]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blob
? search:


5306d6bd40a27bebb68efd2dca0302000ac2c192
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
1 /*
2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
21
22 typedef struct qctx_st QCTX;
23
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43
44 /*
45 * QUIC Front-End I/O API: Common Utilities
46 * ========================================
47 */
48
49 /*
50 * Block until a predicate is met.
51 *
52 * Precondition: Must have a channel.
53 * Precondition: Must hold channel lock (unchecked).
54 */
55 QUIC_NEEDS_LOCK
56 static int block_until_pred(QUIC_CONNECTION *qc,
57 int (*pred)(void *arg), void *pred_arg,
58 uint32_t flags)
59 {
60 QUIC_REACTOR *rtor;
61
62 assert(qc->ch != NULL);
63
64 /*
65 * Any attempt to block auto-disables tick inhibition as otherwise we will
66 * hang around forever.
67 */
68 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
69
70 rtor = ossl_quic_channel_get_reactor(qc->ch);
71 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
72 qc->mutex);
73 }
74
75 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
76 {
77 if (qc->override_now_cb != NULL)
78 return qc->override_now_cb(qc->override_now_cb_arg);
79 else
80 return ossl_time_now();
81 }
82
83 static OSSL_TIME get_time_cb(void *arg)
84 {
85 QUIC_CONNECTION *qc = arg;
86
87 return get_time(qc);
88 }
89
90 /*
91 * QCTX is a utility structure which provides information we commonly wish to
92 * unwrap upon an API call being dispatched to us, namely:
93 *
94 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
95 * was passed);
96 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
97 * a QCSO with a default stream was passed);
98 * - whether a QSSO was passed (xso == NULL must not be used to determine this
99 * because it may be non-NULL when a QCSO is passed if that QCSO has a
100 * default stream);
101 * - whether we are in "I/O context", meaning that non-normal errors can
102 * be reported via SSL_get_error() as well as via ERR. Functions such as
103 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
104 * functions which are allowed to change the value returned by
105 * SSL_get_error. However, other functions (including functions which call
106 * SSL_do_handshake() implicitly) are not allowed to change the return value
107 * of SSL_get_error.
108 */
109 struct qctx_st {
110 QUIC_CONNECTION *qc;
111 QUIC_XSO *xso;
112 int is_stream, in_io;
113 };
114
115 QUIC_NEEDS_LOCK
116 static void quic_set_last_error(QCTX *ctx, int last_error)
117 {
118 if (!ctx->in_io)
119 return;
120
121 if (ctx->is_stream && ctx->xso != NULL)
122 ctx->xso->last_error = last_error;
123 else if (!ctx->is_stream && ctx->qc != NULL)
124 ctx->qc->last_error = last_error;
125 }
126
127 /*
128 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
129 * rather than via ERR. Note that normal errors must always be raised while
130 * holding a lock.
131 */
132 QUIC_NEEDS_LOCK
133 static int quic_raise_normal_error(QCTX *ctx,
134 int err)
135 {
136 assert(ctx->in_io);
137 quic_set_last_error(ctx, err);
138
139 return 0;
140 }
141
142 /*
143 * Raise a 'non-normal' error, meaning any error that is not reported via
144 * SSL_get_error() and must be reported via ERR.
145 *
146 * qc should be provided if available. In exceptional circumstances when qc is
147 * not known NULL may be passed. This should generally only happen when an
148 * expect_...() function defined below fails, which generally indicates a
149 * dispatch error or caller error.
150 *
151 * ctx should be NULL if the connection lock is not held.
152 */
153 static int quic_raise_non_normal_error(QCTX *ctx,
154 const char *file,
155 int line,
156 const char *func,
157 int reason,
158 const char *fmt,
159 ...)
160 {
161 va_list args;
162
163 if (ctx != NULL) {
164 quic_set_last_error(ctx, SSL_ERROR_SSL);
165
166 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
167 ossl_quic_channel_restore_err_state(ctx->qc->ch);
168 }
169
170 ERR_new();
171 ERR_set_debug(file, line, func);
172
173 va_start(args, fmt);
174 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
175 va_end(args);
176
177 return 0;
178 }
179
180 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
181 quic_raise_normal_error((ctx), (err))
182
183 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
184 quic_raise_non_normal_error((ctx), \
185 OPENSSL_FILE, OPENSSL_LINE, \
186 OPENSSL_FUNC, \
187 (reason), \
188 (msg))
189
190 /*
191 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
192 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
193 *
194 * After this returns 1, all fields of the passed QCTX are initialised.
195 * Returns 0 on failure. This function is intended to be used to provide API
196 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
197 */
198 static int expect_quic(const SSL *s, QCTX *ctx)
199 {
200 QUIC_CONNECTION *qc;
201 QUIC_XSO *xso;
202
203 ctx->qc = NULL;
204 ctx->xso = NULL;
205 ctx->is_stream = 0;
206
207 if (s == NULL)
208 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
209
210 switch (s->type) {
211 case SSL_TYPE_QUIC_CONNECTION:
212 qc = (QUIC_CONNECTION *)s;
213 ctx->qc = qc;
214 ctx->xso = qc->default_xso;
215 ctx->is_stream = 0;
216 ctx->in_io = 0;
217 return 1;
218
219 case SSL_TYPE_QUIC_XSO:
220 xso = (QUIC_XSO *)s;
221 ctx->qc = xso->conn;
222 ctx->xso = xso;
223 ctx->is_stream = 1;
224 ctx->in_io = 0;
225 return 1;
226
227 default:
228 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
229 }
230 }
231
232 /*
233 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
234 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
235 * stream.
236 *
237 * remote_init determines if we expect the default XSO to be remotely created or
238 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
239 *
240 * Channel mutex is acquired and retained on success.
241 */
242 QUIC_ACQUIRES_LOCK
243 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
244 int in_io, QCTX *ctx)
245 {
246 if (!expect_quic(s, ctx))
247 return 0;
248
249 if (in_io)
250 quic_lock_for_io(ctx);
251 else
252 quic_lock(ctx->qc);
253
254 if (ctx->xso == NULL && remote_init >= 0) {
255 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
256 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
257 goto err;
258 }
259
260 /* If we haven't finished the handshake, try to advance it. */
261 if (quic_do_handshake(ctx) < 1)
262 /* ossl_quic_do_handshake raised error here */
263 goto err;
264
265 if (remote_init == 0) {
266 if (!qc_try_create_default_xso_for_write(ctx))
267 goto err;
268 } else {
269 if (!qc_wait_for_default_xso_for_read(ctx))
270 goto err;
271 }
272
273 ctx->xso = ctx->qc->default_xso;
274 }
275
276 if (ctx->xso == NULL) {
277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
278 goto err;
279 }
280
281 return 1; /* coverity[missing_unlock]: lock held */
282
283 err:
284 quic_unlock(ctx->qc);
285 return 0;
286 }
287
288 /*
289 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
290 * be non-NULL if the QCSO has a default stream.
291 */
292 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
293 {
294 if (!expect_quic(s, ctx))
295 return 0;
296
297 if (ctx->is_stream)
298 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
299
300 return 1;
301 }
302
303 /*
304 * Ensures that the channel mutex is held for a method which touches channel
305 * state.
306 *
307 * Precondition: Channel mutex is not held (unchecked)
308 */
309 static void quic_lock(QUIC_CONNECTION *qc)
310 {
311 #if defined(OPENSSL_THREADS)
312 ossl_crypto_mutex_lock(qc->mutex);
313 #endif
314 }
315
316 static void quic_lock_for_io(QCTX *ctx)
317 {
318 quic_lock(ctx->qc);
319 ctx->in_io = 1;
320
321 /*
322 * We are entering an I/O function so we must update the values returned by
323 * SSL_get_error and SSL_want. Set no error. This will be overridden later
324 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
325 * occurs during the API call.
326 */
327 quic_set_last_error(ctx, SSL_ERROR_NONE);
328 }
329
330 /* Precondition: Channel mutex is held (unchecked) */
331 QUIC_NEEDS_LOCK
332 static void quic_unlock(QUIC_CONNECTION *qc)
333 {
334 #if defined(OPENSSL_THREADS)
335 ossl_crypto_mutex_unlock(qc->mutex);
336 #endif
337 }
338
339 /*
340 * This predicate is the criterion which should determine API call rejection for
341 * *most* mutating API calls, particularly stream-related operations for send
342 * parts.
343 *
344 * A call is rejected (this function returns 0) if shutdown is in progress
345 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
346 * req_active=1, the connection must be active (i.e., the IDLE state is also
347 * rejected).
348 */
349 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
350 {
351 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
352 return 0;
353
354 if (req_active && !ossl_quic_channel_is_active(qc->ch))
355 return 0;
356
357 return 1;
358 }
359
360 /*
361 * QUIC Front-End I/O API: Initialization
362 * ======================================
363 *
364 * SSL_new => ossl_quic_new
365 * ossl_quic_init
366 * SSL_reset => ossl_quic_reset
367 * SSL_clear => ossl_quic_clear
368 * ossl_quic_deinit
369 * SSL_free => ossl_quic_free
370 *
371 * SSL_set_options => ossl_quic_set_options
372 * SSL_get_options => ossl_quic_get_options
373 * SSL_clear_options => ossl_quic_clear_options
374 *
375 */
376
377 /* SSL_new */
378 SSL *ossl_quic_new(SSL_CTX *ctx)
379 {
380 QUIC_CONNECTION *qc = NULL;
381 SSL *ssl_base = NULL;
382 SSL_CONNECTION *sc = NULL;
383
384 qc = OPENSSL_zalloc(sizeof(*qc));
385 if (qc == NULL) {
386 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
387 return NULL;
388 }
389 #if defined(OPENSSL_THREADS)
390 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
391 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
392 goto err;
393 }
394 #endif
395
396 /* Initialise the QUIC_CONNECTION's stub header. */
397 ssl_base = &qc->ssl;
398 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
399 ssl_base = NULL;
400 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
401 goto err;
402 }
403
404 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
405 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
406 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
407 goto err;
408 }
409
410 /* override the user_ssl of the inner connection */
411 sc->s3.flags |= TLS1_FLAGS_QUIC;
412
413 /* Restrict options derived from the SSL_CTX. */
414 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
415 sc->pha_enabled = 0;
416
417 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
418 qc->is_thread_assisted
419 = (ssl_base->method == OSSL_QUIC_client_thread_method());
420 #endif
421
422 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
423 qc->as_server_state = qc->as_server;
424
425 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
426 qc->default_ssl_mode = qc->ssl.ctx->mode;
427 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
428 qc->desires_blocking = 1;
429 qc->blocking = 0;
430 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
431 qc->last_error = SSL_ERROR_NONE;
432
433 if (!create_channel(qc))
434 goto err;
435
436 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
437 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
438
439 qc_update_reject_policy(qc);
440
441 /*
442 * We do not create the default XSO yet. The reason for this is that the
443 * stream ID of the default XSO will depend on whether the stream is client
444 * or server-initiated, which depends on who transmits first. Since we do
445 * not know whether the application will be using a client-transmits-first
446 * or server-transmits-first protocol, we defer default XSO creation until
447 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
448 * we take that as a cue that the client is expecting a server-initiated
449 * stream, and vice versa if SSL_write() is called first.
450 */
451 return ssl_base;
452
453 err:
454 if (ssl_base == NULL) {
455 #if defined(OPENSSL_THREADS)
456 ossl_crypto_mutex_free(qc->mutex);
457 #endif
458 OPENSSL_free(qc);
459 } else {
460 SSL_free(ssl_base);
461 }
462 return NULL;
463 }
464
465 /* SSL_free */
466 QUIC_TAKES_LOCK
467 void ossl_quic_free(SSL *s)
468 {
469 QCTX ctx;
470 int is_default;
471
472 /* We should never be called on anything but a QSO. */
473 if (!expect_quic(s, &ctx))
474 return;
475
476 quic_lock(ctx.qc);
477
478 if (ctx.is_stream) {
479 /*
480 * When a QSSO is freed, the XSO is freed immediately, because the XSO
481 * itself only contains API personality layer data. However the
482 * underlying QUIC_STREAM is not freed immediately but is instead marked
483 * as deleted for later collection.
