]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add manpages
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b
TM		 1/*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
18#include "internal/time.h"
99e1cc7b 19
faa3a180
HL		 20typedef struct qctx_st QCTX;
21
cb5c208b 22static void aon_write_finish(QUIC_XSO *xso);
23c04709 23static int create_channel(QUIC_CONNECTION *qc);
21c80696 24static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 25static int qc_try_create_default_xso_for_write(QCTX *ctx);
26static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 27static void quic_lock(QUIC_CONNECTION *qc);
28static void quic_unlock(QUIC_CONNECTION *qc);
faa3a180 29static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 30static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 33static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
faa3a180 35static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
abfe3d51 36static int quic_validate_for_write(QUIC_XSO *xso, int *err);
6d6b3a03 37static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
51e671e2
HL		 38static int qc_blocking_mode(const QUIC_CONNECTION *qc);
39static int xso_blocking_mode(const QUIC_XSO *xso);
22d53c88
HL		 40
41/*
42 * QUIC Front-End I/O API: Common Utilities
43 * ========================================
44 */
45
46/*
47 * Block until a predicate is met.
48 *
49 * Precondition: Must have a channel.
d7b1fadd 50 * Precondition: Must hold channel lock (unchecked).
22d53c88 51 */
d7b1fadd 52QUIC_NEEDS_LOCK
22d53c88
HL		 53static int block_until_pred(QUIC_CONNECTION *qc,
54 int (*pred)(void *arg), void *pred_arg,
55 uint32_t flags)
56{
57 QUIC_REACTOR *rtor;
58
59 assert(qc->ch != NULL);
60
cae02d2b
HL		 61 /*
62 * Any attempt to block auto-disables tick inhibition as otherwise we will
63 * hang around forever.
64 */
65 ossl_quic_channel_set_inhibit_tick(qc->ch, 0);
66
22d53c88 67 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 68 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 69 qc->mutex);
22d53c88
HL		 70}
71
e3e9794a
HL		 72static OSSL_TIME get_time(QUIC_CONNECTION *qc)
73{
74 if (qc->override_now_cb != NULL)
75 return qc->override_now_cb(qc->override_now_cb_arg);
76 else
77 return ossl_time_now();
78}
79
80static OSSL_TIME get_time_cb(void *arg)
81{
82 QUIC_CONNECTION *qc = arg;
83
84 return get_time(qc);
85}
86
faa3a180
HL		 87/*
88 * QCTX is a utility structure which provides information we commonly wish to
89 * unwrap upon an API call being dispatched to us, namely:
90 *
91 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
92 * was passed);
93 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
94 * a QCSO with a default stream was passed);
95 * - whether a QSSO was passed (xso == NULL must not be used to determine this
96 * because it may be non-NULL when a QCSO is passed if that QCSO has a
a954f761
HL		 97 * default stream);
98 * - whether we are in "I/O context", meaning that non-normal errors can
99 * be reported via SSL_get_error() as well as via ERR. Functions such as
100 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
101 * functions which are allowed to change the value returned by
102 * SSL_get_error. However, other functions (including functions which call
103 * SSL_do_handshake() implicitly) are not allowed to change the return value
104 * of SSL_get_error.
faa3a180
HL		 105 */
106struct qctx_st {
107 QUIC_CONNECTION *qc;
108 QUIC_XSO *xso;
a954f761 109 int is_stream, in_io;
faa3a180
HL		 110};
111
22d53c88
HL		 112/*
113 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 114 * rather than via ERR. Note that normal errors must always be raised while
115 * holding a lock.
22d53c88 116 */
faa3a180
HL		 117QUIC_NEEDS_LOCK
118static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 119 int err)
120{
faa3a180
HL		 121 if (ctx->is_stream)
122 ctx->xso->last_error = err;
123 else
124 ctx->qc->last_error = err;
125
22d53c88
HL		 126 return 0;
127}
128
129/*
130 * Raise a 'non-normal' error, meaning any error that is not reported via
131 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 132 *
133 * qc should be provided if available. In exceptional circumstances when qc is
134 * not known NULL may be passed. This should generally only happen when an
135 * expect_...() function defined below fails, which generally indicates a
136 * dispatch error or caller error.
faa3a180
HL		 137 *
138 * ctx should be NULL if the connection lock is not held.
22d53c88 139 */
a954f761 140static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 141 const char *file,
142 int line,
143 const char *func,
144 int reason,
145 const char *fmt,
146 ...)
147{
148 va_list args;
149
faa3a180 150 if (ctx != NULL) {
a954f761 151 if (ctx->in_io && ctx->is_stream && ctx->xso != NULL)
faa3a180 152 ctx->xso->last_error = SSL_ERROR_SSL;
a954f761 153 else if (ctx->in_io && !ctx->is_stream && ctx->qc != NULL)
faa3a180 154 ctx->qc->last_error = SSL_ERROR_SSL;
9c3ea4e1
TM		 155
156 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
157 ossl_quic_channel_restore_err_state(ctx->qc->ch);
faa3a180 158 }
e88cdb8e 159
9c3ea4e1
TM		 160 ERR_new();
161 ERR_set_debug(file, line, func);
162
163 va_start(args, fmt);
164 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
165 va_end(args);
166
22d53c88
HL		 167 return 0;
168}
169
faa3a180
HL		 170#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
171 quic_raise_normal_error((ctx), (err))
22d53c88 172
faa3a180 173#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
a954f761 174 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 175 OPENSSL_FILE, OPENSSL_LINE, \
176 OPENSSL_FUNC, \
177 (reason), \
178 (msg))
179
e88cdb8e
HL		 180/*
181 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
182 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
183 *
184 * After this returns 1, all fields of the passed QCTX are initialised.
185 * Returns 0 on failure. This function is intended to be used to provide API
186 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 187 */
e88cdb8e 188static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 189{
e88cdb8e
HL		 190 QUIC_CONNECTION *qc;
191 QUIC_XSO *xso;
192
193 ctx->qc = NULL;
194 ctx->xso = NULL;
195 ctx->is_stream = 0;
196
197 if (s == NULL)
a954f761 198 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 199
e88cdb8e
HL		 200 switch (s->type) {
201 case SSL_TYPE_QUIC_CONNECTION:
202 qc = (QUIC_CONNECTION *)s;
203 ctx->qc = qc;
cb5c208b 204 ctx->xso = qc->default_xso;
e88cdb8e 205 ctx->is_stream = 0;
a954f761 206 ctx->in_io = 0;
e88cdb8e
HL		 207 return 1;
208
209 case SSL_TYPE_QUIC_XSO:
210 xso = (QUIC_XSO *)s;
cb5c208b 211 ctx->qc = xso->conn;
e88cdb8e
HL		 212 ctx->xso = xso;
213 ctx->is_stream = 1;
a954f761 214 ctx->in_io = 0;
e88cdb8e
HL		 215 return 1;
216
217 default:
a954f761 218 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
e88cdb8e
HL		 219 }
220}
221
222/*
223 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
224 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
225 * stream.
21c80696
HL		 226 *
227 * remote_init determines if we expect the default XSO to be remotely created or
228 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 229 *
230 * Channel mutex is acquired and retained on success.
e88cdb8e 231 */
8b7be3aa
HL		 232QUIC_ACQUIRES_LOCK
233static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
a954f761 234 int in_io, QCTX *ctx)
e88cdb8e
HL		 235{
236 if (!expect_quic(s, ctx))
237 return 0;
238
a954f761 239 ctx->in_io = in_io;
8b7be3aa
HL		 240 quic_lock(ctx->qc);
241
21c80696 242 if (ctx->xso == NULL && remote_init >= 0) {
6d6b3a03 243 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
faa3a180 244 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 245 goto err;
246 }
247
248 /* If we haven't finished the handshake, try to advance it. */
faa3a180 249 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 250 /* ossl_quic_do_handshake raised error here */
251 goto err;
252
253 if (remote_init == 0) {
faa3a180 254 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 255 goto err;
256 } else {
faa3a180 257 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 258 goto err;
259 }
260
21c80696
HL		 261 ctx->xso = ctx->qc->default_xso;
262 }
263
8b7be3aa 264 if (ctx->xso == NULL) {
a954f761 265 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 266 goto err;
267 }
268
23406e30 269 return 1; /* coverity[missing_unlock]: lock held */
e88cdb8e 270
8b7be3aa
HL		 271err:
272 quic_unlock(ctx->qc);
273 return 0;
e88cdb8e 274}
22d53c88 275
e88cdb8e
HL		 276/*
277 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
278 * be non-NULL if the QCSO has a default stream.
279 */
a954f761 280static int ossl_unused expect_quic_conn_only(const SSL *s, int in_io, QCTX *ctx)
e88cdb8e
HL		 281{
282 if (!expect_quic(s, ctx))
283 return 0;
284
a954f761 285 ctx->in_io = in_io;
e88cdb8e 286 if (ctx->is_stream)
a954f761 287 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 288
289 return 1;
22d53c88
HL		 290}
291
4847599b
HL		 292/*
293 * Ensures that the channel mutex is held for a method which touches channel
294 * state.
295 *
296 * Precondition: Channel mutex is not held (unchecked)
297 */
20f45743 298static void quic_lock(QUIC_CONNECTION *qc)
4847599b 299{
629b408c 300#if defined(OPENSSL_THREADS)
ffce2946 301 ossl_crypto_mutex_lock(qc->mutex);
629b408c 302#endif
4847599b
HL		 303}
304
305/* Precondition: Channel mutex is held (unchecked) */
306QUIC_NEEDS_LOCK
307static void quic_unlock(QUIC_CONNECTION *qc)
308{
629b408c 309#if defined(OPENSSL_THREADS)
ffce2946 310 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 311#endif
4847599b
HL		 312}
313
6d6b3a03
HL		 314/*
315 * This predicate is the criterion which should determine API call rejection for
316 * *most* mutating API calls, particularly stream-related operations for send
317 * parts.
318 *
319 * A call is rejected (this function returns 0) if shutdown is in progress
320 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
321 * req_active=1, the connection must be active (i.e., the IDLE state is also
322 * rejected).
323 */
324static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
325{
326 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
327 return 0;
328
329 if (req_active && !ossl_quic_channel_is_active(qc->ch))
330 return 0;
331
332 return 1;
333}
4847599b 334
22d53c88
HL		 335/*
336 * QUIC Front-End I/O API: Initialization
337 * ======================================
338 *
339 * SSL_new => ossl_quic_new
340 * ossl_quic_init
341 * SSL_reset => ossl_quic_reset
342 * SSL_clear => ossl_quic_clear
343 * ossl_quic_deinit
344 * SSL_free => ossl_quic_free
345 *
f0d9757c
HL		 346 * SSL_set_options => ossl_quic_set_options
347 * SSL_get_options => ossl_quic_get_options
348 * SSL_clear_options => ossl_quic_clear_options
349 *
22d53c88
HL		 350 */
351
352/* SSL_new */
38b051a1
TM		 353SSL *ossl_quic_new(SSL_CTX *ctx)
354{
22d53c88
HL		 355 QUIC_CONNECTION *qc = NULL;
356 SSL *ssl_base = NULL;
a7f41885 357 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 358
359 qc = OPENSSL_zalloc(sizeof(*qc));
8ee3ee10 360 if (qc == NULL) {
a954f761 361 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
38b051a1 362 goto err;
8ee3ee10 363 }
38b051a1 364
22d53c88
HL		 365 /* Initialise the QUIC_CONNECTION's stub header. */
366 ssl_base = &qc->ssl;
a7f41885 367 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 368 ssl_base = NULL;
a954f761 369 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
38b051a1
TM		 370 goto err;
371 }
38b051a1 372
4e3a55fd 373 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
8ee3ee10 374 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
a954f761 375 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
8ee3ee10
TM		 376 goto err;
377 }
f0d9757c 378
43788fb3 379 /* override the user_ssl of the inner connection */
f082205b 380 sc->s3.flags |= TLS1_FLAGS_QUIC;
a7f41885 381
f0d9757c 382 /* Restrict options derived from the SSL_CTX. */
db2f98c4 383 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
6e5550a1 384 sc->pha_enabled = 0;
f0d9757c 385
629b408c 386#if defined(OPENSSL_THREADS)
8ee3ee10 387 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
a954f761 388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4847599b 389 goto err;
8ee3ee10 390 }
629b408c 391#endif
4847599b 392
629b408c 393#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 394 qc->is_thread_assisted
395 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 396#endif
f2f7c4f1 397
44cb36d0 398 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
dfb9ae14
HL		 399 qc->as_server_state = qc->as_server;
400
8b7be3aa 401 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696 402 qc->default_ssl_mode = qc->ssl.ctx->mode;
db2f98c4 403 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
51e671e2
HL		 404 qc->desires_blocking = 1;
405 qc->blocking = 0;
83df44ae 406 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 407 qc->last_error = SSL_ERROR_NONE;
a7f41885 408
23c04709
HL		 409 if (!create_channel(qc))
410 goto err;
411
5cf99b40
MC		 412 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
413 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
414
995ff282
HL		 415 qc_update_reject_policy(qc);
416
21c80696
HL		 417 /*
418 * We do not create the default XSO yet. The reason for this is that the
419 * stream ID of the default XSO will depend on whether the stream is client
420 * or server-initiated, which depends on who transmits first. Since we do
421 * not know whether the application will be using a client-transmits-first
422 * or server-transmits-first protocol, we defer default XSO creation until
423 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
424 * we take that as a cue that the client is expecting a server-initiated
425 * stream, and vice versa if SSL_write() is called first.
