]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
THREADING: Make CRYPTO_MUTEX and CRYPTO_CONDVAR typesafe
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
CommitLineData
99e1cc7b 1/*
da1c088f 2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
99e1cc7b
TM		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/macros.h>
11#include <openssl/objects.h>
22d53c88
HL		 12#include <openssl/sslerr.h>
13#include <crypto/rand.h>
99e1cc7b 14#include "quic_local.h"
2723d705 15#include "internal/quic_tls.h"
22d53c88
HL		 16#include "internal/quic_rx_depack.h"
17#include "internal/quic_error.h"
22739cc3 18#include "internal/quic_engine.h"
f7671012 19#include "internal/quic_port.h"
22d53c88 20#include "internal/time.h"
99e1cc7b 21
faa3a180
HL		 22typedef struct qctx_st QCTX;
23
cb5c208b 24static void aon_write_finish(QUIC_XSO *xso);
23c04709 25static int create_channel(QUIC_CONNECTION *qc);
21c80696 26static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
faa3a180
HL		 27static int qc_try_create_default_xso_for_write(QCTX *ctx);
28static int qc_wait_for_default_xso_for_read(QCTX *ctx);
8b7be3aa
HL		 29static void quic_lock(QUIC_CONNECTION *qc);
30static void quic_unlock(QUIC_CONNECTION *qc);
72ca0b88 31static void quic_lock_for_io(QCTX *ctx);
faa3a180 32static int quic_do_handshake(QCTX *ctx);
995ff282
HL		 33static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
9cab4bd5
HL		 36static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
faa3a180 38static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
abfe3d51 39static int quic_validate_for_write(QUIC_XSO *xso, int *err);
6d6b3a03 40static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
51e671e2
HL		 41static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42static int xso_blocking_mode(const QUIC_XSO *xso);
22d53c88
HL		 43
44/*
45 * QUIC Front-End I/O API: Common Utilities
46 * ========================================
47 */
48
49/*
50 * Block until a predicate is met.
51 *
52 * Precondition: Must have a channel.
d7b1fadd 53 * Precondition: Must hold channel lock (unchecked).
22d53c88 54 */
d7b1fadd 55QUIC_NEEDS_LOCK
22d53c88
HL		 56static int block_until_pred(QUIC_CONNECTION *qc,
57 int (*pred)(void *arg), void *pred_arg,
58 uint32_t flags)
59{
60 QUIC_REACTOR *rtor;
61
62 assert(qc->ch != NULL);
63
cae02d2b
HL		 64 /*
65 * Any attempt to block auto-disables tick inhibition as otherwise we will
66 * hang around forever.
67 */
22739cc3 68 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
cae02d2b 69
22d53c88 70 rtor = ossl_quic_channel_get_reactor(qc->ch);
c019e1ef 71 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
4847599b 72 qc->mutex);
22d53c88
HL		 73}
74
e3e9794a
HL		 75static OSSL_TIME get_time(QUIC_CONNECTION *qc)
76{
77 if (qc->override_now_cb != NULL)
78 return qc->override_now_cb(qc->override_now_cb_arg);
79 else
80 return ossl_time_now();
81}
82
83static OSSL_TIME get_time_cb(void *arg)
84{
85 QUIC_CONNECTION *qc = arg;
86
87 return get_time(qc);
88}
89
faa3a180
HL		 90/*
91 * QCTX is a utility structure which provides information we commonly wish to
92 * unwrap upon an API call being dispatched to us, namely:
93 *
94 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
95 * was passed);
96 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
97 * a QCSO with a default stream was passed);
98 * - whether a QSSO was passed (xso == NULL must not be used to determine this
99 * because it may be non-NULL when a QCSO is passed if that QCSO has a
a954f761
HL		 100 * default stream);
101 * - whether we are in "I/O context", meaning that non-normal errors can
102 * be reported via SSL_get_error() as well as via ERR. Functions such as
103 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
104 * functions which are allowed to change the value returned by
105 * SSL_get_error. However, other functions (including functions which call
106 * SSL_do_handshake() implicitly) are not allowed to change the return value
107 * of SSL_get_error.
faa3a180
HL		 108 */
109struct qctx_st {
110 QUIC_CONNECTION *qc;
111 QUIC_XSO *xso;
a954f761 112 int is_stream, in_io;
faa3a180
HL		 113};
114
72ca0b88
HL		 115QUIC_NEEDS_LOCK
116static void quic_set_last_error(QCTX *ctx, int last_error)
117{
118 if (!ctx->in_io)
119 return;
120
121 if (ctx->is_stream && ctx->xso != NULL)
122 ctx->xso->last_error = last_error;
123 else if (!ctx->is_stream && ctx->qc != NULL)
124 ctx->qc->last_error = last_error;
125}
126
22d53c88
HL		 127/*
128 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
faa3a180
HL		 129 * rather than via ERR. Note that normal errors must always be raised while
130 * holding a lock.
22d53c88 131 */
faa3a180
HL		 132QUIC_NEEDS_LOCK
133static int quic_raise_normal_error(QCTX *ctx,
22d53c88
HL		 134 int err)
135{
72ca0b88
HL		 136 assert(ctx->in_io);
137 quic_set_last_error(ctx, err);
faa3a180 138
22d53c88
HL		 139 return 0;
140}
141
142/*
143 * Raise a 'non-normal' error, meaning any error that is not reported via
144 * SSL_get_error() and must be reported via ERR.
e88cdb8e
HL		 145 *
146 * qc should be provided if available. In exceptional circumstances when qc is
147 * not known NULL may be passed. This should generally only happen when an
148 * expect_...() function defined below fails, which generally indicates a
149 * dispatch error or caller error.
faa3a180
HL		 150 *
151 * ctx should be NULL if the connection lock is not held.
22d53c88 152 */
a954f761 153static int quic_raise_non_normal_error(QCTX *ctx,
22d53c88
HL		 154 const char *file,
155 int line,
156 const char *func,
157 int reason,
158 const char *fmt,
159 ...)
160{
161 va_list args;
162
faa3a180 163 if (ctx != NULL) {
72ca0b88 164 quic_set_last_error(ctx, SSL_ERROR_SSL);
9c3ea4e1
TM		 165
166 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
167 ossl_quic_channel_restore_err_state(ctx->qc->ch);
faa3a180 168 }
e88cdb8e 169
9c3ea4e1
TM		 170 ERR_new();
171 ERR_set_debug(file, line, func);
172
173 va_start(args, fmt);
174 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
175 va_end(args);
176
22d53c88
HL		 177 return 0;
178}
179
faa3a180
HL		 180#define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
181 quic_raise_normal_error((ctx), (err))
22d53c88 182
faa3a180 183#define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
a954f761 184 quic_raise_non_normal_error((ctx), \
22d53c88
HL		 185 OPENSSL_FILE, OPENSSL_LINE, \
186 OPENSSL_FUNC, \
187 (reason), \
188 (msg))
189
e88cdb8e
HL		 190/*
191 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
192 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
193 *
194 * After this returns 1, all fields of the passed QCTX are initialised.
195 * Returns 0 on failure. This function is intended to be used to provide API
196 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
22d53c88 197 */
e88cdb8e 198static int expect_quic(const SSL *s, QCTX *ctx)
22d53c88 199{
e88cdb8e
HL		 200 QUIC_CONNECTION *qc;
201 QUIC_XSO *xso;
202
203 ctx->qc = NULL;
204 ctx->xso = NULL;
205 ctx->is_stream = 0;
206
207 if (s == NULL)
a954f761 208 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
22d53c88 209
e88cdb8e
HL		 210 switch (s->type) {
211 case SSL_TYPE_QUIC_CONNECTION:
212 qc = (QUIC_CONNECTION *)s;
213 ctx->qc = qc;
cb5c208b 214 ctx->xso = qc->default_xso;
e88cdb8e 215 ctx->is_stream = 0;
a954f761 216 ctx->in_io = 0;
e88cdb8e
HL		 217 return 1;
218
219 case SSL_TYPE_QUIC_XSO:
220 xso = (QUIC_XSO *)s;
cb5c208b 221 ctx->qc = xso->conn;
e88cdb8e
HL		 222 ctx->xso = xso;
223 ctx->is_stream = 1;
a954f761 224 ctx->in_io = 0;
e88cdb8e
HL		 225 return 1;
226
227 default:
a954f761 228 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
e88cdb8e
HL		 229 }
230}
231
232/*
233 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
234 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
235 * stream.
21c80696
HL		 236 *
237 * remote_init determines if we expect the default XSO to be remotely created or
238 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
8b7be3aa
HL		 239 *
240 * Channel mutex is acquired and retained on success.
e88cdb8e 241 */
8b7be3aa
HL		 242QUIC_ACQUIRES_LOCK
243static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
a954f761 244 int in_io, QCTX *ctx)
e88cdb8e
HL		 245{
246 if (!expect_quic(s, ctx))
247 return 0;
248
72ca0b88
HL		 249 if (in_io)
250 quic_lock_for_io(ctx);
251 else
252 quic_lock(ctx->qc);
8b7be3aa 253
21c80696 254 if (ctx->xso == NULL && remote_init >= 0) {
6d6b3a03 255 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
faa3a180 256 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 257 goto err;
258 }
259
260 /* If we haven't finished the handshake, try to advance it. */
faa3a180 261 if (quic_do_handshake(ctx) < 1)
8b7be3aa
HL		 262 /* ossl_quic_do_handshake raised error here */
263 goto err;
264
265 if (remote_init == 0) {
faa3a180 266 if (!qc_try_create_default_xso_for_write(ctx))
8b7be3aa
HL		 267 goto err;
268 } else {
faa3a180 269 if (!qc_wait_for_default_xso_for_read(ctx))
8b7be3aa
HL		 270 goto err;
271 }
272
21c80696
HL		 273 ctx->xso = ctx->qc->default_xso;
274 }
275
8b7be3aa 276 if (ctx->xso == NULL) {
a954f761 277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 278 goto err;
279 }
280
23406e30 281 return 1; /* coverity[missing_unlock]: lock held */
e88cdb8e 282
8b7be3aa
HL		 283err:
284 quic_unlock(ctx->qc);
285 return 0;
e88cdb8e 286}
22d53c88 287
e88cdb8e
HL		 288/*
289 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
290 * be non-NULL if the QCSO has a default stream.