484 */
485
486 assert(ctx.qc->num_xso > 0);
487 --ctx.qc->num_xso;
488
489 /* If a stream's send part has not been finished, auto-reset it. */
490 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
491 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
492 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
493 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
494 ctx.xso->stream, 0);
495
496 /* Do STOP_SENDING for the receive part, if applicable. */
497 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
498 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
499 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
500 ctx.xso->stream, 0);
501
502 /* Update stream state. */
503 ctx.xso->stream->deleted = 1;
504 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
505 ctx.xso->stream);
506
507 is_default = (ctx.xso == ctx.qc->default_xso);
508 quic_unlock(ctx.qc);
509
510 /*
511 * Unref the connection in most cases; the XSO has a ref to the QC and
512 * not vice versa. But for a default XSO, to avoid circular references,
513 * the QC refs the XSO but the XSO does not ref the QC. If we are the
514 * default XSO, we only get here when the QC is being torn down anyway,
515 * so don't call SSL_free(qc) as we are already in it.
516 */
517 if (!is_default)
518 SSL_free(&ctx.qc->ssl);
519
520 /* Note: SSL_free calls OPENSSL_free(xso) for us */
521 return;
522 }
523
524 /*
525 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
526 * stage, but is freed during the channel free when the whole QSM is freed.
527 */
528 if (ctx.qc->default_xso != NULL) {
529 QUIC_XSO *xso = ctx.qc->default_xso;
530
531 quic_unlock(ctx.qc);
532 SSL_free(&xso->ssl);
533 quic_lock(ctx.qc);
534 ctx.qc->default_xso = NULL;
535 }
536
537 /* Ensure we have no remaining XSOs. */
538 assert(ctx.qc->num_xso == 0);
539
540 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
541 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
542 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
543 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
544 }
545 #endif
546
547 ossl_quic_channel_free(ctx.qc->ch);
548 ossl_quic_port_free(ctx.qc->port);
549 ossl_quic_engine_free(ctx.qc->engine);
550
551 BIO_free_all(ctx.qc->net_rbio);
552 BIO_free_all(ctx.qc->net_wbio);
553
554 /* Note: SSL_free calls OPENSSL_free(qc) for us */
555
556 SSL_free(ctx.qc->tls);
557 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
558 #if defined(OPENSSL_THREADS)
559 ossl_crypto_mutex_free(&ctx.qc->mutex);
560 #endif
561 }
562
563 /* SSL method init */
564 int ossl_quic_init(SSL *s)
565 {
566 /* Same op as SSL_clear, forward the call. */
567 return ossl_quic_clear(s);
568 }
569
570 /* SSL method deinit */
571 void ossl_quic_deinit(SSL *s)
572 {
573 /* No-op. */
574 }
575
576 /* SSL_clear (ssl_reset method) */
577 int ossl_quic_reset(SSL *s)
578 {
579 QCTX ctx;
580
581 if (!expect_quic(s, &ctx))
582 return 0;
583
584 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
585 return 0;
586 }
587
588 /* ssl_clear method (unused) */
589 int ossl_quic_clear(SSL *s)
590 {
591 QCTX ctx;
592
593 if (!expect_quic(s, &ctx))
594 return 0;
595
596 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
597 return 0;
598 }
599
600 int ossl_quic_conn_set_override_now_cb(SSL *s,
601 OSSL_TIME (*now_cb)(void *arg),
602 void *now_cb_arg)
603 {
604 QCTX ctx;
605
606 if (!expect_quic(s, &ctx))
607 return 0;
608
609 quic_lock(ctx.qc);
610
611 ctx.qc->override_now_cb = now_cb;
612 ctx.qc->override_now_cb_arg = now_cb_arg;
613
614 quic_unlock(ctx.qc);
615 return 1;
616 }
617
618 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
619 {
620 QCTX ctx;
621
622 if (!expect_quic(s, &ctx))
623 return;
624
625 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
626 if (ctx.qc->is_thread_assisted && ctx.qc->started)
627 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
628 #endif
629 }
630
631 QUIC_NEEDS_LOCK
632 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
633 {
634 qc->default_xso_created = 1;
635 qc_update_reject_policy(qc);
636 }
637
638 /*
639 * Changes default XSO. Allows caller to keep reference to the old default XSO
640 * (if any). Reference to new XSO is transferred from caller.
641 */
642 QUIC_NEEDS_LOCK
643 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
644 int touch,
645 QUIC_XSO **old_xso)
646 {
647 int refs;
648
649 *old_xso = NULL;
650
651 if (qc->default_xso != xso) {
652 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
653
654 qc->default_xso = xso;
655
656 if (xso == NULL) {
657 /*
658 * Changing to not having a default XSO. XSO becomes standalone and
659 * now has a ref to the QC.
660 */
661 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
662 return;
663 } else {
664 /*
665 * Changing from not having a default XSO to having one. The new XSO
666 * will have had a reference to the QC we need to drop to avoid a
667 * circular reference.
668 *
669 * Currently we never change directly from one default XSO to
670 * another, though this function would also still be correct if this
671 * weren't the case.
672 */
673 assert(*old_xso == NULL);
674
675 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
676 assert(refs > 0);
677 }
678 }
679
680 if (touch)
681 qc_touch_default_xso(qc);
682 }
683
684 /*
685 * Changes default XSO, releasing the reference to any previous default XSO.
686 * Reference to new XSO is transferred from caller.
687 */
688 QUIC_NEEDS_LOCK
689 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
690 {
691 QUIC_XSO *old_xso = NULL;
692
693 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
694
695 if (old_xso != NULL)
696 SSL_free(&old_xso->ssl);
697 }
698
699 QUIC_NEEDS_LOCK
700 static void xso_update_options(QUIC_XSO *xso)
701 {
702 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
703
704 if (xso->stream->rstream != NULL)
705 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
706
707 if (xso->stream->sstream != NULL)
708 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
709 }
710
711 /*
712 * SSL_set_options
713 * ---------------
714 *
715 * Setting options on a QCSO
716 * - configures the handshake-layer options;
717 * - configures the default data-plane options for new streams;
718 * - configures the data-plane options on the default XSO, if there is one.
719 *
720 * Setting options on a QSSO
721 * - configures data-plane options for that stream only.
722 */
723 QUIC_TAKES_LOCK
724 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
725 {
726 QCTX ctx;
727 uint64_t hs_mask_value, hs_or_value, ret;
728
729 if (!expect_quic(ssl, &ctx))
730 return 0;
731
732 quic_lock(ctx.qc);
733
734 if (!ctx.is_stream) {
735 /*
736 * If we were called on the connection, we apply any handshake option
737 * changes.
738 */
739 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
740 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
741
742 SSL_clear_options(ctx.qc->tls, hs_mask_value);
743 SSL_set_options(ctx.qc->tls, hs_or_value);
744
745 /* Update defaults for new streams. */
746 ctx.qc->default_ssl_options
747 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
748 & OSSL_QUIC_PERMITTED_OPTIONS;
749 }
750
751 if (ctx.xso != NULL) {
752 ctx.xso->ssl_options
753 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
754 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
755
756 xso_update_options(ctx.xso);
757 }
758
759 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
760
761 quic_unlock(ctx.qc);
762 return ret;
763 }
764
765 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
766 {
767 return quic_mask_or_options(ssl, 0, options);
768 }
769
770 /* SSL_clear_options */
771 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
772 {
773 return quic_mask_or_options(ssl, options, 0);
774 }
775
776 /* SSL_get_options */
777 uint64_t ossl_quic_get_options(const SSL *ssl)
778 {
779 return quic_mask_or_options((SSL *)ssl, 0, 0);
780 }
781
782 /*
783 * QUIC Front-End I/O API: Network BIO Configuration
784 * =================================================
785 *
786 * Handling the different BIOs is difficult:
787 *
788 * - It is more or less a requirement that we use non-blocking network I/O;
789 * we need to be able to have timeouts on recv() calls, and make best effort
790 * (non blocking) send() and recv() calls.
791 *
792 * The only sensible way to do this is to configure the socket into
793 * non-blocking mode. We could try to do select() before calling send() or
794 * recv() to get a guarantee that the call will not block, but this will
795 * probably run into issues with buggy OSes which generate spurious socket
796 * readiness events. In any case, relying on this to work reliably does not
797 * seem sane.
798 *
799 * Timeouts could be handled via setsockopt() socket timeout options, but
800 * this depends on OS support and adds another syscall to every network I/O
801 * operation. It also has obvious thread safety concerns if we want to move
802 * to concurrent use of a single socket at some later date.
803 *
804 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
805 * be made non-blocking. However some OSes (e.g. Windows) do not support
806 * this, so we cannot rely on this.
807 *
808 * As such, we need to configure any FD in non-blocking mode. This may
809 * confound users who pass a blocking socket to libssl. However, in practice
810 * it would be extremely strange for a user of QUIC to pass an FD to us,
811 * then also try and send receive traffic on the same socket(!). Thus the
812 * impact of this should be limited, and can be documented.
813 *
814 * - We support both blocking and non-blocking operation in terms of the API
815 * presented to the user. One prospect is to set the blocking mode based on
816 * whether the socket passed to us was already in blocking mode. However,
817 * Windows has no API for determining if a socket is in blocking mode (!),
818 * therefore this cannot be done portably. Currently therefore we expose an
819 * explicit API call to set this, and default to blocking mode.
820 *
821 * - We need to determine our initial destination UDP address. The "natural"
822 * way for a user to do this is to set the peer variable on a BIO_dgram.
823 * However, this has problems because BIO_dgram's peer variable is used for
824 * both transmission and reception. This means it can be constantly being
825 * changed to a malicious value (e.g. if some random unrelated entity on the
826 * network starts sending traffic to us) on every read call. This is not a
827 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
828 * calls only, which do not use this variable. However, we do need to let
829 * the user specify the peer in a 'normal' manner. The compromise here is
830 * that we grab the current peer value set at the time the write BIO is set
831 * and do not read the value again.
832 *
833 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
834 * Currently we do this by only supporting non-blocking mode.
835 *
836 */
837
838 /*
839 * Determines what initial destination UDP address we should use, if possible.
840 * If this fails the client must set the destination address manually, or use a
841 * BIO which does not need a destination address.
842 */
843 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
844 {
845 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
846 return 0;
847
848 return 1;
849 }
850
851 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
852 {
853 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
854
855 return ossl_quic_reactor_can_poll_r(rtor)
856 && ossl_quic_reactor_can_poll_w(rtor);
857 }
858
859 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
860 {
861 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
862 }
863
864 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
865 {
866 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
867 }
868
869 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
870 {
871 QCTX ctx;
872
873 if (!expect_quic(s, &ctx))
874 return;
875
876 if (ctx.qc->net_rbio == net_rbio)
877 return;
878
879 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
880 return;
881
882 BIO_free_all(ctx.qc->net_rbio);
883 ctx.qc->net_rbio = net_rbio;
884
885 if (net_rbio != NULL)
886 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
887
888 /*
889 * Determine if the current pair of read/write BIOs now set allows blocking
890 * mode to be supported.
891 */
892 qc_update_can_support_blocking(ctx.qc);
893 qc_update_blocking_mode(ctx.qc);
894 }
895
896 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
897 {
898 QCTX ctx;
899
900 if (!expect_quic(s, &ctx))
901 return;
902
903 if (ctx.qc->net_wbio == net_wbio)
904 return;
905
906 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
907 return;
908
909 BIO_free_all(ctx.qc->net_wbio);
910 ctx.qc->net_wbio = net_wbio;
911
912 if (net_wbio != NULL)
913 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
914
915 /*
916 * Determine if the current pair of read/write BIOs now set allows blocking
917 * mode to be supported.