426 */
22d53c88
HL		 427 return ssl_base;
428
38b051a1 429err:
2dbc39de 430 if (qc != NULL) {
629b408c
HL		 431#if defined(OPENSSL_THREADS)
432 ossl_crypto_mutex_free(qc->mutex);
433#endif
2dbc39de
HL		 434 ossl_quic_channel_free(qc->ch);
435 SSL_free(qc->tls);
436 }
22d53c88 437 OPENSSL_free(qc);
38b051a1
TM		 438 return NULL;
439}
440
22d53c88 441/* SSL_free */
a8489257 442QUIC_TAKES_LOCK
22d53c88
HL		 443void ossl_quic_free(SSL *s)
444{
072328dd 445 QCTX ctx;
9cab4bd5 446 int is_default;
22d53c88 447
072328dd
HL		 448 /* We should never be called on anything but a QSO. */
449 if (!expect_quic(s, &ctx))
22d53c88
HL		 450 return;
451
22b1a96f
HL		 452 quic_lock(ctx.qc);
453
2dbc39de
HL		 454 if (ctx.is_stream) {
455 /*
456 * When a QSSO is freed, the XSO is freed immediately, because the XSO
457 * itself only contains API personality layer data. However the
458 * underlying QUIC_STREAM is not freed immediately but is instead marked
459 * as deleted for later collection.
460 */
461
2dbc39de
HL		 462 assert(ctx.qc->num_xso > 0);
463 --ctx.qc->num_xso;
464
9aaafc26 465 /* If a stream's send part has not been finished, auto-reset it. */
2f018d14
HL		 466 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
467 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
9aaafc26
HL		 468 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
469 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
470 ctx.xso->stream, 0);
2dbc39de 471
9aaafc26 472 /* Do STOP_SENDING for the receive part, if applicable. */
2f018d14
HL		 473 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
474 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
9aaafc26
HL		 475 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
476 ctx.xso->stream, 0);
f20fdd16
HL		 477
478 /* Update stream state. */
9aaafc26
HL		 479 ctx.xso->stream->deleted = 1;
480 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 481 ctx.xso->stream);
482
9cab4bd5 483 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 484 quic_unlock(ctx.qc);
485
9cab4bd5
HL		 486 /*
487 * Unref the connection in most cases; the XSO has a ref to the QC and
488 * not vice versa. But for a default XSO, to avoid circular references,
489 * the QC refs the XSO but the XSO does not ref the QC. If we are the
490 * default XSO, we only get here when the QC is being torn down anyway,
491 * so don't call SSL_free(qc) as we are already in it.
492 */
493 if (!is_default)
494 SSL_free(&ctx.qc->ssl);
495
2dbc39de
HL		 496 /* Note: SSL_free calls OPENSSL_free(xso) for us */
497 return;
498 }
499
2dbc39de
HL		 500 /*
501 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
502 * stage, but is freed during the channel free when the whole QSM is freed.
503 */
21c80696
HL		 504 if (ctx.qc->default_xso != NULL) {
505 QUIC_XSO *xso = ctx.qc->default_xso;
506
507 quic_unlock(ctx.qc);
508 SSL_free(&xso->ssl);
509 quic_lock(ctx.qc);
9cab4bd5 510 ctx.qc->default_xso = NULL;
21c80696 511 }
2dbc39de
HL		 512
513 /* Ensure we have no remaining XSOs. */
514 assert(ctx.qc->num_xso == 0);
515
629b408c 516#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 517 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
518 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
519 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 520 }
629b408c 521#endif
f2f7c4f1 522
072328dd 523 ossl_quic_channel_free(ctx.qc->ch);
22d53c88 524
072328dd
HL		 525 BIO_free(ctx.qc->net_rbio);
526 BIO_free(ctx.qc->net_wbio);
d1ac77b1 527
22d53c88 528 /* Note: SSL_free calls OPENSSL_free(qc) for us */
a7f41885 529
072328dd 530 SSL_free(ctx.qc->tls);
45b7c7e0 531 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 532#if defined(OPENSSL_THREADS)
45b7c7e0 533 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 534#endif
22d53c88
HL		 535}
536
537/* SSL method init */
38b051a1 538int ossl_quic_init(SSL *s)
99e1cc7b 539{
22d53c88
HL		 540 /* Same op as SSL_clear, forward the call. */
541 return ossl_quic_clear(s);
99e1cc7b
TM		 542}
543
22d53c88 544/* SSL method deinit */
38b051a1
TM		 545void ossl_quic_deinit(SSL *s)
546{
22d53c88 547 /* No-op. */
38b051a1
TM		 548}
549
5f69db39 550/* SSL_clear (ssl_reset method) */
22d53c88
HL		 551int ossl_quic_reset(SSL *s)
552{
072328dd 553 QCTX ctx;
22d53c88 554
072328dd 555 if (!expect_quic(s, &ctx))
22d53c88
HL		 556 return 0;
557
96014840 558 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
5f69db39 559 return 0;
22d53c88
HL		 560}
561
5f69db39 562/* ssl_clear method (unused) */
22d53c88 563int ossl_quic_clear(SSL *s)
99e1cc7b 564{
072328dd 565 QCTX ctx;
38b051a1 566
072328dd 567 if (!expect_quic(s, &ctx))
22d53c88
HL		 568 return 0;
569
44cb36d0 570 /* TODO(QUIC FUTURE): Currently a no-op. */
22d53c88
HL		 571 return 1;
572}
38b051a1 573
e3e9794a
HL		 574int ossl_quic_conn_set_override_now_cb(SSL *s,
575 OSSL_TIME (*now_cb)(void *arg),
576 void *now_cb_arg)
b212d554 577{
072328dd 578 QCTX ctx;
b212d554 579
072328dd 580 if (!expect_quic(s, &ctx))
e3e9794a
HL		 581 return 0;
582
583 quic_lock(ctx.qc);
072328dd
HL		 584
585 ctx.qc->override_now_cb = now_cb;
586 ctx.qc->override_now_cb_arg = now_cb_arg;
e3e9794a
HL		 587
588 quic_unlock(ctx.qc);
589 return 1;
b212d554
HL		 590}
591
3b1ab5a3
HL		 592void ossl_quic_conn_force_assist_thread_wake(SSL *s)
593{
072328dd
HL		 594 QCTX ctx;
595
596 if (!expect_quic(s, &ctx))
597 return;
3b1ab5a3 598
629b408c 599#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 600 if (ctx.qc->is_thread_assisted && ctx.qc->started)
601 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 602#endif
3b1ab5a3
HL		 603}
604
995ff282
HL		 605QUIC_NEEDS_LOCK
606static void qc_touch_default_xso(QUIC_CONNECTION *qc)
607{
608 qc->default_xso_created = 1;
609 qc_update_reject_policy(qc);
610}
611
9cab4bd5
HL		 612/*
613 * Changes default XSO. Allows caller to keep reference to the old default XSO
614 * (if any). Reference to new XSO is transferred from caller.
615 */
995ff282 616QUIC_NEEDS_LOCK
9cab4bd5
HL		 617static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
618 int touch,
619 QUIC_XSO **old_xso)
995ff282 620{
9cab4bd5
HL		 621 int refs;
622
623 *old_xso = NULL;
624
625 if (qc->default_xso != xso) {
626 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
627
628 qc->default_xso = xso;
629
630 if (xso == NULL) {
631 /*
632 * Changing to not having a default XSO. XSO becomes standalone and
633 * now has a ref to the QC.
634 */
635 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
636 return;
637 } else {
638 /*
639 * Changing from not having a default XSO to having one. The new XSO
640 * will have had a reference to the QC we need to drop to avoid a
641 * circular reference.
3a61a96c
HL		 642 *
643 * Currently we never change directly from one default XSO to
644 * another, though this function would also still be correct if this
645 * weren't the case.
9cab4bd5 646 */
3a61a96c
HL		 647 assert(*old_xso == NULL);
648
4eecc6aa 649 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
9cab4bd5
HL		 650 assert(refs > 0);
651 }
652 }
653
995ff282
HL		 654 if (touch)
655 qc_touch_default_xso(qc);
656}
657
9cab4bd5
HL		 658/*
659 * Changes default XSO, releasing the reference to any previous default XSO.
660 * Reference to new XSO is transferred from caller.
661 */
662QUIC_NEEDS_LOCK
663static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
664{
665 QUIC_XSO *old_xso = NULL;
666
667 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
668
669 if (old_xso != NULL)
670 SSL_free(&old_xso->ssl);
671}
672
db2f98c4
HL		 673QUIC_NEEDS_LOCK
674static void xso_update_options(QUIC_XSO *xso)
675{
676 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
677
678 if (xso->stream->rstream != NULL)
679 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
680
681 if (xso->stream->sstream != NULL)
682 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
683}
684
685/*
686 * SSL_set_options
687 * ---------------
688 *
689 * Setting options on a QCSO
690 * - configures the handshake-layer options;
691 * - configures the default data-plane options for new streams;
692 * - configures the data-plane options on the default XSO, if there is one.
693 *
694 * Setting options on a QSSO
695 * - configures data-plane options for that stream only.
696 */
d6e7ebba 697QUIC_TAKES_LOCK
f0d9757c
HL		 698static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
699{
700 QCTX ctx;
db2f98c4 701 uint64_t hs_mask_value, hs_or_value, ret;
f0d9757c 702
d6e7ebba 703 if (!expect_quic(ssl, &ctx))
f0d9757c
HL		 704 return 0;
705
d6e7ebba
HL		 706 quic_lock(ctx.qc);
707
db2f98c4
HL		 708 if (!ctx.is_stream) {
709 /*
710 * If we were called on the connection, we apply any handshake option
711 * changes.
712 */
713 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
714 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
f0d9757c 715
db2f98c4
HL		 716 SSL_clear_options(ctx.qc->tls, hs_mask_value);
717 SSL_set_options(ctx.qc->tls, hs_or_value);
d6e7ebba 718
db2f98c4
HL		 719 /* Update defaults for new streams. */
720 ctx.qc->default_ssl_options
721 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
722 & OSSL_QUIC_PERMITTED_OPTIONS;
723 }
18ca1c8f 724
db2f98c4
HL		 725 if (ctx.xso != NULL) {
726 ctx.xso->ssl_options
727 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
728 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
729
730 xso_update_options(ctx.xso);
18ca1c8f 731 }
f0d9757c 732
db2f98c4
HL		 733 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
734
f0d9757c 735 quic_unlock(ctx.qc);
db2f98c4 736 return ret;
f0d9757c
HL		 737}
738
739uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
740{
d6e7ebba 741 return quic_mask_or_options(ssl, 0, options);
f0d9757c
HL		 742}
743
744/* SSL_clear_options */
745uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
746{
747 return quic_mask_or_options(ssl, options, 0);
748}
749
750/* SSL_get_options */
751uint64_t ossl_quic_get_options(const SSL *ssl)
752{
753 return quic_mask_or_options((SSL *)ssl, 0, 0);
754}
755
22d53c88
HL		 756/*
757 * QUIC Front-End I/O API: Network BIO Configuration
758 * =================================================
759 *
760 * Handling the different BIOs is difficult:
761 *
762 * - It is more or less a requirement that we use non-blocking network I/O;
763 * we need to be able to have timeouts on recv() calls, and make best effort
764 * (non blocking) send() and recv() calls.
765 *
766 * The only sensible way to do this is to configure the socket into
767 * non-blocking mode. We could try to do select() before calling send() or
768 * recv() to get a guarantee that the call will not block, but this will
769 * probably run into issues with buggy OSes which generate spurious socket
770 * readiness events. In any case, relying on this to work reliably does not
771 * seem sane.
772 *
773 * Timeouts could be handled via setsockopt() socket timeout options, but
774 * this depends on OS support and adds another syscall to every network I/O
775 * operation. It also has obvious thread safety concerns if we want to move
776 * to concurrent use of a single socket at some later date.
777 *
778 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
779 * be made non-blocking. However some OSes (e.g. Windows) do not support
780 * this, so we cannot rely on this.
781 *
782 * As such, we need to configure any FD in non-blocking mode. This may
783 * confound users who pass a blocking socket to libssl. However, in practice
784 * it would be extremely strange for a user of QUIC to pass an FD to us,
785 * then also try and send receive traffic on the same socket(!). Thus the
786 * impact of this should be limited, and can be documented.
787 *
788 * - We support both blocking and non-blocking operation in terms of the API
789 * presented to the user. One prospect is to set the blocking mode based on
790 * whether the socket passed to us was already in blocking mode. However,
791 * Windows has no API for determining if a socket is in blocking mode (!),
792 * therefore this cannot be done portably. Currently therefore we expose an
793 * explicit API call to set this, and default to blocking mode.
794 *
795 * - We need to determine our initial destination UDP address. The "natural"
796 * way for a user to do this is to set the peer variable on a BIO_dgram.
797 * However, this has problems because BIO_dgram's peer variable is used for
798 * both transmission and reception. This means it can be constantly being
799 * changed to a malicious value (e.g. if some random unrelated entity on the
800 * network starts sending traffic to us) on every read call. This is not a
801 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
802 * calls only, which do not use this variable. However, we do need to let
803 * the user specify the peer in a 'normal' manner. The compromise here is
804 * that we grab the current peer value set at the time the write BIO is set
805 * and do not read the value again.
806 *
807 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
808 * Currently we do this by only supporting non-blocking mode.
809 *
810 */
811
812/*
813 * Determines what initial destination UDP address we should use, if possible.
814 * If this fails the client must set the destination address manually, or use a
815 * BIO which does not need a destination address.
