]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add a test for the new QUIC tracing capability
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b
TM		 1/*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
18#include "internal/time.h"
99e1cc7b 19
faa3a180
HL		 20typedef struct qctx_st QCTX;
21
cb5c208b 22static void aon_write_finish(QUIC_XSO *xso);
23c04709 23static int create_channel(QUIC_CONNECTION *qc);
21c80696 24static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 25static int qc_try_create_default_xso_for_write(QCTX *ctx);
26static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 27static void quic_lock(QUIC_CONNECTION *qc);
28static void quic_unlock(QUIC_CONNECTION *qc);
faa3a180 29static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 30static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 33static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
faa3a180 35static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
22d53c88
HL		 36
37/*
38 * QUIC Front-End I/O API: Common Utilities
39 * ========================================
40 */
41
42/*
43 * Block until a predicate is met.
44 *
45 * Precondition: Must have a channel.
d7b1fadd 46 * Precondition: Must hold channel lock (unchecked).
22d53c88 47 */
d7b1fadd 48QUIC_NEEDS_LOCK
22d53c88
HL		 49static int block_until_pred(QUIC_CONNECTION *qc,
50 int (*pred)(void *arg), void *pred_arg,
51 uint32_t flags)
52{
53 QUIC_REACTOR *rtor;
54
55 assert(qc->ch != NULL);
56
57 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 58 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 59 qc->mutex);
22d53c88
HL		 60}
61
faa3a180
HL		 62/*
63 * QCTX is a utility structure which provides information we commonly wish to
64 * unwrap upon an API call being dispatched to us, namely:
65 *
66 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
67 * was passed);
68 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
69 * a QCSO with a default stream was passed);
70 * - whether a QSSO was passed (xso == NULL must not be used to determine this
71 * because it may be non-NULL when a QCSO is passed if that QCSO has a
72 * default stream).
73 */
74struct qctx_st {
75 QUIC_CONNECTION *qc;
76 QUIC_XSO *xso;
77 int is_stream;
78};
79
22d53c88
HL		 80/*
81 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 82 * rather than via ERR. Note that normal errors must always be raised while
83 * holding a lock.
22d53c88 84 */
faa3a180
HL		 85QUIC_NEEDS_LOCK
86static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 87 int err)
88{
faa3a180
HL		 89 if (ctx->is_stream)
90 ctx->xso->last_error = err;
91 else
92 ctx->qc->last_error = err;
93
22d53c88
HL		 94 return 0;
95}
96
97/*
98 * Raise a 'non-normal' error, meaning any error that is not reported via
99 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 100 *
101 * qc should be provided if available. In exceptional circumstances when qc is
102 * not known NULL may be passed. This should generally only happen when an
103 * expect_...() function defined below fails, which generally indicates a
104 * dispatch error or caller error.
faa3a180
HL		 105 *
106 * ctx should be NULL if the connection lock is not held.
22d53c88 107 */
faa3a180 108static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 109 const char *file,
110 int line,
111 const char *func,
112 int reason,
113 const char *fmt,
114 ...)
115{
116 va_list args;
117
118 ERR_new();
119 ERR_set_debug(file, line, func);
120
121 va_start(args, fmt);
122 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
123 va_end(args);
124
faa3a180
HL		 125 if (ctx != NULL) {
126 if (ctx->is_stream && ctx->xso != NULL)
127 ctx->xso->last_error = SSL_ERROR_SSL;
128 else if (!ctx->is_stream && ctx->qc != NULL)
129 ctx->qc->last_error = SSL_ERROR_SSL;
130 }
e88cdb8e 131
22d53c88
HL		 132 return 0;
133}
134
faa3a180
HL		 135#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
136 quic_raise_normal_error((ctx), (err))
22d53c88 137
faa3a180
HL		 138#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
139 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 140 OPENSSL_FILE, OPENSSL_LINE, \
141 OPENSSL_FUNC, \
142 (reason), \
143 (msg))
144
e88cdb8e
HL		 145/*
146 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
147 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
148 *
149 * After this returns 1, all fields of the passed QCTX are initialised.
150 * Returns 0 on failure. This function is intended to be used to provide API
151 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 152 */
e88cdb8e 153static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 154{
e88cdb8e
HL		 155 QUIC_CONNECTION *qc;
156 QUIC_XSO *xso;
157
158 ctx->qc = NULL;
159 ctx->xso = NULL;
160 ctx->is_stream = 0;
161
162 if (s == NULL)
8b7be3aa 163 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 164
e88cdb8e
HL		 165 switch (s->type) {
166 case SSL_TYPE_QUIC_CONNECTION:
167 qc = (QUIC_CONNECTION *)s;
168 ctx->qc = qc;
cb5c208b 169 ctx->xso = qc->default_xso;
e88cdb8e
HL		 170 ctx->is_stream = 0;
171 return 1;
172
173 case SSL_TYPE_QUIC_XSO:
174 xso = (QUIC_XSO *)s;
cb5c208b 175 ctx->qc = xso->conn;
e88cdb8e
HL		 176 ctx->xso = xso;
177 ctx->is_stream = 1;
178 return 1;
179
180 default:
181 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
182 }
183}
184
185/*
186 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
187 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
188 * stream.
21c80696
HL		 189 *
190 * remote_init determines if we expect the default XSO to be remotely created or
191 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 192 *
193 * Channel mutex is acquired and retained on success.
e88cdb8e 194 */
8b7be3aa
HL		 195QUIC_ACQUIRES_LOCK
196static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
197 QCTX *ctx)
e88cdb8e
HL		 198{
199 if (!expect_quic(s, ctx))
200 return 0;
201
8b7be3aa
HL		 202 quic_lock(ctx->qc);
203
21c80696 204 if (ctx->xso == NULL && remote_init >= 0) {
8b7be3aa 205 if (ossl_quic_channel_is_term_any(ctx->qc->ch)) {
faa3a180 206 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 207 goto err;
208 }
209
210 /* If we haven't finished the handshake, try to advance it. */
faa3a180 211 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 212 /* ossl_quic_do_handshake raised error here */
213 goto err;
214
215 if (remote_init == 0) {
faa3a180 216 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 217 goto err;
218 } else {
faa3a180 219 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 220 goto err;
221 }
222
21c80696
HL		 223 ctx->xso = ctx->qc->default_xso;
224 }
225
8b7be3aa 226 if (ctx->xso == NULL) {
faa3a180 227 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 228 goto err;
229 }
230
231 return 1; /* lock held */
e88cdb8e 232
8b7be3aa
HL		 233err:
234 quic_unlock(ctx->qc);
235 return 0;
e88cdb8e 236}
22d53c88 237
e88cdb8e
HL		 238/*
239 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
240 * be non-NULL if the QCSO has a default stream.
241 */
23c04709 242static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
e88cdb8e
HL		 243{
244 if (!expect_quic(s, ctx))
245 return 0;
246
247 if (ctx->is_stream)
faa3a180 248 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 249
250 return 1;
22d53c88
HL		 251}
252
4847599b
HL		 253/*
254 * Ensures that the channel mutex is held for a method which touches channel
255 * state.
256 *
257 * Precondition: Channel mutex is not held (unchecked)
258 */
20f45743 259static void quic_lock(QUIC_CONNECTION *qc)
4847599b 260{
629b408c 261#if defined(OPENSSL_THREADS)
ffce2946 262 ossl_crypto_mutex_lock(qc->mutex);
629b408c 263#endif
4847599b
HL		 264}
265
266/* Precondition: Channel mutex is held (unchecked) */
267QUIC_NEEDS_LOCK
268static void quic_unlock(QUIC_CONNECTION *qc)
269{
629b408c 270#if defined(OPENSSL_THREADS)
ffce2946 271 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 272#endif
4847599b
HL		 273}
274
275
22d53c88
HL		 276/*
277 * QUIC Front-End I/O API: Initialization
278 * ======================================
279 *
280 * SSL_new => ossl_quic_new
281 * ossl_quic_init
282 * SSL_reset => ossl_quic_reset
283 * SSL_clear => ossl_quic_clear
284 * ossl_quic_deinit
285 * SSL_free => ossl_quic_free
286 *
287 */
288
289/* SSL_new */
38b051a1
TM		 290SSL *ossl_quic_new(SSL_CTX *ctx)
291{
22d53c88
HL		 292 QUIC_CONNECTION *qc = NULL;
293 SSL *ssl_base = NULL;
a7f41885 294 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 295
296 qc = OPENSSL_zalloc(sizeof(*qc));
297 if (qc == NULL)
298 goto err;
299
22d53c88
HL		 300 /* Initialise the QUIC_CONNECTION's stub header. */
301 ssl_base = &qc->ssl;
a7f41885 302 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 303 ssl_base = NULL;
38b051a1
TM		 304 goto err;
305 }
38b051a1 306
4e3a55fd 307 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
a7f41885
MC		 308 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
309 goto err;
a7f41885 310
629b408c 311#if defined(OPENSSL_THREADS)
ffce2946 312 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
4847599b 313 goto err;
629b408c 314#endif
4847599b 315
629b408c 316#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 317 qc->is_thread_assisted
318 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 319#endif
f2f7c4f1 320
dfb9ae14
HL		 321 qc->as_server = 0; /* TODO(QUIC): server support */
322 qc->as_server_state = qc->as_server;
323
8b7be3aa 324 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696
HL		 325 qc->default_ssl_mode = qc->ssl.ctx->mode;
326 qc->default_blocking = 1;
83df44ae 327 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 328 qc->last_error = SSL_ERROR_NONE;
63dfde87
MC		 329 qc->msg_callback = ctx->msg_callback;
330 qc->msg_callback_arg = ctx->msg_callback_arg;
331 qc->msg_callback_s = ssl_base;
a7f41885 332
23c04709
HL		 333 if (!create_channel(qc))
334 goto err;
335
995ff282
HL		 336 qc_update_reject_policy(qc);
337
21c80696
HL		 338 /*
339 * We do not create the default XSO yet. The reason for this is that the
340 * stream ID of the default XSO will depend on whether the stream is client
341 * or server-initiated, which depends on who transmits first. Since we do
342 * not know whether the application will be using a client-transmits-first
343 * or server-transmits-first protocol, we defer default XSO creation until
344 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
345 * we take that as a cue that the client is expecting a server-initiated
346 * stream, and vice versa if SSL_write() is called first.