918 */
919 qc_update_can_support_blocking(ctx.qc);
920 qc_update_blocking_mode(ctx.qc);
921 }
922
923 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
924 {
925 QCTX ctx;
926
927 if (!expect_quic(s, &ctx))
928 return NULL;
929
930 return ctx.qc->net_rbio;
931 }
932
933 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
934 {
935 QCTX ctx;
936
937 if (!expect_quic(s, &ctx))
938 return NULL;
939
940 return ctx.qc->net_wbio;
941 }
942
943 int ossl_quic_conn_get_blocking_mode(const SSL *s)
944 {
945 QCTX ctx;
946
947 if (!expect_quic(s, &ctx))
948 return 0;
949
950 if (ctx.is_stream)
951 return xso_blocking_mode(ctx.xso);
952
953 return qc_blocking_mode(ctx.qc);
954 }
955
956 QUIC_TAKES_LOCK
957 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
958 {
959 int ret = 0;
960 QCTX ctx;
961
962 if (!expect_quic(s, &ctx))
963 return 0;
964
965 quic_lock(ctx.qc);
966
967 /* Sanity check - can we support the request given the current network BIO? */
968 if (blocking) {
969 /*
970 * If called directly on a QCSO, update our information on network BIO
971 * capabilities.
972 */
973 if (!ctx.is_stream)
974 qc_update_can_support_blocking(ctx.qc);
975
976 /* Cannot enable blocking mode if we do not have pollable FDs. */
977 if (!qc_can_support_blocking_cached(ctx.qc)) {
978 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
979 goto out;
980 }
981 }
982
983 if (!ctx.is_stream)
984 /*
985 * If called directly on a QCSO, update default and connection-level
986 * blocking modes.
987 */
988 ctx.qc->desires_blocking = (blocking != 0);
989
990 if (ctx.xso != NULL) {
991 /*
992 * If called on a QSSO or a QCSO with a default XSO, update the blocking
993 * mode.
994 */
995 ctx.xso->desires_blocking = (blocking != 0);
996 ctx.xso->desires_blocking_set = 1;
997 }
998
999 ret = 1;
1000 out:
1001 qc_update_blocking_mode(ctx.qc);
1002 quic_unlock(ctx.qc);
1003 return ret;
1004 }
1005
1006 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1007 const BIO_ADDR *peer_addr)
1008 {
1009 QCTX ctx;
1010
1011 if (!expect_quic(s, &ctx))
1012 return 0;
1013
1014 if (ctx.qc->started)
1015 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1016 NULL);
1017
1018 if (peer_addr == NULL) {
1019 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1020 return 1;
1021 }
1022
1023 ctx.qc->init_peer_addr = *peer_addr;
1024 return 1;
1025 }
1026
1027 /*
1028 * QUIC Front-End I/O API: Asynchronous I/O Management
1029 * ===================================================
1030 *
1031 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1032 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1033 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1034 *
1035 */
1036
1037 /* Returns 1 if the connection is being used in blocking mode. */
1038 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1039 {
1040 return qc->blocking;
1041 }
1042
1043 static int xso_blocking_mode(const QUIC_XSO *xso)
1044 {
1045 if (xso->desires_blocking_set)
1046 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1047 else
1048 /* Only ever set if we can support blocking. */
1049 return xso->conn->blocking;
1050 }
1051
1052 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1053 QUIC_TAKES_LOCK
1054 int ossl_quic_handle_events(SSL *s)
1055 {
1056 QCTX ctx;
1057
1058 if (!expect_quic(s, &ctx))
1059 return 0;
1060
1061 quic_lock(ctx.qc);
1062 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1063 quic_unlock(ctx.qc);
1064 return 1;
1065 }
1066
1067 /*
1068 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1069 * should next have events handled by the application by calling
1070 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1071 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1072 * the value of *tv is undefined.
1073 */
1074 QUIC_TAKES_LOCK
1075 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1076 {
1077 QCTX ctx;
1078 OSSL_TIME deadline = ossl_time_infinite();
1079
1080 if (!expect_quic(s, &ctx))
1081 return 0;
1082
1083 quic_lock(ctx.qc);
1084
1085 deadline
1086 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1087
1088 if (ossl_time_is_infinite(deadline)) {
1089 *is_infinite = 1;
1090
1091 /*
1092 * Robustness against faulty applications that don't check *is_infinite;
1093 * harmless long timeout.
1094 */
1095 tv->tv_sec = 1000000;
1096 tv->tv_usec = 0;
1097
1098 quic_unlock(ctx.qc);
1099 return 1;
1100 }
1101
1102 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1103 *is_infinite = 0;
1104 quic_unlock(ctx.qc);
1105 return 1;
1106 }
1107
1108 /* SSL_get_rpoll_descriptor */
1109 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1110 {
1111 QCTX ctx;
1112
1113 if (!expect_quic(s, &ctx))
1114 return 0;
1115
1116 if (desc == NULL || ctx.qc->net_rbio == NULL)
1117 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1118 NULL);
1119
1120 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1121 }
1122
1123 /* SSL_get_wpoll_descriptor */
1124 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1125 {
1126 QCTX ctx;
1127
1128 if (!expect_quic(s, &ctx))
1129 return 0;
1130
1131 if (desc == NULL || ctx.qc->net_wbio == NULL)
1132 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1133 NULL);
1134
1135 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1136 }
1137
1138 /* SSL_net_read_desired */
1139 QUIC_TAKES_LOCK
1140 int ossl_quic_get_net_read_desired(SSL *s)
1141 {
1142 QCTX ctx;
1143 int ret;
1144
1145 if (!expect_quic(s, &ctx))
1146 return 0;
1147
1148 quic_lock(ctx.qc);
1149 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1150 quic_unlock(ctx.qc);
1151 return ret;
1152 }
1153
1154 /* SSL_net_write_desired */
1155 QUIC_TAKES_LOCK
1156 int ossl_quic_get_net_write_desired(SSL *s)
1157 {
1158 int ret;
1159 QCTX ctx;
1160
1161 if (!expect_quic(s, &ctx))
1162 return 0;
1163
1164 quic_lock(ctx.qc);
1165 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1166 quic_unlock(ctx.qc);
1167 return ret;
1168 }
1169
1170 /*
1171 * QUIC Front-End I/O API: Connection Lifecycle Operations
1172 * =======================================================
1173 *
1174 * SSL_do_handshake => ossl_quic_do_handshake
1175 * SSL_set_connect_state => ossl_quic_set_connect_state
1176 * SSL_set_accept_state => ossl_quic_set_accept_state
1177 * SSL_shutdown => ossl_quic_shutdown
1178 * SSL_ctrl => ossl_quic_ctrl
1179 * (BIO/)SSL_connect => ossl_quic_connect
1180 * (BIO/)SSL_accept => ossl_quic_accept
1181 *
1182 */
1183
1184 QUIC_NEEDS_LOCK
1185 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1186 {
1187 QUIC_STREAM_MAP *qsm;
1188
1189 if (qc->shutting_down)
1190 return;
1191
1192 qsm = ossl_quic_channel_get_qsm(qc->ch);
1193
1194 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1195 qc->shutting_down = 1;
1196 }
1197
1198 /* Returns 1 if all shutdown-flush streams have been done with. */
1199 QUIC_NEEDS_LOCK
1200 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1201 {
1202 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1203
1204 return qc->shutting_down
1205 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1206 }
1207
1208 /* SSL_shutdown */
1209 static int quic_shutdown_wait(void *arg)
1210 {
1211 QUIC_CONNECTION *qc = arg;
1212
1213 return ossl_quic_channel_is_terminated(qc->ch);
1214 }
1215
1216 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1217 static int quic_shutdown_flush_wait(void *arg)
1218 {
1219 QUIC_CONNECTION *qc = arg;
1220
1221 return ossl_quic_channel_is_term_any(qc->ch)
1222 || qc_shutdown_flush_finished(qc);
1223 }
1224
1225 static int quic_shutdown_peer_wait(void *arg)
1226 {
1227 QUIC_CONNECTION *qc = arg;
1228 return ossl_quic_channel_is_term_any(qc->ch);
1229 }
1230
1231 QUIC_TAKES_LOCK
1232 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1233 const SSL_SHUTDOWN_EX_ARGS *args,
1234 size_t args_len)
1235 {
1236 int ret;
1237 QCTX ctx;
1238 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1239 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1240 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1241
1242 if (!expect_quic(s, &ctx))
1243 return -1;
1244
1245 if (ctx.is_stream) {
1246 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1247 return -1;
1248 }
1249
1250 quic_lock(ctx.qc);
1251
1252 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1253 quic_unlock(ctx.qc);
1254 return 1;
1255 }
1256
1257 /* Phase 1: Stream Flushing */
1258 if (!wait_peer && stream_flush) {
1259 qc_shutdown_flush_init(ctx.qc);
1260
1261 if (!qc_shutdown_flush_finished(ctx.qc)) {
1262 if (!no_block && qc_blocking_mode(ctx.qc)) {
1263 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1264 if (ret < 1) {
1265 ret = 0;
1266 goto err;
1267 }
1268 } else {
1269 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1270 }
1271 }
1272
1273 if (!qc_shutdown_flush_finished(ctx.qc)) {
1274 quic_unlock(ctx.qc);
1275 return 0; /* ongoing */
1276 }
1277 }
1278
1279 /* Phase 2: Connection Closure */
1280 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1281 if (!no_block && qc_blocking_mode(ctx.qc)) {
1282 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1283 if (ret < 1) {
1284 ret = 0;
1285 goto err;
1286 }
1287 } else {
1288 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1289 }
1290
1291 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1292 ret = 0; /* peer hasn't closed yet - still not done */
1293 goto err;
1294 }
1295
1296 /*
1297 * We are at least terminating - go through the normal process of
1298 * waiting until we are in the TERMINATED state.
1299 */
1300 }
1301
1302 /* Block mutation ops regardless of if we did stream flush. */
1303 ctx.qc->shutting_down = 1;
1304
1305 /*
1306 * This call is a no-op if we are already terminating, so it doesn't
1307 * affect the wait_peer case.
1308 */
1309 ossl_quic_channel_local_close(ctx.qc->ch,
1310 args != NULL ? args->quic_error_code : 0,
1311 args != NULL ? args->quic_reason : NULL);
1312
1313 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1314
1315 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1316 quic_unlock(ctx.qc);
1317 return 1;
1318 }
1319
1320 /* Phase 3: Terminating Wait Time */
1321 if (!no_block && qc_blocking_mode(ctx.qc)
1322 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1323 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1324 if (ret < 1) {
1325 ret = 0;
1326 goto err;
1327 }
1328 } else {
1329 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1330 }
1331
1332 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1333 err:
1334 quic_unlock(ctx.qc);
1335 return ret;
1336 }
1337
1338 /* SSL_ctrl */
1339 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1340 {
1341 QCTX ctx;
1342
1343 if (!expect_quic(s, &ctx))
1344 return 0;
1345
1346 switch (cmd) {
1347 case SSL_CTRL_MODE:
1348 /* If called on a QCSO, update the default mode. */
1349 if (!ctx.is_stream)
1350 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1351
1352 /*
1353 * If we were called on a QSSO or have a default stream, we also update
1354 * that.