291 */
56df4cf2 292static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
e88cdb8e
HL		 293{
294 if (!expect_quic(s, ctx))
295 return 0;
296
297 if (ctx->is_stream)
a954f761 298 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
e88cdb8e
HL		 299
300 return 1;
22d53c88
HL		 301}
302
4847599b
HL		 303/*
304 * Ensures that the channel mutex is held for a method which touches channel
305 * state.
306 *
307 * Precondition: Channel mutex is not held (unchecked)
308 */
20f45743 309static void quic_lock(QUIC_CONNECTION *qc)
4847599b 310{
629b408c 311#if defined(OPENSSL_THREADS)
ffce2946 312 ossl_crypto_mutex_lock(qc->mutex);
629b408c 313#endif
4847599b
HL		 314}
315
72ca0b88
HL		 316static void quic_lock_for_io(QCTX *ctx)
317{
318 quic_lock(ctx->qc);
319 ctx->in_io = 1;
320
321 /*
322 * We are entering an I/O function so we must update the values returned by
323 * SSL_get_error and SSL_want. Set no error. This will be overridden later
324 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
325 * occurs during the API call.
326 */
327 quic_set_last_error(ctx, SSL_ERROR_NONE);
328}
329
4847599b
HL		 330/* Precondition: Channel mutex is held (unchecked) */
331QUIC_NEEDS_LOCK
332static void quic_unlock(QUIC_CONNECTION *qc)
333{
629b408c 334#if defined(OPENSSL_THREADS)
ffce2946 335 ossl_crypto_mutex_unlock(qc->mutex);
629b408c 336#endif
4847599b
HL		 337}
338
6d6b3a03
HL		 339/*
340 * This predicate is the criterion which should determine API call rejection for
341 * *most* mutating API calls, particularly stream-related operations for send
342 * parts.
343 *
344 * A call is rejected (this function returns 0) if shutdown is in progress
345 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
346 * req_active=1, the connection must be active (i.e., the IDLE state is also
347 * rejected).
348 */
349static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
350{
351 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
352 return 0;
353
354 if (req_active && !ossl_quic_channel_is_active(qc->ch))
355 return 0;
356
357 return 1;
358}
4847599b 359
22d53c88
HL		 360/*
361 * QUIC Front-End I/O API: Initialization
362 * ======================================
363 *
364 * SSL_new => ossl_quic_new
365 * ossl_quic_init
366 * SSL_reset => ossl_quic_reset
367 * SSL_clear => ossl_quic_clear
368 * ossl_quic_deinit
369 * SSL_free => ossl_quic_free
370 *
f0d9757c
HL		 371 * SSL_set_options => ossl_quic_set_options
372 * SSL_get_options => ossl_quic_get_options
373 * SSL_clear_options => ossl_quic_clear_options
374 *
22d53c88
HL		 375 */
376
377/* SSL_new */
38b051a1
TM		 378SSL *ossl_quic_new(SSL_CTX *ctx)
379{
22d53c88
HL		 380 QUIC_CONNECTION *qc = NULL;
381 SSL *ssl_base = NULL;
a7f41885 382 SSL_CONNECTION *sc = NULL;
38b051a1
TM		 383
384 qc = OPENSSL_zalloc(sizeof(*qc));
8ee3ee10 385 if (qc == NULL) {
a954f761 386 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
0e2e4b3e 387 return NULL;
8ee3ee10 388 }
55936eee
TM		 389#if defined(OPENSSL_THREADS)
390 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
391 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
392 goto err;
393 }
394#endif
38b051a1 395
22d53c88
HL		 396 /* Initialise the QUIC_CONNECTION's stub header. */
397 ssl_base = &qc->ssl;
a7f41885 398 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
22d53c88 399 ssl_base = NULL;
a954f761 400 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
38b051a1
TM		 401 goto err;
402 }
38b051a1 403
4e3a55fd 404 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
8ee3ee10 405 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
a954f761 406 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
8ee3ee10
TM		 407 goto err;
408 }
f0d9757c 409
43788fb3 410 /* override the user_ssl of the inner connection */
f082205b 411 sc->s3.flags |= TLS1_FLAGS_QUIC;
a7f41885 412
f0d9757c 413 /* Restrict options derived from the SSL_CTX. */
db2f98c4 414 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
6e5550a1 415 sc->pha_enabled = 0;
f0d9757c 416
629b408c 417#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
f2f7c4f1
HL		 418 qc->is_thread_assisted
419 = (ssl_base->method == OSSL_QUIC_client_thread_method());
629b408c 420#endif
f2f7c4f1 421
44cb36d0 422 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
dfb9ae14
HL		 423 qc->as_server_state = qc->as_server;
424
8b7be3aa 425 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
21c80696 426 qc->default_ssl_mode = qc->ssl.ctx->mode;
db2f98c4 427 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
51e671e2
HL		 428 qc->desires_blocking = 1;
429 qc->blocking = 0;
83df44ae 430 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
21c80696 431 qc->last_error = SSL_ERROR_NONE;
a7f41885 432
23c04709
HL		 433 if (!create_channel(qc))
434 goto err;
435
5cf99b40
MC		 436 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
437 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
438
995ff282
HL		 439 qc_update_reject_policy(qc);
440
21c80696
HL		 441 /*
442 * We do not create the default XSO yet. The reason for this is that the
443 * stream ID of the default XSO will depend on whether the stream is client
444 * or server-initiated, which depends on who transmits first. Since we do
445 * not know whether the application will be using a client-transmits-first
446 * or server-transmits-first protocol, we defer default XSO creation until
447 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
448 * we take that as a cue that the client is expecting a server-initiated
449 * stream, and vice versa if SSL_write() is called first.
450 */
22d53c88
HL		 451 return ssl_base;
452
38b051a1 453err:
55936eee 454 if (ssl_base == NULL) {
629b408c 455#if defined(OPENSSL_THREADS)
62cb7c81 456 ossl_crypto_mutex_free(&qc->mutex);
629b408c 457#endif
55936eee
TM		 458 OPENSSL_free(qc);
459 } else {
460 SSL_free(ssl_base);
2dbc39de 461 }
38b051a1
TM		 462 return NULL;
463}
464
22d53c88 465/* SSL_free */
a8489257 466QUIC_TAKES_LOCK
22d53c88
HL		 467void ossl_quic_free(SSL *s)
468{
072328dd 469 QCTX ctx;
9cab4bd5 470 int is_default;
22d53c88 471
072328dd
HL		 472 /* We should never be called on anything but a QSO. */
473 if (!expect_quic(s, &ctx))
22d53c88
HL		 474 return;
475
22b1a96f
HL		 476 quic_lock(ctx.qc);
477
2dbc39de
HL		 478 if (ctx.is_stream) {
479 /*
480 * When a QSSO is freed, the XSO is freed immediately, because the XSO
481 * itself only contains API personality layer data. However the
482 * underlying QUIC_STREAM is not freed immediately but is instead marked
483 * as deleted for later collection.
484 */
485
2dbc39de
HL		 486 assert(ctx.qc->num_xso > 0);
487 --ctx.qc->num_xso;
488
9aaafc26 489 /* If a stream's send part has not been finished, auto-reset it. */
2f018d14
HL		 490 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
491 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
9aaafc26
HL		 492 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
493 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
494 ctx.xso->stream, 0);
2dbc39de 495
9aaafc26 496 /* Do STOP_SENDING for the receive part, if applicable. */
2f018d14
HL		 497 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
498 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
9aaafc26
HL		 499 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
500 ctx.xso->stream, 0);
f20fdd16
HL		 501
502 /* Update stream state. */
9aaafc26
HL		 503 ctx.xso->stream->deleted = 1;
504 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
f20fdd16
HL		 505 ctx.xso->stream);
506
9cab4bd5 507 is_default = (ctx.xso == ctx.qc->default_xso);
2dbc39de
HL		 508 quic_unlock(ctx.qc);
509
9cab4bd5
HL		 510 /*
511 * Unref the connection in most cases; the XSO has a ref to the QC and
512 * not vice versa. But for a default XSO, to avoid circular references,
513 * the QC refs the XSO but the XSO does not ref the QC. If we are the
514 * default XSO, we only get here when the QC is being torn down anyway,
515 * so don't call SSL_free(qc) as we are already in it.
516 */
517 if (!is_default)
518 SSL_free(&ctx.qc->ssl);
519
2dbc39de
HL		 520 /* Note: SSL_free calls OPENSSL_free(xso) for us */
521 return;
522 }
523
2dbc39de
HL		 524 /*
525 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
526 * stage, but is freed during the channel free when the whole QSM is freed.