816 */
817static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
818{
62665fc2 819 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
22d53c88
HL		 820 return 0;
821
822 return 1;
823}
824
51e671e2
HL		 825static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
826{
827 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
828
829 return ossl_quic_reactor_can_poll_r(rtor)
830 && ossl_quic_reactor_can_poll_w(rtor);
831}
832
833static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
834{
835 ossl_quic_channel_update_poll_descriptors(qc->ch); /* best effort */
836}
837
838static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
839{
840 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
841}
842
072328dd 843void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 844{
072328dd
HL		 845 QCTX ctx;
846
847 if (!expect_quic(s, &ctx))
848 return;
849
850 if (ctx.qc->net_rbio == net_rbio)
38b051a1 851 return;
38b051a1 852
23c04709 853 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
22d53c88
HL		 854 return;
855
072328dd
HL		 856 BIO_free(ctx.qc->net_rbio);
857 ctx.qc->net_rbio = net_rbio;
22d53c88 858
51e671e2
HL		 859 if (net_rbio != NULL)
860 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
861
22d53c88 862 /*
51e671e2
HL		 863 * Determine if the current pair of read/write BIOs now set allows blocking
864 * mode to be supported.
22d53c88 865 */
51e671e2
HL		 866 qc_update_can_support_blocking(ctx.qc);
867 qc_update_blocking_mode(ctx.qc);
99e1cc7b
TM		 868}
869
072328dd 870void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 871{
072328dd
HL		 872 QCTX ctx;
873
874 if (!expect_quic(s, &ctx))
22d53c88
HL		 875 return;
876
072328dd 877 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 878 return;
879
23c04709 880 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
072328dd
HL		 881 return;
882
883 BIO_free(ctx.qc->net_wbio);
884 ctx.qc->net_wbio = net_wbio;
22d53c88 885
51e671e2 886 if (net_wbio != NULL)
0818c170 887 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
51e671e2
HL		 888
889 /*
890 * Determine if the current pair of read/write BIOs now set allows blocking
891 * mode to be supported.
892 */
893 qc_update_can_support_blocking(ctx.qc);
894 qc_update_blocking_mode(ctx.qc);
22d53c88 895}
38b051a1 896
072328dd 897BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 898{
072328dd
HL		 899 QCTX ctx;
900
901 if (!expect_quic(s, &ctx))
902 return NULL;
903
904 return ctx.qc->net_rbio;
38b051a1
TM		 905}
906
072328dd 907BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 908{
072328dd
HL		 909 QCTX ctx;
910
911 if (!expect_quic(s, &ctx))
912 return NULL;
913
914 return ctx.qc->net_wbio;
22d53c88
HL		 915}
916
072328dd 917int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 918{
072328dd
HL		 919 QCTX ctx;
920
921 if (!expect_quic(s, &ctx))
922 return 0;
923
cb5c208b 924 if (ctx.is_stream)
51e671e2 925 return xso_blocking_mode(ctx.xso);
cb5c208b 926
51e671e2 927 return qc_blocking_mode(ctx.qc);
22d53c88
HL		 928}
929
51e671e2 930QUIC_TAKES_LOCK
072328dd 931int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 932{
51e671e2 933 int ret = 0;
072328dd
HL		 934 QCTX ctx;
935
936 if (!expect_quic(s, &ctx))
937 return 0;
938
51e671e2 939 quic_lock(ctx.qc);
22d53c88 940
51e671e2
HL		 941 /* Sanity check - can we support the request given the current network BIO? */
942 if (blocking) {
cb5c208b 943 /*
51e671e2
HL		 944 * If called directly on a QCSO, update our information on network BIO
945 * capabilities.
cb5c208b 946 */
51e671e2
HL		 947 if (!ctx.is_stream)
948 qc_update_can_support_blocking(ctx.qc);
949
950 /* Cannot enable blocking mode if we do not have pollable FDs. */
951 if (!qc_can_support_blocking_cached(ctx.qc)) {
952 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
953 goto out;
954 }
cb5c208b
HL		 955 }
956
51e671e2
HL		 957 if (!ctx.is_stream)
958 /*
959 * If called directly on a QCSO, update default and connection-level
960 * blocking modes.
961 */
962 ctx.qc->desires_blocking = (blocking != 0);
963
964 if (ctx.xso != NULL) {
cb5c208b 965 /*
51e671e2 966 * If called on a QSSO or a QCSO with a default XSO, update the blocking
cb5c208b
HL		 967 * mode.
968 */
51e671e2
HL		 969 ctx.xso->desires_blocking = (blocking != 0);
970 ctx.xso->desires_blocking_set = 1;
971 }
cb5c208b 972
51e671e2
HL		 973 ret = 1;
974out:
975 qc_update_blocking_mode(ctx.qc);
976 quic_unlock(ctx.qc);
977 return ret;
99e1cc7b
TM		 978}
979
072328dd 980int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 981 const BIO_ADDR *peer_addr)
99e1cc7b 982{
072328dd
HL		 983 QCTX ctx;
984
985 if (!expect_quic(s, &ctx))
986 return 0;
987
988 if (ctx.qc->started)
a954f761 989 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 990 NULL);
38b051a1 991
22d53c88 992 if (peer_addr == NULL) {
072328dd 993 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 994 return 1;
995 }
38b051a1 996
072328dd 997 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 998 return 1;
999}
1000
22d53c88
HL		 1001/*
1002 * QUIC Front-End I/O API: Asynchronous I/O Management
1003 * ===================================================
1004 *
6084e04b
HL		 1005 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1006 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
22d53c88
HL		 1007 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1008 *
1009 */
1010
1011/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 1012static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 1013{
22d53c88
HL		 1014 return qc->blocking;
1015}
38b051a1 1016
cb5c208b
HL		 1017static int xso_blocking_mode(const QUIC_XSO *xso)
1018{
51e671e2
HL		 1019 if (xso->desires_blocking_set)
1020 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1021 else
1022 /* Only ever set if we can support blocking. */
1023 return xso->conn->blocking;
cb5c208b
HL		 1024}
1025
b626a0f1 1026/* SSL_handle_events; performs QUIC I/O and timeout processing. */
a8489257 1027QUIC_TAKES_LOCK
6084e04b 1028int ossl_quic_handle_events(SSL *s)
22d53c88 1029{
072328dd
HL		 1030 QCTX ctx;
1031
1032 if (!expect_quic(s, &ctx))
1033 return 0;
1034
1035 quic_lock(ctx.qc);
072328dd
HL		 1036 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1037 quic_unlock(ctx.qc);
99e1cc7b
TM		 1038 return 1;
1039}
1040
22d53c88 1041/*
6084e04b 1042 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
b626a0f1
HL		 1043 * should next have events handled by the application by calling
1044 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1045 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1046 * the value of *tv is undefined.
22d53c88 1047 */
a8489257 1048QUIC_TAKES_LOCK
7ea49713 1049int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
99e1cc7b 1050{
072328dd 1051 QCTX ctx;
a1660c94 1052 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 1053
072328dd
HL		 1054 if (!expect_quic(s, &ctx))
1055 return 0;
a8489257 1056
072328dd
HL		 1057 quic_lock(ctx.qc);
1058
23c04709
HL		 1059 deadline
1060 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 1061
1062 if (ossl_time_is_infinite(deadline)) {
7ea49713
HL		 1063 *is_infinite = 1;
1064
1065 /*
1066 * Robustness against faulty applications that don't check *is_infinite;
1067 * harmless long timeout.
1068 */
1069 tv->tv_sec = 1000000;
22d53c88 1070 tv->tv_usec = 0;
7ea49713 1071
072328dd 1072 quic_unlock(ctx.qc);
22d53c88
HL		 1073 return 1;
1074 }
1075
e3e9794a 1076 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
7ea49713 1077 *is_infinite = 0;
072328dd 1078 quic_unlock(ctx.qc);
22d53c88
HL		 1079 return 1;
1080}
1081
1082/* SSL_get_rpoll_descriptor */
072328dd 1083int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 1084{
072328dd
HL		 1085 QCTX ctx;
1086
1087 if (!expect_quic(s, &ctx))
e44795bd
TM		 1088 return 0;
1089
8ee3ee10 1090 if (desc == NULL || ctx.qc->net_rbio == NULL)
a954f761 1091 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 1092 NULL);
072328dd
HL		 1093
1094 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 1095}
1096
22d53c88 1097/* SSL_get_wpoll_descriptor */
072328dd 1098int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 1099{
072328dd
HL		 1100 QCTX ctx;
1101
1102 if (!expect_quic(s, &ctx))
1103 return 0;
1104
8ee3ee10 1105 if (desc == NULL || ctx.qc->net_wbio == NULL)
a954f761 1106 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 1107 NULL);
22d53c88 1108
072328dd 1109 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 1110}
1111
b639475a 1112/* SSL_net_read_desired */
a8489257 1113QUIC_TAKES_LOCK
072328dd 1114int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 1115{
072328dd 1116 QCTX ctx;
a8489257
HL		 1117 int ret;
1118
072328dd
HL		 1119 if (!expect_quic(s, &ctx))
1120 return 0;
1121
1122 quic_lock(ctx.qc);
072328dd
HL		 1123 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1124 quic_unlock(ctx.qc);
a8489257 1125 return ret;
22d53c88 1126}
e44795bd 1127
b639475a 1128/* SSL_net_write_desired */
a8489257 1129QUIC_TAKES_LOCK
072328dd 1130int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 1131{
a8489257 1132 int ret;
072328dd
HL		 1133 QCTX ctx;
1134
1135 if (!expect_quic(s, &ctx))
1136 return 0;
a8489257 1137
072328dd 1138 quic_lock(ctx.qc);
072328dd
HL		 1139 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1140 quic_unlock(ctx.qc);
a8489257 1141 return ret;
99e1cc7b
TM		 1142}
1143
22d53c88
HL		 1144/*
1145 * QUIC Front-End I/O API: Connection Lifecycle Operations
1146 * =======================================================
1147 *
1148 * SSL_do_handshake => ossl_quic_do_handshake
1149 * SSL_set_connect_state => ossl_quic_set_connect_state
1150 * SSL_set_accept_state => ossl_quic_set_accept_state
1151 * SSL_shutdown => ossl_quic_shutdown
1152 * SSL_ctrl => ossl_quic_ctrl
1153 * (BIO/)SSL_connect => ossl_quic_connect
1154 * (BIO/)SSL_accept => ossl_quic_accept
1155 *
1156 */
1157
8a2e9aba
HL		 1158QUIC_NEEDS_LOCK
1159static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1160{
1161 QUIC_STREAM_MAP *qsm;
1162
1163 if (qc->shutting_down)
1164 return;
1165
1166 qsm = ossl_quic_channel_get_qsm(qc->ch);
1167
1168 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1169 qc->shutting_down = 1;
1170}
1171
1172/* Returns 1 if all shutdown-flush streams have been done with. */
1173QUIC_NEEDS_LOCK
1174static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1175{
1176 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1177
1178 return qc->shutting_down
1179 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1180}
1181
22d53c88 1182/* SSL_shutdown */
e8043229 1183static int quic_shutdown_wait(void *arg)
99e1cc7b 1184{
e8043229 1185 QUIC_CONNECTION *qc = arg;
22d53c88 1186
23c04709 1187 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 1188}
22d53c88 1189
8a2e9aba
HL		 1190/* Returns 1 if shutdown flush process has finished or is inapplicable. */
1191static int quic_shutdown_flush_wait(void *arg)
1192{
1193 QUIC_CONNECTION *qc = arg;
1194
1195 return ossl_quic_channel_is_term_any(qc->ch)
1196 || qc_shutdown_flush_finished(qc);
1197}
1198
25a0c4b9
HL		 1199static int quic_shutdown_peer_wait(void *arg)
1200{
1201 QUIC_CONNECTION *qc = arg;
1202 return ossl_quic_channel_is_term_any(qc->ch);
1203}
1204
a8489257 1205QUIC_TAKES_LOCK
072328dd 1206int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 1207 const SSL_SHUTDOWN_EX_ARGS *args,
1208 size_t args_len)
1209{
a8489257 1210 int ret;
072328dd 1211 QCTX ctx;
8a2e9aba 1212 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
25a0c4b9
HL		 1213 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1214 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
a8489257 1215
072328dd 1216 if (!expect_quic(s, &ctx))
63fac76c 1217 return -1;
072328dd 1218
8ee3ee10 1219 if (ctx.is_stream) {
a954f761 1220 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
cb5c208b 1221 return -1;
8ee3ee10 1222 }
cb5c208b 1223
072328dd 1224 quic_lock(ctx.qc);
a8489257 1225
63fac76c
HL		 1226 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1227 quic_unlock(ctx.qc);
1228 return 1;
1229 }
1230
8a2e9aba 1231 /* Phase 1: Stream Flushing */
25a0c4b9 1232 if (!wait_peer && stream_flush) {
8a2e9aba
HL		 1233 qc_shutdown_flush_init(ctx.qc);
1234
1235 if (!qc_shutdown_flush_finished(ctx.qc)) {
25a0c4b9 1236 if (!no_block && qc_blocking_mode(ctx.qc)) {
23406e30
HL		 1237 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1238 if (ret < 1) {
1239 ret = 0;
1240 goto err;
1241 }
1242 } else {
8a2e9aba 1243 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
23406e30 1244 }
8a2e9aba
HL		 1245 }
1246
1247 if (!qc_shutdown_flush_finished(ctx.qc)) {
1248 quic_unlock(ctx.qc);
1249 return 0; /* ongoing */
1250 }
1251 }
1252
1253 /* Phase 2: Connection Closure */
25a0c4b9
HL		 1254 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1255 if (!no_block && qc_blocking_mode(ctx.qc)) {
1256 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1257 if (ret < 1) {
1258 ret = 0;
1259 goto err;
1260 }
1261 } else {
1262 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1263 }
1264
1265 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1266 ret = 0; /* peer hasn't closed yet - still not done */
1267 goto err;
1268 }
1269
1270 /*
1271 * We are at least terminating - go through the normal process of
1272 * waiting until we are in the TERMINATED state.