1355 */
1356 if (ctx.xso != NULL) {
1357 /* Cannot enable EPW while AON write in progress. */
1358 if (ctx.xso->aon_write_in_progress)
1359 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1360
1361 ctx.xso->ssl_mode |= (uint32_t)larg;
1362 return ctx.xso->ssl_mode;
1363 }
1364
1365 return ctx.qc->default_ssl_mode;
1366 case SSL_CTRL_CLEAR_MODE:
1367 if (!ctx.is_stream)
1368 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1369
1370 if (ctx.xso != NULL) {
1371 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1372 return ctx.xso->ssl_mode;
1373 }
1374
1375 return ctx.qc->default_ssl_mode;
1376
1377 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1378 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1379 /* This ctrl also needs to be passed to the internal SSL object */
1380 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1381
1382 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1383 {
1384 int is_infinite;
1385
1386 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1387 return 0;
1388
1389 return !is_infinite;
1390 }
1391 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1392 /* For legacy compatibility with DTLS calls. */
1393 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1394
1395 /* Mask ctrls we shouldn't support for QUIC. */
1396 case SSL_CTRL_GET_READ_AHEAD:
1397 case SSL_CTRL_SET_READ_AHEAD:
1398 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1399 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1400 case SSL_CTRL_SET_MAX_PIPELINES:
1401 return 0;
1402
1403 default:
1404 /*
1405 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1406 * implementation. Either SSL_ctrl will handle it itself by direct
1407 * access into handshake layer state, or failing that, it will be passed
1408 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1409 * supported by anything, the handshake layer's ctrl method will finally
1410 * return 0.
1411 */
1412 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1413 }
1414 }
1415
1416 /* SSL_set_connect_state */
1417 void ossl_quic_set_connect_state(SSL *s)
1418 {
1419 QCTX ctx;
1420
1421 if (!expect_quic(s, &ctx))
1422 return;
1423
1424 /* Cannot be changed after handshake started */
1425 if (ctx.qc->started || ctx.is_stream)
1426 return;
1427
1428 ctx.qc->as_server_state = 0;
1429 }
1430
1431 /* SSL_set_accept_state */
1432 void ossl_quic_set_accept_state(SSL *s)
1433 {
1434 QCTX ctx;
1435
1436 if (!expect_quic(s, &ctx))
1437 return;
1438
1439 /* Cannot be changed after handshake started */
1440 if (ctx.qc->started || ctx.is_stream)
1441 return;
1442
1443 ctx.qc->as_server_state = 1;
1444 }
1445
1446 /* SSL_do_handshake */
1447 struct quic_handshake_wait_args {
1448 QUIC_CONNECTION *qc;
1449 };
1450
1451 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1452 {
1453 int want = SSL_want(qc->tls);
1454
1455 if (want == SSL_X509_LOOKUP
1456 || want == SSL_CLIENT_HELLO_CB
1457 || want == SSL_RETRY_VERIFY)
1458 return 1;
1459
1460 return 0;
1461 }
1462
1463 static int quic_handshake_wait(void *arg)
1464 {
1465 struct quic_handshake_wait_args *args = arg;
1466
1467 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1468 return -1;
1469
1470 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1471 return 1;
1472
1473 if (tls_wants_non_io_retry(args->qc))
1474 return 1;
1475
1476 return 0;
1477 }
1478
1479 static int configure_channel(QUIC_CONNECTION *qc)
1480 {
1481 assert(qc->ch != NULL);
1482
1483 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1484 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1485 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1486 return 0;
1487
1488 return 1;
1489 }
1490
1491 QUIC_NEEDS_LOCK
1492 static int create_channel(QUIC_CONNECTION *qc)
1493 {
1494 QUIC_ENGINE_ARGS engine_args = {0};
1495 QUIC_PORT_ARGS port_args = {0};
1496
1497 engine_args.libctx = qc->ssl.ctx->libctx;
1498 engine_args.propq = qc->ssl.ctx->propq;
1499 engine_args.mutex = qc->mutex;
1500 engine_args.now_cb = get_time_cb;
1501 engine_args.now_cb_arg = qc;
1502 qc->engine = ossl_quic_engine_new(&engine_args);
1503 if (qc->engine == NULL) {
1504 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1505 return 0;
1506 }
1507
1508 port_args.channel_ctx = qc->ssl.ctx;
1509 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1510 if (qc->port == NULL) {
1511 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1512 ossl_quic_engine_free(qc->engine);
1513 return 0;
1514 }
1515
1516 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1517 if (qc->ch == NULL) {
1518 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1519 ossl_quic_port_free(qc->port);
1520 ossl_quic_engine_free(qc->engine);
1521 return 0;
1522 }
1523
1524 return 1;
1525 }
1526
1527 /*
1528 * Configures a channel with the information we have accumulated via calls made
1529 * to us from the application prior to starting a handshake attempt.
1530 */
1531 QUIC_NEEDS_LOCK
1532 static int ensure_channel_started(QCTX *ctx)
1533 {
1534 QUIC_CONNECTION *qc = ctx->qc;
1535
1536 if (!qc->started) {
1537 if (!configure_channel(qc)) {
1538 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1539 "failed to configure channel");
1540 return 0;
1541 }
1542
1543 if (!ossl_quic_channel_start(qc->ch)) {
1544 ossl_quic_channel_restore_err_state(qc->ch);
1545 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1546 "failed to start channel");
1547 return 0;
1548 }
1549
1550 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1551 if (qc->is_thread_assisted)
1552 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1553 qc->override_now_cb,
1554 qc->override_now_cb_arg)) {
1555 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1556 "failed to start assist thread");
1557 return 0;
1558 }
1559 #endif
1560 }
1561
1562 qc->started = 1;
1563 return 1;
1564 }
1565
1566 QUIC_NEEDS_LOCK
1567 static int quic_do_handshake(QCTX *ctx)
1568 {
1569 int ret;
1570 QUIC_CONNECTION *qc = ctx->qc;
1571
1572 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1573 /* Handshake already completed. */
1574 return 1;
1575
1576 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1577 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1578
1579 if (qc->as_server != qc->as_server_state) {
1580 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1581 return -1; /* Non-protocol error */
1582 }
1583
1584 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1585 /* Need read and write BIOs. */
1586 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1587 return -1; /* Non-protocol error */
1588 }
1589
1590 /*
1591 * We need to determine our addressing mode. There are basically two
1592 * ways we can use L4 addresses:
1593 *
1594 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1595 * addresses attached to them which we expect the underlying network BIO
1596 * to handle;
1597 *
1598 * - Unaddressed mode, in which the BIO provided to us on the
1599 * network side neither provides us with L4 addresses nor is capable of
1600 * honouring ones we provide. We don't know where the QUIC traffic we
1601 * send ends up exactly and trust the application to know what it is
1602 * doing.
1603 *
1604 * Addressed mode is preferred because it enables support for connection
1605 * migration, multipath, etc. in the future. Addressed mode is automatically
1606 * enabled if we are using e.g. BIO_s_datagram, with or without
1607 * BIO_s_connect.
1608 *
1609 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1610 * use unaddressed mode unless that BIO supports capability flags indicating
1611 * it can provide and honour L4 addresses.
1612 *
1613 * Our strategy for determining address mode is simple: we probe the
1614 * underlying network BIOs for their capabilities. If the network BIOs
1615 * support what we need, we use addressed mode. Otherwise, we use
1616 * unaddressed mode.
1617 *
1618 * If addressed mode is chosen, we require an initial peer address to be
1619 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1620 * require this, as such an address is superfluous, though it can be set if
1621 * desired.
1622 */
1623 if (!qc->started && !qc->addressing_probe_done) {
1624 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1625 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1626
1627 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1628 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1629 qc->addressing_probe_done = 1;
1630 }
1631
1632 if (!qc->started && qc->addressed_mode_w
1633 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1634 /*
1635 * We are trying to connect and are using addressed mode, which means we
1636 * need an initial peer address; if we do not have a peer address yet,
1637 * we should try to autodetect one.
1638 *
1639 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1640 * may not be able to provide us with a peer address until they have
1641 * finished their own processing. They may not be able to perform this
1642 * processing until an application has finished configuring that BIO
1643 * (e.g. with setter calls), which might happen after SSL_set_bio is
1644 * called.
1645 */
1646 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1647 /* best effort */
1648 BIO_ADDR_clear(&qc->init_peer_addr);
1649 else
1650 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1651 }
1652
1653 if (!qc->started
1654 && qc->addressed_mode_w
1655 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1656 /*
1657 * If we still don't have a peer address in addressed mode, we can't do
1658 * anything.
1659 */
1660 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1661 return -1; /* Non-protocol error */
1662 }
1663
1664 /*
1665 * Start connection process. Note we may come here multiple times in
1666 * non-blocking mode, which is fine.
1667 */
1668 if (!ensure_channel_started(ctx)) /* raises on failure */
1669 return -1; /* Non-protocol error */
1670
1671 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1672 /* The handshake is now done. */
1673 return 1;
1674
1675 if (!qc_blocking_mode(qc)) {
1676 /* Try to advance the reactor. */
1677 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1678
1679 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1680 /* The handshake is now done. */
1681 return 1;
1682
1683 if (ossl_quic_channel_is_term_any(qc->ch)) {
1684 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1685 return 0;
1686 } else if (qc->desires_blocking) {
1687 /*
1688 * As a special case when doing a handshake when blocking mode is
1689 * desired yet not available, see if the network BIOs have become
1690 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1691 * which do late creation of socket FDs and therefore cannot expose
1692 * a poll descriptor until after a network BIO is set on the QCSO.
1693 */
1694 assert(!qc->blocking);
1695 qc_update_can_support_blocking(qc);
1696 qc_update_blocking_mode(qc);
1697 }
1698 }
1699
1700 /*
1701 * We are either in blocking mode or just entered it due to the code above.
1702 */
1703 if (qc_blocking_mode(qc)) {
1704 /* In blocking mode, wait for the handshake to complete. */
1705 struct quic_handshake_wait_args args;
1706
1707 args.qc = qc;
1708
1709 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1710 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1711 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1712 return 0; /* Shutdown before completion */
1713 } else if (ret <= 0) {
1714 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1715 return -1; /* Non-protocol error */
1716 }
1717
1718 if (tls_wants_non_io_retry(qc)) {
1719 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1720 return -1;
1721 }
1722
1723 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1724 return 1;
1725 }
1726
1727 if (tls_wants_non_io_retry(qc)) {
1728 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1729 return -1;
1730 }
1731
1732 /*
1733 * Otherwise, indicate that the handshake isn't done yet.
1734 * We can only get here in non-blocking mode.
1735 */
1736 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1737 return -1; /* Non-protocol error */
1738 }
1739
1740 QUIC_TAKES_LOCK
1741 int ossl_quic_do_handshake(SSL *s)
1742 {
1743 int ret;
1744 QCTX ctx;
1745
1746 if (!expect_quic(s, &ctx))
1747 return 0;
1748
1749 quic_lock_for_io(&ctx);
1750
1751 ret = quic_do_handshake(&ctx);
1752 quic_unlock(ctx.qc);
1753 return ret;
1754 }
1755
1756 /* SSL_connect */
1757 int ossl_quic_connect(SSL *s)
1758 {
1759 /* Ensure we are in connect state (no-op if non-idle). */
1760 ossl_quic_set_connect_state(s);
1761
1762 /* Begin or continue the handshake */
1763 return ossl_quic_do_handshake(s);
1764 }
1765
1766 /* SSL_accept */
1767 int ossl_quic_accept(SSL *s)
1768 {
1769 /* Ensure we are in accept state (no-op if non-idle). */
1770 ossl_quic_set_accept_state(s);
1771
1772 /* Begin or continue the handshake */
1773 return ossl_quic_do_handshake(s);
1774 }
1775
1776 /*
1777 * QUIC Front-End I/O API: Stream Lifecycle Operations
1778 * ===================================================
1779 *
1780 * SSL_stream_new => ossl_quic_conn_stream_new
1781 *
1782 */
1783
1784 /*
1785 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1786 * default XSO was created. Returns 0 if it was not (e.g. because it already
1787 * exists). Note that this is NOT an error condition.
1788 */
1789 QUIC_NEEDS_LOCK
1790 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1791 {
1792 uint64_t flags = 0;
1793 QUIC_CONNECTION *qc = ctx->qc;
1794
1795 if (qc->default_xso_created
1796 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1797 /*
1798 * We only do this once. If the user detaches a previously created
1799 * default XSO we don't auto-create another one.