527 */
21c80696
HL		 528 if (ctx.qc->default_xso != NULL) {
529 QUIC_XSO *xso = ctx.qc->default_xso;
530
531 quic_unlock(ctx.qc);
532 SSL_free(&xso->ssl);
533 quic_lock(ctx.qc);
9cab4bd5 534 ctx.qc->default_xso = NULL;
21c80696 535 }
2dbc39de
HL		 536
537 /* Ensure we have no remaining XSOs. */
538 assert(ctx.qc->num_xso == 0);
539
629b408c 540#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 541 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
542 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
543 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
dbe7b51a 544 }
629b408c 545#endif
f2f7c4f1 546
f7f2b665
MC		 547 SSL_free(ctx.qc->tls);
548
072328dd 549 ossl_quic_channel_free(ctx.qc->ch);
f7671012 550 ossl_quic_port_free(ctx.qc->port);
22739cc3 551 ossl_quic_engine_free(ctx.qc->engine);
22d53c88 552
18fd0ea0
MC		 553 BIO_free_all(ctx.qc->net_rbio);
554 BIO_free_all(ctx.qc->net_wbio);
d1ac77b1 555
45b7c7e0 556 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
629b408c 557#if defined(OPENSSL_THREADS)
45b7c7e0 558 ossl_crypto_mutex_free(&ctx.qc->mutex);
629b408c 559#endif
f7f2b665
MC		 560
561 /*
562 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
563 * us
564 */
22d53c88
HL		 565}
566
567/* SSL method init */
38b051a1 568int ossl_quic_init(SSL *s)
99e1cc7b 569{
22d53c88
HL		 570 /* Same op as SSL_clear, forward the call. */
571 return ossl_quic_clear(s);
99e1cc7b
TM		 572}
573
22d53c88 574/* SSL method deinit */
38b051a1
TM		 575void ossl_quic_deinit(SSL *s)
576{
22d53c88 577 /* No-op. */
38b051a1
TM		 578}
579
5f69db39 580/* SSL_clear (ssl_reset method) */
22d53c88
HL		 581int ossl_quic_reset(SSL *s)
582{
072328dd 583 QCTX ctx;
22d53c88 584
072328dd 585 if (!expect_quic(s, &ctx))
22d53c88
HL		 586 return 0;
587
96014840 588 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
5f69db39 589 return 0;
22d53c88
HL		 590}
591
5f69db39 592/* ssl_clear method (unused) */
22d53c88 593int ossl_quic_clear(SSL *s)
99e1cc7b 594{
072328dd 595 QCTX ctx;
38b051a1 596
072328dd 597 if (!expect_quic(s, &ctx))
22d53c88
HL		 598 return 0;
599
b139f7a2
HL		 600 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
601 return 0;
22d53c88 602}
38b051a1 603
e3e9794a
HL		 604int ossl_quic_conn_set_override_now_cb(SSL *s,
605 OSSL_TIME (*now_cb)(void *arg),
606 void *now_cb_arg)
b212d554 607{
072328dd 608 QCTX ctx;
b212d554 609
072328dd 610 if (!expect_quic(s, &ctx))
e3e9794a
HL		 611 return 0;
612
613 quic_lock(ctx.qc);
072328dd
HL		 614
615 ctx.qc->override_now_cb = now_cb;
616 ctx.qc->override_now_cb_arg = now_cb_arg;
e3e9794a
HL		 617
618 quic_unlock(ctx.qc);
619 return 1;
b212d554
HL		 620}
621
3b1ab5a3
HL		 622void ossl_quic_conn_force_assist_thread_wake(SSL *s)
623{
072328dd
HL		 624 QCTX ctx;
625
626 if (!expect_quic(s, &ctx))
627 return;
3b1ab5a3 628
629b408c 629#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
072328dd
HL		 630 if (ctx.qc->is_thread_assisted && ctx.qc->started)
631 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
629b408c 632#endif
3b1ab5a3
HL		 633}
634
995ff282
HL		 635QUIC_NEEDS_LOCK
636static void qc_touch_default_xso(QUIC_CONNECTION *qc)
637{
638 qc->default_xso_created = 1;
639 qc_update_reject_policy(qc);
640}
641
9cab4bd5
HL		 642/*
643 * Changes default XSO. Allows caller to keep reference to the old default XSO
644 * (if any). Reference to new XSO is transferred from caller.
645 */
995ff282 646QUIC_NEEDS_LOCK
9cab4bd5
HL		 647static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
648 int touch,
649 QUIC_XSO **old_xso)
995ff282 650{
9cab4bd5
HL		 651 int refs;
652
653 *old_xso = NULL;
654
655 if (qc->default_xso != xso) {
656 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
657
658 qc->default_xso = xso;
659
660 if (xso == NULL) {
661 /*
662 * Changing to not having a default XSO. XSO becomes standalone and
663 * now has a ref to the QC.
664 */
665 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
666 return;
667 } else {
668 /*
669 * Changing from not having a default XSO to having one. The new XSO
670 * will have had a reference to the QC we need to drop to avoid a
671 * circular reference.
3a61a96c
HL		 672 *
673 * Currently we never change directly from one default XSO to
674 * another, though this function would also still be correct if this
675 * weren't the case.
9cab4bd5 676 */
3a61a96c
HL		 677 assert(*old_xso == NULL);
678
4eecc6aa 679 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
9cab4bd5
HL		 680 assert(refs > 0);
681 }
682 }
683
995ff282
HL		 684 if (touch)
685 qc_touch_default_xso(qc);
686}
687
9cab4bd5
HL		 688/*
689 * Changes default XSO, releasing the reference to any previous default XSO.
690 * Reference to new XSO is transferred from caller.
691 */
692QUIC_NEEDS_LOCK
693static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
694{
695 QUIC_XSO *old_xso = NULL;
696
697 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
698
699 if (old_xso != NULL)
700 SSL_free(&old_xso->ssl);
701}
702
db2f98c4
HL		 703QUIC_NEEDS_LOCK
704static void xso_update_options(QUIC_XSO *xso)
705{
706 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
707
708 if (xso->stream->rstream != NULL)
709 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
710
711 if (xso->stream->sstream != NULL)
712 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
713}
714
715/*
716 * SSL_set_options
717 * ---------------
718 *
719 * Setting options on a QCSO
720 * - configures the handshake-layer options;
721 * - configures the default data-plane options for new streams;
722 * - configures the data-plane options on the default XSO, if there is one.
723 *
724 * Setting options on a QSSO
725 * - configures data-plane options for that stream only.
726 */
d6e7ebba 727QUIC_TAKES_LOCK
f0d9757c
HL		 728static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
729{
730 QCTX ctx;
db2f98c4 731 uint64_t hs_mask_value, hs_or_value, ret;
f0d9757c 732
d6e7ebba 733 if (!expect_quic(ssl, &ctx))
f0d9757c
HL		 734 return 0;
735
d6e7ebba
HL		 736 quic_lock(ctx.qc);
737
db2f98c4
HL		 738 if (!ctx.is_stream) {
739 /*
740 * If we were called on the connection, we apply any handshake option
741 * changes.
742 */
743 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
744 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
f0d9757c 745
db2f98c4
HL		 746 SSL_clear_options(ctx.qc->tls, hs_mask_value);
747 SSL_set_options(ctx.qc->tls, hs_or_value);
d6e7ebba 748
db2f98c4
HL		 749 /* Update defaults for new streams. */
750 ctx.qc->default_ssl_options
751 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
752 & OSSL_QUIC_PERMITTED_OPTIONS;
753 }
18ca1c8f 754
db2f98c4
HL		 755 if (ctx.xso != NULL) {
756 ctx.xso->ssl_options
757 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
758 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
759
760 xso_update_options(ctx.xso);
18ca1c8f 761 }
f0d9757c 762
db2f98c4
HL		 763 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
764
f0d9757c 765 quic_unlock(ctx.qc);
db2f98c4 766 return ret;
f0d9757c
HL		 767}
768
769uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
770{
d6e7ebba 771 return quic_mask_or_options(ssl, 0, options);
f0d9757c
HL		 772}
773
774/* SSL_clear_options */
775uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
776{
777 return quic_mask_or_options(ssl, options, 0);
778}
779
780/* SSL_get_options */
781uint64_t ossl_quic_get_options(const SSL *ssl)
782{
783 return quic_mask_or_options((SSL *)ssl, 0, 0);
784}
785
22d53c88
HL		 786/*
787 * QUIC Front-End I/O API: Network BIO Configuration
788 * =================================================
789 *
790 * Handling the different BIOs is difficult:
791 *
792 * - It is more or less a requirement that we use non-blocking network I/O;
793 * we need to be able to have timeouts on recv() calls, and make best effort
794 * (non blocking) send() and recv() calls.
795 *
796 * The only sensible way to do this is to configure the socket into
797 * non-blocking mode. We could try to do select() before calling send() or
798 * recv() to get a guarantee that the call will not block, but this will
799 * probably run into issues with buggy OSes which generate spurious socket
800 * readiness events. In any case, relying on this to work reliably does not
801 * seem sane.
802 *
803 * Timeouts could be handled via setsockopt() socket timeout options, but
804 * this depends on OS support and adds another syscall to every network I/O
805 * operation. It also has obvious thread safety concerns if we want to move
806 * to concurrent use of a single socket at some later date.
807 *
808 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
809 * be made non-blocking. However some OSes (e.g. Windows) do not support
810 * this, so we cannot rely on this.
811 *
812 * As such, we need to configure any FD in non-blocking mode. This may
813 * confound users who pass a blocking socket to libssl. However, in practice
814 * it would be extremely strange for a user of QUIC to pass an FD to us,
815 * then also try and send receive traffic on the same socket(!). Thus the
816 * impact of this should be limited, and can be documented.
817 *
818 * - We support both blocking and non-blocking operation in terms of the API
819 * presented to the user. One prospect is to set the blocking mode based on
820 * whether the socket passed to us was already in blocking mode. However,
821 * Windows has no API for determining if a socket is in blocking mode (!),
822 * therefore this cannot be done portably. Currently therefore we expose an
823 * explicit API call to set this, and default to blocking mode.
824 *
825 * - We need to determine our initial destination UDP address. The "natural"
826 * way for a user to do this is to set the peer variable on a BIO_dgram.