347 */
22d53c88
HL		 348 return ssl_base;
349
38b051a1 350err:
2dbc39de 351 if (qc != NULL) {
629b408c
HL		 352#if defined(OPENSSL_THREADS)
353 ossl_crypto_mutex_free(qc->mutex);
354#endif
2dbc39de
HL		 355 ossl_quic_channel_free(qc->ch);
356 SSL_free(qc->tls);
357 }
22d53c88 358 OPENSSL_free(qc);
38b051a1
TM		 359 return NULL;
360}
361
22d53c88 362/* SSL_free */
a8489257 363QUIC_TAKES_LOCK
22d53c88
HL		 364void ossl_quic_free(SSL *s)
365{
072328dd 366 QCTX ctx;
9cab4bd5 367 int is_default;
22d53c88 368
072328dd
HL		 369 /* We should never be called on anything but a QSO. */
370 if (!expect_quic(s, &ctx))
22d53c88
HL		 371 return;
372
22b1a96f
HL		 373 quic_lock(ctx.qc);
374
2dbc39de
HL		 375 if (ctx.is_stream) {
376 /*
377 * When a QSSO is freed, the XSO is freed immediately, because the XSO
378 * itself only contains API personality layer data. However the
379 * underlying QUIC_STREAM is not freed immediately but is instead marked
380 * as deleted for later collection.
381 */
382
2dbc39de
HL		 383 assert(ctx.qc->num_xso > 0);
384 --ctx.qc->num_xso;
385
9aaafc26
HL		 386 /* If a stream's send part has not been finished, auto-reset it. */
387 if (ctx.xso->stream->sstream != NULL
388 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
389 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
390 ctx.xso->stream, 0);
2dbc39de 391
9aaafc26
HL		 392 /* Do STOP_SENDING for the receive part, if applicable. */
393 if (ctx.xso->stream->rstream != NULL)
394 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
395 ctx.xso->stream, 0);
f20fdd16
HL		 396
397 /* Update stream state. */
9aaafc26
HL		 398 ctx.xso->stream->deleted = 1;
399 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 400 ctx.xso->stream);
401
9cab4bd5 402 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 403 quic_unlock(ctx.qc);
404
9cab4bd5
HL		 405 /*
406 * Unref the connection in most cases; the XSO has a ref to the QC and
407 * not vice versa. But for a default XSO, to avoid circular references,
408 * the QC refs the XSO but the XSO does not ref the QC. If we are the
409 * default XSO, we only get here when the QC is being torn down anyway,
410 * so don't call SSL_free(qc) as we are already in it.
411 */
412 if (!is_default)
413 SSL_free(&ctx.qc->ssl);
414
2dbc39de
HL		 415 /* Note: SSL_free calls OPENSSL_free(xso) for us */
416 return;
417 }
418
2dbc39de
HL		 419 /*
420 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
421 * stage, but is freed during the channel free when the whole QSM is freed.
422 */
21c80696
HL		 423 if (ctx.qc->default_xso != NULL) {
424 QUIC_XSO *xso = ctx.qc->default_xso;
425
426 quic_unlock(ctx.qc);
427 SSL_free(&xso->ssl);
428 quic_lock(ctx.qc);
9cab4bd5 429 ctx.qc->default_xso = NULL;
21c80696 430 }
2dbc39de
HL		 431
432 /* Ensure we have no remaining XSOs. */
433 assert(ctx.qc->num_xso == 0);
434
629b408c 435#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 436 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
437 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
438 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 439 }
629b408c 440#endif
f2f7c4f1 441
072328dd 442 ossl_quic_channel_free(ctx.qc->ch);
22d53c88 443
072328dd
HL		 444 BIO_free(ctx.qc->net_rbio);
445 BIO_free(ctx.qc->net_wbio);
d1ac77b1 446
22d53c88 447 /* Note: SSL_free calls OPENSSL_free(qc) for us */
a7f41885 448
072328dd 449 SSL_free(ctx.qc->tls);
45b7c7e0 450 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 451#if defined(OPENSSL_THREADS)
45b7c7e0 452 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 453#endif
22d53c88
HL		 454}
455
456/* SSL method init */
38b051a1 457int ossl_quic_init(SSL *s)
99e1cc7b 458{
22d53c88
HL		 459 /* Same op as SSL_clear, forward the call. */
460 return ossl_quic_clear(s);
99e1cc7b
TM		 461}
462
22d53c88 463/* SSL method deinit */
38b051a1
TM		 464void ossl_quic_deinit(SSL *s)
465{
22d53c88 466 /* No-op. */
38b051a1
TM		 467}
468
22d53c88
HL		 469/* SSL_reset */
470int ossl_quic_reset(SSL *s)
471{
072328dd 472 QCTX ctx;
22d53c88 473
072328dd 474 if (!expect_quic(s, &ctx))
22d53c88
HL		 475 return 0;
476
c8b3fdc2 477 /* TODO(QUIC); Currently a no-op. */
22d53c88
HL		 478 return 1;
479}
480
481/* SSL_clear */
482int ossl_quic_clear(SSL *s)
99e1cc7b 483{
072328dd 484 QCTX ctx;
38b051a1 485
072328dd 486 if (!expect_quic(s, &ctx))
22d53c88
HL		 487 return 0;
488
c8b3fdc2 489 /* TODO(QUIC): Currently a no-op. */
22d53c88
HL		 490 return 1;
491}
38b051a1 492
b212d554
HL		 493void ossl_quic_conn_set_override_now_cb(SSL *s,
494 OSSL_TIME (*now_cb)(void *arg),
495 void *now_cb_arg)
496{
072328dd 497 QCTX ctx;
b212d554 498
072328dd
HL		 499 if (!expect_quic(s, &ctx))
500 return;
501
502 ctx.qc->override_now_cb = now_cb;
503 ctx.qc->override_now_cb_arg = now_cb_arg;
b212d554
HL		 504}
505
3b1ab5a3
HL		 506void ossl_quic_conn_force_assist_thread_wake(SSL *s)
507{
072328dd
HL		 508 QCTX ctx;
509
510 if (!expect_quic(s, &ctx))
511 return;
3b1ab5a3 512
629b408c 513#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 514 if (ctx.qc->is_thread_assisted && ctx.qc->started)
515 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 516#endif
3b1ab5a3
HL		 517}
518
995ff282
HL		 519QUIC_NEEDS_LOCK
520static void qc_touch_default_xso(QUIC_CONNECTION *qc)
521{
522 qc->default_xso_created = 1;
523 qc_update_reject_policy(qc);
524}
525
9cab4bd5
HL		 526/*
527 * Changes default XSO. Allows caller to keep reference to the old default XSO
528 * (if any). Reference to new XSO is transferred from caller.
529 */
995ff282 530QUIC_NEEDS_LOCK
9cab4bd5
HL		 531static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
532 int touch,
533 QUIC_XSO **old_xso)
995ff282 534{
9cab4bd5
HL		 535 int refs;
536
537 *old_xso = NULL;
538
539 if (qc->default_xso != xso) {
540 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
541
542 qc->default_xso = xso;
543
544 if (xso == NULL) {
545 /*
546 * Changing to not having a default XSO. XSO becomes standalone and
547 * now has a ref to the QC.
548 */
549 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
550 return;
551 } else {
552 /*
553 * Changing from not having a default XSO to having one. The new XSO
554 * will have had a reference to the QC we need to drop to avoid a
555 * circular reference.
3a61a96c
HL		 556 *
557 * Currently we never change directly from one default XSO to
558 * another, though this function would also still be correct if this
559 * weren't the case.
9cab4bd5 560 */
3a61a96c
HL		 561 assert(*old_xso == NULL);
562
9cab4bd5
HL		 563 CRYPTO_DOWN_REF(&qc->ssl.references, &refs, &qc->ssl.lock);
564 assert(refs > 0);
565 }
566 }
567
995ff282
HL		 568 if (touch)
569 qc_touch_default_xso(qc);
570}
571
9cab4bd5
HL		 572/*
573 * Changes default XSO, releasing the reference to any previous default XSO.
574 * Reference to new XSO is transferred from caller.
575 */
576QUIC_NEEDS_LOCK
577static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
578{
579 QUIC_XSO *old_xso = NULL;
580
581 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
582
583 if (old_xso != NULL)
584 SSL_free(&old_xso->ssl);
585}
586
22d53c88
HL		 587/*
588 * QUIC Front-End I/O API: Network BIO Configuration
589 * =================================================
590 *
591 * Handling the different BIOs is difficult:
592 *
593 * - It is more or less a requirement that we use non-blocking network I/O;
594 * we need to be able to have timeouts on recv() calls, and make best effort
595 * (non blocking) send() and recv() calls.
596 *
597 * The only sensible way to do this is to configure the socket into
598 * non-blocking mode. We could try to do select() before calling send() or
599 * recv() to get a guarantee that the call will not block, but this will
600 * probably run into issues with buggy OSes which generate spurious socket
601 * readiness events. In any case, relying on this to work reliably does not
602 * seem sane.
603 *
604 * Timeouts could be handled via setsockopt() socket timeout options, but
605 * this depends on OS support and adds another syscall to every network I/O
606 * operation. It also has obvious thread safety concerns if we want to move
607 * to concurrent use of a single socket at some later date.
608 *
609 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
610 * be made non-blocking. However some OSes (e.g. Windows) do not support
611 * this, so we cannot rely on this.
612 *
613 * As such, we need to configure any FD in non-blocking mode. This may
614 * confound users who pass a blocking socket to libssl. However, in practice
615 * it would be extremely strange for a user of QUIC to pass an FD to us,
616 * then also try and send receive traffic on the same socket(!). Thus the
617 * impact of this should be limited, and can be documented.
618 *
619 * - We support both blocking and non-blocking operation in terms of the API
620 * presented to the user. One prospect is to set the blocking mode based on
621 * whether the socket passed to us was already in blocking mode. However,
622 * Windows has no API for determining if a socket is in blocking mode (!),
623 * therefore this cannot be done portably. Currently therefore we expose an
624 * explicit API call to set this, and default to blocking mode.
625 *
626 * - We need to determine our initial destination UDP address. The "natural"
627 * way for a user to do this is to set the peer variable on a BIO_dgram.
628 * However, this has problems because BIO_dgram's peer variable is used for
629 * both transmission and reception. This means it can be constantly being
630 * changed to a malicious value (e.g. if some random unrelated entity on the
631 * network starts sending traffic to us) on every read call. This is not a
632 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
633 * calls only, which do not use this variable. However, we do need to let
634 * the user specify the peer in a 'normal' manner. The compromise here is
635 * that we grab the current peer value set at the time the write BIO is set
636 * and do not read the value again.
637 *
638 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
639 * Currently we do this by only supporting non-blocking mode.
640 *
641 */
642
643/*
644 * Determines what initial destination UDP address we should use, if possible.
645 * If this fails the client must set the destination address manually, or use a
646 * BIO which does not need a destination address.