1800 */
1801 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1802
1803 /* Create a locally-initiated stream. */
1804 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1805 flags |= SSL_STREAM_FLAG_UNI;
1806
1807 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1808 /*needs_lock=*/0),
1809 /*touch=*/0);
1810 if (qc->default_xso == NULL)
1811 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1812
1813 qc_touch_default_xso(qc);
1814 return 1;
1815 }
1816
1817 struct quic_wait_for_stream_args {
1818 QUIC_CONNECTION *qc;
1819 QUIC_STREAM *qs;
1820 QCTX *ctx;
1821 uint64_t expect_id;
1822 };
1823
1824 QUIC_NEEDS_LOCK
1825 static int quic_wait_for_stream(void *arg)
1826 {
1827 struct quic_wait_for_stream_args *args = arg;
1828
1829 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1830 /* If connection is torn down due to an error while blocking, stop. */
1831 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1832 return -1;
1833 }
1834
1835 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1836 args->expect_id | QUIC_STREAM_DIR_BIDI);
1837 if (args->qs == NULL)
1838 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1839 args->expect_id | QUIC_STREAM_DIR_UNI);
1840
1841 if (args->qs != NULL)
1842 return 1; /* stream now exists */
1843
1844 return 0; /* did not get a stream, keep trying */
1845 }
1846
1847 QUIC_NEEDS_LOCK
1848 static int qc_wait_for_default_xso_for_read(QCTX *ctx)
1849 {
1850 /* Called on a QCSO and we don't currently have a default stream. */
1851 uint64_t expect_id;
1852 QUIC_CONNECTION *qc = ctx->qc;
1853 QUIC_STREAM *qs;
1854 int res;
1855 struct quic_wait_for_stream_args wargs;
1856 OSSL_RTT_INFO rtt_info;
1857
1858 /*
1859 * If default stream functionality is disabled or we already detached
1860 * one, don't make another default stream and just fail.
1861 */
1862 if (qc->default_xso_created
1863 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1864 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1865
1866 /*
1867 * The peer may have opened a stream since we last ticked. So tick and
1868 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1869 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1870 * first stream created by a peer must have an ordinal of 0.
1871 */
1872 expect_id = qc->as_server
1873 ? QUIC_STREAM_INITIATOR_CLIENT
1874 : QUIC_STREAM_INITIATOR_SERVER;
1875
1876 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1877 expect_id | QUIC_STREAM_DIR_BIDI);
1878 if (qs == NULL)
1879 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1880 expect_id | QUIC_STREAM_DIR_UNI);
1881
1882 if (qs == NULL) {
1883 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1884
1885 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1886 expect_id);
1887 }
1888
1889 if (qs == NULL) {
1890 if (!qc_blocking_mode(qc))
1891 /* Non-blocking mode, so just bail immediately. */
1892 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1893
1894 /* Block until we have a stream. */
1895 wargs.qc = qc;
1896 wargs.qs = NULL;
1897 wargs.ctx = ctx;
1898 wargs.expect_id = expect_id;
1899
1900 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1901 if (res == 0)
1902 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1903 else if (res < 0 || wargs.qs == NULL)
1904 /* quic_wait_for_stream raised error here */
1905 return 0;
1906
1907 qs = wargs.qs;
1908 }
1909
1910 /*
1911 * We now have qs != NULL. Remove it from the incoming stream queue so that
1912 * it isn't also returned by any future SSL_accept_stream calls.
1913 */
1914 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1915 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1916 qs, rtt_info.smoothed_rtt);
1917
1918 /*
1919 * Now make qs the default stream, creating the necessary XSO.
1920 */
1921 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1922 if (qc->default_xso == NULL)
1923 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1924
1925 qc_touch_default_xso(qc); /* inhibits default XSO */
1926 return 1;
1927 }
1928
1929 QUIC_NEEDS_LOCK
1930 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1931 {
1932 QUIC_XSO *xso = NULL;
1933
1934 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1935 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1936 goto err;
1937 }
1938
1939 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1940 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1941 goto err;
1942 }
1943
1944 /* XSO refs QC */
1945 if (!SSL_up_ref(&qc->ssl)) {
1946 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1947 goto err;
1948 }
1949
1950 xso->conn = qc;
1951 xso->ssl_mode = qc->default_ssl_mode;
1952 xso->ssl_options
1953 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1954 xso->last_error = SSL_ERROR_NONE;
1955
1956 xso->stream = qs;
1957
1958 ++qc->num_xso;
1959 xso_update_options(xso);
1960 return xso;
1961
1962 err:
1963 OPENSSL_free(xso);
1964 return NULL;
1965 }
1966
1967 struct quic_new_stream_wait_args {
1968 QUIC_CONNECTION *qc;
1969 int is_uni;
1970 };
1971
1972 static int quic_new_stream_wait(void *arg)
1973 {
1974 struct quic_new_stream_wait_args *args = arg;
1975 QUIC_CONNECTION *qc = args->qc;
1976
1977 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1978 return -1;
1979
1980 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1981 return 1;
1982
1983 return 0;
1984 }
1985
1986 /* locking depends on need_lock */
1987 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1988 {
1989 int ret;
1990 QUIC_CONNECTION *qc = ctx->qc;
1991 QUIC_XSO *xso = NULL;
1992 QUIC_STREAM *qs = NULL;
1993 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
1994 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
1995 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
1996
1997 if (need_lock)
1998 quic_lock(qc);
1999
2000 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2001 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2002 goto err;
2003 }
2004
2005 if (!advance
2006 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2007 struct quic_new_stream_wait_args args;
2008
2009 /*
2010 * Stream count flow control currently doesn't permit this stream to be
2011 * opened.
2012 */
2013 if (no_blocking || !qc_blocking_mode(qc)) {
2014 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2015 goto err;
2016 }
2017
2018 args.qc = qc;
2019 args.is_uni = is_uni;
2020
2021 /* Blocking mode - wait until we can get a stream. */
2022 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2023 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2024 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2025 goto err; /* Shutdown before completion */
2026 } else if (ret <= 0) {
2027 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2028 goto err; /* Non-protocol error */
2029 }
2030 }
2031
2032 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2033 if (qs == NULL) {
2034 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2035 goto err;
2036 }
2037
2038 xso = create_xso_from_stream(qc, qs);
2039 if (xso == NULL)
2040 goto err;
2041
2042 qc_touch_default_xso(qc); /* inhibits default XSO */
2043 if (need_lock)
2044 quic_unlock(qc);
2045
2046 return &xso->ssl;
2047
2048 err:
2049 OPENSSL_free(xso);
2050 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2051 if (need_lock)
2052 quic_unlock(qc);
2053
2054 return NULL;
2055
2056 }
2057
2058 QUIC_TAKES_LOCK
2059 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2060 {
2061 QCTX ctx;
2062
2063 if (!expect_quic_conn_only(s, &ctx))
2064 return NULL;
2065
2066 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2067 }
2068
2069 /*
2070 * QUIC Front-End I/O API: Steady-State Operations
2071 * ===============================================
2072 *
2073 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2074 * is, the functions used during the established phase of a QUIC connection
2075 * (e.g. SSL_read, SSL_write).
2076 *
2077 * Each function must handle both blocking and non-blocking modes. As discussed
2078 * above, all QUIC I/O is implemented using non-blocking mode internally.
2079 *
2080 * SSL_get_error => partially implemented by ossl_quic_get_error
2081 * SSL_want => ossl_quic_want
2082 * (BIO/)SSL_read => ossl_quic_read
2083 * (BIO/)SSL_write => ossl_quic_write
2084 * SSL_pending => ossl_quic_pending
2085 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2086 * SSL_key_update => ossl_quic_key_update
2087 */
2088
2089 /* SSL_get_error */
2090 int ossl_quic_get_error(const SSL *s, int i)
2091 {
2092 QCTX ctx;
2093 int net_error, last_error;
2094
2095 if (!expect_quic(s, &ctx))
2096 return 0;
2097
2098 quic_lock(ctx.qc);
2099 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2100 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2101 quic_unlock(ctx.qc);
2102
2103 if (net_error)
2104 return SSL_ERROR_SYSCALL;
2105
2106 return last_error;
2107 }
2108
2109 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2110 static int error_to_want(int error)
2111 {
2112 switch (error) {
2113 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2114 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2115 case SSL_ERROR_ZERO_RETURN:
2116 default:
2117 return SSL_NOTHING;
2118
2119 case SSL_ERROR_WANT_READ:
2120 return SSL_READING;
2121
2122 case SSL_ERROR_WANT_WRITE:
2123 return SSL_WRITING;
2124
2125 case SSL_ERROR_WANT_RETRY_VERIFY:
2126 return SSL_RETRY_VERIFY;
2127
2128 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2129 return SSL_CLIENT_HELLO_CB;
2130
2131 case SSL_ERROR_WANT_X509_LOOKUP:
2132 return SSL_X509_LOOKUP;
2133 }
2134 }
2135
2136 /* SSL_want */
2137 int ossl_quic_want(const SSL *s)
2138 {
2139 QCTX ctx;
2140 int w;
2141
2142 if (!expect_quic(s, &ctx))
2143 return SSL_NOTHING;
2144
2145 quic_lock(ctx.qc);
2146
2147 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2148
2149 quic_unlock(ctx.qc);
2150 return w;
2151 }
2152
2153 /*
2154 * SSL_write
2155 * ---------
2156 *
2157 * The set of functions below provide the implementation of the public SSL_write
2158 * function. We must handle:
2159 *
2160 * - both blocking and non-blocking operation at the application level,
2161 * depending on how we are configured;
2162 *
2163 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2164 *
2165 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2166 *
2167 */
2168 QUIC_NEEDS_LOCK
2169 static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
2170 {
2171 /*
2172 * We have appended at least one byte to the stream.
2173 * Potentially mark stream as active, depending on FC.
2174 */
2175 if (did_append)
2176 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2177 xso->stream);
2178
2179 /*
2180 * Try and send.
2181 *
2182 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2183 * immediately, plus we should eventually consider Nagle's algorithm.
2184 */
2185 if (do_tick)
2186 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2187 }
2188
2189 struct quic_write_again_args {
2190 QUIC_XSO *xso;
2191 const unsigned char *buf;
2192 size_t len;
2193 size_t total_written;
2194 int err;
2195 };
2196
2197 /*
2198 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2199 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2200 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2201 */
2202 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2203
2204 /*
2205 * Ensure spare buffer space available (up until a limit, at least).
2206 */
2207 QUIC_NEEDS_LOCK
2208 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2209 {
2210 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2211 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2212 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2213 size_t new_sz, growth;
2214
2215 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2216 return 1;
2217
2218 growth = spare_ - avail;
2219 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2220 new_sz = MAX_WRITE_BUF_SIZE;
2221 else
2222 new_sz = cur_sz + growth;
2223
2224 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2225 }
2226
2227 /*
2228 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2229 * as needed according to flow control.
2230 */
2231 QUIC_NEEDS_LOCK
2232 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2233 size_t len, size_t *actual_written)
2234 {
2235 QUIC_SSTREAM *sstream = xso->stream->sstream;
2236 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2237 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2238 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2239
2240 if (len > permitted)
2241 len = (size_t)permitted;
2242
2243 if (!sstream_ensure_spare(sstream, len))
2244 return 0;
2245
2246 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2247 }
2248
2249 QUIC_NEEDS_LOCK
2250 static int quic_write_again(void *arg)
2251 {
2252 struct quic_write_again_args *args = arg;
2253 size_t actual_written = 0;
2254
2255 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2256 /* If connection is torn down due to an error while blocking, stop. */
2257 return -2;
2258
2259 if (!quic_validate_for_write(args->xso, &args->err))
2260 /*
2261 * Stream may have become invalid for write due to connection events
2262 * while we blocked.