827 * However, this has problems because BIO_dgram's peer variable is used for
828 * both transmission and reception. This means it can be constantly being
829 * changed to a malicious value (e.g. if some random unrelated entity on the
830 * network starts sending traffic to us) on every read call. This is not a
831 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
832 * calls only, which do not use this variable. However, we do need to let
833 * the user specify the peer in a 'normal' manner. The compromise here is
834 * that we grab the current peer value set at the time the write BIO is set
835 * and do not read the value again.
836 *
837 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
838 * Currently we do this by only supporting non-blocking mode.
839 *
840 */
841
842/*
843 * Determines what initial destination UDP address we should use, if possible.
844 * If this fails the client must set the destination address manually, or use a
845 * BIO which does not need a destination address.
846 */
847static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
848{
62665fc2 849 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
22d53c88
HL		 850 return 0;
851
852 return 1;
853}
854
51e671e2
HL		 855static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
856{
857 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
858
859 return ossl_quic_reactor_can_poll_r(rtor)
860 && ossl_quic_reactor_can_poll_w(rtor);
861}
862
863static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
864{
632b0c7e 865 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
51e671e2
HL		 866}
867
868static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
869{
870 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
871}
872
072328dd 873void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
22d53c88 874{
072328dd
HL		 875 QCTX ctx;
876
877 if (!expect_quic(s, &ctx))
878 return;
879
880 if (ctx.qc->net_rbio == net_rbio)
38b051a1 881 return;
38b051a1 882
073e5bc7 883 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
22d53c88
HL		 884 return;
885
18fd0ea0 886 BIO_free_all(ctx.qc->net_rbio);
072328dd 887 ctx.qc->net_rbio = net_rbio;
22d53c88 888
51e671e2
HL		 889 if (net_rbio != NULL)
890 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
891
22d53c88 892 /*
51e671e2
HL		 893 * Determine if the current pair of read/write BIOs now set allows blocking
894 * mode to be supported.
22d53c88 895 */
51e671e2
HL		 896 qc_update_can_support_blocking(ctx.qc);
897 qc_update_blocking_mode(ctx.qc);
99e1cc7b
TM		 898}
899
072328dd 900void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
38b051a1 901{
072328dd
HL		 902 QCTX ctx;
903
904 if (!expect_quic(s, &ctx))
22d53c88
HL		 905 return;
906
072328dd 907 if (ctx.qc->net_wbio == net_wbio)
22d53c88
HL		 908 return;
909
073e5bc7 910 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
072328dd
HL		 911 return;
912
18fd0ea0 913 BIO_free_all(ctx.qc->net_wbio);
072328dd 914 ctx.qc->net_wbio = net_wbio;
22d53c88 915
51e671e2 916 if (net_wbio != NULL)
0818c170 917 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
51e671e2
HL		 918
919 /*
920 * Determine if the current pair of read/write BIOs now set allows blocking
921 * mode to be supported.
922 */
923 qc_update_can_support_blocking(ctx.qc);
924 qc_update_blocking_mode(ctx.qc);
22d53c88 925}
38b051a1 926
072328dd 927BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
22d53c88 928{
072328dd
HL		 929 QCTX ctx;
930
931 if (!expect_quic(s, &ctx))
932 return NULL;
933
934 return ctx.qc->net_rbio;
38b051a1
TM		 935}
936
072328dd 937BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
22d53c88 938{
072328dd
HL		 939 QCTX ctx;
940
941 if (!expect_quic(s, &ctx))
942 return NULL;
943
944 return ctx.qc->net_wbio;
22d53c88
HL		 945}
946
072328dd 947int ossl_quic_conn_get_blocking_mode(const SSL *s)
99e1cc7b 948{
072328dd
HL		 949 QCTX ctx;
950
951 if (!expect_quic(s, &ctx))
952 return 0;
953
cb5c208b 954 if (ctx.is_stream)
51e671e2 955 return xso_blocking_mode(ctx.xso);
cb5c208b 956
51e671e2 957 return qc_blocking_mode(ctx.qc);
22d53c88
HL		 958}
959
51e671e2 960QUIC_TAKES_LOCK
072328dd 961int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
22d53c88 962{
51e671e2 963 int ret = 0;
072328dd
HL		 964 QCTX ctx;
965
966 if (!expect_quic(s, &ctx))
967 return 0;
968
51e671e2 969 quic_lock(ctx.qc);
22d53c88 970
51e671e2
HL		 971 /* Sanity check - can we support the request given the current network BIO? */
972 if (blocking) {
cb5c208b 973 /*
51e671e2
HL		 974 * If called directly on a QCSO, update our information on network BIO
975 * capabilities.
cb5c208b 976 */
51e671e2
HL		 977 if (!ctx.is_stream)
978 qc_update_can_support_blocking(ctx.qc);
979
980 /* Cannot enable blocking mode if we do not have pollable FDs. */
981 if (!qc_can_support_blocking_cached(ctx.qc)) {
982 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
983 goto out;
984 }
cb5c208b
HL		 985 }
986
51e671e2
HL		 987 if (!ctx.is_stream)
988 /*
989 * If called directly on a QCSO, update default and connection-level
990 * blocking modes.
991 */
992 ctx.qc->desires_blocking = (blocking != 0);
993
994 if (ctx.xso != NULL) {
cb5c208b 995 /*
51e671e2 996 * If called on a QSSO or a QCSO with a default XSO, update the blocking
cb5c208b
HL		 997 * mode.
998 */
51e671e2
HL		 999 ctx.xso->desires_blocking = (blocking != 0);
1000 ctx.xso->desires_blocking_set = 1;
1001 }
cb5c208b 1002
51e671e2
HL		 1003 ret = 1;
1004out:
1005 qc_update_blocking_mode(ctx.qc);
1006 quic_unlock(ctx.qc);
1007 return ret;
99e1cc7b
TM		 1008}
1009
072328dd 1010int ossl_quic_conn_set_initial_peer_addr(SSL *s,
22d53c88 1011 const BIO_ADDR *peer_addr)
99e1cc7b 1012{
072328dd
HL		 1013 QCTX ctx;
1014
1015 if (!expect_quic(s, &ctx))
1016 return 0;
1017
1018 if (ctx.qc->started)
a954f761 1019 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 1020 NULL);
38b051a1 1021
22d53c88 1022 if (peer_addr == NULL) {
072328dd 1023 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
22d53c88
HL		 1024 return 1;
1025 }
38b051a1 1026
072328dd 1027 ctx.qc->init_peer_addr = *peer_addr;
99e1cc7b
TM		 1028 return 1;
1029}
1030
22d53c88
HL		 1031/*
1032 * QUIC Front-End I/O API: Asynchronous I/O Management
1033 * ===================================================
1034 *
6084e04b
HL		 1035 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1036 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
22d53c88
HL		 1037 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1038 *
1039 */
1040
1041/* Returns 1 if the connection is being used in blocking mode. */
cb5c208b 1042static int qc_blocking_mode(const QUIC_CONNECTION *qc)
99e1cc7b 1043{
22d53c88
HL		 1044 return qc->blocking;
1045}
38b051a1 1046
cb5c208b
HL		 1047static int xso_blocking_mode(const QUIC_XSO *xso)
1048{
51e671e2
HL		 1049 if (xso->desires_blocking_set)
1050 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1051 else
1052 /* Only ever set if we can support blocking. */
1053 return xso->conn->blocking;
cb5c208b
HL		 1054}
1055
b626a0f1 1056/* SSL_handle_events; performs QUIC I/O and timeout processing. */
a8489257 1057QUIC_TAKES_LOCK
6084e04b 1058int ossl_quic_handle_events(SSL *s)
22d53c88 1059{
072328dd
HL		 1060 QCTX ctx;
1061
1062 if (!expect_quic(s, &ctx))
1063 return 0;
1064
1065 quic_lock(ctx.qc);
072328dd
HL		 1066 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1067 quic_unlock(ctx.qc);
99e1cc7b
TM		 1068 return 1;
1069}
1070
22d53c88 1071/*
6084e04b 1072 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
b626a0f1
HL		 1073 * should next have events handled by the application by calling
1074 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1075 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1076 * the value of *tv is undefined.
22d53c88 1077 */
a8489257 1078QUIC_TAKES_LOCK
7ea49713 1079int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
99e1cc7b 1080{
072328dd 1081 QCTX ctx;
a1660c94 1082 OSSL_TIME deadline = ossl_time_infinite();
e44795bd 1083
072328dd
HL		 1084 if (!expect_quic(s, &ctx))
1085 return 0;
a8489257 1086
072328dd
HL		 1087 quic_lock(ctx.qc);
1088
23c04709
HL		 1089 deadline
1090 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
22d53c88
HL		 1091
1092 if (ossl_time_is_infinite(deadline)) {
7ea49713
HL		 1093 *is_infinite = 1;
1094
1095 /*
1096 * Robustness against faulty applications that don't check *is_infinite;
1097 * harmless long timeout.