647 */
648static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
649{
75b2920a 650 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
22d53c88
HL		 651 return 0;
652
653 return 1;
654}
655
072328dd 656void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 657{
072328dd
HL		 658 QCTX ctx;
659
660 if (!expect_quic(s, &ctx))
661 return;
662
663 if (ctx.qc->net_rbio == net_rbio)
38b051a1 664 return;
38b051a1 665
23c04709 666 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
22d53c88
HL		 667 return;
668
072328dd
HL		 669 BIO_free(ctx.qc->net_rbio);
670 ctx.qc->net_rbio = net_rbio;
22d53c88
HL		 671
672 /*
673 * If what we have is not pollable (e.g. a BIO_dgram_pair) disable blocking
674 * mode as we do not support it for non-pollable BIOs.
675 */
676 if (net_rbio != NULL) {
677 BIO_POLL_DESCRIPTOR d = {0};
678
679 if (!BIO_get_rpoll_descriptor(net_rbio, &d)
680 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 681 ctx.qc->blocking = 0;
682 ctx.qc->default_blocking = 0;
072328dd 683 ctx.qc->can_poll_net_rbio = 0;
22d53c88 684 } else {
072328dd 685 ctx.qc->can_poll_net_rbio = 1;
22d53c88
HL		 686 }
687 }
99e1cc7b
TM		 688}
689
072328dd 690void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 691{
072328dd
HL		 692 QCTX ctx;
693
694 if (!expect_quic(s, &ctx))
22d53c88
HL		 695 return;
696
072328dd 697 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 698 return;
699
23c04709 700 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
072328dd
HL		 701 return;
702
703 BIO_free(ctx.qc->net_wbio);
704 ctx.qc->net_wbio = net_wbio;
22d53c88
HL		 705
706 if (net_wbio != NULL) {
707 BIO_POLL_DESCRIPTOR d = {0};
38b051a1 708
22d53c88
HL		 709 if (!BIO_get_wpoll_descriptor(net_wbio, &d)
710 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
cb5c208b
HL		 711 ctx.qc->blocking = 0;
712 ctx.qc->default_blocking = 0;
072328dd 713 ctx.qc->can_poll_net_wbio = 0;
22d53c88 714 } else {
072328dd 715 ctx.qc->can_poll_net_wbio = 1;
22d53c88 716 }
38b051a1 717
22d53c88
HL		 718 /*
719 * If we do not have a peer address yet, and we have not started trying
720 * to connect yet, try to autodetect one.
721 */
072328dd
HL		 722 if (BIO_ADDR_family(&ctx.qc->init_peer_addr) == AF_UNSPEC
723 && !ctx.qc->started) {
724 if (!csm_analyse_init_peer_addr(net_wbio, &ctx.qc->init_peer_addr))
22d53c88 725 /* best effort */
072328dd 726 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88 727
23c04709
HL		 728 ossl_quic_channel_set_peer_addr(ctx.qc->ch,
729 &ctx.qc->init_peer_addr);
22d53c88 730 }
38b051a1 731 }
22d53c88 732}
38b051a1 733
072328dd 734BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 735{
072328dd
HL		 736 QCTX ctx;
737
738 if (!expect_quic(s, &ctx))
739 return NULL;
740
741 return ctx.qc->net_rbio;
38b051a1
TM		 742}
743
072328dd 744BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 745{
072328dd
HL		 746 QCTX ctx;
747
748 if (!expect_quic(s, &ctx))
749 return NULL;
750
751 return ctx.qc->net_wbio;
22d53c88
HL		 752}
753
072328dd 754int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 755{
072328dd
HL		 756 QCTX ctx;
757
758 if (!expect_quic(s, &ctx))
759 return 0;
760
cb5c208b
HL		 761 if (ctx.is_stream)
762 return ctx.xso->blocking;
763
072328dd 764 return ctx.qc->blocking;
22d53c88
HL		 765}
766
072328dd 767int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 768{
072328dd
HL		 769 QCTX ctx;
770
771 if (!expect_quic(s, &ctx))
772 return 0;
773
22d53c88
HL		 774 /* Cannot enable blocking mode if we do not have pollable FDs. */
775 if (blocking != 0 &&
072328dd 776 (!ctx.qc->can_poll_net_rbio || !ctx.qc->can_poll_net_wbio))
faa3a180 777 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
22d53c88 778
cb5c208b
HL		 779 if (!ctx.is_stream) {
780 /*
781 * If called on a QCSO, update default and connection-level blocking
782 * modes.
783 */
784 ctx.qc->blocking = (blocking != 0);
785 ctx.qc->default_blocking = ctx.qc->blocking;
786 }
787
788 if (ctx.xso != NULL)
789 /*
790 * If called on a QSSO or QCSO with a default XSO, update blocking
791 * mode.
792 */
793 ctx.xso->blocking = (blocking != 0);
794
99e1cc7b
TM		 795 return 1;
796}
797
072328dd 798int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 799 const BIO_ADDR *peer_addr)
99e1cc7b 800{
072328dd
HL		 801 QCTX ctx;
802
803 if (!expect_quic(s, &ctx))
804 return 0;
805
806 if (ctx.qc->started)
faa3a180 807 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
22d53c88 808 NULL);
38b051a1 809
22d53c88 810 if (peer_addr == NULL) {
072328dd 811 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 812 return 1;
813 }
38b051a1 814
072328dd 815 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 816 return 1;
817}
818
22d53c88
HL		 819/*
820 * QUIC Front-End I/O API: Asynchronous I/O Management
821 * ===================================================
822 *
823 * (BIO/)SSL_tick => ossl_quic_tick
824 * (BIO/)SSL_get_tick_timeout => ossl_quic_get_tick_timeout
825 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
826 *
827 */
828
829/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 830static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 831{
22d53c88
HL		 832 return qc->blocking;
833}
38b051a1 834
cb5c208b
HL		 835static int xso_blocking_mode(const QUIC_XSO *xso)
836{
837 return xso->blocking
838 && xso->conn->can_poll_net_rbio
839 && xso->conn->can_poll_net_wbio;
840}
841
22d53c88 842/* SSL_tick; ticks the reactor. */
a8489257 843QUIC_TAKES_LOCK
072328dd 844int ossl_quic_tick(SSL *s)
22d53c88 845{
072328dd
HL		 846 QCTX ctx;
847
848 if (!expect_quic(s, &ctx))
849 return 0;
850
851 quic_lock(ctx.qc);
072328dd
HL		 852 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
853 quic_unlock(ctx.qc);
99e1cc7b
TM		 854 return 1;
855}
856
22d53c88
HL		 857/*
858 * SSL_get_tick_timeout. Get the time in milliseconds until the SSL object
859 * should be ticked by the application by calling SSL_tick(). tv is set to 0 if
860 * the object should be ticked immediately and tv->tv_sec is set to -1 if no
861 * timeout is currently active.
862 */
a8489257 863QUIC_TAKES_LOCK
072328dd 864int ossl_quic_get_tick_timeout(SSL *s, struct timeval *tv)
99e1cc7b 865{
072328dd 866 QCTX ctx;
a1660c94 867 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 868
072328dd
HL		 869 if (!expect_quic(s, &ctx))
870 return 0;
a8489257 871
072328dd
HL		 872 quic_lock(ctx.qc);
873
23c04709
HL		 874 deadline
875 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 876
877 if (ossl_time_is_infinite(deadline)) {
878 tv->tv_sec = -1;
879 tv->tv_usec = 0;
072328dd 880 quic_unlock(ctx.qc);
22d53c88
HL		 881 return 1;
882 }
883
a1660c94 884 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, ossl_time_now()));
072328dd 885 quic_unlock(ctx.qc);
22d53c88
HL		 886 return 1;
887}
888
889/* SSL_get_rpoll_descriptor */
072328dd 890int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 891{
072328dd
HL		 892 QCTX ctx;
893
894 if (!expect_quic(s, &ctx))
e44795bd
TM		 895 return 0;
896
072328dd
HL		 897 if (desc == NULL || ctx.qc->net_rbio == NULL)
898 return 0;
899
900 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 901}
902
22d53c88 903/* SSL_get_wpoll_descriptor */
072328dd 904int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 905{
072328dd
HL		 906 QCTX ctx;
907
908 if (!expect_quic(s, &ctx))
909 return 0;
910
911 if (desc == NULL || ctx.qc->net_wbio == NULL)
22d53c88
HL		 912 return 0;
913
072328dd 914 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 915}
916
b639475a 917/* SSL_net_read_desired */
a8489257 918QUIC_TAKES_LOCK
072328dd 919int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 920{
072328dd 921 QCTX ctx;
a8489257
HL		 922 int ret;
923
072328dd
HL		 924 if (!expect_quic(s, &ctx))
925 return 0;
926
927 quic_lock(ctx.qc);
072328dd
HL		 928 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
929 quic_unlock(ctx.qc);
a8489257 930 return ret;
22d53c88 931}
e44795bd 932
b639475a 933/* SSL_net_write_desired */
a8489257 934QUIC_TAKES_LOCK
072328dd 935int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 936{
a8489257 937 int ret;
072328dd
HL		 938 QCTX ctx;
939
940 if (!expect_quic(s, &ctx))
941 return 0;
a8489257 942
072328dd 943 quic_lock(ctx.qc);
072328dd
HL		 944 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
945 quic_unlock(ctx.qc);
a8489257 946 return ret;
99e1cc7b
TM		 947}
948
22d53c88
HL		 949/*
950 * QUIC Front-End I/O API: Connection Lifecycle Operations
951 * =======================================================
952 *
953 * SSL_do_handshake => ossl_quic_do_handshake
954 * SSL_set_connect_state => ossl_quic_set_connect_state
955 * SSL_set_accept_state => ossl_quic_set_accept_state
956 * SSL_shutdown => ossl_quic_shutdown
957 * SSL_ctrl => ossl_quic_ctrl
958 * (BIO/)SSL_connect => ossl_quic_connect
959 * (BIO/)SSL_accept => ossl_quic_accept
960 *
961 */
962
963/* SSL_shutdown */
e8043229 964static int quic_shutdown_wait(void *arg)
99e1cc7b 965{
e8043229 966 QUIC_CONNECTION *qc = arg;
22d53c88 967
23c04709 968 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 969}
22d53c88 970
a8489257 971QUIC_TAKES_LOCK
072328dd 972int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 973 const SSL_SHUTDOWN_EX_ARGS *args,
974 size_t args_len)
975{
a8489257 976 int ret;
072328dd 977 QCTX ctx;
a8489257 978
072328dd
HL		 979 if (!expect_quic(s, &ctx))
980 return 0;
981
cb5c208b
HL		 982 if (ctx.is_stream)
983 /* TODO(QUIC): Semantics currently undefined for QSSOs */
984 return -1;
985
072328dd 986 quic_lock(ctx.qc);
a8489257 987
072328dd 988 ossl_quic_channel_local_close(ctx.qc->ch,
e8043229
HL		 989 args != NULL ? args->quic_error_code : 0);
990
1d40b151 991 /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
e8043229 992
072328dd
HL		 993 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
994 quic_unlock(ctx.qc);
e8043229 995 return 1;
a8489257 996 }
e8043229 997
cb5c208b 998 if (qc_blocking_mode(ctx.qc) && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0)
072328dd 999 block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
e8043229 1000 else
072328dd 1001 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
e8043229 1002
072328dd
HL		 1003 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1004 quic_unlock(ctx.qc);
a8489257 1005 return ret;
99e1cc7b
TM		 1006}
1007
22d53c88 1008/* SSL_ctrl */
e44795bd 1009long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1010{
072328dd 1011 QCTX ctx;
38b051a1 1012
072328dd 1013 if (!expect_quic(s, &ctx))
38b051a1
TM		 1014 return 0;
1015
22d53c88
HL		 1016 switch (cmd) {
1017 case SSL_CTRL_MODE:
cb5c208b
HL		 1018 /* If called on a QCSO, update the default mode. */
1019 if (!ctx.is_stream)
1020 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1021
1022 /*
1023 * If we were called on a QSSO or have a default stream, we also update
1024 * that.