1273 */
1274 }
1275
1276 /* Block mutation ops regardless of if we did stream flush. */
1277 ctx.qc->shutting_down = 1;
1278
1279 /*
1280 * This call is a no-op if we are already terminating, so it doesn't
1281 * affect the wait_peer case.
1282 */
072328dd 1283 ossl_quic_channel_local_close(ctx.qc->ch,
40c8c756
HL		 1284 args != NULL ? args->quic_error_code : 0,
1285 args != NULL ? args->quic_reason : NULL);
e8043229 1286
f219abef
MC		 1287 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1288
072328dd
HL		 1289 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1290 quic_unlock(ctx.qc);
e8043229 1291 return 1;
a8489257 1292 }
e8043229 1293
8a2e9aba 1294 /* Phase 3: Terminating Wait Time */
25a0c4b9
HL		 1295 if (!no_block && qc_blocking_mode(ctx.qc)
1296 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
23406e30
HL		 1297 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1298 if (ret < 1) {
1299 ret = 0;
1300 goto err;
1301 }
1302 } else {
072328dd 1303 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
23406e30 1304 }
e8043229 1305
072328dd 1306 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
23406e30 1307err:
072328dd 1308 quic_unlock(ctx.qc);
a8489257 1309 return ret;
99e1cc7b
TM		 1310}
1311
22d53c88 1312/* SSL_ctrl */
e44795bd 1313long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1314{
072328dd 1315 QCTX ctx;
38b051a1 1316
072328dd 1317 if (!expect_quic(s, &ctx))
38b051a1
TM		 1318 return 0;
1319
22d53c88
HL		 1320 switch (cmd) {
1321 case SSL_CTRL_MODE:
cb5c208b
HL		 1322 /* If called on a QCSO, update the default mode. */
1323 if (!ctx.is_stream)
1324 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1325
1326 /*
1327 * If we were called on a QSSO or have a default stream, we also update
1328 * that.
1329 */
1330 if (ctx.xso != NULL) {
1331 /* Cannot enable EPW while AON write in progress. */
1332 if (ctx.xso->aon_write_in_progress)
1333 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1334
1335 ctx.xso->ssl_mode |= (uint32_t)larg;
1336 return ctx.xso->ssl_mode;
1337 }
dfc227bd 1338
cb5c208b 1339 return ctx.qc->default_ssl_mode;
22d53c88 1340 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1341 if (!ctx.is_stream)
1342 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1343
1344 if (ctx.xso != NULL) {
1345 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1346 return ctx.xso->ssl_mode;
1347 }
1348
1349 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1350
1351 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
5cf99b40 1352 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
63dfde87
MC		 1353 /* This ctrl also needs to be passed to the internal SSL object */
1354 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1355
2f90ea3d
HL		 1356 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1357 {
1358 int is_infinite;
1359
1360 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1361 return 0;
1362
1363 return !is_infinite;
1364 }
1365 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1366 /* For legacy compatibility with DTLS calls. */
1367 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
c5b882a8
HL		 1368
1369 /* Mask ctrls we shouldn't support for QUIC. */
1370 case SSL_CTRL_GET_READ_AHEAD:
1371 case SSL_CTRL_SET_READ_AHEAD:
1372 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1373 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1374 case SSL_CTRL_SET_MAX_PIPELINES:
1375 return 0;
1376
22d53c88 1377 default:
c5b882a8
HL		 1378 /*
1379 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1380 * implementation. Either SSL_ctrl will handle it itself by direct
1381 * access into handshake layer state, or failing that, it will be passed
1382 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1383 * supported by anything, the handshake layer's ctrl method will finally
1384 * return 0.
1385 */
1386 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
08e49012 1387 }
22d53c88
HL		 1388}
1389
1390/* SSL_set_connect_state */
072328dd 1391void ossl_quic_set_connect_state(SSL *s)
22d53c88 1392{
072328dd
HL		 1393 QCTX ctx;
1394
1395 if (!expect_quic(s, &ctx))
1396 return;
1397
22d53c88 1398 /* Cannot be changed after handshake started */
cb5c208b 1399 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1400 return;
1401
dfb9ae14 1402 ctx.qc->as_server_state = 0;
22d53c88
HL		 1403}
1404
1405/* SSL_set_accept_state */
072328dd 1406void ossl_quic_set_accept_state(SSL *s)
22d53c88 1407{
072328dd
HL		 1408 QCTX ctx;
1409
1410 if (!expect_quic(s, &ctx))
1411 return;
1412
22d53c88 1413 /* Cannot be changed after handshake started */
cb5c208b 1414 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1415 return;
1416
dfb9ae14 1417 ctx.qc->as_server_state = 1;
22d53c88
HL		 1418}
1419
1420/* SSL_do_handshake */
1421struct quic_handshake_wait_args {
1422 QUIC_CONNECTION *qc;
1423};
1424
1425static int quic_handshake_wait(void *arg)
1426{
1427 struct quic_handshake_wait_args *args = arg;
1428
6d6b3a03 1429 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
22d53c88
HL		 1430 return -1;
1431
1432 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1433 return 1;
1434
99e1cc7b
TM		 1435 return 0;
1436}
1437
22d53c88 1438static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1439{
22d53c88 1440 assert(qc->ch != NULL);
08e49012 1441
d1ac77b1
HL		 1442 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1443 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
22d53c88
HL		 1444 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1445 return 0;
1446
1447 return 1;
1448}
1449
4847599b 1450QUIC_NEEDS_LOCK
23c04709 1451static int create_channel(QUIC_CONNECTION *qc)
22d53c88
HL		 1452{
1453 QUIC_CHANNEL_ARGS args = {0};
1454
5cf99b40
MC		 1455 args.libctx = qc->ssl.ctx->libctx;
1456 args.propq = qc->ssl.ctx->propq;
1457 args.is_server = qc->as_server;
1458 args.tls = qc->tls;
1459 args.mutex = qc->mutex;
e3e9794a
HL		 1460 args.now_cb = get_time_cb;
1461 args.now_cb_arg = qc;
22d53c88
HL		 1462
1463 qc->ch = ossl_quic_channel_new(&args);
8ee3ee10 1464 if (qc->ch == NULL) {
a954f761 1465 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
22d53c88 1466 return 0;
8ee3ee10 1467 }
22d53c88 1468
e8043229
HL		 1469 return 1;
1470}
1471
1472/*
2e176011
HL		 1473 * Configures a channel with the information we have accumulated via calls made
1474 * to us from the application prior to starting a handshake attempt.
e8043229 1475 */
4847599b 1476QUIC_NEEDS_LOCK
2e176011 1477static int ensure_channel_started(QCTX *ctx)
e8043229 1478{
2e176011
HL		 1479 QUIC_CONNECTION *qc = ctx->qc;
1480
ffce2946 1481 if (!qc->started) {
2e176011
HL		 1482 if (!configure_channel(qc)) {
1483 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1484 "failed to configure channel");
1485 return 0;
1486 }
1487
1488 if (!ossl_quic_channel_start(qc->ch)) {
1489 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1490 "failed to start channel");
1491 return 0;
1492 }
f2f7c4f1 1493
629b408c 1494#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946 1495 if (qc->is_thread_assisted)
2e176011
HL		 1496 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) {
1497 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1498 "failed to start assist thread");
1499 return 0;
1500 }
629b408c 1501#endif
ffce2946
HL		 1502 }
1503
22d53c88
HL		 1504 qc->started = 1;
1505 return 1;
99e1cc7b
TM		 1506}
1507
4a530180 1508QUIC_NEEDS_LOCK
faa3a180 1509static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1510{
22d53c88 1511 int ret;
faa3a180 1512 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1513
23c04709 1514 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1515 /* Handshake already completed. */
4a530180 1516 return 1;
ca41f6b7 1517
6d6b3a03 1518 if (!quic_mutation_allowed(qc, /*req_active=*/0))
faa3a180 1519 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1520
dfb9ae14 1521 if (qc->as_server != qc->as_server_state) {
a954f761 1522 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1523 return -1; /* Non-protocol error */
ca41f6b7 1524 }
22d53c88 1525
ca41f6b7 1526 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1527 /* Need read and write BIOs. */
a954f761 1528 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1529 return -1; /* Non-protocol error */
62665fc2
HL		 1530 }
1531
1532 /*
1533 * We need to determine our addressing mode. There are basically two
1534 * ways we can use L4 addresses:
1535 *
1536 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1537 * addresses attached to them which we expect the underlying network BIO
1538 * to handle;
1539 *
1540 * - Unaddressed mode, in which the BIO provided to us on the
1541 * network side neither provides us with L4 addresses nor is capable of
1542 * honouring ones we provide. We don't know where the QUIC traffic we
1543 * send ends up exactly and trust the application to know what it is
1544 * doing.
1545 *
1546 * Addressed mode is preferred because it enables support for connection
1547 * migration, multipath, etc. in the future. Addressed mode is automatically
1548 * enabled if we are using e.g. BIO_s_datagram, with or without
1549 * BIO_s_connect.
1550 *
1551 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1552 * use unaddressed mode unless that BIO supports capability flags indicating
1553 * it can provide and honour L4 addresses.
1554 *
1555 * Our strategy for determining address mode is simple: we probe the
1556 * underlying network BIOs for their capabilities. If the network BIOs
1557 * support what we need, we use addressed mode. Otherwise, we use
1558 * unaddressed mode.
1559 *
1560 * If addressed mode is chosen, we require an initial peer address to be
1561 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1562 * require this, as such an address is superfluous, though it can be set if
1563 * desired.
1564 */
1565 if (!qc->started && !qc->addressing_probe_done) {
1566 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1567 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
62665fc2 1568
3760747f
HL		 1569 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1570 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1571 qc->addressing_probe_done = 1;
62665fc2
HL		 1572 }
1573
3760747f 1574 if (!qc->started && qc->addressed_mode_w
62665fc2
HL		 1575 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1576 /*
1577 * We are trying to connect and are using addressed mode, which means we
1578 * need an initial peer address; if we do not have a peer address yet,
1579 * we should try to autodetect one.
1580 *
1581 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1582 * may not be able to provide us with a peer address until they have
1583 * finished their own processing. They may not be able to perform this
1584 * processing until an application has figured configuring that BIO
1585 * (e.g. with setter calls), which might happen after SSL_set_bio is
1586 * called.
1587 */
1588 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1589 /* best effort */
1590 BIO_ADDR_clear(&qc->init_peer_addr);
1591 else
1592 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1593 }
1594
1595 if (!qc->started
3760747f 1596 && qc->addressed_mode_w
62665fc2
HL		 1597 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1598 /*
1599 * If we still don't have a peer address in addressed mode, we can't do
1600 * anything.
1601 */
1602 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1603 return -1; /* Non-protocol error */
ca41f6b7 1604 }
22d53c88
HL		 1605
1606 /*
1607 * Start connection process. Note we may come here multiple times in
1608 * non-blocking mode, which is fine.
1609 */
2e176011 1610 if (!ensure_channel_started(qc)) /* raises on failure */
4a530180 1611 return -1; /* Non-protocol error */
22d53c88 1612
4a530180 1613 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1614 /* The handshake is now done. */
4a530180 1615 return 1;
22d53c88 1616
51e671e2
HL		 1617 if (!qc_blocking_mode(qc)) {
1618 /* Try to advance the reactor. */
1619 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1620
1621 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1622 /* The handshake is now done. */
1623 return 1;
1624
1625 if (ossl_quic_channel_is_term_any(qc->ch)) {
1626 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1627 return 0;
1628 } else if (qc->desires_blocking) {
1629 /*
1630 * As a special case when doing a handshake when blocking mode is
1631 * desired yet not available, see if the network BIOs have become
1632 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1633 * which do late creation of socket FDs and therefore cannot expose
1634 * a poll descriptor until after a network BIO is set on the QCSO.
1635 */
1636 assert(!qc->blocking);
1637 qc_update_can_support_blocking(qc);
1638 qc_update_blocking_mode(qc);
1639 }
1640 }
1641
1642 /*
1643 * We are either in blocking mode or just entered it due to the code above.
1644 */
cb5c208b 1645 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1646 /* In blocking mode, wait for the handshake to complete. */
1647 struct quic_handshake_wait_args args;
1648
1649 args.qc = qc;
1650
1651 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
6d6b3a03 1652 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
faa3a180 1653 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1654 return 0; /* Shutdown before completion */
ca41f6b7 1655 } else if (ret <= 0) {
a954f761 1656 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1657 return -1; /* Non-protocol error */
ca41f6b7 1658 }
22d53c88
HL		 1659
1660 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1661 return 1;
22d53c88 1662 }
51e671e2
HL		 1663
1664 /*
1665 * Otherwise, indicate that the handshake isn't done yet.
1666 * We can only get here in non-blocking mode.