1098 */
1099 tv->tv_sec = 1000000;
22d53c88 1100 tv->tv_usec = 0;
7ea49713 1101
072328dd 1102 quic_unlock(ctx.qc);
22d53c88
HL		 1103 return 1;
1104 }
1105
e3e9794a 1106 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
7ea49713 1107 *is_infinite = 0;
072328dd 1108 quic_unlock(ctx.qc);
22d53c88
HL		 1109 return 1;
1110}
1111
1112/* SSL_get_rpoll_descriptor */
072328dd 1113int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
22d53c88 1114{
072328dd
HL		 1115 QCTX ctx;
1116
1117 if (!expect_quic(s, &ctx))
e44795bd
TM		 1118 return 0;
1119
8ee3ee10 1120 if (desc == NULL || ctx.qc->net_rbio == NULL)
a954f761 1121 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 1122 NULL);
072328dd
HL		 1123
1124 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
99e1cc7b
TM		 1125}
1126
22d53c88 1127/* SSL_get_wpoll_descriptor */
072328dd 1128int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
99e1cc7b 1129{
072328dd
HL		 1130 QCTX ctx;
1131
1132 if (!expect_quic(s, &ctx))
1133 return 0;
1134
8ee3ee10 1135 if (desc == NULL || ctx.qc->net_wbio == NULL)
a954f761 1136 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 1137 NULL);
22d53c88 1138
072328dd 1139 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
99e1cc7b
TM		 1140}
1141
b639475a 1142/* SSL_net_read_desired */
a8489257 1143QUIC_TAKES_LOCK
072328dd 1144int ossl_quic_get_net_read_desired(SSL *s)
99e1cc7b 1145{
072328dd 1146 QCTX ctx;
a8489257
HL		 1147 int ret;
1148
072328dd
HL		 1149 if (!expect_quic(s, &ctx))
1150 return 0;
1151
1152 quic_lock(ctx.qc);
072328dd
HL		 1153 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1154 quic_unlock(ctx.qc);
a8489257 1155 return ret;
22d53c88 1156}
e44795bd 1157
b639475a 1158/* SSL_net_write_desired */
a8489257 1159QUIC_TAKES_LOCK
072328dd 1160int ossl_quic_get_net_write_desired(SSL *s)
22d53c88 1161{
a8489257 1162 int ret;
072328dd
HL		 1163 QCTX ctx;
1164
1165 if (!expect_quic(s, &ctx))
1166 return 0;
a8489257 1167
072328dd 1168 quic_lock(ctx.qc);
072328dd
HL		 1169 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1170 quic_unlock(ctx.qc);
a8489257 1171 return ret;
99e1cc7b
TM		 1172}
1173
22d53c88
HL		 1174/*
1175 * QUIC Front-End I/O API: Connection Lifecycle Operations
1176 * =======================================================
1177 *
1178 * SSL_do_handshake => ossl_quic_do_handshake
1179 * SSL_set_connect_state => ossl_quic_set_connect_state
1180 * SSL_set_accept_state => ossl_quic_set_accept_state
1181 * SSL_shutdown => ossl_quic_shutdown
1182 * SSL_ctrl => ossl_quic_ctrl
1183 * (BIO/)SSL_connect => ossl_quic_connect
1184 * (BIO/)SSL_accept => ossl_quic_accept
1185 *
1186 */
1187
8a2e9aba
HL		 1188QUIC_NEEDS_LOCK
1189static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1190{
1191 QUIC_STREAM_MAP *qsm;
1192
1193 if (qc->shutting_down)
1194 return;
1195
1196 qsm = ossl_quic_channel_get_qsm(qc->ch);
1197
1198 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1199 qc->shutting_down = 1;
1200}
1201
1202/* Returns 1 if all shutdown-flush streams have been done with. */
1203QUIC_NEEDS_LOCK
1204static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1205{
1206 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1207
1208 return qc->shutting_down
1209 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1210}
1211
22d53c88 1212/* SSL_shutdown */
e8043229 1213static int quic_shutdown_wait(void *arg)
99e1cc7b 1214{
e8043229 1215 QUIC_CONNECTION *qc = arg;
22d53c88 1216
23c04709 1217 return ossl_quic_channel_is_terminated(qc->ch);
e8043229 1218}
22d53c88 1219
8a2e9aba
HL		 1220/* Returns 1 if shutdown flush process has finished or is inapplicable. */
1221static int quic_shutdown_flush_wait(void *arg)
1222{
1223 QUIC_CONNECTION *qc = arg;
1224
1225 return ossl_quic_channel_is_term_any(qc->ch)
1226 || qc_shutdown_flush_finished(qc);
1227}
1228
25a0c4b9
HL		 1229static int quic_shutdown_peer_wait(void *arg)
1230{
1231 QUIC_CONNECTION *qc = arg;
1232 return ossl_quic_channel_is_term_any(qc->ch);
1233}
1234
a8489257 1235QUIC_TAKES_LOCK
072328dd 1236int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
e8043229
HL		 1237 const SSL_SHUTDOWN_EX_ARGS *args,
1238 size_t args_len)
1239{
a8489257 1240 int ret;
072328dd 1241 QCTX ctx;
8a2e9aba 1242 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
25a0c4b9
HL		 1243 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1244 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
a8489257 1245
072328dd 1246 if (!expect_quic(s, &ctx))
63fac76c 1247 return -1;
072328dd 1248
8ee3ee10 1249 if (ctx.is_stream) {
a954f761 1250 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
cb5c208b 1251 return -1;
8ee3ee10 1252 }
cb5c208b 1253
072328dd 1254 quic_lock(ctx.qc);
a8489257 1255
63fac76c
HL		 1256 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1257 quic_unlock(ctx.qc);
1258 return 1;
1259 }
1260
8a2e9aba 1261 /* Phase 1: Stream Flushing */
25a0c4b9 1262 if (!wait_peer && stream_flush) {
8a2e9aba
HL		 1263 qc_shutdown_flush_init(ctx.qc);
1264
1265 if (!qc_shutdown_flush_finished(ctx.qc)) {
25a0c4b9 1266 if (!no_block && qc_blocking_mode(ctx.qc)) {
23406e30
HL		 1267 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1268 if (ret < 1) {
1269 ret = 0;
1270 goto err;
1271 }
1272 } else {
8a2e9aba 1273 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
23406e30 1274 }
8a2e9aba
HL		 1275 }
1276
1277 if (!qc_shutdown_flush_finished(ctx.qc)) {
1278 quic_unlock(ctx.qc);
1279 return 0; /* ongoing */
1280 }
1281 }
1282
1283 /* Phase 2: Connection Closure */
25a0c4b9
HL		 1284 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1285 if (!no_block && qc_blocking_mode(ctx.qc)) {
1286 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1287 if (ret < 1) {
1288 ret = 0;
1289 goto err;
1290 }
1291 } else {
1292 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1293 }
1294
1295 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1296 ret = 0; /* peer hasn't closed yet - still not done */
1297 goto err;
1298 }
1299
1300 /*
1301 * We are at least terminating - go through the normal process of
1302 * waiting until we are in the TERMINATED state.
1303 */
1304 }
1305
1306 /* Block mutation ops regardless of if we did stream flush. */
1307 ctx.qc->shutting_down = 1;
1308
1309 /*
1310 * This call is a no-op if we are already terminating, so it doesn't
1311 * affect the wait_peer case.
1312 */
072328dd 1313 ossl_quic_channel_local_close(ctx.qc->ch,
40c8c756
HL		 1314 args != NULL ? args->quic_error_code : 0,
1315 args != NULL ? args->quic_reason : NULL);
e8043229 1316
f219abef
MC		 1317 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1318
072328dd
HL		 1319 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1320 quic_unlock(ctx.qc);
e8043229 1321 return 1;
a8489257 1322 }
e8043229 1323
8a2e9aba 1324 /* Phase 3: Terminating Wait Time */
25a0c4b9
HL		 1325 if (!no_block && qc_blocking_mode(ctx.qc)
1326 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
23406e30
HL		 1327 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1328 if (ret < 1) {
1329 ret = 0;
1330 goto err;
1331 }
1332 } else {
072328dd 1333 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
23406e30 1334 }
e8043229 1335
072328dd 1336 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
23406e30 1337err:
072328dd 1338 quic_unlock(ctx.qc);
a8489257 1339 return ret;
99e1cc7b
TM		 1340}
1341
22d53c88 1342/* SSL_ctrl */
e44795bd 1343long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
99e1cc7b 1344{
072328dd 1345 QCTX ctx;
38b051a1 1346
072328dd 1347 if (!expect_quic(s, &ctx))
38b051a1
TM		 1348 return 0;
1349
22d53c88
HL		 1350 switch (cmd) {
1351 case SSL_CTRL_MODE:
cb5c208b
HL		 1352 /* If called on a QCSO, update the default mode. */
1353 if (!ctx.is_stream)
1354 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1355
1356 /*
1357 * If we were called on a QSSO or have a default stream, we also update
1358 * that.
1359 */
1360 if (ctx.xso != NULL) {
1361 /* Cannot enable EPW while AON write in progress. */
1362 if (ctx.xso->aon_write_in_progress)
1363 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1364
1365 ctx.xso->ssl_mode |= (uint32_t)larg;
1366 return ctx.xso->ssl_mode;
1367 }
dfc227bd 1368
cb5c208b 1369 return ctx.qc->default_ssl_mode;
22d53c88 1370 case SSL_CTRL_CLEAR_MODE:
cb5c208b
HL		 1371 if (!ctx.is_stream)
1372 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1373
1374 if (ctx.xso != NULL) {
1375 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1376 return ctx.xso->ssl_mode;
1377 }
1378
1379 return ctx.qc->default_ssl_mode;
63dfde87
MC		 1380
1381 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
5cf99b40 1382 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
63dfde87
MC		 1383 /* This ctrl also needs to be passed to the internal SSL object */
1384 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1385
2f90ea3d
HL		 1386 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1387 {
1388 int is_infinite;
1389
1390 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1391 return 0;
1392
1393 return !is_infinite;
1394 }
1395 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1396 /* For legacy compatibility with DTLS calls. */
1397 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
c5b882a8
HL		 1398
1399 /* Mask ctrls we shouldn't support for QUIC. */
1400 case SSL_CTRL_GET_READ_AHEAD:
1401 case SSL_CTRL_SET_READ_AHEAD:
1402 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1403 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1404 case SSL_CTRL_SET_MAX_PIPELINES:
1405 return 0;
1406
22d53c88 1407 default:
c5b882a8
HL		 1408 /*
1409 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1410 * implementation. Either SSL_ctrl will handle it itself by direct
1411 * access into handshake layer state, or failing that, it will be passed
1412 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1413 * supported by anything, the handshake layer's ctrl method will finally
1414 * return 0.