1025 */
1026 if (ctx.xso != NULL) {
1027 /* Cannot enable EPW while AON write in progress. */
1028 if (ctx.xso->aon_write_in_progress)
1029 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1030
1031 ctx.xso->ssl_mode |= (uint32_t)larg;
1032 return ctx.xso->ssl_mode;
1033 }
dfc227bd 1034
cb5c208b 1035 return ctx.qc->default_ssl_mode;
22d53c88 1036 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1037 if (!ctx.is_stream)
1038 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1039
1040 if (ctx.xso != NULL) {
1041 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1042 return ctx.xso->ssl_mode;
1043 }
1044
1045 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1046
1047 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1048 ctx.qc->msg_callback_arg = parg;
1049 /* This ctrl also needs to be passed to the internal SSL object */
1050 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1051
22d53c88 1052 default:
f8ffab0d 1053 /* Probably a TLS related ctrl. Defer to our internal SSL object */
072328dd 1054 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
08e49012 1055 }
22d53c88
HL		 1056}
1057
1058/* SSL_set_connect_state */
072328dd 1059void ossl_quic_set_connect_state(SSL *s)
22d53c88 1060{
072328dd
HL		 1061 QCTX ctx;
1062
1063 if (!expect_quic(s, &ctx))
1064 return;
1065
22d53c88 1066 /* Cannot be changed after handshake started */
cb5c208b 1067 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1068 return;
1069
dfb9ae14 1070 ctx.qc->as_server_state = 0;
22d53c88
HL		 1071}
1072
1073/* SSL_set_accept_state */
072328dd 1074void ossl_quic_set_accept_state(SSL *s)
22d53c88 1075{
072328dd
HL		 1076 QCTX ctx;
1077
1078 if (!expect_quic(s, &ctx))
1079 return;
1080
22d53c88 1081 /* Cannot be changed after handshake started */
cb5c208b 1082 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1083 return;
1084
dfb9ae14 1085 ctx.qc->as_server_state = 1;
22d53c88
HL		 1086}
1087
1088/* SSL_do_handshake */
1089struct quic_handshake_wait_args {
1090 QUIC_CONNECTION *qc;
1091};
1092
1093static int quic_handshake_wait(void *arg)
1094{
1095 struct quic_handshake_wait_args *args = arg;
1096
1097 if (!ossl_quic_channel_is_active(args->qc->ch))
1098 return -1;
1099
1100 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1101 return 1;
1102
99e1cc7b
TM		 1103 return 0;
1104}
1105
22d53c88 1106static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1107{
22d53c88 1108 assert(qc->ch != NULL);
08e49012 1109
d1ac77b1
HL		 1110 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1111 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
22d53c88
HL		 1112 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1113 return 0;
1114
1115 return 1;
1116}
1117
4847599b 1118QUIC_NEEDS_LOCK
23c04709 1119static int create_channel(QUIC_CONNECTION *qc)
22d53c88
HL		 1120{
1121 QUIC_CHANNEL_ARGS args = {0};
1122
63dfde87
MC		 1123 args.libctx = qc->ssl.ctx->libctx;
1124 args.propq = qc->ssl.ctx->propq;
1125 args.is_server = qc->as_server;
1126 args.tls = qc->tls;
1127 args.mutex = qc->mutex;
1128 args.now_cb = qc->override_now_cb;
1129 args.now_cb_arg = qc->override_now_cb_arg;
1130 args.msg_callback = qc->msg_callback;
1131 args.msg_callback_arg = qc->msg_callback_arg;
1132 args.msg_callback_s = qc->msg_callback_s;
22d53c88
HL		 1133
1134 qc->ch = ossl_quic_channel_new(&args);
1135 if (qc->ch == NULL)
1136 return 0;
1137
e8043229
HL		 1138 return 1;
1139}
1140
1141/*
1142 * Creates a channel and configures it with the information we have accumulated
1143 * via calls made to us from the application prior to starting a handshake
1144 * attempt.
1145 */
4847599b 1146QUIC_NEEDS_LOCK
23c04709 1147static int ensure_channel_started(QUIC_CONNECTION *qc)
e8043229 1148{
ffce2946 1149 if (!qc->started) {
ffce2946
HL		 1150 if (!configure_channel(qc)
1151 || !ossl_quic_channel_start(qc->ch))
1152 goto err;
f2f7c4f1 1153
629b408c 1154#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946
HL		 1155 if (qc->is_thread_assisted)
1156 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch))
1157 goto err;
629b408c 1158#endif
ffce2946
HL		 1159 }
1160
22d53c88
HL		 1161 qc->started = 1;
1162 return 1;
f2f7c4f1
HL		 1163
1164err:
1165 ossl_quic_channel_free(qc->ch);
1166 qc->ch = NULL;
1167 return 0;
99e1cc7b
TM		 1168}
1169
4a530180 1170QUIC_NEEDS_LOCK
faa3a180 1171static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1172{
22d53c88 1173 int ret;
faa3a180 1174 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1175
23c04709 1176 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1177 /* Handshake already completed. */
4a530180 1178 return 1;
ca41f6b7 1179
23c04709 1180 if (ossl_quic_channel_is_term_any(qc->ch))
faa3a180 1181 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1182
ca41f6b7 1183 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
22d53c88 1184 /* Peer address must have been set. */
faa3a180 1185 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
4a530180 1186 return -1; /* Non-protocol error */
ca41f6b7 1187 }
22d53c88 1188
dfb9ae14 1189 if (qc->as_server != qc->as_server_state) {
23c04709 1190 /* TODO(QUIC): Must match the method used to create the QCSO */
faa3a180 1191 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1192 return -1; /* Non-protocol error */
ca41f6b7 1193 }
22d53c88 1194
ca41f6b7 1195 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1196 /* Need read and write BIOs. */
faa3a180 1197 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1198 return -1; /* Non-protocol error */
ca41f6b7 1199 }
22d53c88
HL		 1200
1201 /*
1202 * Start connection process. Note we may come here multiple times in
1203 * non-blocking mode, which is fine.
1204 */
23c04709 1205 if (!ensure_channel_started(qc)) {
faa3a180 1206 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1207 return -1; /* Non-protocol error */
ca41f6b7 1208 }
22d53c88 1209
4a530180 1210 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1211 /* The handshake is now done. */
4a530180 1212 return 1;
22d53c88 1213
cb5c208b 1214 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1215 /* In blocking mode, wait for the handshake to complete. */
1216 struct quic_handshake_wait_args args;
1217
1218 args.qc = qc;
1219
1220 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
ca41f6b7 1221 if (!ossl_quic_channel_is_active(qc->ch)) {
faa3a180 1222 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1223 return 0; /* Shutdown before completion */
ca41f6b7 1224 } else if (ret <= 0) {
faa3a180 1225 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1226 return -1; /* Non-protocol error */
ca41f6b7 1227 }
22d53c88
HL		 1228
1229 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1230 return 1;
22d53c88 1231 } else {
ca41f6b7 1232 /* Try to advance the reactor. */
ccd31037 1233 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
ca41f6b7 1234
4a530180 1235 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1236 /* The handshake is now done. */
4a530180 1237 return 1;
ca41f6b7 1238
22d53c88 1239 /* Otherwise, indicate that the handshake isn't done yet. */
faa3a180 1240 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
4a530180 1241 return -1; /* Non-protocol error */
22d53c88 1242 }
4a530180 1243}
a8489257 1244
4a530180 1245QUIC_TAKES_LOCK
072328dd 1246int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1247{
1248 int ret;
072328dd 1249 QCTX ctx;
4a530180 1250
072328dd
HL		 1251 if (!expect_quic(s, &ctx))
1252 return 0;
1253
1254 quic_lock(ctx.qc);
4a530180 1255
faa3a180 1256 ret = quic_do_handshake(&ctx);
072328dd 1257 quic_unlock(ctx.qc);
a8489257 1258 return ret;
99e1cc7b
TM		 1259}
1260
22d53c88
HL		 1261/* SSL_connect */
1262int ossl_quic_connect(SSL *s)
99e1cc7b 1263{
22d53c88 1264 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1265 ossl_quic_set_connect_state(s);
22d53c88
HL		 1266
1267 /* Begin or continue the handshake */
072328dd 1268 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1269}
1270
22d53c88
HL		 1271/* SSL_accept */
1272int ossl_quic_accept(SSL *s)
99e1cc7b 1273{
22d53c88 1274 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1275 ossl_quic_set_accept_state(s);
22d53c88
HL		 1276
1277 /* Begin or continue the handshake */
072328dd 1278 return ossl_quic_do_handshake(s);
99e1cc7b 1279}
e44795bd 1280
cb5c208b
HL		 1281/*
1282 * QUIC Front-End I/O API: Stream Lifecycle Operations
1283 * ===================================================
1284 *
1285 * SSL_stream_new => ossl_quic_conn_stream_new
1286 *
1287 */
21c80696
HL		 1288
1289/*
1290 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1291 * default XSO was created. Returns 0 if it was not (e.g. because it already
1292 * exists). Note that this is NOT an error condition.
1293 */
1294QUIC_NEEDS_LOCK
faa3a180 1295static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1296{
8b7be3aa 1297 uint64_t flags = 0;
faa3a180 1298 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1299
8b7be3aa
HL		 1300 if (qc->default_xso_created
1301 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1302 /*
1303 * We only do this once. If the user detaches a previously created
1304 * default XSO we don't auto-create another one.