1667 */
1668 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1669 return -1; /* Non-protocol error */
4a530180 1670}
a8489257 1671
4a530180 1672QUIC_TAKES_LOCK
072328dd 1673int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1674{
1675 int ret;
072328dd 1676 QCTX ctx;
4a530180 1677
072328dd
HL		 1678 if (!expect_quic(s, &ctx))
1679 return 0;
1680
a954f761 1681 ctx.in_io = 1;
072328dd 1682 quic_lock(ctx.qc);
4a530180 1683
faa3a180 1684 ret = quic_do_handshake(&ctx);
072328dd 1685 quic_unlock(ctx.qc);
a8489257 1686 return ret;
99e1cc7b
TM		 1687}
1688
22d53c88
HL		 1689/* SSL_connect */
1690int ossl_quic_connect(SSL *s)
99e1cc7b 1691{
22d53c88 1692 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1693 ossl_quic_set_connect_state(s);
22d53c88
HL		 1694
1695 /* Begin or continue the handshake */
072328dd 1696 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1697}
1698
22d53c88
HL		 1699/* SSL_accept */
1700int ossl_quic_accept(SSL *s)
99e1cc7b 1701{
22d53c88 1702 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1703 ossl_quic_set_accept_state(s);
22d53c88
HL		 1704
1705 /* Begin or continue the handshake */
072328dd 1706 return ossl_quic_do_handshake(s);
99e1cc7b 1707}
e44795bd 1708
cb5c208b
HL		 1709/*
1710 * QUIC Front-End I/O API: Stream Lifecycle Operations
1711 * ===================================================
1712 *
1713 * SSL_stream_new => ossl_quic_conn_stream_new
1714 *
1715 */
21c80696
HL		 1716
1717/*
1718 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1719 * default XSO was created. Returns 0 if it was not (e.g. because it already
1720 * exists). Note that this is NOT an error condition.
1721 */
1722QUIC_NEEDS_LOCK
faa3a180 1723static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1724{
8b7be3aa 1725 uint64_t flags = 0;
faa3a180 1726 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1727
8b7be3aa
HL		 1728 if (qc->default_xso_created
1729 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1730 /*
1731 * We only do this once. If the user detaches a previously created
1732 * default XSO we don't auto-create another one.
1733 */
faa3a180 1734 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1735
8b7be3aa
HL		 1736 /* Create a locally-initiated stream. */
1737 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1738 flags |= SSL_STREAM_FLAG_UNI;
1739
faa3a180 1740 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1741 /*needs_lock=*/0),
995ff282 1742 /*touch=*/0);
8b7be3aa 1743 if (qc->default_xso == NULL)
faa3a180 1744 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1745
995ff282 1746 qc_touch_default_xso(qc);
8b7be3aa
HL		 1747 return 1;
1748}
1749
1750struct quic_wait_for_stream_args {
1751 QUIC_CONNECTION *qc;
1752 QUIC_STREAM *qs;
faa3a180 1753 QCTX *ctx;
8b7be3aa
HL		 1754 uint64_t expect_id;
1755};
1756
1757QUIC_NEEDS_LOCK
1758static int quic_wait_for_stream(void *arg)
1759{
1760 struct quic_wait_for_stream_args *args = arg;
1761
6d6b3a03 1762 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
8b7be3aa 1763 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1764 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1765 return -1;
1766 }
1767
1768 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1769 args->expect_id | QUIC_STREAM_DIR_BIDI);
1770 if (args->qs == NULL)
1771 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1772 args->expect_id | QUIC_STREAM_DIR_UNI);
1773
8b7be3aa
HL		 1774 if (args->qs != NULL)
1775 return 1; /* stream now exists */
1776
1777 return 0; /* did not get a stream, keep trying */
1778}
1779
1780QUIC_NEEDS_LOCK
faa3a180 1781static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1782{
1783 /* Called on a QCSO and we don't currently have a default stream. */
1784 uint64_t expect_id;
faa3a180 1785 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1786 QUIC_STREAM *qs;
1787 int res;
1788 struct quic_wait_for_stream_args wargs;
1789
1790 /*
1791 * If default stream functionality is disabled or we already detached
1792 * one, don't make another default stream and just fail.
1793 */
1794 if (qc->default_xso_created
1795 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1796 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1797
1798 /*
1799 * The peer may have opened a stream since we last ticked. So tick and
1800 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1801 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1802 * first stream created by a peer must have an ordinal of 0.
1803 */
1804 expect_id = qc->as_server
1805 ? QUIC_STREAM_INITIATOR_CLIENT
1806 : QUIC_STREAM_INITIATOR_SERVER;
1807
8b7be3aa 1808 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1809 expect_id | QUIC_STREAM_DIR_BIDI);
1810 if (qs == NULL)
1811 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1812 expect_id | QUIC_STREAM_DIR_UNI);
1813
8b7be3aa
HL		 1814 if (qs == NULL) {
1815 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1816
1817 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1818 expect_id);
1819 }
1820
1821 if (qs == NULL) {
1822 if (!qc_blocking_mode(qc))
1823 /* Non-blocking mode, so just bail immediately. */
faa3a180 1824 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1825
1826 /* Block until we have a stream. */
1827 wargs.qc = qc;
1828 wargs.qs = NULL;
faa3a180 1829 wargs.ctx = ctx;
8b7be3aa
HL		 1830 wargs.expect_id = expect_id;
1831
1832 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1833 if (res == 0)
faa3a180 1834 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1835 else if (res < 0 || wargs.qs == NULL)
1836 /* quic_wait_for_stream raised error here */
21c80696 1837 return 0;
8b7be3aa
HL		 1838
1839 qs = wargs.qs;
21c80696
HL		 1840 }
1841
8b7be3aa
HL		 1842 /*
1843 * We now have qs != NULL. Make it the default stream, creating the
1844 * necessary XSO.
1845 */
995ff282 1846 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1847 if (qc->default_xso == NULL)
a954f761 1848 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1849
995ff282 1850 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1851 return 1;
1852}
1853
1854QUIC_NEEDS_LOCK
1855static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1856{
1857 QUIC_XSO *xso = NULL;
1858
8ee3ee10 1859 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
a954f761 1860 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
21c80696 1861 goto err;
8ee3ee10 1862 }
21c80696 1863
8ee3ee10 1864 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
a954f761 1865 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
21c80696 1866 goto err;
8ee3ee10 1867 }
21c80696 1868
9cab4bd5 1869 /* XSO refs QC */
8ee3ee10 1870 if (!SSL_up_ref(&qc->ssl)) {
a954f761 1871 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
9cab4bd5 1872 goto err;
8ee3ee10 1873 }
9cab4bd5 1874
21c80696 1875 xso->conn = qc;
21c80696 1876 xso->ssl_mode = qc->default_ssl_mode;
db2f98c4
HL		 1877 xso->ssl_options
1878 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
faa3a180 1879 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1880
1881 xso->stream = qs;
1882
1883 ++qc->num_xso;
db2f98c4 1884 xso_update_options(xso);
21c80696
HL		 1885 return xso;
1886
1887err:
1888 OPENSSL_free(xso);
1889 return NULL;
1890}
1891
9d6bd3d3
HL		 1892struct quic_new_stream_wait_args {
1893 QUIC_CONNECTION *qc;
1894 int is_uni;
1895};
1896
1897static int quic_new_stream_wait(void *arg)
1898{
1899 struct quic_new_stream_wait_args *args = arg;
1900 QUIC_CONNECTION *qc = args->qc;
1901
1902 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1903 return -1;
1904
1905 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1906 return 1;
1907
1908 return 0;
1909}
1910
13ac037d 1911/* locking depends on need_lock */
faa3a180 1912static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1913{
9d6bd3d3 1914 int ret;
faa3a180 1915 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1916 QUIC_XSO *xso = NULL;
21c80696 1917 QUIC_STREAM *qs = NULL;
2dbc39de 1918 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
9d6bd3d3
HL		 1919 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
1920 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
cb5c208b 1921
13ac037d
HL		 1922 if (need_lock)
1923 quic_lock(qc);
2dbc39de 1924
6d6b3a03 1925 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
a954f761 1926 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 1927 goto err;
1928 }
1929
9d6bd3d3
HL		 1930 if (!advance
1931 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
1932 struct quic_new_stream_wait_args args;
1933
1934 /*
1935 * Stream count flow control currently doesn't permit this stream to be
1936 * opened.
1937 */
1938 if (no_blocking || !qc_blocking_mode(qc)) {
96fe5e5f 1939 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
9d6bd3d3
HL		 1940 goto err;
1941 }
1942
1943 args.qc = qc;
1944 args.is_uni = is_uni;
1945
1946 /* Blocking mode - wait until we can get a stream. */
1947 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
1948 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
96fe5e5f 1949 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
9d6bd3d3
HL		 1950 goto err; /* Shutdown before completion */
1951 } else if (ret <= 0) {
96fe5e5f 1952 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
9d6bd3d3
HL		 1953 goto err; /* Non-protocol error */
1954 }
1955 }
1956
13ac037d 1957 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
96014840 1958 if (qs == NULL) {
a954f761 1959 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2dbc39de 1960 goto err;
96014840 1961 }
cb5c208b 1962
13ac037d 1963 xso = create_xso_from_stream(qc, qs);
8ee3ee10 1964 if (xso == NULL)
cb5c208b
HL		 1965 goto err;
1966
13ac037d
HL		 1967 qc_touch_default_xso(qc); /* inhibits default XSO */
1968 if (need_lock)
1969 quic_unlock(qc);
1970
cb5c208b
HL		 1971 return &xso->ssl;
1972
1973err:
1974 OPENSSL_free(xso);
13ac037d
HL		 1975 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1976 if (need_lock)
1977 quic_unlock(qc);
1978
cb5c208b 1979 return NULL;
13ac037d
HL		 1980
1981}
1982
1983QUIC_TAKES_LOCK
1984SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1985{
1986 QCTX ctx;
1987
a954f761 1988 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
13ac037d
HL		 1989 return NULL;
1990
faa3a180 1991 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 1992}
1993
22d53c88
HL		 1994/*
1995 * QUIC Front-End I/O API: Steady-State Operations
1996 * ===============================================
1997 *
1998 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1999 * is, the functions used during the established phase of a QUIC connection
2000 * (e.g. SSL_read, SSL_write).
2001 *
2002 * Each function must handle both blocking and non-blocking modes. As discussed
2003 * above, all QUIC I/O is implemented using non-blocking mode internally.
2004 *
2005 * SSL_get_error => partially implemented by ossl_quic_get_error
2006 * (BIO/)SSL_read => ossl_quic_read
2007 * (BIO/)SSL_write => ossl_quic_write
2008 * SSL_pending => ossl_quic_pending
a9979965 2009 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2525109f 2010 * SSL_key_update => ossl_quic_key_update
22d53c88
HL		 2011 */
2012
2013/* SSL_get_error */
072328dd 2014int ossl_quic_get_error(const SSL *s, int i)
e44795bd 2015{
072328dd 2016 QCTX ctx;
5c3474ea 2017 int net_error, last_error;
072328dd
HL		 2018
2019 if (!expect_quic(s, &ctx))
2020 return 0;
2021
5c3474ea
TM		 2022 quic_lock(ctx.qc);
2023 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2024 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2025 quic_unlock(ctx.qc);
2026
2027 if (net_error)
2028 return SSL_ERROR_SYSCALL;
2029
2030 return last_error;
e44795bd
TM		 2031}
2032
22d53c88
HL		 2033/*
2034 * SSL_write
2035 * ---------
2036 *
2037 * The set of functions below provide the implementation of the public SSL_write
2038 * function. We must handle:
2039 *
2040 * - both blocking and non-blocking operation at the application level,
2041 * depending on how we are configured;
2042 *
2043 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2044 *
2045 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2046 *
2047 */
4847599b 2048QUIC_NEEDS_LOCK
cb5c208b 2049static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
22d53c88
HL		 2050{
2051 /*
2052 * We have appended at least one byte to the stream.
2053 * Potentially mark stream as active, depending on FC.
2054 */
2055 if (did_append)
cb5c208b
HL		 2056 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2057 xso->stream);
22d53c88
HL		 2058
2059 /*
2060 * Try and send.
2061 *
44cb36d0
TM		 2062 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2063 * immediately, plus we should eventually consider Nagle's algorithm.
22d53c88
HL		 2064 */
2065 if (do_tick)
cb5c208b 2066 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 2067}
2068
2069struct quic_write_again_args {
cb5c208b 2070 QUIC_XSO *xso;
22d53c88
HL		 2071 const unsigned char *buf;
2072 size_t len;
2073 size_t total_written;
abfe3d51 2074 int err;
22d53c88
HL		 2075};
2076
4847599b 2077QUIC_NEEDS_LOCK
22d53c88
HL		 2078static int quic_write_again(void *arg)
2079{
2080 struct quic_write_again_args *args = arg;
2081 size_t actual_written = 0;
2082
6d6b3a03 2083 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
22d53c88
HL		 2084 /* If connection is torn down due to an error while blocking, stop. */
2085 return -2;
2086
abfe3d51
HL		 2087 if (!quic_validate_for_write(args->xso, &args->err))
2088 /*
2089 * Stream may have become invalid for write due to connection events
2090 * while we blocked.