2263 */
2264 return -2;
2265
2266 args->err = ERR_R_INTERNAL_ERROR;
2267 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2268 return -2;
2269
2270 quic_post_write(args->xso, actual_written > 0, 0);
2271
2272 args->buf += actual_written;
2273 args->len -= actual_written;
2274 args->total_written += actual_written;
2275
2276 if (args->len == 0)
2277 /* Written everything, done. */
2278 return 1;
2279
2280 /* Not written everything yet, keep trying. */
2281 return 0;
2282 }
2283
2284 QUIC_NEEDS_LOCK
2285 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2286 size_t *written)
2287 {
2288 int res;
2289 QUIC_XSO *xso = ctx->xso;
2290 struct quic_write_again_args args;
2291 size_t actual_written = 0;
2292
2293 /* First make a best effort to append as much of the data as possible. */
2294 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2295 /* Stream already finished or allocation error. */
2296 *written = 0;
2297 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2298 }
2299
2300 quic_post_write(xso, actual_written > 0, 1);
2301
2302 if (actual_written == len) {
2303 /* Managed to append everything on the first try. */
2304 *written = actual_written;
2305 return 1;
2306 }
2307
2308 /*
2309 * We did not manage to append all of the data immediately, so the stream
2310 * buffer has probably filled up. This means we need to block until some of
2311 * it is freed up.
2312 */
2313 args.xso = xso;
2314 args.buf = (const unsigned char *)buf + actual_written;
2315 args.len = len - actual_written;
2316 args.total_written = 0;
2317 args.err = ERR_R_INTERNAL_ERROR;
2318
2319 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2320 if (res <= 0) {
2321 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2322 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2323 else
2324 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2325 }
2326
2327 *written = args.total_written;
2328 return 1;
2329 }
2330
2331 /*
2332 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2333 * write semantics.
2334 */
2335 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2336 size_t buf_len, size_t already_sent)
2337 {
2338 assert(!xso->aon_write_in_progress);
2339
2340 xso->aon_write_in_progress = 1;
2341 xso->aon_buf_base = buf;
2342 xso->aon_buf_pos = already_sent;
2343 xso->aon_buf_len = buf_len;
2344 }
2345
2346 static void aon_write_finish(QUIC_XSO *xso)
2347 {
2348 xso->aon_write_in_progress = 0;
2349 xso->aon_buf_base = NULL;
2350 xso->aon_buf_pos = 0;
2351 xso->aon_buf_len = 0;
2352 }
2353
2354 QUIC_NEEDS_LOCK
2355 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2356 size_t len, size_t *written)
2357 {
2358 QUIC_XSO *xso = ctx->xso;
2359 const void *actual_buf;
2360 size_t actual_len, actual_written = 0;
2361 int accept_moving_buffer
2362 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2363
2364 if (xso->aon_write_in_progress) {
2365 /*
2366 * We are in the middle of an AON write (i.e., a previous write did not
2367 * manage to append all data to the SSTREAM and we have Enable Partial
2368 * Write (EPW) mode disabled.)
2369 */
2370 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2371 || len != xso->aon_buf_len)
2372 /*
2373 * Pointer must not have changed if we are not in accept moving
2374 * buffer mode. Length must never change.
2375 */
2376 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2377
2378 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2379 actual_len = len - xso->aon_buf_pos;
2380 assert(actual_len > 0);
2381 } else {
2382 actual_buf = buf;
2383 actual_len = len;
2384 }
2385
2386 /* First make a best effort to append as much of the data as possible. */
2387 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2388 /* Stream already finished or allocation error. */
2389 *written = 0;
2390 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2391 }
2392
2393 quic_post_write(xso, actual_written > 0, 1);
2394
2395 if (actual_written == actual_len) {
2396 /* We have sent everything. */
2397 if (xso->aon_write_in_progress) {
2398 /*
2399 * We have sent everything, and we were in the middle of an AON
2400 * write. The output write length is the total length of the AON
2401 * buffer, not however many bytes we managed to write to the stream
2402 * in this call.
2403 */
2404 *written = xso->aon_buf_len;
2405 aon_write_finish(xso);
2406 } else {
2407 *written = actual_written;
2408 }
2409
2410 return 1;
2411 }
2412
2413 if (xso->aon_write_in_progress) {
2414 /*
2415 * AON write is in progress but we have not written everything yet. We
2416 * may have managed to send zero bytes, or some number of bytes less
2417 * than the total remaining which need to be appended during this
2418 * AON operation.
2419 */
2420 xso->aon_buf_pos += actual_written;
2421 assert(xso->aon_buf_pos < xso->aon_buf_len);
2422 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2423 }
2424
2425 /*
2426 * Not in an existing AON operation but partial write is not enabled, so we
2427 * need to begin a new AON operation. However we needn't bother if we didn't
2428 * actually append anything.
2429 */
2430 if (actual_written > 0)
2431 aon_write_begin(xso, buf, len, actual_written);
2432
2433 /*
2434 * AON - We do not publicly admit to having appended anything until AON
2435 * completes.
2436 */
2437 *written = 0;
2438 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2439 }
2440
2441 QUIC_NEEDS_LOCK
2442 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2443 size_t *written)
2444 {
2445 QUIC_XSO *xso = ctx->xso;
2446
2447 /* Simple best effort operation. */
2448 if (!xso_sstream_append(xso, buf, len, written)) {
2449 /* Stream already finished or allocation error. */
2450 *written = 0;
2451 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2452 }
2453
2454 quic_post_write(xso, *written > 0, 1);
2455 return 1;
2456 }
2457
2458 QUIC_NEEDS_LOCK
2459 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2460 {
2461 QUIC_STREAM_MAP *qsm;
2462
2463 if (xso == NULL || xso->stream == NULL) {
2464 *err = ERR_R_INTERNAL_ERROR;
2465 return 0;
2466 }
2467
2468 switch (xso->stream->send_state) {
2469 default:
2470 case QUIC_SSTREAM_STATE_NONE:
2471 *err = SSL_R_STREAM_RECV_ONLY;
2472 return 0;
2473
2474 case QUIC_SSTREAM_STATE_READY:
2475 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2476
2477 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2478 *err = ERR_R_INTERNAL_ERROR;
2479 return 0;
2480 }
2481
2482 /* FALLTHROUGH */
2483 case QUIC_SSTREAM_STATE_SEND:
2484 case QUIC_SSTREAM_STATE_DATA_SENT:
2485 case QUIC_SSTREAM_STATE_DATA_RECVD:
2486 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2487 *err = SSL_R_STREAM_FINISHED;
2488 return 0;
2489 }
2490
2491 return 1;
2492
2493 case QUIC_SSTREAM_STATE_RESET_SENT:
2494 case QUIC_SSTREAM_STATE_RESET_RECVD:
2495 *err = SSL_R_STREAM_RESET;
2496 return 0;
2497 }
2498 }
2499
2500 QUIC_TAKES_LOCK
2501 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2502 {
2503 int ret;
2504 QCTX ctx;
2505 int partial_write, err;
2506
2507 *written = 0;
2508
2509 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2510 return 0;
2511
2512 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
2513
2514 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2515 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2516 goto out;
2517 }
2518
2519 /*
2520 * If we haven't finished the handshake, try to advance it.
2521 * We don't accept writes until the handshake is completed.
2522 */
2523 if (quic_do_handshake(&ctx) < 1) {
2524 ret = 0;
2525 goto out;
2526 }
2527
2528 /* Ensure correct stream state, stream send part not concluded, etc. */
2529 if (!quic_validate_for_write(ctx.xso, &err)) {
2530 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2531 goto out;
2532 }
2533
2534 if (len == 0) {
2535 ret = 1;
2536 goto out;
2537 }
2538
2539 if (xso_blocking_mode(ctx.xso))
2540 ret = quic_write_blocking(&ctx, buf, len, written);
2541 else if (partial_write)
2542 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
2543 else
2544 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
2545
2546 out:
2547 quic_unlock(ctx.qc);
2548 return ret;
2549 }
2550
2551 /*
2552 * SSL_read
2553 * --------
2554 */
2555 struct quic_read_again_args {
2556 QCTX *ctx;
2557 QUIC_STREAM *stream;
2558 void *buf;
2559 size_t len;
2560 size_t *bytes_read;
2561 int peek;
2562 };
2563
2564 QUIC_NEEDS_LOCK
2565 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2566 {
2567 QUIC_STREAM_MAP *qsm;
2568
2569 *eos = 0;
2570
2571 if (xso == NULL || xso->stream == NULL) {
2572 *err = ERR_R_INTERNAL_ERROR;
2573 return 0;
2574 }
2575
2576 switch (xso->stream->recv_state) {
2577 default:
2578 case QUIC_RSTREAM_STATE_NONE:
2579 *err = SSL_R_STREAM_SEND_ONLY;
2580 return 0;
2581
2582 case QUIC_RSTREAM_STATE_RECV:
2583 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2584 case QUIC_RSTREAM_STATE_DATA_RECVD:
2585 return 1;
2586
2587 case QUIC_RSTREAM_STATE_DATA_READ:
2588 *eos = 1;
2589 return 0;
2590
2591 case QUIC_RSTREAM_STATE_RESET_RECVD:
2592 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2593 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2594
2595 /* FALLTHROUGH */
2596 case QUIC_RSTREAM_STATE_RESET_READ:
2597 *err = SSL_R_STREAM_RESET;
2598 return 0;
2599 }
2600 }
2601
2602 QUIC_NEEDS_LOCK
2603 static int quic_read_actual(QCTX *ctx,
2604 QUIC_STREAM *stream,
2605 void *buf, size_t buf_len,
2606 size_t *bytes_read,
2607 int peek)
2608 {
2609 int is_fin = 0, err, eos;
2610 QUIC_CONNECTION *qc = ctx->qc;
2611
2612 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2613 if (eos)
2614 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2615 else
2616 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2617 }
2618
2619 if (peek) {
2620 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2621 bytes_read, &is_fin))
2622 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2623
2624 } else {
2625 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2626 bytes_read, &is_fin))
2627 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2628 }
2629
2630 if (!peek) {
2631 if (*bytes_read > 0) {
2632 /*
2633 * We have read at least one byte from the stream. Inform stream-level
2634 * RXFC of the retirement of controlled bytes. Update the active stream
2635 * status (the RXFC may now want to emit a frame granting more credit to
2636 * the peer).
2637 */
2638 OSSL_RTT_INFO rtt_info;
2639
2640 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2641
2642 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2643 rtt_info.smoothed_rtt))
2644 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2645 }
2646
2647 if (is_fin && !peek) {
2648 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2649
2650 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2651 }
2652
2653 if (*bytes_read > 0)
2654 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2655 stream);
2656 }
2657
2658 if (*bytes_read == 0 && is_fin)
2659 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2660
2661 return 1;
2662 }
2663
2664 QUIC_NEEDS_LOCK
2665 static int quic_read_again(void *arg)
2666 {
2667 struct quic_read_again_args *args = arg;
2668
2669 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2670 /* If connection is torn down due to an error while blocking, stop. */
2671 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2672 return -1;
2673 }
2674
2675 if (!quic_read_actual(args->ctx, args->stream,
2676 args->buf, args->len, args->bytes_read,
2677 args->peek))
2678 return -1;
2679
2680 if (*args->bytes_read > 0)
2681 /* got at least one byte, the SSL_read op can finish now */
2682 return 1;
2683
2684 return 0; /* did not read anything, keep trying */
2685 }
2686
2687 QUIC_TAKES_LOCK
2688 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2689 {
2690 int ret, res;
2691 QCTX ctx;
2692 struct quic_read_again_args args;
2693
2694 *bytes_read = 0;
2695
2696 if (!expect_quic(s, &ctx))
2697 return 0;
2698
2699 quic_lock_for_io(&ctx);
2700
2701 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2702 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2703 goto out;
2704 }
2705
2706 /* If we haven't finished the handshake, try to advance it. */
2707 if (quic_do_handshake(&ctx) < 1) {
2708 ret = 0; /* ossl_quic_do_handshake raised error here */
2709 goto out;
2710 }
2711
2712 if (ctx.xso == NULL) {
2713 /*
2714 * Called on a QCSO and we don't currently have a default stream.