1305 */
faa3a180 1306 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1307
8b7be3aa
HL		 1308 /* Create a locally-initiated stream. */
1309 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1310 flags |= SSL_STREAM_FLAG_UNI;
1311
faa3a180 1312 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1313 /*needs_lock=*/0),
995ff282 1314 /*touch=*/0);
8b7be3aa 1315 if (qc->default_xso == NULL)
faa3a180 1316 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1317
995ff282 1318 qc_touch_default_xso(qc);
8b7be3aa
HL		 1319 return 1;
1320}
1321
1322struct quic_wait_for_stream_args {
1323 QUIC_CONNECTION *qc;
1324 QUIC_STREAM *qs;
faa3a180 1325 QCTX *ctx;
8b7be3aa
HL		 1326 uint64_t expect_id;
1327};
1328
1329QUIC_NEEDS_LOCK
1330static int quic_wait_for_stream(void *arg)
1331{
1332 struct quic_wait_for_stream_args *args = arg;
1333
1334 if (!ossl_quic_channel_is_active(args->qc->ch)) {
1335 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1336 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1337 return -1;
1338 }
1339
1340 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1341 args->expect_id | QUIC_STREAM_DIR_BIDI);
1342 if (args->qs == NULL)
1343 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1344 args->expect_id | QUIC_STREAM_DIR_UNI);
1345
8b7be3aa
HL		 1346 if (args->qs != NULL)
1347 return 1; /* stream now exists */
1348
1349 return 0; /* did not get a stream, keep trying */
1350}
1351
1352QUIC_NEEDS_LOCK
faa3a180 1353static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1354{
1355 /* Called on a QCSO and we don't currently have a default stream. */
1356 uint64_t expect_id;
faa3a180 1357 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1358 QUIC_STREAM *qs;
1359 int res;
1360 struct quic_wait_for_stream_args wargs;
1361
1362 /*
1363 * If default stream functionality is disabled or we already detached
1364 * one, don't make another default stream and just fail.
1365 */
1366 if (qc->default_xso_created
1367 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1368 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1369
1370 /*
1371 * The peer may have opened a stream since we last ticked. So tick and
1372 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1373 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1374 * first stream created by a peer must have an ordinal of 0.
1375 */
1376 expect_id = qc->as_server
1377 ? QUIC_STREAM_INITIATOR_CLIENT
1378 : QUIC_STREAM_INITIATOR_SERVER;
1379
8b7be3aa 1380 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1381 expect_id | QUIC_STREAM_DIR_BIDI);
1382 if (qs == NULL)
1383 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1384 expect_id | QUIC_STREAM_DIR_UNI);
1385
8b7be3aa
HL		 1386 if (qs == NULL) {
1387 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1388
1389 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1390 expect_id);
1391 }
1392
1393 if (qs == NULL) {
1394 if (!qc_blocking_mode(qc))
1395 /* Non-blocking mode, so just bail immediately. */
faa3a180 1396 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1397
1398 /* Block until we have a stream. */
1399 wargs.qc = qc;
1400 wargs.qs = NULL;
faa3a180 1401 wargs.ctx = ctx;
8b7be3aa
HL		 1402 wargs.expect_id = expect_id;
1403
1404 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1405 if (res == 0)
faa3a180 1406 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1407 else if (res < 0 || wargs.qs == NULL)
1408 /* quic_wait_for_stream raised error here */
21c80696 1409 return 0;
8b7be3aa
HL		 1410
1411 qs = wargs.qs;
21c80696
HL		 1412 }
1413
8b7be3aa
HL		 1414 /*
1415 * We now have qs != NULL. Make it the default stream, creating the
1416 * necessary XSO.
1417 */
995ff282 1418 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1419 if (qc->default_xso == NULL)
faa3a180 1420 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1421
995ff282 1422 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1423 return 1;
1424}
1425
1426QUIC_NEEDS_LOCK
1427static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1428{
1429 QUIC_XSO *xso = NULL;
1430
1431 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL)
1432 goto err;
1433
1434 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO))
1435 goto err;
1436
9cab4bd5
HL		 1437 /* XSO refs QC */
1438 if (!SSL_up_ref(&qc->ssl))
1439 goto err;
1440
21c80696
HL		 1441 xso->conn = qc;
1442 xso->blocking = qc->default_blocking;
1443 xso->ssl_mode = qc->default_ssl_mode;
faa3a180 1444 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1445
1446 xso->stream = qs;
1447
1448 ++qc->num_xso;
1449 return xso;
1450
1451err:
1452 OPENSSL_free(xso);
1453 return NULL;
1454}
1455
13ac037d 1456/* locking depends on need_lock */
faa3a180 1457static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1458{
faa3a180 1459 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1460 QUIC_XSO *xso = NULL;
21c80696 1461 QUIC_STREAM *qs = NULL;
2dbc39de 1462 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
cb5c208b 1463
13ac037d
HL		 1464 if (need_lock)
1465 quic_lock(qc);
2dbc39de 1466
13ac037d 1467 if (ossl_quic_channel_is_term_any(qc->ch)) {
faa3a180 1468 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 1469 goto err;
1470 }
1471
13ac037d 1472 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
21c80696 1473 if (qs == NULL)
2dbc39de 1474 goto err;
cb5c208b 1475
13ac037d 1476 xso = create_xso_from_stream(qc, qs);
21c80696 1477 if (xso == NULL)
cb5c208b
HL		 1478 goto err;
1479
13ac037d
HL		 1480 qc_touch_default_xso(qc); /* inhibits default XSO */
1481 if (need_lock)
1482 quic_unlock(qc);
1483
cb5c208b
HL		 1484 return &xso->ssl;
1485
1486err:
1487 OPENSSL_free(xso);
13ac037d
HL		 1488 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1489 if (need_lock)
1490 quic_unlock(qc);
1491
cb5c208b 1492 return NULL;
13ac037d
HL		 1493
1494}
1495
1496QUIC_TAKES_LOCK
1497SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1498{
1499 QCTX ctx;
1500
1501 if (!expect_quic_conn_only(s, &ctx))
1502 return NULL;
1503
faa3a180 1504 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 1505}
1506
22d53c88
HL		 1507/*
1508 * QUIC Front-End I/O API: Steady-State Operations
1509 * ===============================================
1510 *
1511 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1512 * is, the functions used during the established phase of a QUIC connection
1513 * (e.g. SSL_read, SSL_write).
1514 *
1515 * Each function must handle both blocking and non-blocking modes. As discussed
1516 * above, all QUIC I/O is implemented using non-blocking mode internally.
1517 *
1518 * SSL_get_error => partially implemented by ossl_quic_get_error
1519 * (BIO/)SSL_read => ossl_quic_read
1520 * (BIO/)SSL_write => ossl_quic_write
1521 * SSL_pending => ossl_quic_pending
a9979965 1522 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
22d53c88
HL		 1523 */
1524
1525/* SSL_get_error */
072328dd 1526int ossl_quic_get_error(const SSL *s, int i)
e44795bd 1527{
072328dd
HL		 1528 QCTX ctx;
1529
1530 if (!expect_quic(s, &ctx))
1531 return 0;
1532
faa3a180 1533 return ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
e44795bd
TM		 1534}
1535
22d53c88
HL		 1536/*
1537 * SSL_write
1538 * ---------
1539 *
1540 * The set of functions below provide the implementation of the public SSL_write
1541 * function. We must handle:
1542 *
1543 * - both blocking and non-blocking operation at the application level,
1544 * depending on how we are configured;
1545 *
1546 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1547 *
1548 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1549 *
1550 */
4847599b 1551QUIC_NEEDS_LOCK
cb5c208b 1552static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
22d53c88
HL		 1553{
1554 /*
1555 * We have appended at least one byte to the stream.
1556 * Potentially mark stream as active, depending on FC.
1557 */
1558 if (did_append)
cb5c208b
HL		 1559 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1560 xso->stream);
22d53c88
HL		 1561
1562 /*
1563 * Try and send.
1564 *
1565 * TODO(QUIC): It is probably inefficient to try and do this immediately,
1566 * plus we should eventually consider Nagle's algorithm.
1567 */
1568 if (do_tick)
cb5c208b 1569 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 1570}
1571
1572struct quic_write_again_args {
cb5c208b 1573 QUIC_XSO *xso;
22d53c88
HL		 1574 const unsigned char *buf;
1575 size_t len;
1576 size_t total_written;
1577};
1578
4847599b 1579QUIC_NEEDS_LOCK
22d53c88
HL		 1580static int quic_write_again(void *arg)
1581{
1582 struct quic_write_again_args *args = arg;
1583 size_t actual_written = 0;
1584
cb5c208b 1585 if (!ossl_quic_channel_is_active(args->xso->conn->ch))
22d53c88
HL		 1586 /* If connection is torn down due to an error while blocking, stop. */
1587 return -2;
1588
cb5c208b 1589 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
22d53c88
HL		 1590 args->buf, args->len, &actual_written))
1591 return -2;
1592
cb5c208b 1593 quic_post_write(args->xso, actual_written > 0, 0);
22d53c88
HL		 1594
1595 args->buf += actual_written;
1596 args->len -= actual_written;
1597 args->total_written += actual_written;
1598
3f0c310b 1599 if (args->len == 0)
22d53c88
HL		 1600 /* Written everything, done. */
1601 return 1;
1602
1603 /* Not written everything yet, keep trying. */
1604 return 0;
1605}
1606
4847599b 1607QUIC_NEEDS_LOCK
faa3a180 1608static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
22d53c88 1609 size_t *written)
e44795bd 1610{
22d53c88 1611 int res;
faa3a180 1612 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1613 struct quic_write_again_args args;
1614 size_t actual_written = 0;
1615
1616 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1617 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
22d53c88
HL		 1618 &actual_written)) {
1619 /* Stream already finished or allocation error. */
1620 *written = 0;
faa3a180 1621 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1622 }
1623
cb5c208b 1624 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1625
1626 if (actual_written == len) {
1627 /* Managed to append everything on the first try. */
1628 *written = actual_written;
1629 return 1;
1630 }
1631
1632 /*
1633 * We did not manage to append all of the data immediately, so the stream
1634 * buffer has probably filled up. This means we need to block until some of
1635 * it is freed up.
1636 */
cb5c208b 1637 args.xso = xso;
22d53c88
HL		 1638 args.buf = (const unsigned char *)buf + actual_written;
1639 args.len = len - actual_written;
1640 args.total_written = 0;
1641
cb5c208b 1642 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 1643 if (res <= 0) {
cb5c208b 1644 if (!ossl_quic_channel_is_active(xso->conn->ch))
faa3a180 1645 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1646 else
faa3a180 1647 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1648 }
1649
1650 *written = args.total_written;
e44795bd
TM		 1651 return 1;
1652}
1653
ca41f6b7
HL		 1654/*
1655 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
1656 * write semantics.
