc);
22d53c88
HL		 2042 return avail;
2043}
2044
560470b5
MC		 2045size_t ossl_quic_pending(const SSL *s)
2046{
072328dd 2047 return ossl_quic_pending_int(s);
560470b5
MC		 2048}
2049
072328dd 2050int ossl_quic_has_pending(const SSL *s)
560470b5 2051{
072328dd 2052 return ossl_quic_pending_int(s) > 0;
560470b5
MC		 2053}
2054
a9979965
HL		 2055/*
2056 * SSL_stream_conclude
2057 * -------------------
2058 */
a8489257 2059QUIC_TAKES_LOCK
072328dd 2060int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2061{
072328dd
HL		 2062 QCTX ctx;
2063 QUIC_STREAM *qs;
2064
8b7be3aa 2065 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
072328dd
HL		 2066 return 0;
2067
cb5c208b 2068 qs = ctx.xso->stream;
a9979965 2069
a8489257 2070 if (qs == NULL || qs->sstream == NULL) {
072328dd 2071 quic_unlock(ctx.qc);
a8489257
HL		 2072 return 0;
2073 }
2074
072328dd 2075 if (!ossl_quic_channel_is_active(ctx.qc->ch)
a8489257 2076 || ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2077 quic_unlock(ctx.qc);
a9979965 2078 return 1;
a8489257 2079 }
a9979965
HL		 2080
2081 ossl_quic_sstream_fin(qs->sstream);
cb5c208b 2082 quic_post_write(ctx.xso, 1, 1);
072328dd 2083 quic_unlock(ctx.qc);
a9979965
HL		 2084 return 1;
2085}
2086
553a4e00
HL		 2087/*
2088 * SSL_inject_net_dgram
2089 * --------------------
2090 */
5129e594 2091QUIC_TAKES_LOCK
553a4e00
HL		 2092int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2093 size_t buf_len,
2094 const BIO_ADDR *peer,
2095 const BIO_ADDR *local)
2096{
5129e594 2097 int ret;
072328dd 2098 QCTX ctx;
553a4e00
HL		 2099 QUIC_DEMUX *demux;
2100
072328dd 2101 if (!expect_quic(s, &ctx))
553a4e00
HL		 2102 return 0;
2103
072328dd 2104 quic_lock(ctx.qc);
5129e594 2105
072328dd 2106 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2107 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2108
072328dd 2109 quic_unlock(ctx.qc);
5129e594 2110 return ret;
553a4e00
HL		 2111}
2112
020d0389
HL		 2113/*
2114 * SSL_get0_connection
2115 * -------------------
2116 */
2117SSL *ossl_quic_get0_connection(SSL *s)
2118{
2119 QCTX ctx;
2120
2121 if (!expect_quic(s, &ctx))
2122 return NULL;
2123
2124 return &ctx.qc->ssl;
2125}
2126
1bca3f1b
HL		 2127/*
2128 * SSL_get_stream_type
2129 * -------------------
2130 */
2131int ossl_quic_get_stream_type(SSL *s)
2132{
2133 QCTX ctx;
2134
2135 if (!expect_quic(s, &ctx))
59c5c016 2136 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2137
2138 if (ctx.xso == NULL) {
2139 /*
59c5c016
HL		 2140 * If deferred XSO creation has yet to occur, proceed according to the
2141 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2142 * what kind of stream will be created yet, so return BIDI on the basis
2143 * that at this time, the client still has the option of calling
2144 * SSL_read() or SSL_write() first.