2091 */
2092 return -2;
2093
2094 args->err = ERR_R_INTERNAL_ERROR;
cb5c208b 2095 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
22d53c88
HL		 2096 args->buf, args->len, &actual_written))
2097 return -2;
2098
cb5c208b 2099 quic_post_write(args->xso, actual_written > 0, 0);
22d53c88
HL		 2100
2101 args->buf += actual_written;
2102 args->len -= actual_written;
2103 args->total_written += actual_written;
2104
3f0c310b 2105 if (args->len == 0)
22d53c88
HL		 2106 /* Written everything, done. */
2107 return 1;
2108
2109 /* Not written everything yet, keep trying. */
2110 return 0;
2111}
2112
4847599b 2113QUIC_NEEDS_LOCK
faa3a180 2114static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
22d53c88 2115 size_t *written)
e44795bd 2116{
22d53c88 2117 int res;
faa3a180 2118 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 2119 struct quic_write_again_args args;
2120 size_t actual_written = 0;
2121
2122 /* First make a best effort to append as much of the data as possible. */
cb5c208b 2123 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
22d53c88
HL		 2124 &actual_written)) {
2125 /* Stream already finished or allocation error. */
2126 *written = 0;
faa3a180 2127 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2128 }
2129
cb5c208b 2130 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 2131
2132 if (actual_written == len) {
2133 /* Managed to append everything on the first try. */
2134 *written = actual_written;
2135 return 1;
2136 }
2137
2138 /*
2139 * We did not manage to append all of the data immediately, so the stream
2140 * buffer has probably filled up. This means we need to block until some of
2141 * it is freed up.
2142 */
cb5c208b 2143 args.xso = xso;
22d53c88
HL		 2144 args.buf = (const unsigned char *)buf + actual_written;
2145 args.len = len - actual_written;
2146 args.total_written = 0;
abfe3d51 2147 args.err = ERR_R_INTERNAL_ERROR;
22d53c88 2148
cb5c208b 2149 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 2150 if (res <= 0) {
6d6b3a03 2151 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
faa3a180 2152 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 2153 else
abfe3d51 2154 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
22d53c88
HL		 2155 }
2156
2157 *written = args.total_written;
e44795bd
TM		 2158 return 1;
2159}
2160
ca41f6b7
HL		 2161/*
2162 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2163 * write semantics.
2164 */
cb5c208b 2165static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 2166 size_t buf_len, size_t already_sent)
2167{
cb5c208b 2168 assert(!xso->aon_write_in_progress);
22d53c88 2169
cb5c208b
HL		 2170 xso->aon_write_in_progress = 1;
2171 xso->aon_buf_base = buf;
2172 xso->aon_buf_pos = already_sent;
2173 xso->aon_buf_len = buf_len;
22d53c88
HL		 2174}
2175
cb5c208b 2176static void aon_write_finish(QUIC_XSO *xso)
22d53c88 2177{
cb5c208b
HL		 2178 xso->aon_write_in_progress = 0;
2179 xso->aon_buf_base = NULL;
2180 xso->aon_buf_pos = 0;
2181 xso->aon_buf_len = 0;
22d53c88
HL		 2182}
2183
4847599b 2184QUIC_NEEDS_LOCK
faa3a180 2185static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
22d53c88 2186 size_t len, size_t *written)
e44795bd 2187{
faa3a180 2188 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 2189 const void *actual_buf;
2190 size_t actual_len, actual_written = 0;
2191 int accept_moving_buffer
cb5c208b 2192 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 2193
cb5c208b 2194 if (xso->aon_write_in_progress) {
22d53c88
HL		 2195 /*
2196 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 2197 * manage to append all data to the SSTREAM and we have Enable Partial
2198 * Write (EPW) mode disabled.)
22d53c88 2199 */
cb5c208b
HL		 2200 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2201 || len != xso->aon_buf_len)
22d53c88
HL		 2202 /*
2203 * Pointer must not have changed if we are not in accept moving
2204 * buffer mode. Length must never change.
2205 */
faa3a180 2206 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 2207
cb5c208b
HL		 2208 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2209 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 2210 assert(actual_len > 0);
2211 } else {
2212 actual_buf = buf;
2213 actual_len = len;
2214 }
2215
2216 /* First make a best effort to append as much of the data as possible. */
cb5c208b 2217 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
22d53c88
HL		 2218 &actual_written)) {
2219 /* Stream already finished or allocation error. */
2220 *written = 0;
faa3a180 2221 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2222 }
2223
cb5c208b 2224 quic_post_write(xso, actual_written > 0, 1);
22d53c88
HL		 2225
2226 if (actual_written == actual_len) {
2227 /* We have sent everything. */
cb5c208b 2228 if (xso->aon_write_in_progress) {
22d53c88
HL		 2229 /*
2230 * We have sent everything, and we were in the middle of an AON
2231 * write. The output write length is the total length of the AON
2232 * buffer, not however many bytes we managed to write to the stream
2233 * in this call.
2234 */
cb5c208b
HL		 2235 *written = xso->aon_buf_len;
2236 aon_write_finish(xso);
22d53c88
HL		 2237 } else {
2238 *written = actual_written;
2239 }
2240
2241 return 1;
2242 }
2243
cb5c208b 2244 if (xso->aon_write_in_progress) {
22d53c88
HL		 2245 /*
2246 * AON write is in progress but we have not written everything yet. We
2247 * may have managed to send zero bytes, or some number of bytes less
2248 * than the total remaining which need to be appended during this
2249 * AON operation.
2250 */
cb5c208b
HL		 2251 xso->aon_buf_pos += actual_written;
2252 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 2253 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 2254 }
2255
08e49012 2256 /*
22d53c88
HL		 2257 * Not in an existing AON operation but partial write is not enabled, so we
2258 * need to begin a new AON operation. However we needn't bother if we didn't
2259 * actually append anything.
08e49012 2260 */
22d53c88 2261 if (actual_written > 0)
cb5c208b 2262 aon_write_begin(xso, buf, len, actual_written);
e44795bd 2263
22d53c88
HL		 2264 /*
2265 * AON - We do not publicly admit to having appended anything until AON
2266 * completes.
2267 */
2268 *written = 0;
faa3a180 2269 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 2270}
2271
4847599b 2272QUIC_NEEDS_LOCK
faa3a180 2273static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
22d53c88 2274 size_t *written)
e44795bd 2275{
faa3a180
HL		 2276 QUIC_XSO *xso = ctx->xso;
2277
22d53c88 2278 /* Simple best effort operation. */
cb5c208b 2279 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
22d53c88
HL		 2280 /* Stream already finished or allocation error. */
2281 *written = 0;
faa3a180 2282 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2283 }
2284
cb5c208b 2285 quic_post_write(xso, *written > 0, 1);
e44795bd
TM		 2286 return 1;
2287}
d5ab48a1 2288
abfe3d51
HL		 2289QUIC_NEEDS_LOCK
2290static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2291{
2292 QUIC_STREAM_MAP *qsm;
2293
2294 if (xso == NULL || xso->stream == NULL) {
2295 *err = ERR_R_INTERNAL_ERROR;
2296 return 0;
2297 }
2298
2299 switch (xso->stream->send_state) {
2300 default:
2301 case QUIC_SSTREAM_STATE_NONE:
2302 *err = SSL_R_STREAM_RECV_ONLY;
2303 return 0;
2304
2305 case QUIC_SSTREAM_STATE_READY:
2306 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2307
2308 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2309 *err = ERR_R_INTERNAL_ERROR;
2310 return 0;
2311 }
2312
2313 /* FALLTHROUGH */
2314 case QUIC_SSTREAM_STATE_SEND:
2315 case QUIC_SSTREAM_STATE_DATA_SENT:
2316 case QUIC_SSTREAM_STATE_DATA_RECVD:
2317 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2318 *err = SSL_R_STREAM_FINISHED;
2319 return 0;
2320 }
2321
2322 return 1;
2323
2324 case QUIC_SSTREAM_STATE_RESET_SENT:
2325 case QUIC_SSTREAM_STATE_RESET_RECVD:
2326 *err = SSL_R_STREAM_RESET;
2327 return 0;
2328 }
2329}
2330
a8489257 2331QUIC_TAKES_LOCK
22d53c88 2332int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
d5ab48a1 2333{
a8489257 2334 int ret;
072328dd 2335 QCTX ctx;
abfe3d51 2336 int partial_write, err;
22d53c88
HL		 2337
2338 *written = 0;
2339
a954f761 2340 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
8b7be3aa 2341 return 0;
a8489257 2342
cb5c208b 2343 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 2344
6d6b3a03 2345 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
faa3a180 2346 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 2347 goto out;
2348 }
22d53c88 2349
ca41f6b7
HL		 2350 /*
2351 * If we haven't finished the handshake, try to advance it.
2352 * We don't accept writes until the handshake is completed.
2353 */
faa3a180 2354 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 2355 ret = 0;
2356 goto out;
2357 }
ca41f6b7 2358
abfe3d51
HL		 2359 /* Ensure correct stream state, stream send part not concluded, etc. */
2360 if (!quic_validate_for_write(ctx.xso, &err)) {
2361 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
a8489257
HL		 2362 goto out;
2363 }
22d53c88 2364
33f6ad17
MC		 2365 if (len == 0) {
2366 ret = 1;
2367 goto out;
2368 }
2369
cb5c208b 2370 if (xso_blocking_mode(ctx.xso))
faa3a180 2371 ret = quic_write_blocking(&ctx, buf, len, written);
22d53c88 2372 else if (partial_write)
faa3a180 2373 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
22d53c88 2374 else
faa3a180 2375 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
a8489257
HL		 2376
2377out:
072328dd 2378 quic_unlock(ctx.qc);
a8489257 2379 return ret;
d5ab48a1
RL		 2380}
2381
2382/*
22d53c88
HL		 2383 * SSL_read
2384 * --------
d5ab48a1 2385 */
22d53c88 2386struct quic_read_again_args {
faa3a180 2387 QCTX *ctx;
22d53c88
HL		 2388 QUIC_STREAM *stream;
2389 void *buf;
2390 size_t len;
2391 size_t *bytes_read;
2392 int peek;
2393};
2394
e0bd2825
HL		 2395QUIC_NEEDS_LOCK
2396static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2397{
08d4b7eb 2398 QUIC_STREAM_MAP *qsm;
e0bd2825 2399
5ed3a435
HL		 2400 *eos = 0;
2401
e0bd2825
HL		 2402 if (xso == NULL || xso->stream == NULL) {
2403 *err = ERR_R_INTERNAL_ERROR;
2404 return 0;
2405 }
2406
2407 switch (xso->stream->recv_state) {
2408 default:
2409 case QUIC_RSTREAM_STATE_NONE:
2410 *err = SSL_R_STREAM_SEND_ONLY;
2411 return 0;
2412
2413 case QUIC_RSTREAM_STATE_RECV:
2414 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2415 case QUIC_RSTREAM_STATE_DATA_RECVD:
2416 return 1;
2417
2418 case QUIC_RSTREAM_STATE_DATA_READ:
2419 *eos = 1;
2420 return 0;
2421
2422 case QUIC_RSTREAM_STATE_RESET_RECVD:
08d4b7eb
HL		 2423 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2424 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2425
2426 /* FALLTHROUGH */
e0bd2825
HL		 2427 case QUIC_RSTREAM_STATE_RESET_READ:
2428 *err = SSL_R_STREAM_RESET;
2429 return 0;
2430 }
2431}
2432
4847599b 2433QUIC_NEEDS_LOCK
faa3a180 2434static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 2435 QUIC_STREAM *stream,
2436 void *buf, size_t buf_len,
2437 size_t *bytes_read,
2438 int peek)
d5ab48a1 2439{
e0bd2825 2440 int is_fin = 0, err, eos;
faa3a180 2441 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 2442
e0bd2825
HL		 2443 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2444 if (eos)
2445 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2446 else
2447 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2448 }
2449
22d53c88
HL		 2450 if (peek) {
2451 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2452 bytes_read, &is_fin))
faa3a180 2453 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2454
2455 } else {
2456 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2457 bytes_read, &is_fin))
faa3a180 2458 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2459 }
2460
2461 if (!peek) {
2462 if (*bytes_read > 0) {
2463 /*
2464 * We have read at least one byte from the stream. Inform stream-level
2465 * RXFC of the retirement of controlled bytes. Update the active stream
2466 * status (the RXFC may now want to emit a frame granting more credit to
2467 * the peer).
2468 */
2469 OSSL_RTT_INFO rtt_info;
d50e750e 2470
22d53c88
HL		 2471 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2472
cb5c208b 2473 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 2474 rtt_info.smoothed_rtt))
faa3a180 2475 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2476 }
2477
08d4b7eb
HL		 2478 if (is_fin && !peek) {
2479 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2480
2481 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2482 }
22d53c88
HL		 2483
2484 if (*bytes_read > 0)
2485 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 2486 stream);
22d53c88
HL		 2487 }
2488
72622c0b
MC		 2489 if (*bytes_read == 0 && is_fin)
2490 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2491
d5ab48a1
RL		 2492 return 1;
2493}
2494
4847599b 2495QUIC_NEEDS_LOCK
22d53c88 2496static int quic_read_again(void *arg)
d5ab48a1 2497{
22d53c88
HL		 2498 struct quic_read_again_args *args = arg;
2499
6d6b3a03 2500 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
22d53c88 2501 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2502 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 2503 return -1;
a9979965 2504 }
22d53c88 2505
faa3a180 2506 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 2507 args->buf, args->len, args->bytes_read,
2508 args->peek))
2509 return -1;
2510
2511 if (*args->bytes_read > 0)
2512 /* got at least one byte, the SSL_read op can finish now */
2513 return 1;
2514
81b6b43c 2515 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 2516}
2517
a8489257 2518QUIC_TAKES_LOCK
22d53c88 2519static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 2520{
a8489257 2521 int ret, res;
072328dd 2522 QCTX ctx;
22d53c88
HL		 2523 struct quic_read_again_args args;
2524
2525 *bytes_read = 0;
2526
8b7be3aa 2527 if (!expect_quic(s, &ctx))
22d53c88
HL		 2528 return 0;
2529
a954f761 2530 ctx.in_io = 1;
072328dd 2531 quic_lock(ctx.qc);
a8489257 2532
6d6b3a03 2533 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
faa3a180 2534 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 2535 goto out;
2536 }
22d53c88 2537
a9979965 2538 /* If we haven't finished the handshake, try to advance it. */
faa3a180 2539 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 2540 ret = 0; /* ossl_quic_do_handshake raised error here */
2541 goto out;
2542 }
22d53c88 2543
8b7be3aa
HL		 2544 if (ctx.xso == NULL) {
2545 /*
2546 * Called on a QCSO and we don't currently have a default stream.