1657 */
cb5c208b 1658static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 1659 size_t buf_len, size_t already_sent)
1660{
cb5c208b 1661 assert(!xso->aon_write_in_progress);
22d53c88 1662
cb5c208b
HL		 1663 xso->aon_write_in_progress = 1;
1664 xso->aon_buf_base = buf;
1665 xso->aon_buf_pos = already_sent;
1666 xso->aon_buf_len = buf_len;
22d53c88
HL		 1667}
1668
cb5c208b 1669static void aon_write_finish(QUIC_XSO *xso)
22d53c88 1670{
cb5c208b
HL		 1671 xso->aon_write_in_progress = 0;
1672 xso->aon_buf_base = NULL;
1673 xso->aon_buf_pos = 0;
1674 xso->aon_buf_len = 0;
22d53c88
HL		 1675}
1676
4847599b 1677QUIC_NEEDS_LOCK
faa3a180 1678static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
22d53c88 1679 size_t len, size_t *written)
e44795bd 1680{
faa3a180 1681 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 1682 const void *actual_buf;
1683 size_t actual_len, actual_written = 0;
1684 int accept_moving_buffer
cb5c208b 1685 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 1686
cb5c208b 1687 if (xso->aon_write_in_progress) {
22d53c88
HL		 1688 /*
1689 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 1690 * manage to append all data to the SSTREAM and we have Enable Partial
1691 * Write (EPW) mode disabled.)
22d53c88 1692 */
cb5c208b
HL		 1693 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
1694 || len != xso->aon_buf_len)
22d53c88
HL		 1695 /*
1696 * Pointer must not have changed if we are not in accept moving
1697 * buffer mode. Length must never change.
1698 */
faa3a180 1699 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 1700
cb5c208b
HL		 1701 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
1702 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 1703 assert(actual_len > 0);
1704 } else {
1705 actual_buf = buf;
1706 actual_len = len;
1707 }
1708
1709 /* First make a best effort to append as much of the data as possible. */
cb5c208b 1710 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
22d53c88
HL		 1711 &actual_written)) {
1712 /* Stream already finished or allocation error. */
1713 *written = 0;
faa3a180 1714 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1715 }
1716
cb5c208b 1717 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 1718
1719 if (actual_written == actual_len) {
1720 /* We have sent everything. */
cb5c208b 1721 if (xso->aon_write_in_progress) {
22d53c88
HL		 1722 /*
1723 * We have sent everything, and we were in the middle of an AON
1724 * write. The output write length is the total length of the AON
1725 * buffer, not however many bytes we managed to write to the stream
1726 * in this call.
1727 */
cb5c208b
HL		 1728 *written = xso->aon_buf_len;
1729 aon_write_finish(xso);
22d53c88
HL		 1730 } else {
1731 *written = actual_written;
1732 }
1733
1734 return 1;
1735 }
1736
cb5c208b 1737 if (xso->aon_write_in_progress) {
22d53c88
HL		 1738 /*
1739 * AON write is in progress but we have not written everything yet. We
1740 * may have managed to send zero bytes, or some number of bytes less
1741 * than the total remaining which need to be appended during this
1742 * AON operation.
1743 */
cb5c208b
HL		 1744 xso->aon_buf_pos += actual_written;
1745 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 1746 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 1747 }
1748
08e49012 1749 /*
22d53c88
HL		 1750 * Not in an existing AON operation but partial write is not enabled, so we
1751 * need to begin a new AON operation. However we needn't bother if we didn't
1752 * actually append anything.
08e49012 1753 */
22d53c88 1754 if (actual_written > 0)
cb5c208b 1755 aon_write_begin(xso, buf, len, actual_written);
e44795bd 1756
22d53c88
HL		 1757 /*
1758 * AON - We do not publicly admit to having appended anything until AON
1759 * completes.
1760 */
1761 *written = 0;
faa3a180 1762 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 1763}
1764
4847599b 1765QUIC_NEEDS_LOCK
faa3a180 1766static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
22d53c88 1767 size_t *written)
e44795bd 1768{
faa3a180
HL		 1769 QUIC_XSO *xso = ctx->xso;
1770
22d53c88 1771 /* Simple best effort operation. */
cb5c208b 1772 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
22d53c88
HL		 1773 /* Stream already finished or allocation error. */
1774 *written = 0;
faa3a180 1775 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1776 }
1777
cb5c208b 1778 quic_post_write(xso, *written > 0, 1);
e44795bd
TM		 1779 return 1;
1780}
d5ab48a1 1781
a8489257 1782QUIC_TAKES_LOCK
22d53c88 1783int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
d5ab48a1 1784{
a8489257 1785 int ret;
072328dd
HL		 1786 QCTX ctx;
1787 int partial_write;
22d53c88
HL		 1788
1789 *written = 0;
1790
8b7be3aa
HL		 1791 if (len == 0)
1792 return 1;
22d53c88 1793
8b7be3aa
HL		 1794 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
1795 return 0;
a8489257 1796
cb5c208b 1797 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 1798
23c04709 1799 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1800 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1801 goto out;
1802 }
22d53c88 1803
ca41f6b7
HL		 1804 /*
1805 * If we haven't finished the handshake, try to advance it.
1806 * We don't accept writes until the handshake is completed.
1807 */
faa3a180 1808 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1809 ret = 0;
1810 goto out;
1811 }
ca41f6b7 1812
cb5c208b 1813 if (ctx.xso->stream == NULL || ctx.xso->stream->sstream == NULL) {
faa3a180 1814 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1815 goto out;
1816 }
22d53c88 1817
cb5c208b 1818 if (xso_blocking_mode(ctx.xso))
faa3a180 1819 ret = quic_write_blocking(&ctx, buf, len, written);
22d53c88 1820 else if (partial_write)
faa3a180 1821 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
22d53c88 1822 else
faa3a180 1823 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
a8489257
HL		 1824
1825out:
072328dd 1826 quic_unlock(ctx.qc);
a8489257 1827 return ret;
d5ab48a1
RL		 1828}
1829
1830/*
22d53c88
HL		 1831 * SSL_read
1832 * --------
d5ab48a1 1833 */
22d53c88 1834struct quic_read_again_args {
faa3a180 1835 QCTX *ctx;
22d53c88
HL		 1836 QUIC_STREAM *stream;
1837 void *buf;
1838 size_t len;
1839 size_t *bytes_read;
1840 int peek;
1841};
1842
4847599b 1843QUIC_NEEDS_LOCK
faa3a180 1844static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 1845 QUIC_STREAM *stream,
1846 void *buf, size_t buf_len,
1847 size_t *bytes_read,
1848 int peek)
d5ab48a1 1849{
22d53c88 1850 int is_fin = 0;
faa3a180 1851 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1852
a9979965
HL		 1853 /* If the receive part of the stream is over, issue EOF. */
1854 if (stream->recv_fin_retired)
faa3a180 1855 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
a9979965 1856
22d53c88 1857 if (stream->rstream == NULL)
faa3a180 1858 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1859
1860 if (peek) {
1861 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
1862 bytes_read, &is_fin))
faa3a180 1863 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1864
1865 } else {
1866 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
1867 bytes_read, &is_fin))
faa3a180 1868 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1869 }
1870
1871 if (!peek) {
1872 if (*bytes_read > 0) {
1873 /*
1874 * We have read at least one byte from the stream. Inform stream-level
1875 * RXFC of the retirement of controlled bytes. Update the active stream
1876 * status (the RXFC may now want to emit a frame granting more credit to
1877 * the peer).
1878 */
1879 OSSL_RTT_INFO rtt_info;
d50e750e 1880
22d53c88
HL		 1881 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1882
cb5c208b 1883 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 1884 rtt_info.smoothed_rtt))
faa3a180 1885 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 1886 }
1887
1888 if (is_fin)
1889 stream->recv_fin_retired = 1;
1890
1891 if (*bytes_read > 0)
1892 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 1893 stream);
22d53c88
HL		 1894 }
1895
d5ab48a1
RL		 1896 return 1;
1897}
1898
4847599b 1899QUIC_NEEDS_LOCK
22d53c88 1900static int quic_read_again(void *arg)
d5ab48a1 1901{
22d53c88
HL		 1902 struct quic_read_again_args *args = arg;
1903
faa3a180 1904 if (!ossl_quic_channel_is_active(args->ctx->qc->ch)) {
22d53c88 1905 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1906 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 1907 return -1;
a9979965 1908 }
22d53c88 1909
faa3a180 1910 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 1911 args->buf, args->len, args->bytes_read,
1912 args->peek))
1913 return -1;
1914
1915 if (*args->bytes_read > 0)
1916 /* got at least one byte, the SSL_read op can finish now */
1917 return 1;
1918
81b6b43c 1919 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 1920}
1921
a8489257 1922QUIC_TAKES_LOCK
22d53c88 1923static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 1924{
a8489257 1925 int ret, res;
072328dd 1926 QCTX ctx;
22d53c88
HL		 1927 struct quic_read_again_args args;
1928
1929 *bytes_read = 0;
1930
8b7be3aa 1931 if (!expect_quic(s, &ctx))
22d53c88
HL		 1932 return 0;
1933
072328dd 1934 quic_lock(ctx.qc);
a8489257 1935
23c04709 1936 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
faa3a180 1937 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 1938 goto out;
1939 }
22d53c88 1940
a9979965 1941 /* If we haven't finished the handshake, try to advance it. */
faa3a180 1942 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 1943 ret = 0; /* ossl_quic_do_handshake raised error here */
1944 goto out;
1945 }
22d53c88 1946
8b7be3aa
HL		 1947 if (ctx.xso == NULL) {
1948 /*
1949 * Called on a QCSO and we don't currently have a default stream.
1950 *
1951 * Wait until we get a stream initiated by the peer (blocking mode) or
1952 * fail if we don't have one yet (non-blocking mode).
1953 */
faa3a180 1954 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 1955 ret = 0; /* error already raised here */
1956 goto out;
1957 }
1958
1959 ctx.xso = ctx.qc->default_xso;
1960 }
1961
cb5c208b 1962 if (ctx.xso->stream == NULL) {
faa3a180 1963 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1964 goto out;
1965 }
22d53c88 1966
faa3a180 1967 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 1968 ret = 0; /* quic_read_actual raised error here */
1969 goto out;
1970 }
22d53c88
HL		 1971
1972 if (*bytes_read > 0) {
1973 /*
1974 * Even though we succeeded, tick the reactor here to ensure we are
1975 * handling other aspects of the QUIC connection.
1976 */
072328dd 1977 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 1978 ret = 1;
cb5c208b 1979 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 1980 /*
1981 * We were not able to read anything immediately, so our stream
1982 * buffer is empty. This means we need to block until we get
1983 * at least one byte.