1bca3f1b 2145 */
59c5c016
HL		 2146 if (ctx.qc->default_xso_created
2147 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2148 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2149 else
2150 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2151 }
2152
2153 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2154 return SSL_STREAM_TYPE_BIDI;
2155
2156 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2157 return SSL_STREAM_TYPE_READ;
2158 else
2159 return SSL_STREAM_TYPE_WRITE;
2160}
2161
19cb0887
HL		 2162/*
2163 * SSL_get_stream_id
2164 * -----------------
2165 */
cb68ce9f 2166QUIC_TAKES_LOCK
19cb0887
HL		 2167uint64_t ossl_quic_get_stream_id(SSL *s)
2168{
2169 QCTX ctx;
8b7be3aa 2170 uint64_t id;
19cb0887 2171
8b7be3aa 2172 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
19cb0887
HL		 2173 return UINT64_MAX;
2174
8b7be3aa
HL		 2175 id = ctx.xso->stream->id;
2176 quic_unlock(ctx.qc);
2177
2178 return id;
2179}
2180
2181/*
2182 * SSL_set_default_stream_mode
2183 * ---------------------------
2184 */
cb68ce9f 2185QUIC_TAKES_LOCK
8b7be3aa
HL		 2186int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2187{
2188 QCTX ctx;
2189
2190 if (!expect_quic_conn_only(s, &ctx))
2191 return 0;
2192
2193 quic_lock(ctx.qc);
2194
2195 if (ctx.qc->default_xso_created)
faa3a180 2196 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2197 "too late to change default stream mode");
2198
2199 switch (mode) {
2200 case SSL_DEFAULT_STREAM_MODE_NONE:
2201 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2202 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2203 ctx.qc->default_stream_mode = mode;
2204 break;
2205 default:
2206 quic_unlock(ctx.qc);
faa3a180 2207 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8b7be3aa
HL		 2208 "bad default stream type");
2209 }
2210
2211 quic_unlock(ctx.qc);
2212 return 1;
2213}
2214
2215/*
2216 * SSL_detach_stream
2217 * -----------------
2218 */
cb68ce9f 2219QUIC_TAKES_LOCK
8b7be3aa
HL		 2220SSL *ossl_quic_detach_stream(SSL *s)
2221{
2222 QCTX ctx;
9cab4bd5 2223 QUIC_XSO *xso = NULL;
8b7be3aa
HL		 2224
2225 if (!expect_quic_conn_only(s, &ctx))
2226 return NULL;
2227
2228 quic_lock(ctx.qc);
2229
8b7be3aa 2230 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 2231 /* QC ref to any default XSO is transferred to us and to caller. */
2232 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 2233
2234 quic_unlock(ctx.qc);
2235
9cab4bd5 2236 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 2237}
2238
2239/*
2240 * SSL_attach_stream
2241 * -----------------
2242 */
cb68ce9f 2243QUIC_TAKES_LOCK
8b7be3aa
HL		 2244int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2245{
2246 QCTX ctx;
9cab4bd5
HL		 2247 QUIC_XSO *xso;
2248 int nref;
8b7be3aa
HL		 2249
2250 if (!expect_quic_conn_only(conn, &ctx))
2251 return 0;
2252
2253 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
faa3a180 2254 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8b7be3aa
HL		 2255 "stream to attach must be a valid QUIC stream");
2256
9cab4bd5
HL		 2257 xso = (QUIC_XSO *)stream;
2258
8b7be3aa
HL		 2259 quic_lock(ctx.qc);
2260
2261 if (ctx.qc->default_xso != NULL) {
2262 quic_unlock(ctx.qc);
faa3a180 2263 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2264 "connection already has a default stream");
2265 }
2266
9cab4bd5
HL		 2267 /*
2268 * It is a caller error for the XSO being attached as a default XSO to have
2269 * more than one ref.