2715 *
2716 * Wait until we get a stream initiated by the peer (blocking mode) or
2717 * fail if we don't have one yet (non-blocking mode).
2718 */
2719 if (!qc_wait_for_default_xso_for_read(&ctx)) {
2720 ret = 0; /* error already raised here */
2721 goto out;
2722 }
2723
2724 ctx.xso = ctx.qc->default_xso;
2725 }
2726
2727 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2728 ret = 0; /* quic_read_actual raised error here */
2729 goto out;
2730 }
2731
2732 if (*bytes_read > 0) {
2733 /*
2734 * Even though we succeeded, tick the reactor here to ensure we are
2735 * handling other aspects of the QUIC connection.
2736 */
2737 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2738 ret = 1;
2739 } else if (xso_blocking_mode(ctx.xso)) {
2740 /*
2741 * We were not able to read anything immediately, so our stream
2742 * buffer is empty. This means we need to block until we get
2743 * at least one byte.
2744 */
2745 args.ctx = &ctx;
2746 args.stream = ctx.xso->stream;
2747 args.buf = buf;
2748 args.len = len;
2749 args.bytes_read = bytes_read;
2750 args.peek = peek;
2751
2752 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2753 if (res == 0) {
2754 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2755 goto out;
2756 } else if (res < 0) {
2757 ret = 0; /* quic_read_again raised error here */
2758 goto out;
2759 }
2760
2761 ret = 1;
2762 } else {
2763 /*
2764 * We did not get any bytes and are not in blocking mode.
2765 * Tick to see if this delivers any more.
2766 */
2767 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2768
2769 /* Try the read again. */
2770 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2771 ret = 0; /* quic_read_actual raised error here */
2772 goto out;
2773 }
2774
2775 if (*bytes_read > 0)
2776 ret = 1; /* Succeeded this time. */
2777 else
2778 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2779 }
2780
2781 out:
2782 quic_unlock(ctx.qc);
2783 return ret;
2784 }
2785
2786 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2787 {
2788 return quic_read(s, buf, len, bytes_read, 0);
2789 }
2790
2791 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2792 {
2793 return quic_read(s, buf, len, bytes_read, 1);
2794 }
2795
2796 /*
2797 * SSL_pending
2798 * -----------
2799 */
2800
2801 QUIC_TAKES_LOCK
2802 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2803 {
2804 QCTX ctx;
2805 size_t avail = 0;
2806 int fin = 0;
2807
2808
2809 if (!expect_quic(s, &ctx))
2810 return 0;
2811
2812 quic_lock(ctx.qc);
2813
2814 if (ctx.xso == NULL) {
2815 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2816 goto out;
2817 }
2818
2819 if (ctx.xso->stream == NULL
2820 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
2821 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2822 goto out;
2823 }
2824
2825 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
2826 avail = 0;
2827
2828 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2829 avail = 1;
2830
2831 out:
2832 quic_unlock(ctx.qc);
2833 return avail;
2834 }
2835
2836 size_t ossl_quic_pending(const SSL *s)
2837 {
2838 return ossl_quic_pending_int(s, /*check_channel=*/0);
2839 }
2840
2841 int ossl_quic_has_pending(const SSL *s)
2842 {
2843 /* Do we have app-side pending data or pending URXEs or RXEs? */
2844 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2845 }
2846
2847 /*
2848 * SSL_stream_conclude
2849 * -------------------
2850 */
2851 QUIC_TAKES_LOCK
2852 int ossl_quic_conn_stream_conclude(SSL *s)
2853 {
2854 QCTX ctx;
2855 QUIC_STREAM *qs;
2856 int err;
2857
2858 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2859 return 0;
2860
2861 qs = ctx.xso->stream;
2862
2863 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2864 quic_unlock(ctx.qc);
2865 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2866 }
2867
2868 if (!quic_validate_for_write(ctx.xso, &err)) {
2869 quic_unlock(ctx.qc);
2870 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2871 }
2872
2873 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2874 quic_unlock(ctx.qc);
2875 return 1;
2876 }
2877
2878 ossl_quic_sstream_fin(qs->sstream);
2879 quic_post_write(ctx.xso, 1, 1);
2880 quic_unlock(ctx.qc);
2881 return 1;
2882 }
2883
2884 /*
2885 * SSL_inject_net_dgram
2886 * --------------------
2887 */
2888 QUIC_TAKES_LOCK
2889 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2890 size_t buf_len,
2891 const BIO_ADDR *peer,
2892 const BIO_ADDR *local)
2893 {
2894 int ret;
2895 QCTX ctx;
2896 QUIC_DEMUX *demux;
2897
2898 if (!expect_quic(s, &ctx))
2899 return 0;
2900
2901 quic_lock(ctx.qc);
2902
2903 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2904 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2905
2906 quic_unlock(ctx.qc);
2907 return ret;
2908 }
2909
2910 /*
2911 * SSL_get0_connection
2912 * -------------------
2913 */
2914 SSL *ossl_quic_get0_connection(SSL *s)
2915 {
2916 QCTX ctx;
2917
2918 if (!expect_quic(s, &ctx))
2919 return NULL;
2920
2921 return &ctx.qc->ssl;
2922 }
2923
2924 /*
2925 * SSL_get_stream_type
2926 * -------------------
2927 */
2928 int ossl_quic_get_stream_type(SSL *s)
2929 {
2930 QCTX ctx;
2931
2932 if (!expect_quic(s, &ctx))
2933 return SSL_STREAM_TYPE_BIDI;
2934
2935 if (ctx.xso == NULL) {
2936 /*
2937 * If deferred XSO creation has yet to occur, proceed according to the
2938 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2939 * what kind of stream will be created yet, so return BIDI on the basis
2940 * that at this time, the client still has the option of calling
2941 * SSL_read() or SSL_write() first.
2942 */
2943 if (ctx.qc->default_xso_created
2944 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2945 return SSL_STREAM_TYPE_NONE;
2946 else
2947 return SSL_STREAM_TYPE_BIDI;
2948 }
2949
2950 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2951 return SSL_STREAM_TYPE_BIDI;
2952
2953 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2954 return SSL_STREAM_TYPE_READ;
2955 else
2956 return SSL_STREAM_TYPE_WRITE;
2957 }
2958
2959 /*
2960 * SSL_get_stream_id
2961 * -----------------
2962 */
2963 QUIC_TAKES_LOCK
2964 uint64_t ossl_quic_get_stream_id(SSL *s)
2965 {
2966 QCTX ctx;
2967 uint64_t id;
2968
2969 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
2970 return UINT64_MAX;
2971
2972 id = ctx.xso->stream->id;
2973 quic_unlock(ctx.qc);
2974
2975 return id;
2976 }
2977
2978 /*
2979 * SSL_is_stream_local
2980 * -------------------
2981 */
2982 QUIC_TAKES_LOCK
2983 int ossl_quic_is_stream_local(SSL *s)
2984 {
2985 QCTX ctx;
2986 int is_local;
2987
2988 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
2989 return -1;
2990
2991 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
2992 quic_unlock(ctx.qc);
2993
2994 return is_local;
2995 }
2996
2997 /*
2998 * SSL_set_default_stream_mode
2999 * ---------------------------
3000 */
3001 QUIC_TAKES_LOCK
3002 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3003 {
3004 QCTX ctx;
3005
3006 if (!expect_quic_conn_only(s, &ctx))
3007 return 0;
3008
3009 quic_lock(ctx.qc);
3010
3011 if (ctx.qc->default_xso_created) {
3012 quic_unlock(ctx.qc);
3013 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3014 "too late to change default stream mode");
3015 }
3016
3017 switch (mode) {
3018 case SSL_DEFAULT_STREAM_MODE_NONE:
3019 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3020 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3021 ctx.qc->default_stream_mode = mode;
3022 break;
3023 default:
3024 quic_unlock(ctx.qc);
3025 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3026 "bad default stream type");
3027 }
3028
3029 quic_unlock(ctx.qc);
3030 return 1;
3031 }
3032
3033 /*
3034 * SSL_detach_stream
3035 * -----------------
3036 */
3037 QUIC_TAKES_LOCK
3038 SSL *ossl_quic_detach_stream(SSL *s)
3039 {
3040 QCTX ctx;
3041 QUIC_XSO *xso = NULL;
3042
3043 if (!expect_quic_conn_only(s, &ctx))
3044 return NULL;
3045
3046 quic_lock(ctx.qc);
3047
3048 /* Calling this function inhibits default XSO autocreation. */
3049 /* QC ref to any default XSO is transferred to us and to caller. */
3050 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3051
3052 quic_unlock(ctx.qc);
3053
3054 return xso != NULL ? &xso->ssl : NULL;
3055 }
3056
3057 /*
3058 * SSL_attach_stream
3059 * -----------------
3060 */
3061 QUIC_TAKES_LOCK
3062 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3063 {
3064 QCTX ctx;
3065 QUIC_XSO *xso;
3066 int nref;
3067
3068 if (!expect_quic_conn_only(conn, &ctx))
3069 return 0;
3070
3071 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3072 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3073 "stream to attach must be a valid QUIC stream");
3074
3075 xso = (QUIC_XSO *)stream;
3076
3077 quic_lock(ctx.qc);
3078
3079 if (ctx.qc->default_xso != NULL) {
3080 quic_unlock(ctx.qc);
3081 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3082 "connection already has a default stream");
3083 }
3084
3085 /*
3086 * It is a caller error for the XSO being attached as a default XSO to have
3087 * more than one ref.