2547 *
2548 * Wait until we get a stream initiated by the peer (blocking mode) or
2549 * fail if we don't have one yet (non-blocking mode).
2550 */
faa3a180 2551 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 2552 ret = 0; /* error already raised here */
2553 goto out;
2554 }
2555
2556 ctx.xso = ctx.qc->default_xso;
2557 }
2558
faa3a180 2559 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 2560 ret = 0; /* quic_read_actual raised error here */
2561 goto out;
2562 }
22d53c88
HL		 2563
2564 if (*bytes_read > 0) {
2565 /*
2566 * Even though we succeeded, tick the reactor here to ensure we are
2567 * handling other aspects of the QUIC connection.
2568 */
072328dd 2569 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 2570 ret = 1;
cb5c208b 2571 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 2572 /*
2573 * We were not able to read anything immediately, so our stream
2574 * buffer is empty. This means we need to block until we get
2575 * at least one byte.
2576 */
faa3a180 2577 args.ctx = &ctx;
cb5c208b 2578 args.stream = ctx.xso->stream;
22d53c88
HL		 2579 args.buf = buf;
2580 args.len = len;
2581 args.bytes_read = bytes_read;
2582 args.peek = peek;
2583
072328dd 2584 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 2585 if (res == 0) {
faa3a180 2586 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 2587 goto out;
2588 } else if (res < 0) {
2589 ret = 0; /* quic_read_again raised error here */
2590 goto out;
2591 }
22d53c88 2592
a8489257 2593 ret = 1;
af8b52cf 2594 } else {
780b2527
HL		 2595 /*
2596 * We did not get any bytes and are not in blocking mode.
2597 * Tick to see if this delivers any more.
2598 */
2599 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2600
2601 /* Try the read again. */
2602 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2603 ret = 0; /* quic_read_actual raised error here */
2604 goto out;
2605 }
2606
2607 if (*bytes_read > 0)
2608 ret = 1; /* Succeeded this time. */
2609 else
2610 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2611 }
a8489257
HL		 2612
2613out:
072328dd 2614 quic_unlock(ctx.qc);
a8489257 2615 return ret;
d5ab48a1
RL		 2616}
2617
22d53c88
HL		 2618int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2619{
2620 return quic_read(s, buf, len, bytes_read, 0);
2621}
2622
2623int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2624{
2625 return quic_read(s, buf, len, bytes_read, 1);
2626}
2627
2628/*
2629 * SSL_pending
2630 * -----------
2631 */
9280d26a 2632
a8489257 2633QUIC_TAKES_LOCK
d6e7ebba 2634static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
22d53c88 2635{
072328dd 2636 QCTX ctx;
433d107a 2637 size_t avail = 0;
22d53c88
HL		 2638 int fin = 0;
2639
c31f0612
MC		 2640
2641 if (!expect_quic(s, &ctx))
22d53c88
HL		 2642 return 0;
2643
c31f0612
MC		 2644 quic_lock(ctx.qc);
2645
8ee3ee10 2646 if (ctx.xso == NULL) {
a954f761 2647 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
c31f0612 2648 goto out;
8ee3ee10 2649 }
c31f0612 2650
2f018d14 2651 if (ctx.xso->stream == NULL
8ee3ee10 2652 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
a954f761 2653 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257 2654 goto out;
8ee3ee10 2655 }
22d53c88 2656
cb5c208b 2657 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2658 avail = 0;
22d53c88 2659
d6e7ebba
HL		 2660 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2661 avail = 1;
2662
a8489257 2663out:
072328dd 2664 quic_unlock(ctx.qc);
22d53c88
HL		 2665 return avail;
2666}
2667
560470b5
MC		 2668size_t ossl_quic_pending(const SSL *s)
2669{
d6e7ebba 2670 return ossl_quic_pending_int(s, /*check_channel=*/0);
560470b5
MC		 2671}
2672
072328dd 2673int ossl_quic_has_pending(const SSL *s)
560470b5 2674{
9280d26a 2675 /* Do we have app-side pending data or pending URXEs or RXEs? */
d6e7ebba 2676 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
560470b5
MC		 2677}
2678
a9979965
HL		 2679/*
2680 * SSL_stream_conclude
2681 * -------------------
2682 */
a8489257 2683QUIC_TAKES_LOCK
072328dd 2684int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2685{
072328dd
HL		 2686 QCTX ctx;
2687 QUIC_STREAM *qs;
abfe3d51 2688 int err;
072328dd 2689
a954f761 2690 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
072328dd
HL		 2691 return 0;
2692
cb5c208b 2693 qs = ctx.xso->stream;
a9979965 2694
6d6b3a03 2695 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
072328dd 2696 quic_unlock(ctx.qc);
abfe3d51
HL		 2697 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2698 }
2699
2700 if (!quic_validate_for_write(ctx.xso, &err)) {
2701 quic_unlock(ctx.qc);
2702 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
a8489257
HL		 2703 }
2704
2f018d14 2705 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2706 quic_unlock(ctx.qc);
a9979965 2707 return 1;
a8489257 2708 }
a9979965
HL		 2709
2710 ossl_quic_sstream_fin(qs->sstream);
cb5c208b 2711 quic_post_write(ctx.xso, 1, 1);
072328dd 2712 quic_unlock(ctx.qc);
a9979965
HL		 2713 return 1;
2714}
2715
553a4e00
HL		 2716/*
2717 * SSL_inject_net_dgram
2718 * --------------------
2719 */
5129e594 2720QUIC_TAKES_LOCK
553a4e00
HL		 2721int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2722 size_t buf_len,
2723 const BIO_ADDR *peer,
2724 const BIO_ADDR *local)
2725{
5129e594 2726 int ret;
072328dd 2727 QCTX ctx;
553a4e00
HL		 2728 QUIC_DEMUX *demux;
2729
072328dd 2730 if (!expect_quic(s, &ctx))
553a4e00
HL		 2731 return 0;
2732
072328dd 2733 quic_lock(ctx.qc);
5129e594 2734
072328dd 2735 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2736 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2737
072328dd 2738 quic_unlock(ctx.qc);
5129e594 2739 return ret;
553a4e00
HL		 2740}
2741
020d0389
HL		 2742/*
2743 * SSL_get0_connection
2744 * -------------------
2745 */
2746SSL *ossl_quic_get0_connection(SSL *s)
2747{
2748 QCTX ctx;
2749
2750 if (!expect_quic(s, &ctx))
2751 return NULL;
2752
2753 return &ctx.qc->ssl;
2754}
2755
1bca3f1b
HL		 2756/*
2757 * SSL_get_stream_type
2758 * -------------------
2759 */
2760int ossl_quic_get_stream_type(SSL *s)
2761{
2762 QCTX ctx;
2763
2764 if (!expect_quic(s, &ctx))
59c5c016 2765 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2766
2767 if (ctx.xso == NULL) {
2768 /*
59c5c016
HL		 2769 * If deferred XSO creation has yet to occur, proceed according to the
2770 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2771 * what kind of stream will be created yet, so return BIDI on the basis
2772 * that at this time, the client still has the option of calling
2773 * SSL_read() or SSL_write() first.
1bca3f1b 2774 */
59c5c016
HL		 2775 if (ctx.qc->default_xso_created
2776 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2777 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2778 else
2779 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2780 }
2781
2782 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2783 return SSL_STREAM_TYPE_BIDI;
2784
2785 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2786 return SSL_STREAM_TYPE_READ;
2787 else
2788 return SSL_STREAM_TYPE_WRITE;
2789}
2790
19cb0887
HL		 2791/*
2792 * SSL_get_stream_id
2793 * -----------------
2794 */
cb68ce9f 2795QUIC_TAKES_LOCK
19cb0887
HL		 2796uint64_t ossl_quic_get_stream_id(SSL *s)
2797{
2798 QCTX ctx;
8b7be3aa 2799 uint64_t id;
19cb0887 2800
a954f761 2801 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
19cb0887
HL		 2802 return UINT64_MAX;
2803
8b7be3aa
HL		 2804 id = ctx.xso->stream->id;
2805 quic_unlock(ctx.qc);
2806
2807 return id;
2808}
2809
2810/*
2811 * SSL_set_default_stream_mode
2812 * ---------------------------
2813 */
cb68ce9f 2814QUIC_TAKES_LOCK
8b7be3aa
HL		 2815int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2816{
2817 QCTX ctx;
2818
a954f761 2819 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
8b7be3aa
HL		 2820 return 0;
2821
2822 quic_lock(ctx.qc);
2823
4669a3d7
HL		 2824 if (ctx.qc->default_xso_created) {
2825 quic_unlock(ctx.qc);
a954f761 2826 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 2827 "too late to change default stream mode");
4669a3d7 2828 }
8b7be3aa
HL		 2829
2830 switch (mode) {
2831 case SSL_DEFAULT_STREAM_MODE_NONE:
2832 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2833 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2834 ctx.qc->default_stream_mode = mode;
2835 break;
2836 default:
2837 quic_unlock(ctx.qc);
a954f761 2838 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 2839 "bad default stream type");
8b7be3aa
HL		 2840 }
2841
2842 quic_unlock(ctx.qc);
2843 return 1;
2844}
2845
2846/*
2847 * SSL_detach_stream
2848 * -----------------
2849 */
cb68ce9f 2850QUIC_TAKES_LOCK
8b7be3aa
HL		 2851SSL *ossl_quic_detach_stream(SSL *s)
2852{
2853 QCTX ctx;
9cab4bd5 2854 QUIC_XSO *xso = NULL;
8b7be3aa 2855
a954f761 2856 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
8b7be3aa
HL		 2857 return NULL;
2858
2859 quic_lock(ctx.qc);
2860
8b7be3aa 2861 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 2862 /* QC ref to any default XSO is transferred to us and to caller. */
2863 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 2864
2865 quic_unlock(ctx.qc);
2866
9cab4bd5 2867 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 2868}
2869
2870/*
2871 * SSL_attach_stream
2872 * -----------------
2873 */
cb68ce9f 2874QUIC_TAKES_LOCK
8b7be3aa
HL		 2875int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2876{
2877 QCTX ctx;
9cab4bd5
HL		 2878 QUIC_XSO *xso;
2879 int nref;
8b7be3aa 2880
a954f761 2881 if (!expect_quic_conn_only(conn, /*io=*/0, &ctx))
8b7be3aa
HL		 2882 return 0;
2883
2884 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
a954f761 2885 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8ee3ee10 2886 "stream to attach must be a valid QUIC stream");
8b7be3aa 2887
9cab4bd5
HL		 2888 xso = (QUIC_XSO *)stream;
2889
8b7be3aa
HL		 2890 quic_lock(ctx.qc);
2891
2892 if (ctx.qc->default_xso != NULL) {
2893 quic_unlock(ctx.qc);
a954f761 2894 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 2895 "connection already has a default stream");
8b7be3aa
HL		 2896 }
2897
9cab4bd5
HL		 2898 /*
2899 * It is a caller error for the XSO being attached as a default XSO to have
2900 * more than one ref.