1415 */
1416 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
08e49012 1417 }
22d53c88
HL		 1418}
1419
1420/* SSL_set_connect_state */
072328dd 1421void ossl_quic_set_connect_state(SSL *s)
22d53c88 1422{
072328dd
HL		 1423 QCTX ctx;
1424
1425 if (!expect_quic(s, &ctx))
1426 return;
1427
22d53c88 1428 /* Cannot be changed after handshake started */
cb5c208b 1429 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1430 return;
1431
dfb9ae14 1432 ctx.qc->as_server_state = 0;
22d53c88
HL		 1433}
1434
1435/* SSL_set_accept_state */
072328dd 1436void ossl_quic_set_accept_state(SSL *s)
22d53c88 1437{
072328dd
HL		 1438 QCTX ctx;
1439
1440 if (!expect_quic(s, &ctx))
1441 return;
1442
22d53c88 1443 /* Cannot be changed after handshake started */
cb5c208b 1444 if (ctx.qc->started || ctx.is_stream)
22d53c88
HL		 1445 return;
1446
dfb9ae14 1447 ctx.qc->as_server_state = 1;
22d53c88
HL		 1448}
1449
1450/* SSL_do_handshake */
1451struct quic_handshake_wait_args {
1452 QUIC_CONNECTION *qc;
1453};
1454
3a0012cb
MC		 1455static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1456{
1457 int want = SSL_want(qc->tls);
1458
1459 if (want == SSL_X509_LOOKUP
1460 || want == SSL_CLIENT_HELLO_CB
1461 || want == SSL_RETRY_VERIFY)
1462 return 1;
1463
1464 return 0;
1465}
1466
22d53c88
HL		 1467static int quic_handshake_wait(void *arg)
1468{
1469 struct quic_handshake_wait_args *args = arg;
1470
6d6b3a03 1471 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
22d53c88
HL		 1472 return -1;
1473
1474 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1475 return 1;
1476
3a0012cb
MC		 1477 if (tls_wants_non_io_retry(args->qc))
1478 return 1;
1479
99e1cc7b
TM		 1480 return 0;
1481}
1482
22d53c88 1483static int configure_channel(QUIC_CONNECTION *qc)
99e1cc7b 1484{
22d53c88 1485 assert(qc->ch != NULL);
08e49012 1486
073e5bc7
HL		 1487 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1488 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
22d53c88
HL		 1489 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1490 return 0;
1491
1492 return 1;
1493}
1494
4847599b 1495QUIC_NEEDS_LOCK
23c04709 1496static int create_channel(QUIC_CONNECTION *qc)
22d53c88 1497{
22739cc3 1498 QUIC_ENGINE_ARGS engine_args = {0};
f7671012 1499 QUIC_PORT_ARGS port_args = {0};
22d53c88 1500
22739cc3
HL		 1501 engine_args.libctx = qc->ssl.ctx->libctx;
1502 engine_args.propq = qc->ssl.ctx->propq;
1503 engine_args.mutex = qc->mutex;
1504 engine_args.now_cb = get_time_cb;
1505 engine_args.now_cb_arg = qc;
1506 qc->engine = ossl_quic_engine_new(&engine_args);
1507 if (qc->engine == NULL) {
1508 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1509 return 0;
1510 }
22d53c88 1511
22739cc3
HL		 1512 port_args.channel_ctx = qc->ssl.ctx;
1513 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
f7671012
HL		 1514 if (qc->port == NULL) {
1515 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
22739cc3 1516 ossl_quic_engine_free(qc->engine);
f7671012
HL		 1517 return 0;
1518 }
1519
2d80e459 1520 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
8ee3ee10 1521 if (qc->ch == NULL) {
a954f761 1522 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
f7671012 1523 ossl_quic_port_free(qc->port);
22739cc3 1524 ossl_quic_engine_free(qc->engine);
22d53c88 1525 return 0;
8ee3ee10 1526 }
22d53c88 1527
e8043229
HL		 1528 return 1;
1529}
1530
1531/*
2e176011
HL		 1532 * Configures a channel with the information we have accumulated via calls made
1533 * to us from the application prior to starting a handshake attempt.
e8043229 1534 */
4847599b 1535QUIC_NEEDS_LOCK
2e176011 1536static int ensure_channel_started(QCTX *ctx)
e8043229 1537{
2e176011
HL		 1538 QUIC_CONNECTION *qc = ctx->qc;
1539
ffce2946 1540 if (!qc->started) {
2e176011
HL		 1541 if (!configure_channel(qc)) {
1542 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1543 "failed to configure channel");
1544 return 0;
1545 }
1546
1547 if (!ossl_quic_channel_start(qc->ch)) {
982dae89 1548 ossl_quic_channel_restore_err_state(qc->ch);
2e176011
HL		 1549 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1550 "failed to start channel");
1551 return 0;
1552 }
f2f7c4f1 1553
629b408c 1554#if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
ffce2946 1555 if (qc->is_thread_assisted)
2b8d8153
MC		 1556 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1557 qc->override_now_cb,
1558 qc->override_now_cb_arg)) {
2e176011
HL		 1559 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1560 "failed to start assist thread");
1561 return 0;
1562 }
629b408c 1563#endif
ffce2946
HL		 1564 }
1565
22d53c88
HL		 1566 qc->started = 1;
1567 return 1;
99e1cc7b
TM		 1568}
1569
4a530180 1570QUIC_NEEDS_LOCK
faa3a180 1571static int quic_do_handshake(QCTX *ctx)
99e1cc7b 1572{
22d53c88 1573 int ret;
faa3a180 1574 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 1575
23c04709 1576 if (ossl_quic_channel_is_handshake_complete(qc->ch))
ca41f6b7 1577 /* Handshake already completed. */
4a530180 1578 return 1;
ca41f6b7 1579
6d6b3a03 1580 if (!quic_mutation_allowed(qc, /*req_active=*/0))
faa3a180 1581 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 1582
dfb9ae14 1583 if (qc->as_server != qc->as_server_state) {
a954f761 1584 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4a530180 1585 return -1; /* Non-protocol error */
ca41f6b7 1586 }
22d53c88 1587
ca41f6b7 1588 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
22d53c88 1589 /* Need read and write BIOs. */
a954f761 1590 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
4a530180 1591 return -1; /* Non-protocol error */
62665fc2
HL		 1592 }
1593
1594 /*
1595 * We need to determine our addressing mode. There are basically two
1596 * ways we can use L4 addresses:
1597 *
1598 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1599 * addresses attached to them which we expect the underlying network BIO
1600 * to handle;
1601 *
1602 * - Unaddressed mode, in which the BIO provided to us on the
1603 * network side neither provides us with L4 addresses nor is capable of
1604 * honouring ones we provide. We don't know where the QUIC traffic we
1605 * send ends up exactly and trust the application to know what it is
1606 * doing.
1607 *
1608 * Addressed mode is preferred because it enables support for connection
1609 * migration, multipath, etc. in the future. Addressed mode is automatically
1610 * enabled if we are using e.g. BIO_s_datagram, with or without
1611 * BIO_s_connect.
1612 *
1613 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1614 * use unaddressed mode unless that BIO supports capability flags indicating
1615 * it can provide and honour L4 addresses.
1616 *
1617 * Our strategy for determining address mode is simple: we probe the
1618 * underlying network BIOs for their capabilities. If the network BIOs
1619 * support what we need, we use addressed mode. Otherwise, we use
1620 * unaddressed mode.
1621 *
1622 * If addressed mode is chosen, we require an initial peer address to be
1623 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1624 * require this, as such an address is superfluous, though it can be set if
1625 * desired.
1626 */
1627 if (!qc->started && !qc->addressing_probe_done) {
1628 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1629 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
62665fc2 1630
3760747f
HL		 1631 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1632 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1633 qc->addressing_probe_done = 1;
62665fc2
HL		 1634 }
1635
3760747f 1636 if (!qc->started && qc->addressed_mode_w
62665fc2
HL		 1637 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1638 /*
1639 * We are trying to connect and are using addressed mode, which means we
1640 * need an initial peer address; if we do not have a peer address yet,
1641 * we should try to autodetect one.
1642 *
1643 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1644 * may not be able to provide us with a peer address until they have
1645 * finished their own processing. They may not be able to perform this
abeb41b4 1646 * processing until an application has finished configuring that BIO
62665fc2
HL		 1647 * (e.g. with setter calls), which might happen after SSL_set_bio is
1648 * called.
1649 */
1650 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1651 /* best effort */
1652 BIO_ADDR_clear(&qc->init_peer_addr);
1653 else
1654 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1655 }
1656
1657 if (!qc->started
3760747f 1658 && qc->addressed_mode_w
62665fc2
HL		 1659 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1660 /*
1661 * If we still don't have a peer address in addressed mode, we can't do
1662 * anything.
1663 */
1664 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1665 return -1; /* Non-protocol error */
ca41f6b7 1666 }
22d53c88
HL		 1667
1668 /*
1669 * Start connection process. Note we may come here multiple times in
1670 * non-blocking mode, which is fine.
1671 */
8d7f0346 1672 if (!ensure_channel_started(ctx)) /* raises on failure */
4a530180 1673 return -1; /* Non-protocol error */
22d53c88 1674
4a530180 1675 if (ossl_quic_channel_is_handshake_complete(qc->ch))
22d53c88 1676 /* The handshake is now done. */
4a530180 1677 return 1;
22d53c88 1678
51e671e2
HL		 1679 if (!qc_blocking_mode(qc)) {
1680 /* Try to advance the reactor. */
1681 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1682
1683 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1684 /* The handshake is now done. */
1685 return 1;
1686
1687 if (ossl_quic_channel_is_term_any(qc->ch)) {
1688 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1689 return 0;
1690 } else if (qc->desires_blocking) {
1691 /*
1692 * As a special case when doing a handshake when blocking mode is
1693 * desired yet not available, see if the network BIOs have become
1694 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1695 * which do late creation of socket FDs and therefore cannot expose
1696 * a poll descriptor until after a network BIO is set on the QCSO.