2270 */
2271 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref, &xso->ssl.lock)) {
2272 quic_unlock(ctx.qc);
faa3a180 2273 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
9cab4bd5
HL		 2274 "ref");
2275 }
2276
2277 if (nref != 1) {
2278 quic_unlock(ctx.qc);
faa3a180 2279 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
9cab4bd5
HL		 2280 "stream being attached must have "
2281 "only 1 reference");
2282 }
2283
2284 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 2285 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 2286 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 2287
2288 quic_unlock(ctx.qc);
2289 return 1;
19cb0887
HL		 2290}
2291
8a90df34 2292/*
83df44ae
HL		 2293 * SSL_set_incoming_stream_policy
2294 * ------------------------------
8a90df34 2295 */
995ff282 2296QUIC_NEEDS_LOCK
83df44ae 2297static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 2298{
83df44ae
HL		 2299 switch (qc->incoming_stream_policy) {
2300 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 2301 if ((qc->default_xso == NULL && !qc->default_xso_created)
2302 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 2303 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 2304 else
83df44ae 2305 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 2306
2307 default:
83df44ae 2308 return qc->incoming_stream_policy;
995ff282
HL		 2309 }
2310}
2311
2312QUIC_NEEDS_LOCK
2313static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2314{
83df44ae
HL		 2315 int policy = qc_get_effective_incoming_stream_policy(qc);
2316 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 2317
2318 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2319 enable_reject,
83df44ae 2320 qc->incoming_stream_aec);
995ff282
HL		 2321}
2322
cb68ce9f 2323QUIC_TAKES_LOCK
83df44ae
HL		 2324int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2325 uint64_t aec)
8a90df34
HL		 2326{
2327 int ret = 1;
2328 QCTX ctx;
2329
2330 if (!expect_quic_conn_only(s, &ctx))
2331 return 0;
2332
2333 quic_lock(ctx.qc);
2334
2335 switch (policy) {
83df44ae
HL		 2336 case SSL_INCOMING_STREAM_POLICY_AUTO:
2337 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2338 case SSL_INCOMING_STREAM_POLICY_REJECT:
2339 ctx.qc->incoming_stream_policy = policy;
2340 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 2341 break;
2342
2343 default:
2344 ret = 0;
2345 break;
2346 }
2347
995ff282 2348 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 2349 quic_unlock(ctx.qc);
2350 return ret;
2351}
2352
cb68ce9f
HL		 2353/*
2354 * SSL_accept_stream
2355 * -----------------
2356 */
cb68ce9f 2357struct wait_for_incoming_stream_args {
faa3a180 2358 QCTX *ctx;
cb68ce9f
HL		 2359 QUIC_STREAM *qs;
2360};
2361
2362QUIC_NEEDS_LOCK
2363static int wait_for_incoming_stream(void *arg)
2364{
2365 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 2366 QUIC_CONNECTION *qc = args->ctx->qc;
2367 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 2368
faa3a180 2369 if (!ossl_quic_channel_is_active(qc->ch)) {
cb68ce9f 2370 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2371 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 2372 return -1;
2373 }
2374
2375 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2376 if (args->qs != NULL)
2377 return 1; /* got a stream */
2378
2379 return 0; /* did not get a stream, keep trying */
2380}
2381
2382QUIC_TAKES_LOCK
2383SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2384{
2385 QCTX ctx;
2386 int ret;
2387 SSL *new_s = NULL;
2388 QUIC_STREAM_MAP *qsm;
2389 QUIC_STREAM *qs;
2390 QUIC_XSO *xso;
90cecc40 2391 OSSL_RTT_INFO rtt_info;
cb68ce9f
HL		 2392
2393 if (!expect_quic_conn_only(s, &ctx))
2394 return NULL;
2395
2396 quic_lock(ctx.qc);
2397
83df44ae
HL		 2398 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2399 == SSL_INCOMING_STREAM_POLICY_REJECT)
cb68ce9f
HL		 2400 goto out;
2401
2402 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2403
2404 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2405 if (qs == NULL) {