1984 */
faa3a180 1985 args.ctx = &ctx;
cb5c208b 1986 args.stream = ctx.xso->stream;
22d53c88
HL		 1987 args.buf = buf;
1988 args.len = len;
1989 args.bytes_read = bytes_read;
1990 args.peek = peek;
1991
072328dd 1992 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 1993 if (res == 0) {
faa3a180 1994 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 1995 goto out;
1996 } else if (res < 0) {
1997 ret = 0; /* quic_read_again raised error here */
1998 goto out;
1999 }
22d53c88 2000
a8489257 2001 ret = 1;
af8b52cf
HL		 2002 } else {
2003 /* We did not get any bytes and are not in blocking mode. */
faa3a180 2004 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2005 }
a8489257
HL		 2006
2007out:
072328dd 2008 quic_unlock(ctx.qc);
a8489257 2009 return ret;
d5ab48a1
RL		 2010}
2011
22d53c88
HL		 2012int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2013{
2014 return quic_read(s, buf, len, bytes_read, 0);
2015}
2016
2017int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2018{
2019 return quic_read(s, buf, len, bytes_read, 1);
2020}
2021
2022/*
2023 * SSL_pending
2024 * -----------
2025 */
a8489257 2026QUIC_TAKES_LOCK
072328dd 2027static size_t ossl_quic_pending_int(const SSL *s)
22d53c88 2028{
072328dd 2029 QCTX ctx;
433d107a 2030 size_t avail = 0;
22d53c88
HL		 2031 int fin = 0;
2032
8b7be3aa 2033 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
22d53c88
HL		 2034 return 0;
2035
cb5c208b 2036 if (ctx.xso->stream == NULL || ctx.xso->stream->rstream == NULL)
22d53c88 2037 /* Cannot raise errors here because we are const, just fail. */
a8489257 2038 goto out;
22d53c88 2039
cb5c208b 2040 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2041 avail = 0;
22d53c88 2042
a8489257 2043out:
072328dd 2044 quic_unlock(ctx.qc);
22d53c88
HL		 2045 return avail;
2046}
2047
560470b5
MC		 2048size_t ossl_quic_pending(const SSL *s)
2049{
072328dd 2050 return ossl_quic_pending_int(s);
560470b5
MC		 2051}
2052
072328dd 2053int ossl_quic_has_pending(const SSL *s)
560470b5 2054{
072328dd 2055 return ossl_quic_pending_int(s) > 0;
560470b5
MC		 2056}
2057
a9979965
HL		 2058/*
2059 * SSL_stream_conclude
2060 * -------------------
2061 */
a8489257 2062QUIC_TAKES_LOCK
072328dd 2063int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2064{
072328dd
HL		 2065 QCTX ctx;
2066 QUIC_STREAM *qs;
2067
8b7be3aa 2068 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
072328dd
HL		 2069 return 0;
2070
cb5c208b 2071 qs = ctx.xso->stream;
a9979965 2072
a8489257 2073 if (qs == NULL || qs->sstream == NULL) {
072328dd 2074 quic_unlock(ctx.qc);
a8489257
HL		 2075 return 0;
2076 }
2077
072328dd 2078 if (!ossl_quic_channel_is_active(ctx.qc->ch)
a8489257 2079 || ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2080 quic_unlock(ctx.qc);
a9979965 2081 return 1;
a8489257 2082 }
a9979965
HL		 2083
2084 ossl_quic_sstream_fin(qs->sstream);
cb5c208b 2085 quic_post_write(ctx.xso, 1, 1);
072328dd 2086 quic_unlock(ctx.qc);
a9979965
HL		 2087 return 1;
2088}
2089
553a4e00
HL		 2090/*
2091 * SSL_inject_net_dgram
2092 * --------------------
2093 */
5129e594 2094QUIC_TAKES_LOCK
553a4e00
HL		 2095int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2096 size_t buf_len,
2097 const BIO_ADDR *peer,
2098 const BIO_ADDR *local)
2099{
5129e594 2100 int ret;
072328dd 2101 QCTX ctx;
553a4e00
HL		 2102 QUIC_DEMUX *demux;
2103
072328dd 2104 if (!expect_quic(s, &ctx))
553a4e00
HL		 2105 return 0;
2106
072328dd 2107 quic_lock(ctx.qc);
5129e594 2108
072328dd 2109 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2110 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2111
072328dd 2112 quic_unlock(ctx.qc);
5129e594 2113 return ret;
553a4e00
HL		 2114}
2115
020d0389
HL		 2116/*
2117 * SSL_get0_connection
2118 * -------------------
2119 */
2120SSL *ossl_quic_get0_connection(SSL *s)
2121{
2122 QCTX ctx;
2123
2124 if (!expect_quic(s, &ctx))
2125 return NULL;
2126
2127 return &ctx.qc->ssl;
2128}
2129
1bca3f1b
HL		 2130/*
2131 * SSL_get_stream_type
2132 * -------------------
2133 */
2134int ossl_quic_get_stream_type(SSL *s)
2135{
2136 QCTX ctx;
2137
2138 if (!expect_quic(s, &ctx))
59c5c016 2139 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2140
2141 if (ctx.xso == NULL) {
2142 /*
59c5c016
HL		 2143 * If deferred XSO creation has yet to occur, proceed according to the
2144 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2145 * what kind of stream will be created yet, so return BIDI on the basis
2146 * that at this time, the client still has the option of calling
2147 * SSL_read() or SSL_write() first.
1bca3f1b 2148 */
59c5c016
HL		 2149 if (ctx.qc->default_xso_created
2150 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2151 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2152 else
2153 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2154 }
2155
2156 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2157 return SSL_STREAM_TYPE_BIDI;
2158
2159 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2160 return SSL_STREAM_TYPE_READ;
2161 else
2162 return SSL_STREAM_TYPE_WRITE;
2163}
2164
19cb0887
HL		 2165/*
2166 * SSL_get_stream_id
2167 * -----------------
2168 */
cb68ce9f 2169QUIC_TAKES_LOCK
19cb0887
HL		 2170uint64_t ossl_quic_get_stream_id(SSL *s)
2171{
2172 QCTX ctx;
8b7be3aa 2173 uint64_t id;
19cb0887 2174
8b7be3aa 2175 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
19cb0887
HL		 2176 return UINT64_MAX;
2177
8b7be3aa
HL		 2178 id = ctx.xso->stream->id;
2179 quic_unlock(ctx.qc);
2180
2181 return id;
2182}
2183
2184/*
2185 * SSL_set_default_stream_mode
2186 * ---------------------------
2187 */
cb68ce9f 2188QUIC_TAKES_LOCK
8b7be3aa
HL		 2189int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2190{
2191 QCTX ctx;
2192
2193 if (!expect_quic_conn_only(s, &ctx))
2194 return 0;
2195
2196 quic_lock(ctx.qc);
2197
2198 if (ctx.qc->default_xso_created)
faa3a180 2199 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2200 "too late to change default stream mode");
2201
2202 switch (mode) {
2203 case SSL_DEFAULT_STREAM_MODE_NONE:
2204 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2205 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2206 ctx.qc->default_stream_mode = mode;
2207 break;
2208 default:
2209 quic_unlock(ctx.qc);
faa3a180 2210 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8b7be3aa
HL		 2211 "bad default stream type");
2212 }
2213
2214 quic_unlock(ctx.qc);
2215 return 1;
2216}
2217
2218/*
2219 * SSL_detach_stream
2220 * -----------------
2221 */
cb68ce9f 2222QUIC_TAKES_LOCK
8b7be3aa
HL		 2223SSL *ossl_quic_detach_stream(SSL *s)
2224{
2225 QCTX ctx;
9cab4bd5 2226 QUIC_XSO *xso = NULL;
8b7be3aa
HL		 2227
2228 if (!expect_quic_conn_only(s, &ctx))
2229 return NULL;
2230
2231 quic_lock(ctx.qc);
2232
8b7be3aa 2233 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 2234 /* QC ref to any default XSO is transferred to us and to caller. */
2235 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 2236
2237 quic_unlock(ctx.qc);
2238
9cab4bd5 2239 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 2240}
2241
2242/*
2243 * SSL_attach_stream
2244 * -----------------
2245 */
cb68ce9f 2246QUIC_TAKES_LOCK
8b7be3aa
HL		 2247int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2248{
2249 QCTX ctx;
9cab4bd5
HL		 2250 QUIC_XSO *xso;
2251 int nref;
8b7be3aa
HL		 2252
2253 if (!expect_quic_conn_only(conn, &ctx))
2254 return 0;
2255
2256 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
faa3a180 2257 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8b7be3aa
HL		 2258 "stream to attach must be a valid QUIC stream");
2259
9cab4bd5
HL		 2260 xso = (QUIC_XSO *)stream;
2261
8b7be3aa
HL		 2262 quic_lock(ctx.qc);
2263
2264 if (ctx.qc->default_xso != NULL) {
2265 quic_unlock(ctx.qc);
faa3a180 2266 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8b7be3aa
HL		 2267 "connection already has a default stream");
2268 }
2269
9cab4bd5
HL		 2270 /*
2271 * It is a caller error for the XSO being attached as a default XSO to have
2272 * more than one ref.