1697 */
1698 assert(!qc->blocking);
1699 qc_update_can_support_blocking(qc);
1700 qc_update_blocking_mode(qc);
1701 }
1702 }
1703
1704 /*
1705 * We are either in blocking mode or just entered it due to the code above.
1706 */
cb5c208b 1707 if (qc_blocking_mode(qc)) {
22d53c88
HL		 1708 /* In blocking mode, wait for the handshake to complete. */
1709 struct quic_handshake_wait_args args;
1710
1711 args.qc = qc;
1712
1713 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
6d6b3a03 1714 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
faa3a180 1715 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
4a530180 1716 return 0; /* Shutdown before completion */
ca41f6b7 1717 } else if (ret <= 0) {
a954f761 1718 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
4a530180 1719 return -1; /* Non-protocol error */
ca41f6b7 1720 }
22d53c88 1721
3a0012cb
MC		 1722 if (tls_wants_non_io_retry(qc)) {
1723 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1724 return -1;
1725 }
1726
22d53c88 1727 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
4a530180 1728 return 1;
22d53c88 1729 }
51e671e2 1730
3a0012cb
MC		 1731 if (tls_wants_non_io_retry(qc)) {
1732 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1733 return -1;
1734 }
1735
51e671e2
HL		 1736 /*
1737 * Otherwise, indicate that the handshake isn't done yet.
1738 * We can only get here in non-blocking mode.
1739 */
1740 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1741 return -1; /* Non-protocol error */
4a530180 1742}
a8489257 1743
4a530180 1744QUIC_TAKES_LOCK
072328dd 1745int ossl_quic_do_handshake(SSL *s)
4a530180
HL		 1746{
1747 int ret;
072328dd 1748 QCTX ctx;
4a530180 1749
072328dd
HL		 1750 if (!expect_quic(s, &ctx))
1751 return 0;
1752
72ca0b88 1753 quic_lock_for_io(&ctx);
4a530180 1754
faa3a180 1755 ret = quic_do_handshake(&ctx);
072328dd 1756 quic_unlock(ctx.qc);
a8489257 1757 return ret;
99e1cc7b
TM		 1758}
1759
22d53c88
HL		 1760/* SSL_connect */
1761int ossl_quic_connect(SSL *s)
99e1cc7b 1762{
22d53c88 1763 /* Ensure we are in connect state (no-op if non-idle). */
072328dd 1764 ossl_quic_set_connect_state(s);
22d53c88
HL		 1765
1766 /* Begin or continue the handshake */
072328dd 1767 return ossl_quic_do_handshake(s);
99e1cc7b
TM		 1768}
1769
22d53c88
HL		 1770/* SSL_accept */
1771int ossl_quic_accept(SSL *s)
99e1cc7b 1772{
22d53c88 1773 /* Ensure we are in accept state (no-op if non-idle). */
072328dd 1774 ossl_quic_set_accept_state(s);
22d53c88
HL		 1775
1776 /* Begin or continue the handshake */
072328dd 1777 return ossl_quic_do_handshake(s);
99e1cc7b 1778}
e44795bd 1779
cb5c208b
HL		 1780/*
1781 * QUIC Front-End I/O API: Stream Lifecycle Operations
1782 * ===================================================
1783 *
1784 * SSL_stream_new => ossl_quic_conn_stream_new
1785 *
1786 */
21c80696
HL		 1787
1788/*
1789 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1790 * default XSO was created. Returns 0 if it was not (e.g. because it already
1791 * exists). Note that this is NOT an error condition.
1792 */
1793QUIC_NEEDS_LOCK
faa3a180 1794static int qc_try_create_default_xso_for_write(QCTX *ctx)
21c80696 1795{
8b7be3aa 1796 uint64_t flags = 0;
faa3a180 1797 QUIC_CONNECTION *qc = ctx->qc;
21c80696 1798
8b7be3aa
HL		 1799 if (qc->default_xso_created
1800 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
21c80696
HL		 1801 /*
1802 * We only do this once. If the user detaches a previously created
1803 * default XSO we don't auto-create another one.
1804 */
faa3a180 1805 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
21c80696 1806
8b7be3aa
HL		 1807 /* Create a locally-initiated stream. */
1808 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1809 flags |= SSL_STREAM_FLAG_UNI;
1810
faa3a180 1811 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
13ac037d 1812 /*needs_lock=*/0),
995ff282 1813 /*touch=*/0);
8b7be3aa 1814 if (qc->default_xso == NULL)
faa3a180 1815 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1816
995ff282 1817 qc_touch_default_xso(qc);
8b7be3aa
HL		 1818 return 1;
1819}
1820
1821struct quic_wait_for_stream_args {
1822 QUIC_CONNECTION *qc;
1823 QUIC_STREAM *qs;
faa3a180 1824 QCTX *ctx;
8b7be3aa
HL		 1825 uint64_t expect_id;
1826};
1827
1828QUIC_NEEDS_LOCK
1829static int quic_wait_for_stream(void *arg)
1830{
1831 struct quic_wait_for_stream_args *args = arg;
1832
6d6b3a03 1833 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
8b7be3aa 1834 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 1835 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
8b7be3aa
HL		 1836 return -1;
1837 }
1838
1839 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
acc6fde0
HL		 1840 args->expect_id | QUIC_STREAM_DIR_BIDI);
1841 if (args->qs == NULL)
1842 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1843 args->expect_id | QUIC_STREAM_DIR_UNI);
1844
8b7be3aa
HL		 1845 if (args->qs != NULL)
1846 return 1; /* stream now exists */
1847
1848 return 0; /* did not get a stream, keep trying */
1849}
1850
1851QUIC_NEEDS_LOCK
faa3a180 1852static int qc_wait_for_default_xso_for_read(QCTX *ctx)
8b7be3aa
HL		 1853{
1854 /* Called on a QCSO and we don't currently have a default stream. */
1855 uint64_t expect_id;
faa3a180 1856 QUIC_CONNECTION *qc = ctx->qc;
8b7be3aa
HL		 1857 QUIC_STREAM *qs;
1858 int res;
1859 struct quic_wait_for_stream_args wargs;
cd138c33 1860 OSSL_RTT_INFO rtt_info;
8b7be3aa
HL		 1861
1862 /*
1863 * If default stream functionality is disabled or we already detached
1864 * one, don't make another default stream and just fail.
1865 */
1866 if (qc->default_xso_created
1867 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
faa3a180 1868 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
8b7be3aa
HL		 1869
1870 /*
1871 * The peer may have opened a stream since we last ticked. So tick and
1872 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1873 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1874 * first stream created by a peer must have an ordinal of 0.
1875 */
1876 expect_id = qc->as_server
1877 ? QUIC_STREAM_INITIATOR_CLIENT
1878 : QUIC_STREAM_INITIATOR_SERVER;
1879
8b7be3aa 1880 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
acc6fde0
HL		 1881 expect_id | QUIC_STREAM_DIR_BIDI);
1882 if (qs == NULL)
1883 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1884 expect_id | QUIC_STREAM_DIR_UNI);
1885
8b7be3aa
HL		 1886 if (qs == NULL) {
1887 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1888
1889 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1890 expect_id);
1891 }
1892
1893 if (qs == NULL) {
1894 if (!qc_blocking_mode(qc))
1895 /* Non-blocking mode, so just bail immediately. */
faa3a180 1896 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
8b7be3aa
HL		 1897
1898 /* Block until we have a stream. */
1899 wargs.qc = qc;
1900 wargs.qs = NULL;
faa3a180 1901 wargs.ctx = ctx;
8b7be3aa
HL		 1902 wargs.expect_id = expect_id;
1903
1904 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1905 if (res == 0)
faa3a180 1906 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa
HL		 1907 else if (res < 0 || wargs.qs == NULL)
1908 /* quic_wait_for_stream raised error here */
21c80696 1909 return 0;
8b7be3aa
HL		 1910
1911 qs = wargs.qs;
21c80696
HL		 1912 }
1913
8b7be3aa 1914 /*
cd138c33
HL		 1915 * We now have qs != NULL. Remove it from the incoming stream queue so that
1916 * it isn't also returned by any future SSL_accept_stream calls.
1917 */
1918 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1919 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1920 qs, rtt_info.smoothed_rtt);
1921
1922 /*
1923 * Now make qs the default stream, creating the necessary XSO.