2901 */
4eecc6aa 2902 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
9cab4bd5 2903 quic_unlock(ctx.qc);
a954f761 2904 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
8ee3ee10 2905 "ref");
9cab4bd5
HL		 2906 }
2907
2908 if (nref != 1) {
2909 quic_unlock(ctx.qc);
a954f761 2910 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10
TM		 2911 "stream being attached must have "
2912 "only 1 reference");
9cab4bd5
HL		 2913 }
2914
2915 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 2916 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 2917 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 2918
2919 quic_unlock(ctx.qc);
2920 return 1;
19cb0887
HL		 2921}
2922
8a90df34 2923/*
83df44ae
HL		 2924 * SSL_set_incoming_stream_policy
2925 * ------------------------------
8a90df34 2926 */
995ff282 2927QUIC_NEEDS_LOCK
83df44ae 2928static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 2929{
83df44ae
HL		 2930 switch (qc->incoming_stream_policy) {
2931 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 2932 if ((qc->default_xso == NULL && !qc->default_xso_created)
2933 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 2934 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 2935 else
83df44ae 2936 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 2937
2938 default:
83df44ae 2939 return qc->incoming_stream_policy;
995ff282
HL		 2940 }
2941}
2942
2943QUIC_NEEDS_LOCK
2944static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2945{
83df44ae
HL		 2946 int policy = qc_get_effective_incoming_stream_policy(qc);
2947 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 2948
2949 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2950 enable_reject,
83df44ae 2951 qc->incoming_stream_aec);
995ff282
HL		 2952}
2953
cb68ce9f 2954QUIC_TAKES_LOCK
83df44ae
HL		 2955int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2956 uint64_t aec)
8a90df34
HL		 2957{
2958 int ret = 1;
2959 QCTX ctx;
2960
a954f761 2961 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
8a90df34
HL		 2962 return 0;
2963
2964 quic_lock(ctx.qc);
2965
2966 switch (policy) {
83df44ae
HL		 2967 case SSL_INCOMING_STREAM_POLICY_AUTO:
2968 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2969 case SSL_INCOMING_STREAM_POLICY_REJECT:
2970 ctx.qc->incoming_stream_policy = policy;
2971 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 2972 break;
2973
2974 default:
a954f761 2975 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
8a90df34
HL		 2976 ret = 0;
2977 break;
2978 }
2979
995ff282 2980 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 2981 quic_unlock(ctx.qc);
2982 return ret;
2983}
2984
cb68ce9f
HL		 2985/*
2986 * SSL_accept_stream
2987 * -----------------
2988 */
cb68ce9f 2989struct wait_for_incoming_stream_args {
faa3a180 2990 QCTX *ctx;
cb68ce9f
HL		 2991 QUIC_STREAM *qs;
2992};
2993
2994QUIC_NEEDS_LOCK
2995static int wait_for_incoming_stream(void *arg)
2996{
2997 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 2998 QUIC_CONNECTION *qc = args->ctx->qc;
2999 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 3000
6d6b3a03 3001 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
cb68ce9f 3002 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 3003 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 3004 return -1;
3005 }
3006
3007 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3008 if (args->qs != NULL)
3009 return 1; /* got a stream */
3010
3011 return 0; /* did not get a stream, keep trying */
3012}
3013
3014QUIC_TAKES_LOCK
3015SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3016{
3017 QCTX ctx;
3018 int ret;
3019 SSL *new_s = NULL;
3020 QUIC_STREAM_MAP *qsm;
3021 QUIC_STREAM *qs;
3022 QUIC_XSO *xso;
90cecc40 3023 OSSL_RTT_INFO rtt_info;
cb68ce9f 3024
a954f761 3025 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
cb68ce9f
HL		 3026 return NULL;
3027
3028 quic_lock(ctx.qc);
3029
83df44ae 3030 if (qc_get_effective_incoming_stream_policy(ctx.qc)
8ee3ee10 3031 == SSL_INCOMING_STREAM_POLICY_REJECT) {
a954f761 3032 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
cb68ce9f 3033 goto out;
8ee3ee10 3034 }
cb68ce9f
HL		 3035
3036 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3037
3038 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3039 if (qs == NULL) {
3040 if (qc_blocking_mode(ctx.qc)
3041 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3042 struct wait_for_incoming_stream_args args;
3043
faa3a180 3044 args.ctx = &ctx;
cb68ce9f
HL		 3045 args.qs = NULL;
3046
3047 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3048 if (ret == 0) {
faa3a180 3049 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 3050 goto out;
3051 } else if (ret < 0 || args.qs == NULL) {
3052 goto out;
3053 }
3054
3055 qs = args.qs;
3056 } else {
3057 goto out;
3058 }
3059 }
3060
3061 xso = create_xso_from_stream(ctx.qc, qs);
3062 if (xso == NULL)
3063 goto out;
3064
90cecc40
HL		 3065 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3066 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3067 rtt_info.smoothed_rtt);
cb68ce9f
HL		 3068 new_s = &xso->ssl;
3069
3070 /* Calling this function inhibits default XSO autocreation. */
995ff282 3071 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 3072
3073out:
3074 quic_unlock(ctx.qc);
3075 return new_s;
3076}
3077
3078/*
3079 * SSL_get_accept_stream_queue_len
3080 * -------------------------------
3081 */
3082QUIC_TAKES_LOCK
3083size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3084{
3085 QCTX ctx;
3086 size_t v;
3087
a954f761 3088 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
cb68ce9f
HL		 3089 return 0;
3090
3091 quic_lock(ctx.qc);
3092
3093 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3094
3095 quic_unlock(ctx.qc);
3096 return v;
3097}
3098
c3a04ea2
HL		 3099/*
3100 * SSL_stream_reset
3101 * ----------------
3102 */
3103int ossl_quic_stream_reset(SSL *ssl,
3104 const SSL_STREAM_RESET_ARGS *args,
3105 size_t args_len)
3106{
3107 QCTX ctx;
3108 QUIC_STREAM_MAP *qsm;
3109 QUIC_STREAM *qs;
3110 uint64_t error_code;
e0bd2825 3111 int ok, err;
c3a04ea2 3112
a954f761 3113 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
c3a04ea2
HL		 3114 return 0;
3115
3116 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3117 qs = ctx.xso->stream;
3118 error_code = (args != NULL ? args->quic_error_code : 0);
3119
1d547f8f
HL		 3120 if (!quic_validate_for_write(ctx.xso, &err)) {
3121 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3122 goto err;
3123 }
e0bd2825 3124
2f018d14 3125 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
c3a04ea2 3126
1d547f8f 3127err:
c3a04ea2 3128 quic_unlock(ctx.qc);
2f018d14 3129 return ok;
c3a04ea2
HL		 3130}
3131
3132/*
3133 * SSL_get_stream_read_state
3134 * -------------------------
3135 */
3136static void quic_classify_stream(QUIC_CONNECTION *qc,
3137 QUIC_STREAM *qs,
3138 int is_write,
3139 int *state,
3140 uint64_t *app_error_code)
3141{
3142 int local_init;
3143 uint64_t final_size;
3144
3145 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3146
3147 if (app_error_code != NULL)
3148 *app_error_code = UINT64_MAX;
3149 else
3150 app_error_code = &final_size; /* throw away value */
3151
3152 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3153 /*
3154 * Unidirectional stream and this direction of transmission doesn't
3155 * exist.
3156 */
3157 *state = SSL_STREAM_STATE_WRONG_DIR;
3158 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3159 /* Connection already closed. */
3160 *state = SSL_STREAM_STATE_CONN_CLOSED;
5ed3a435 3161 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
c3a04ea2
HL		 3162 /* Application has read a FIN. */
3163 *state = SSL_STREAM_STATE_FINISHED;
3164 } else if ((!is_write && qs->stop_sending)
2f018d14 3165 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
c3a04ea2
HL		 3166 /*
3167 * Stream has been reset locally. FIN takes precedence over this for the
3168 * read case as the application need not care if the stream is reset
3169 * after a FIN has been successfully processed.
3170 */
3171 *state = SSL_STREAM_STATE_RESET_LOCAL;
3172 *app_error_code = !is_write
3173 ? qs->stop_sending_aec
3174 : qs->reset_stream_aec;
2f018d14 3175 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
c3a04ea2
HL		 3176 || (is_write && qs->peer_stop_sending)) {
3177 /*
3178 * Stream has been reset remotely. */
3179 *state = SSL_STREAM_STATE_RESET_REMOTE;
3180 *app_error_code = !is_write
3181 ? qs->peer_reset_stream_aec
3182 : qs->peer_stop_sending_aec;
3183 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3184 &final_size)) {
3185 /*
3186 * Stream has been finished. Stream reset takes precedence over this for
3187 * the write case as peer may not have received all data.
3188 */
3189 *state = SSL_STREAM_STATE_FINISHED;
3190 } else {
3191 /* Stream still healthy. */
3192 *state = SSL_STREAM_STATE_OK;
3193 }
3194}
3195
3196static int quic_get_stream_state(SSL *ssl, int is_write)
3197{
3198 QCTX ctx;
3199 int state;
3200
a954f761 3201 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
c3a04ea2
HL		 3202 return SSL_STREAM_STATE_NONE;
3203
3204 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3205 quic_unlock(ctx.qc);
3206 return state;
3207}
3208
3209int ossl_quic_get_stream_read_state(SSL *ssl)
3210{
3211 return quic_get_stream_state(ssl, /*is_write=*/0);
3212}
3213
3214/*
3215 * SSL_get_stream_write_state
3216 * --------------------------
3217 */
3218int ossl_quic_get_stream_write_state(SSL *ssl)
3219{
3220 return quic_get_stream_state(ssl, /*is_write=*/1);
3221}
3222
3223/*
3224 * SSL_get_stream_read_error_code
3225 * ------------------------------
3226 */
3227static int quic_get_stream_error_code(SSL *ssl, int is_write,
3228 uint64_t *app_error_code)
3229{
3230 QCTX ctx;
3231 int state;
3232
a954f761 3233 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
c3a04ea2
HL		 3234 return -1;
3235
3236 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3237 &state, app_error_code);
3238
3239 quic_unlock(ctx.qc);
3240 switch (state) {
3241 case SSL_STREAM_STATE_FINISHED:
3242 return 0;
3243 case SSL_STREAM_STATE_RESET_LOCAL:
3244 case SSL_STREAM_STATE_RESET_REMOTE:
3245 return 1;
3246 default:
3247 return -1;
3248 }
3249}
3250
3251int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3252{
3253 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3254}
3255
3256/*
3257 * SSL_get_stream_write_error_code
3258 * -------------------------------
3259 */
3260int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3261{
3262 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3263}
3264
3415677e
HL		 3265/*
3266 * Write buffer size mutation
3267 * --------------------------
3268 */
3269int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3270{
3271 int ret = 0;
3272 QCTX ctx;
3273
a954f761 3274 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3415677e
HL		 3275 return 0;
3276
96014840 3277 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3415677e 3278 /* Called on a unidirectional receive-only stream - error. */
a954f761 3279 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3415677e 3280 goto out;
96014840 3281 }
3415677e
HL		 3282
3283 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3284 /*
3285 * If the stream has a send part but we have disposed of it because we
3286 * no longer need it, this is a no-op.
3287 */
3288 ret = 1;
3289 goto out;
3290 }
3291
96014840 3292 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
a954f761 3293 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3415677e 3294 goto out;
96014840 3295 }
3415677e
HL		 3296
3297 ret = 1;
3298
3299out:
3300 quic_unlock(ctx.qc);
3301 return ret;
3302}
3303
c3a04ea2
HL		 3304/*
3305 * SSL_get_conn_close_info
3306 * -----------------------
3307 */
3308int ossl_quic_get_conn_close_info(SSL *ssl,
3309 SSL_CONN_CLOSE_INFO *info,
3310 size_t info_len)
3311{
3312 QCTX ctx;
3313 const QUIC_TERMINATE_CAUSE *tc;
3314
a954f761 3315 if (!expect_quic_conn_only(ssl, /*io=*/0, &ctx))
c3a04ea2
HL		 3316 return -1;
3317
3318 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3319 if (tc == NULL)
3320 return 0;
3321
3322 info->error_code = tc->error_code;
40c8c756
HL		 3323 info->reason = tc->reason;
3324 info->reason_len = tc->reason_len;
c3a04ea2
HL		 3325 info->is_local = !tc->remote;
3326 info->is_transport = !tc->app;
3327 return 1;
3328}
3329
2525109f
HL		 3330/*
3331 * SSL_key_update
3332 * --------------
3333 */
3334int ossl_quic_key_update(SSL *ssl, int update_type)
3335{
3336 QCTX ctx;
3337
a954f761 3338 if (!expect_quic_conn_only(ssl, /*io=*/0, &ctx))
2525109f
HL		 3339 return 0;
3340
3341 switch (update_type) {
3342 case SSL_KEY_UPDATE_NOT_REQUESTED:
3343 /*
3344 * QUIC signals peer key update implicily by triggering a local
3345 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3346 */
3347 case SSL_KEY_UPDATE_REQUESTED:
3348 break;
3349
3350 default:
a954f761 3351 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
2525109f
HL		 3352 return 0;
3353 }
3354
3355 quic_lock(ctx.qc);
3356
3357 /* Attempt to perform a TXKU. */
3358 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
a954f761 3359 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
2525109f
HL		 3360 quic_unlock(ctx.qc);
3361 return 0;
3362 }
3363
3364 quic_unlock(ctx.qc);
3365 return 1;
3366}
3367
3368/*
3369 * SSL_get_key_update_type
3370 * -----------------------
3371 */
3372int ossl_quic_get_key_update_type(const SSL *s)
3373{
3374 /*
3375 * We always handle key updates immediately so a key update is never
3376 * pending.
3377 */
3378 return SSL_KEY_UPDATE_NONE;
3379}
3380
22d53c88
HL		 3381/*
3382 * QUIC Front-End I/O API: SSL_CTX Management
3383 * ==========================================
3384 */
3385
3386long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3387{
3388 switch (cmd) {
3389 default:
8a1a6d6d 3390 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 3391 }
3392}
3393
3394long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3395{
63dfde87
MC		 3396 QCTX ctx;
3397
a954f761 3398 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
63dfde87
MC		 3399 return 0;
3400
3401 switch (cmd) {
3402 case SSL_CTRL_SET_MSG_CALLBACK:
5cf99b40
MC		 3403 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3404 &ctx.qc->ssl);
63dfde87
MC		 3405 /* This callback also needs to be set on the internal SSL object */
3406 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3407
3408 default:
3409 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3410 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3411 }
22d53c88
HL		 3412}
3413
3414long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3415{
8a1a6d6d 3416 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 3417}
3418
3419int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3420{
3421 /* We never do renegotiation. */
3422 return 0;
3423}
3424
3425/*
d518854c
MC		 3426 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3427 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 3428 */
22d53c88
HL		 3429
3430int ossl_quic_num_ciphers(void)
3431{
d518854c 3432 return 0;
22d53c88
HL		 3433}
3434
3435const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3436{
d518854c 3437 return NULL;
d5ab48a1 3438}
16f3b542
HL		 3439
3440/*
3441 * Internal Testing APIs
3442 * =====================
3443 */
3444
3445QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3446{
3447 QCTX ctx;
3448
a954f761 3449 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
16f3b542
HL		 3450 return NULL;
3451
3452 return ctx.qc->ch;
3453}
A mirror of the official openssl repository