2273 */
2274 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref, &xso->ssl.lock)) {
2275 quic_unlock(ctx.qc);
faa3a180 2276 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
9cab4bd5
HL		 2277 "ref");
2278 }
2279
2280 if (nref != 1) {
2281 quic_unlock(ctx.qc);
faa3a180 2282 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
9cab4bd5
HL		 2283 "stream being attached must have "
2284 "only 1 reference");
2285 }
2286
2287 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 2288 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 2289 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 2290
2291 quic_unlock(ctx.qc);
2292 return 1;
19cb0887
HL		 2293}
2294
8a90df34 2295/*
83df44ae
HL		 2296 * SSL_set_incoming_stream_policy
2297 * ------------------------------
8a90df34 2298 */
995ff282 2299QUIC_NEEDS_LOCK
83df44ae 2300static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 2301{
83df44ae
HL		 2302 switch (qc->incoming_stream_policy) {
2303 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 2304 if ((qc->default_xso == NULL && !qc->default_xso_created)
2305 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 2306 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 2307 else
83df44ae 2308 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 2309
2310 default:
83df44ae 2311 return qc->incoming_stream_policy;
995ff282
HL		 2312 }
2313}
2314
2315QUIC_NEEDS_LOCK
2316static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2317{
83df44ae
HL		 2318 int policy = qc_get_effective_incoming_stream_policy(qc);
2319 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 2320
2321 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2322 enable_reject,
83df44ae 2323 qc->incoming_stream_aec);
995ff282
HL		 2324}
2325
cb68ce9f 2326QUIC_TAKES_LOCK
83df44ae
HL		 2327int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2328 uint64_t aec)
8a90df34
HL		 2329{
2330 int ret = 1;
2331 QCTX ctx;
2332
2333 if (!expect_quic_conn_only(s, &ctx))
2334 return 0;
2335
2336 quic_lock(ctx.qc);
2337
2338 switch (policy) {
83df44ae
HL		 2339 case SSL_INCOMING_STREAM_POLICY_AUTO:
2340 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2341 case SSL_INCOMING_STREAM_POLICY_REJECT:
2342 ctx.qc->incoming_stream_policy = policy;
2343 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 2344 break;
2345
2346 default:
2347 ret = 0;
2348 break;
2349 }
2350
995ff282 2351 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 2352 quic_unlock(ctx.qc);
2353 return ret;
2354}
2355
cb68ce9f
HL		 2356/*
2357 * SSL_accept_stream
2358 * -----------------
2359 */
cb68ce9f 2360struct wait_for_incoming_stream_args {
faa3a180 2361 QCTX *ctx;
cb68ce9f
HL		 2362 QUIC_STREAM *qs;
2363};
2364
2365QUIC_NEEDS_LOCK
2366static int wait_for_incoming_stream(void *arg)
2367{
2368 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 2369 QUIC_CONNECTION *qc = args->ctx->qc;
2370 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 2371
faa3a180 2372 if (!ossl_quic_channel_is_active(qc->ch)) {
cb68ce9f 2373 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2374 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 2375 return -1;
2376 }
2377
2378 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2379 if (args->qs != NULL)
2380 return 1; /* got a stream */
2381
2382 return 0; /* did not get a stream, keep trying */
2383}
2384
2385QUIC_TAKES_LOCK
2386SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2387{
2388 QCTX ctx;
2389 int ret;
2390 SSL *new_s = NULL;
2391 QUIC_STREAM_MAP *qsm;
2392 QUIC_STREAM *qs;
2393 QUIC_XSO *xso;
90cecc40 2394 OSSL_RTT_INFO rtt_info;
cb68ce9f
HL		 2395
2396 if (!expect_quic_conn_only(s, &ctx))
2397 return NULL;
2398
2399 quic_lock(ctx.qc);
2400
83df44ae
HL		 2401 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2402 == SSL_INCOMING_STREAM_POLICY_REJECT)
cb68ce9f
HL		 2403 goto out;
2404
2405 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2406
2407 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2408 if (qs == NULL) {
2409 if (qc_blocking_mode(ctx.qc)
2410 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2411 struct wait_for_incoming_stream_args args;
2412
faa3a180 2413 args.ctx = &ctx;
cb68ce9f
HL		 2414 args.qs = NULL;
2415
2416 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2417 if (ret == 0) {
faa3a180 2418 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 2419 goto out;
2420 } else if (ret < 0 || args.qs == NULL) {
2421 goto out;
2422 }
2423
2424 qs = args.qs;
2425 } else {
2426 goto out;
2427 }
2428 }
2429
2430 xso = create_xso_from_stream(ctx.qc, qs);
2431 if (xso == NULL)
2432 goto out;
2433
90cecc40
HL		 2434 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2435 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2436 rtt_info.smoothed_rtt);
cb68ce9f
HL		 2437 new_s = &xso->ssl;
2438
2439 /* Calling this function inhibits default XSO autocreation. */
995ff282 2440 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 2441
2442out:
2443 quic_unlock(ctx.qc);
2444 return new_s;
2445}
2446
2447/*
2448 * SSL_get_accept_stream_queue_len
2449 * -------------------------------
2450 */
2451QUIC_TAKES_LOCK
2452size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
2453{
2454 QCTX ctx;
2455 size_t v;
2456
2457 if (!expect_quic_conn_only(s, &ctx))
2458 return 0;
2459
2460 quic_lock(ctx.qc);
2461
2462 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
2463
2464 quic_unlock(ctx.qc);
2465 return v;
2466}
2467
c3a04ea2
HL		 2468/*
2469 * SSL_stream_reset
2470 * ----------------
2471 */
2472int ossl_quic_stream_reset(SSL *ssl,
2473 const SSL_STREAM_RESET_ARGS *args,
2474 size_t args_len)
2475{
2476 QCTX ctx;
2477 QUIC_STREAM_MAP *qsm;
2478 QUIC_STREAM *qs;
2479 uint64_t error_code;
2480
2481 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, &ctx))
2482 return 0;
2483
2484 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2485 qs = ctx.xso->stream;
2486 error_code = (args != NULL ? args->quic_error_code : 0);
2487
2488 ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
2489
2490 quic_unlock(ctx.qc);
2491 return 1;
2492}
2493
2494/*
2495 * SSL_get_stream_read_state
2496 * -------------------------
2497 */
2498static void quic_classify_stream(QUIC_CONNECTION *qc,
2499 QUIC_STREAM *qs,
2500 int is_write,
2501 int *state,
2502 uint64_t *app_error_code)
2503{
2504 int local_init;
2505 uint64_t final_size;
2506
2507 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
2508
2509 if (app_error_code != NULL)
2510 *app_error_code = UINT64_MAX;
2511 else
2512 app_error_code = &final_size; /* throw away value */
2513
2514 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
2515 /*
2516 * Unidirectional stream and this direction of transmission doesn't
2517 * exist.
2518 */
2519 *state = SSL_STREAM_STATE_WRONG_DIR;
2520 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
2521 /* Connection already closed. */
2522 *state = SSL_STREAM_STATE_CONN_CLOSED;
2523 } else if (!is_write && qs->recv_fin_retired) {
2524 /* Application has read a FIN. */
2525 *state = SSL_STREAM_STATE_FINISHED;
2526 } else if ((!is_write && qs->stop_sending)
2527 || (is_write && qs->reset_stream)) {
2528 /*
2529 * Stream has been reset locally. FIN takes precedence over this for the
2530 * read case as the application need not care if the stream is reset
2531 * after a FIN has been successfully processed.
2532 */
2533 *state = SSL_STREAM_STATE_RESET_LOCAL;
2534 *app_error_code = !is_write
2535 ? qs->stop_sending_aec
2536 : qs->reset_stream_aec;
2537 } else if ((!is_write && qs->peer_reset_stream)
2538 || (is_write && qs->peer_stop_sending)) {
2539 /*
2540 * Stream has been reset remotely. */
2541 *state = SSL_STREAM_STATE_RESET_REMOTE;
2542 *app_error_code = !is_write
2543 ? qs->peer_reset_stream_aec
2544 : qs->peer_stop_sending_aec;
2545 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
2546 &final_size)) {
2547 /*
2548 * Stream has been finished. Stream reset takes precedence over this for
2549 * the write case as peer may not have received all data.
2550 */
2551 *state = SSL_STREAM_STATE_FINISHED;
2552 } else {
2553 /* Stream still healthy. */
2554 *state = SSL_STREAM_STATE_OK;
2555 }
2556}
2557
2558static int quic_get_stream_state(SSL *ssl, int is_write)
2559{
2560 QCTX ctx;
2561 int state;
2562
2563 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2564 return SSL_STREAM_STATE_NONE;
2565
2566 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
2567 quic_unlock(ctx.qc);
2568 return state;
2569}
2570
2571int ossl_quic_get_stream_read_state(SSL *ssl)
2572{
2573 return quic_get_stream_state(ssl, /*is_write=*/0);
2574}
2575
2576/*
2577 * SSL_get_stream_write_state
2578 * --------------------------
2579 */
2580int ossl_quic_get_stream_write_state(SSL *ssl)
2581{
2582 return quic_get_stream_state(ssl, /*is_write=*/1);
2583}
2584
2585/*
2586 * SSL_get_stream_read_error_code
2587 * ------------------------------
2588 */
2589static int quic_get_stream_error_code(SSL *ssl, int is_write,
2590 uint64_t *app_error_code)
2591{
2592 QCTX ctx;
2593 int state;
2594
2595 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2596 return -1;
2597
2598 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
2599 &state, app_error_code);
2600
2601 quic_unlock(ctx.qc);
2602 switch (state) {
2603 case SSL_STREAM_STATE_FINISHED:
2604 return 0;
2605 case SSL_STREAM_STATE_RESET_LOCAL:
2606 case SSL_STREAM_STATE_RESET_REMOTE:
2607 return 1;
2608 default:
2609 return -1;
2610 }
2611}
2612
2613int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
2614{
2615 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
2616}
2617
2618/*
2619 * SSL_get_stream_write_error_code
2620 * -------------------------------
2621 */
2622int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
2623{
2624 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
2625}
2626
2627/*
2628 * SSL_get_conn_close_info
2629 * -----------------------
2630 */
2631int ossl_quic_get_conn_close_info(SSL *ssl,
2632 SSL_CONN_CLOSE_INFO *info,
2633 size_t info_len)
2634{
2635 QCTX ctx;
2636 const QUIC_TERMINATE_CAUSE *tc;
2637
2638 if (!expect_quic_conn_only(ssl, &ctx))
2639 return -1;
2640
2641 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
2642 if (tc == NULL)
2643 return 0;
2644
2645 info->error_code = tc->error_code;
2646 info->reason = NULL; /* TODO(QUIC): Wire reason */
2647 info->reason_len = 0;
2648 info->is_local = !tc->remote;
2649 info->is_transport = !tc->app;
2650 return 1;
2651}
2652
22d53c88
HL		 2653/*
2654 * QUIC Front-End I/O API: SSL_CTX Management
2655 * ==========================================
2656 */
2657
2658long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2659{
2660 switch (cmd) {
2661 default:
8a1a6d6d 2662 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 2663 }
2664}
2665
2666long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2667{
63dfde87
MC		 2668 QCTX ctx;
2669
2670 if (!expect_quic_conn_only(s, &ctx))
2671 return 0;
2672
2673 switch (cmd) {
2674 case SSL_CTRL_SET_MSG_CALLBACK:
2675 ctx.qc->msg_callback = (ossl_msg_cb)fp;
2676 /* This callback also needs to be set on the internal SSL object */
2677 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
2678
2679 default:
2680 /* Probably a TLS related ctrl. Defer to our internal SSL object */
2681 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
2682 }
22d53c88
HL		 2683}
2684
2685long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2686{
8a1a6d6d 2687 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 2688}
2689
2690int ossl_quic_renegotiate_check(SSL *ssl, int initok)
2691{
2692 /* We never do renegotiation. */
2693 return 0;
2694}
2695
2696/*
d518854c
MC		 2697 * These functions define the TLSv1.2 (and below) ciphers that are supported by
2698 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 2699 */
22d53c88
HL		 2700
2701int ossl_quic_num_ciphers(void)
2702{
d518854c 2703 return 0;
22d53c88
HL		 2704}
2705
2706const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
2707{
d518854c 2708 return NULL;
d5ab48a1 2709}
A mirror of the official openssl repository