2406 if (qc_blocking_mode(ctx.qc)
2407 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2408 struct wait_for_incoming_stream_args args;
2409
faa3a180 2410 args.ctx = &ctx;
cb68ce9f
HL		 2411 args.qs = NULL;
2412
2413 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2414 if (ret == 0) {
faa3a180 2415 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 2416 goto out;
2417 } else if (ret < 0 || args.qs == NULL) {
2418 goto out;
2419 }
2420
2421 qs = args.qs;
2422 } else {
2423 goto out;
2424 }
2425 }
2426
2427 xso = create_xso_from_stream(ctx.qc, qs);
2428 if (xso == NULL)
2429 goto out;
2430
90cecc40
HL		 2431 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2432 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2433 rtt_info.smoothed_rtt);
cb68ce9f
HL		 2434 new_s = &xso->ssl;
2435
2436 /* Calling this function inhibits default XSO autocreation. */
995ff282 2437 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 2438
2439out:
2440 quic_unlock(ctx.qc);
2441 return new_s;
2442}
2443
2444/*
2445 * SSL_get_accept_stream_queue_len
2446 * -------------------------------
2447 */
2448QUIC_TAKES_LOCK
2449size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
2450{
2451 QCTX ctx;
2452 size_t v;
2453
2454 if (!expect_quic_conn_only(s, &ctx))
2455 return 0;
2456
2457 quic_lock(ctx.qc);
2458
2459 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
2460
2461 quic_unlock(ctx.qc);
2462 return v;
2463}
2464
c3a04ea2
HL		 2465/*
2466 * SSL_stream_reset
2467 * ----------------
2468 */
2469int ossl_quic_stream_reset(SSL *ssl,
2470 const SSL_STREAM_RESET_ARGS *args,
2471 size_t args_len)
2472{
2473 QCTX ctx;
2474 QUIC_STREAM_MAP *qsm;
2475 QUIC_STREAM *qs;
2476 uint64_t error_code;
2477
2478 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, &ctx))
2479 return 0;
2480
2481 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2482 qs = ctx.xso->stream;
2483 error_code = (args != NULL ? args->quic_error_code : 0);
2484
2485 ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
2486
2487 quic_unlock(ctx.qc);
2488 return 1;
2489}
2490
2491/*
2492 * SSL_get_stream_read_state
2493 * -------------------------
2494 */
2495static void quic_classify_stream(QUIC_CONNECTION *qc,
2496 QUIC_STREAM *qs,
2497 int is_write,
2498 int *state,
2499 uint64_t *app_error_code)
2500{
2501 int local_init;
2502 uint64_t final_size;
2503
2504 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
2505
2506 if (app_error_code != NULL)
2507 *app_error_code = UINT64_MAX;
2508 else
2509 app_error_code = &final_size; /* throw away value */
2510
2511 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
2512 /*
2513 * Unidirectional stream and this direction of transmission doesn't
2514 * exist.
2515 */
2516 *state = SSL_STREAM_STATE_WRONG_DIR;
2517 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
2518 /* Connection already closed. */
2519 *state = SSL_STREAM_STATE_CONN_CLOSED;
2520 } else if (!is_write && qs->recv_fin_retired) {
2521 /* Application has read a FIN. */
2522 *state = SSL_STREAM_STATE_FINISHED;
2523 } else if ((!is_write && qs->stop_sending)
2524 || (is_write && qs->reset_stream)) {
2525 /*
2526 * Stream has been reset locally. FIN takes precedence over this for the
2527 * read case as the application need not care if the stream is reset
2528 * after a FIN has been successfully processed.
2529 */
2530 *state = SSL_STREAM_STATE_RESET_LOCAL;
2531 *app_error_code = !is_write
2532 ? qs->stop_sending_aec
2533 : qs->reset_stream_aec;
2534 } else if ((!is_write && qs->peer_reset_stream)
2535 || (is_write && qs->peer_stop_sending)) {
2536 /*
2537 * Stream has been reset remotely. */
2538 *state = SSL_STREAM_STATE_RESET_REMOTE;
2539 *app_error_code = !is_write
2540 ? qs->peer_reset_stream_aec
2541 : qs->peer_stop_sending_aec;
2542 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
2543 &final_size)) {
2544 /*
2545 * Stream has been finished. Stream reset takes precedence over this for
2546 * the write case as peer may not have received all data.