3088 */
3089 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3090 quic_unlock(ctx.qc);
3091 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3092 "ref");
3093 }
3094
3095 if (nref != 1) {
3096 quic_unlock(ctx.qc);
3097 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3098 "stream being attached must have "
3099 "only 1 reference");
3100 }
3101
3102 /* Caller's reference to the XSO is transferred to us. */
3103 /* Calling this function inhibits default XSO autocreation. */
3104 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3105
3106 quic_unlock(ctx.qc);
3107 return 1;
3108 }
3109
3110 /*
3111 * SSL_set_incoming_stream_policy
3112 * ------------------------------
3113 */
3114 QUIC_NEEDS_LOCK
3115 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3116 {
3117 switch (qc->incoming_stream_policy) {
3118 case SSL_INCOMING_STREAM_POLICY_AUTO:
3119 if ((qc->default_xso == NULL && !qc->default_xso_created)
3120 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3121 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3122 else
3123 return SSL_INCOMING_STREAM_POLICY_REJECT;
3124
3125 default:
3126 return qc->incoming_stream_policy;
3127 }
3128 }
3129
3130 QUIC_NEEDS_LOCK
3131 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3132 {
3133 int policy = qc_get_effective_incoming_stream_policy(qc);
3134 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3135
3136 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3137 enable_reject,
3138 qc->incoming_stream_aec);
3139 }
3140
3141 QUIC_TAKES_LOCK
3142 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3143 uint64_t aec)
3144 {
3145 int ret = 1;
3146 QCTX ctx;
3147
3148 if (!expect_quic_conn_only(s, &ctx))
3149 return 0;
3150
3151 quic_lock(ctx.qc);
3152
3153 switch (policy) {
3154 case SSL_INCOMING_STREAM_POLICY_AUTO:
3155 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3156 case SSL_INCOMING_STREAM_POLICY_REJECT:
3157 ctx.qc->incoming_stream_policy = policy;
3158 ctx.qc->incoming_stream_aec = aec;
3159 break;
3160
3161 default:
3162 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3163 ret = 0;
3164 break;
3165 }
3166
3167 qc_update_reject_policy(ctx.qc);
3168 quic_unlock(ctx.qc);
3169 return ret;
3170 }
3171
3172 /*
3173 * SSL_accept_stream
3174 * -----------------
3175 */
3176 struct wait_for_incoming_stream_args {
3177 QCTX *ctx;
3178 QUIC_STREAM *qs;
3179 };
3180
3181 QUIC_NEEDS_LOCK
3182 static int wait_for_incoming_stream(void *arg)
3183 {
3184 struct wait_for_incoming_stream_args *args = arg;
3185 QUIC_CONNECTION *qc = args->ctx->qc;
3186 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3187
3188 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3189 /* If connection is torn down due to an error while blocking, stop. */
3190 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3191 return -1;
3192 }
3193
3194 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3195 if (args->qs != NULL)
3196 return 1; /* got a stream */
3197
3198 return 0; /* did not get a stream, keep trying */
3199 }
3200
3201 QUIC_TAKES_LOCK
3202 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3203 {
3204 QCTX ctx;
3205 int ret;
3206 SSL *new_s = NULL;
3207 QUIC_STREAM_MAP *qsm;
3208 QUIC_STREAM *qs;
3209 QUIC_XSO *xso;
3210 OSSL_RTT_INFO rtt_info;
3211
3212 if (!expect_quic_conn_only(s, &ctx))
3213 return NULL;
3214
3215 quic_lock(ctx.qc);
3216
3217 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3218 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3219 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3220 goto out;
3221 }
3222
3223 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3224
3225 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3226 if (qs == NULL) {
3227 if (qc_blocking_mode(ctx.qc)
3228 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3229 struct wait_for_incoming_stream_args args;
3230
3231 args.ctx = &ctx;
3232 args.qs = NULL;
3233
3234 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3235 if (ret == 0) {
3236 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3237 goto out;
3238 } else if (ret < 0 || args.qs == NULL) {
3239 goto out;
3240 }
3241
3242 qs = args.qs;
3243 } else {
3244 goto out;
3245 }
3246 }
3247
3248 xso = create_xso_from_stream(ctx.qc, qs);
3249 if (xso == NULL)
3250 goto out;
3251
3252 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3253 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3254 rtt_info.smoothed_rtt);
3255 new_s = &xso->ssl;
3256
3257 /* Calling this function inhibits default XSO autocreation. */
3258 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3259
3260 out:
3261 quic_unlock(ctx.qc);
3262 return new_s;
3263 }
3264
3265 /*
3266 * SSL_get_accept_stream_queue_len
3267 * -------------------------------
3268 */
3269 QUIC_TAKES_LOCK
3270 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3271 {
3272 QCTX ctx;
3273 size_t v;
3274
3275 if (!expect_quic_conn_only(s, &ctx))
3276 return 0;
3277
3278 quic_lock(ctx.qc);
3279
3280 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3281
3282 quic_unlock(ctx.qc);
3283 return v;
3284 }
3285
3286 /*
3287 * SSL_stream_reset
3288 * ----------------
3289 */
3290 int ossl_quic_stream_reset(SSL *ssl,
3291 const SSL_STREAM_RESET_ARGS *args,
3292 size_t args_len)
3293 {
3294 QCTX ctx;
3295 QUIC_STREAM_MAP *qsm;
3296 QUIC_STREAM *qs;
3297 uint64_t error_code;
3298 int ok, err;
3299
3300 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3301 return 0;
3302
3303 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3304 qs = ctx.xso->stream;
3305 error_code = (args != NULL ? args->quic_error_code : 0);
3306
3307 if (!quic_validate_for_write(ctx.xso, &err)) {
3308 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3309 goto err;
3310 }
3311
3312 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3313
3314 err:
3315 quic_unlock(ctx.qc);
3316 return ok;
3317 }
3318
3319 /*
3320 * SSL_get_stream_read_state
3321 * -------------------------
3322 */
3323 static void quic_classify_stream(QUIC_CONNECTION *qc,
3324 QUIC_STREAM *qs,
3325 int is_write,
3326 int *state,
3327 uint64_t *app_error_code)
3328 {
3329 int local_init;
3330 uint64_t final_size;
3331
3332 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3333
3334 if (app_error_code != NULL)
3335 *app_error_code = UINT64_MAX;
3336 else
3337 app_error_code = &final_size; /* throw away value */
3338
3339 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3340 /*
3341 * Unidirectional stream and this direction of transmission doesn't
3342 * exist.
3343 */
3344 *state = SSL_STREAM_STATE_WRONG_DIR;
3345 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3346 /* Connection already closed. */
3347 *state = SSL_STREAM_STATE_CONN_CLOSED;
3348 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3349 /* Application has read a FIN. */
3350 *state = SSL_STREAM_STATE_FINISHED;
3351 } else if ((!is_write && qs->stop_sending)
3352 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3353 /*
3354 * Stream has been reset locally. FIN takes precedence over this for the
3355 * read case as the application need not care if the stream is reset
3356 * after a FIN has been successfully processed.
3357 */
3358 *state = SSL_STREAM_STATE_RESET_LOCAL;
3359 *app_error_code = !is_write
3360 ? qs->stop_sending_aec
3361 : qs->reset_stream_aec;
3362 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3363 || (is_write && qs->peer_stop_sending)) {
3364 /*
3365 * Stream has been reset remotely. */
3366 *state = SSL_STREAM_STATE_RESET_REMOTE;
3367 *app_error_code = !is_write
3368 ? qs->peer_reset_stream_aec
3369 : qs->peer_stop_sending_aec;
3370 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3371 &final_size)) {
3372 /*
3373 * Stream has been finished. Stream reset takes precedence over this for
3374 * the write case as peer may not have received all data.
3375 */
3376 *state = SSL_STREAM_STATE_FINISHED;
3377 } else {
3378 /* Stream still healthy. */
3379 *state = SSL_STREAM_STATE_OK;
3380 }
3381 }
3382
3383 static int quic_get_stream_state(SSL *ssl, int is_write)
3384 {
3385 QCTX ctx;
3386 int state;
3387
3388 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3389 return SSL_STREAM_STATE_NONE;
3390
3391 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3392 quic_unlock(ctx.qc);
3393 return state;
3394 }
3395
3396 int ossl_quic_get_stream_read_state(SSL *ssl)
3397 {
3398 return quic_get_stream_state(ssl, /*is_write=*/0);
3399 }
3400
3401 /*
3402 * SSL_get_stream_write_state
3403 * --------------------------
3404 */
3405 int ossl_quic_get_stream_write_state(SSL *ssl)
3406 {
3407 return quic_get_stream_state(ssl, /*is_write=*/1);
3408 }
3409
3410 /*
3411 * SSL_get_stream_read_error_code
3412 * ------------------------------
3413 */
3414 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3415 uint64_t *app_error_code)
3416 {
3417 QCTX ctx;
3418 int state;
3419
3420 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3421 return -1;
3422
3423 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3424 &state, app_error_code);
3425
3426 quic_unlock(ctx.qc);
3427 switch (state) {
3428 case SSL_STREAM_STATE_FINISHED:
3429 return 0;
3430 case SSL_STREAM_STATE_RESET_LOCAL:
3431 case SSL_STREAM_STATE_RESET_REMOTE:
3432 return 1;
3433 default:
3434 return -1;
3435 }
3436 }
3437
3438 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3439 {
3440 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3441 }
3442
3443 /*
3444 * SSL_get_stream_write_error_code
3445 * -------------------------------
3446 */
3447 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3448 {
3449 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3450 }
3451
3452 /*
3453 * Write buffer size mutation
3454 * --------------------------
3455 */
3456 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3457 {
3458 int ret = 0;
3459 QCTX ctx;
3460
3461 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3462 return 0;
3463
3464 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3465 /* Called on a unidirectional receive-only stream - error. */
3466 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3467 goto out;
3468 }
3469
3470 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3471 /*
3472 * If the stream has a send part but we have disposed of it because we
3473 * no longer need it, this is a no-op.
3474 */
3475 ret = 1;
3476 goto out;
3477 }
3478
3479 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3480 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3481 goto out;
3482 }
3483
3484 ret = 1;
3485
3486 out:
3487 quic_unlock(ctx.qc);
3488 return ret;
3489 }
3490
3491 /*
3492 * SSL_get_conn_close_info
3493 * -----------------------
3494 */
3495 int ossl_quic_get_conn_close_info(SSL *ssl,
3496 SSL_CONN_CLOSE_INFO *info,
3497 size_t info_len)
3498 {
3499 QCTX ctx;
3500 const QUIC_TERMINATE_CAUSE *tc;
3501
3502 if (!expect_quic_conn_only(ssl, &ctx))
3503 return -1;
3504
3505 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3506 if (tc == NULL)
3507 return 0;
3508
3509 info->error_code = tc->error_code;
3510 info->frame_type = tc->frame_type;
3511 info->reason = tc->reason;
3512 info->reason_len = tc->reason_len;
3513 info->flags = 0;
3514 if (!tc->remote)
3515 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3516 if (!tc->app)
3517 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3518 return 1;
3519 }
3520
3521 /*
3522 * SSL_key_update
3523 * --------------
3524 */
3525 int ossl_quic_key_update(SSL *ssl, int update_type)
3526 {
3527 QCTX ctx;
3528
3529 if (!expect_quic_conn_only(ssl, &ctx))
3530 return 0;
3531
3532 switch (update_type) {
3533 case SSL_KEY_UPDATE_NOT_REQUESTED:
3534 /*
3535 * QUIC signals peer key update implicily by triggering a local
3536 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3537 */
3538 case SSL_KEY_UPDATE_REQUESTED:
3539 break;
3540
3541 default:
3542 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3543 return 0;
3544 }
3545
3546 quic_lock(ctx.qc);
3547
3548 /* Attempt to perform a TXKU. */
3549 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3550 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3551 quic_unlock(ctx.qc);
3552 return 0;
3553 }
3554
3555 quic_unlock(ctx.qc);
3556 return 1;
3557 }
3558
3559 /*
3560 * SSL_get_key_update_type
3561 * -----------------------
3562 */
3563 int ossl_quic_get_key_update_type(const SSL *s)
3564 {
3565 /*
3566 * We always handle key updates immediately so a key update is never
3567 * pending.
3568 */
3569 return SSL_KEY_UPDATE_NONE;
3570 }
3571
3572 /*
3573 * QUIC Front-End I/O API: SSL_CTX Management
3574 * ==========================================
3575 */
3576
3577 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3578 {
3579 switch (cmd) {
3580 default:
3581 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3582 }
3583 }
3584
3585 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3586 {
3587 QCTX ctx;
3588
3589 if (!expect_quic_conn_only(s, &ctx))
3590 return 0;
3591
3592 switch (cmd) {
3593 case SSL_CTRL_SET_MSG_CALLBACK:
3594 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3595 &ctx.qc->ssl);
3596 /* This callback also needs to be set on the internal SSL object */
3597 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3598
3599 default:
3600 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3601 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3602 }
3603 }
3604
3605 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3606 {
3607 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3608 }
3609
3610 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3611 {
3612 /* We never do renegotiation. */
3613 return 0;
3614 }
3615
3616 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3617 {
3618 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3619
3620 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3621 return NULL;
3622
3623 return ciph;
3624 }
3625
3626 /*
3627 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3628 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3629 */
3630
3631 int ossl_quic_num_ciphers(void)
3632 {
3633 return 0;
3634 }
3635
3636 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3637 {
3638 return NULL;
3639 }
3640
3641 /*
3642 * SSL_get_shutdown()
3643 * ------------------
3644 */
3645 int ossl_quic_get_shutdown(const SSL *s)
3646 {
3647 QCTX ctx;
3648 int shut = 0;
3649
3650 if (!expect_quic_conn_only(s, &ctx))
3651 return 0;
3652
3653 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
3654 shut |= SSL_SENT_SHUTDOWN;
3655 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
3656 shut |= SSL_RECEIVED_SHUTDOWN;
3657 }
3658
3659 return shut;
3660 }
3661
3662 /*
3663 * Internal Testing APIs
3664 * =====================
3665 */
3666
3667 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3668 {
3669 QCTX ctx;
3670
3671 if (!expect_quic_conn_only(s, &ctx))
3672 return NULL;
3673
3674 return ctx.qc->ch;
3675 }
A mirror of the official openssl repository