2547 */
2548 *state = SSL_STREAM_STATE_FINISHED;
2549 } else {
2550 /* Stream still healthy. */
2551 *state = SSL_STREAM_STATE_OK;
2552 }
2553}
2554
2555static int quic_get_stream_state(SSL *ssl, int is_write)
2556{
2557 QCTX ctx;
2558 int state;
2559
2560 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2561 return SSL_STREAM_STATE_NONE;
2562
2563 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
2564 quic_unlock(ctx.qc);
2565 return state;
2566}
2567
2568int ossl_quic_get_stream_read_state(SSL *ssl)
2569{
2570 return quic_get_stream_state(ssl, /*is_write=*/0);
2571}
2572
2573/*
2574 * SSL_get_stream_write_state
2575 * --------------------------
2576 */
2577int ossl_quic_get_stream_write_state(SSL *ssl)
2578{
2579 return quic_get_stream_state(ssl, /*is_write=*/1);
2580}
2581
2582/*
2583 * SSL_get_stream_read_error_code
2584 * ------------------------------
2585 */
2586static int quic_get_stream_error_code(SSL *ssl, int is_write,
2587 uint64_t *app_error_code)
2588{
2589 QCTX ctx;
2590 int state;
2591
2592 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2593 return -1;
2594
2595 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
2596 &state, app_error_code);
2597
2598 quic_unlock(ctx.qc);
2599 switch (state) {
2600 case SSL_STREAM_STATE_FINISHED:
2601 return 0;
2602 case SSL_STREAM_STATE_RESET_LOCAL:
2603 case SSL_STREAM_STATE_RESET_REMOTE:
2604 return 1;
2605 default:
2606 return -1;
2607 }
2608}
2609
2610int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
2611{
2612 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
2613}
2614
2615/*
2616 * SSL_get_stream_write_error_code
2617 * -------------------------------
2618 */
2619int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
2620{
2621 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
2622}
2623
2624/*
2625 * SSL_get_conn_close_info
2626 * -----------------------
2627 */
2628int ossl_quic_get_conn_close_info(SSL *ssl,
2629 SSL_CONN_CLOSE_INFO *info,
2630 size_t info_len)
2631{
2632 QCTX ctx;
2633 const QUIC_TERMINATE_CAUSE *tc;
2634
2635 if (!expect_quic_conn_only(ssl, &ctx))
2636 return -1;
2637
2638 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
2639 if (tc == NULL)
2640 return 0;
2641
2642 info->error_code = tc->error_code;
2643 info->reason = NULL; /* TODO(QUIC): Wire reason */
2644 info->reason_len = 0;
2645 info->is_local = !tc->remote;
2646 info->is_transport = !tc->app;
2647 return 1;
2648}
2649
22d53c88
HL		 2650/*
2651 * QUIC Front-End I/O API: SSL_CTX Management
2652 * ==========================================
2653 */
2654
2655long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2656{
2657 switch (cmd) {
2658 default:
8a1a6d6d 2659 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 2660 }
2661}
2662
2663long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2664{
63dfde87
MC		 2665 QCTX ctx;
2666
2667 if (!expect_quic_conn_only(s, &ctx))
2668 return 0;
2669
2670 switch (cmd) {
2671 case SSL_CTRL_SET_MSG_CALLBACK:
5cf99b40
MC		 2672 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
2673 &ctx.qc->ssl);
63dfde87
MC		 2674 /* This callback also needs to be set on the internal SSL object */
2675 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
2676
2677 default:
2678 /* Probably a TLS related ctrl. Defer to our internal SSL object */
2679 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
2680 }
22d53c88
HL		 2681}
2682
2683long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2684{
8a1a6d6d 2685 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 2686}
2687
2688int ossl_quic_renegotiate_check(SSL *ssl, int initok)
2689{
2690 /* We never do renegotiation. */
2691 return 0;
2692}
2693
2694/*
d518854c
MC		 2695 * These functions define the TLSv1.2 (and below) ciphers that are supported by
2696 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 2697 */
22d53c88
HL		 2698
2699int ossl_quic_num_ciphers(void)
2700{
d518854c 2701 return 0;
22d53c88
HL		 2702}
2703
2704const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
2705{
d518854c 2706 return NULL;
d5ab48a1 2707}
A mirror of the official openssl repository