8b7be3aa 1924 */
995ff282 1925 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
8b7be3aa 1926 if (qc->default_xso == NULL)
a954f761 1927 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
8b7be3aa 1928
995ff282 1929 qc_touch_default_xso(qc); /* inhibits default XSO */
21c80696
HL		 1930 return 1;
1931}
1932
1933QUIC_NEEDS_LOCK
1934static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1935{
1936 QUIC_XSO *xso = NULL;
1937
8ee3ee10 1938 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
a954f761 1939 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
21c80696 1940 goto err;
8ee3ee10 1941 }
21c80696 1942
8ee3ee10 1943 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
a954f761 1944 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
21c80696 1945 goto err;
8ee3ee10 1946 }
21c80696 1947
9cab4bd5 1948 /* XSO refs QC */
8ee3ee10 1949 if (!SSL_up_ref(&qc->ssl)) {
a954f761 1950 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
9cab4bd5 1951 goto err;
8ee3ee10 1952 }
9cab4bd5 1953
21c80696 1954 xso->conn = qc;
21c80696 1955 xso->ssl_mode = qc->default_ssl_mode;
db2f98c4
HL		 1956 xso->ssl_options
1957 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
faa3a180 1958 xso->last_error = SSL_ERROR_NONE;
21c80696
HL		 1959
1960 xso->stream = qs;
1961
1962 ++qc->num_xso;
db2f98c4 1963 xso_update_options(xso);
21c80696
HL		 1964 return xso;
1965
1966err:
1967 OPENSSL_free(xso);
1968 return NULL;
1969}
1970
9d6bd3d3
HL		 1971struct quic_new_stream_wait_args {
1972 QUIC_CONNECTION *qc;
1973 int is_uni;
1974};
1975
1976static int quic_new_stream_wait(void *arg)
1977{
1978 struct quic_new_stream_wait_args *args = arg;
1979 QUIC_CONNECTION *qc = args->qc;
1980
1981 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1982 return -1;
1983
1984 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1985 return 1;
1986
1987 return 0;
1988}
1989
13ac037d 1990/* locking depends on need_lock */
faa3a180 1991static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
cb5c208b 1992{
9d6bd3d3 1993 int ret;
faa3a180 1994 QUIC_CONNECTION *qc = ctx->qc;
cb5c208b 1995 QUIC_XSO *xso = NULL;
21c80696 1996 QUIC_STREAM *qs = NULL;
2dbc39de 1997 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
9d6bd3d3
HL		 1998 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
1999 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
cb5c208b 2000
13ac037d
HL		 2001 if (need_lock)
2002 quic_lock(qc);
2dbc39de 2003
6d6b3a03 2004 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
a954f761 2005 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2dbc39de
HL		 2006 goto err;
2007 }
2008
9d6bd3d3
HL		 2009 if (!advance
2010 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2011 struct quic_new_stream_wait_args args;
2012
2013 /*
2014 * Stream count flow control currently doesn't permit this stream to be
2015 * opened.
2016 */
2017 if (no_blocking || !qc_blocking_mode(qc)) {
96fe5e5f 2018 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
9d6bd3d3
HL		 2019 goto err;
2020 }
2021
2022 args.qc = qc;
2023 args.is_uni = is_uni;
2024
2025 /* Blocking mode - wait until we can get a stream. */
2026 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2027 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
96fe5e5f 2028 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
9d6bd3d3
HL		 2029 goto err; /* Shutdown before completion */
2030 } else if (ret <= 0) {
96fe5e5f 2031 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
9d6bd3d3
HL		 2032 goto err; /* Non-protocol error */
2033 }
2034 }
2035
13ac037d 2036 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
96014840 2037 if (qs == NULL) {
a954f761 2038 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2dbc39de 2039 goto err;
96014840 2040 }
cb5c208b 2041
13ac037d 2042 xso = create_xso_from_stream(qc, qs);
8ee3ee10 2043 if (xso == NULL)
cb5c208b
HL		 2044 goto err;
2045
13ac037d
HL		 2046 qc_touch_default_xso(qc); /* inhibits default XSO */
2047 if (need_lock)
2048 quic_unlock(qc);
2049
cb5c208b
HL		 2050 return &xso->ssl;
2051
2052err:
2053 OPENSSL_free(xso);
13ac037d
HL		 2054 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2055 if (need_lock)
2056 quic_unlock(qc);
2057
cb5c208b 2058 return NULL;
13ac037d
HL		 2059
2060}
2061
2062QUIC_TAKES_LOCK
2063SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2064{
2065 QCTX ctx;
2066
56df4cf2 2067 if (!expect_quic_conn_only(s, &ctx))
13ac037d
HL		 2068 return NULL;
2069
faa3a180 2070 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
cb5c208b
HL		 2071}
2072
22d53c88
HL		 2073/*
2074 * QUIC Front-End I/O API: Steady-State Operations
2075 * ===============================================
2076 *
2077 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2078 * is, the functions used during the established phase of a QUIC connection
2079 * (e.g. SSL_read, SSL_write).
2080 *
2081 * Each function must handle both blocking and non-blocking modes. As discussed
2082 * above, all QUIC I/O is implemented using non-blocking mode internally.
2083 *
2084 * SSL_get_error => partially implemented by ossl_quic_get_error
5debf070 2085 * SSL_want => ossl_quic_want
22d53c88
HL		 2086 * (BIO/)SSL_read => ossl_quic_read
2087 * (BIO/)SSL_write => ossl_quic_write
2088 * SSL_pending => ossl_quic_pending
a9979965 2089 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2525109f 2090 * SSL_key_update => ossl_quic_key_update
22d53c88
HL		 2091 */
2092
2093/* SSL_get_error */
072328dd 2094int ossl_quic_get_error(const SSL *s, int i)
e44795bd 2095{
072328dd 2096 QCTX ctx;
5c3474ea 2097 int net_error, last_error;
072328dd
HL		 2098
2099 if (!expect_quic(s, &ctx))
2100 return 0;
2101
5c3474ea
TM		 2102 quic_lock(ctx.qc);
2103 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2104 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2105 quic_unlock(ctx.qc);
2106
2107 if (net_error)
2108 return SSL_ERROR_SYSCALL;
2109
2110 return last_error;
e44795bd
TM		 2111}
2112
5debf070
HL		 2113/* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2114static int error_to_want(int error)
2115{
2116 switch (error) {
2117 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2118 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2119 case SSL_ERROR_ZERO_RETURN:
2120 default:
2121 return SSL_NOTHING;
2122
2123 case SSL_ERROR_WANT_READ:
2124 return SSL_READING;
2125
2126 case SSL_ERROR_WANT_WRITE:
2127 return SSL_WRITING;
2128
3a0012cb
MC		 2129 case SSL_ERROR_WANT_RETRY_VERIFY:
2130 return SSL_RETRY_VERIFY;
2131
5debf070
HL		 2132 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2133 return SSL_CLIENT_HELLO_CB;
2134
2135 case SSL_ERROR_WANT_X509_LOOKUP:
2136 return SSL_X509_LOOKUP;
2137 }
2138}
2139
2140/* SSL_want */
2141int ossl_quic_want(const SSL *s)
2142{
2143 QCTX ctx;
2144 int w;
2145
2146 if (!expect_quic(s, &ctx))
2147 return SSL_NOTHING;
2148
2149 quic_lock(ctx.qc);
2150
2151 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2152
2153 quic_unlock(ctx.qc);
2154 return w;
2155}
2156
22d53c88
HL		 2157/*
2158 * SSL_write
2159 * ---------
2160 *
2161 * The set of functions below provide the implementation of the public SSL_write
2162 * function. We must handle:
2163 *
2164 * - both blocking and non-blocking operation at the application level,
2165 * depending on how we are configured;
2166 *
2167 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2168 *
2169 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2170 *
2171 */
4847599b 2172QUIC_NEEDS_LOCK
113be15a
HL		 2173static void quic_post_write(QUIC_XSO *xso, int did_append,
2174 int did_append_all, uint64_t flags,
2175 int do_tick)
22d53c88
HL		 2176{
2177 /*
2178 * We have appended at least one byte to the stream.
2179 * Potentially mark stream as active, depending on FC.
2180 */
2181 if (did_append)
cb5c208b
HL		 2182 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2183 xso->stream);
22d53c88 2184
113be15a
HL		 2185 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2186 ossl_quic_sstream_fin(xso->stream->sstream);
2187
22d53c88
HL		 2188 /*
2189 * Try and send.
2190 *
44cb36d0
TM		 2191 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2192 * immediately, plus we should eventually consider Nagle's algorithm.
22d53c88
HL		 2193 */
2194 if (do_tick)
cb5c208b 2195 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
22d53c88
HL		 2196}
2197
2198struct quic_write_again_args {
cb5c208b 2199 QUIC_XSO *xso;
22d53c88
HL		 2200 const unsigned char *buf;
2201 size_t len;
2202 size_t total_written;
abfe3d51 2203 int err;
113be15a 2204 uint64_t flags;
22d53c88
HL		 2205};
2206
b119f8b8
HL		 2207/*
2208 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2209 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2210 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2211 */
2212#define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2213
2214/*
2215 * Ensure spare buffer space available (up until a limit, at least).
2216 */
2217QUIC_NEEDS_LOCK
2218static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2219{
2220 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2221 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2222 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2223 size_t new_sz, growth;
2224
2225 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2226 return 1;
2227
2228 growth = spare_ - avail;
2229 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2230 new_sz = MAX_WRITE_BUF_SIZE;
2231 else
2232 new_sz = cur_sz + growth;
2233
2234 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2235}
2236
2237/*
2238 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2239 * as needed according to flow control.
2240 */
2241QUIC_NEEDS_LOCK
2242static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2243 size_t len, size_t *actual_written)
2244{
2245 QUIC_SSTREAM *sstream = xso->stream->sstream;
2246 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2247 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2248 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2249
2250 if (len > permitted)
2251 len = (size_t)permitted;
2252
2253 if (!sstream_ensure_spare(sstream, len))
2254 return 0;
2255
2256 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2257}
2258
4847599b 2259QUIC_NEEDS_LOCK
22d53c88
HL		 2260static int quic_write_again(void *arg)
2261{
2262 struct quic_write_again_args *args = arg;
2263 size_t actual_written = 0;
2264
6d6b3a03 2265 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
22d53c88
HL		 2266 /* If connection is torn down due to an error while blocking, stop. */
2267 return -2;
2268
abfe3d51
HL		 2269 if (!quic_validate_for_write(args->xso, &args->err))
2270 /*
2271 * Stream may have become invalid for write due to connection events
2272 * while we blocked.
2273 */
2274 return -2;
2275
2276 args->err = ERR_R_INTERNAL_ERROR;
b119f8b8 2277 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
22d53c88
HL		 2278 return -2;
2279
113be15a
HL		 2280 quic_post_write(args->xso, actual_written > 0,
2281 args->len == actual_written, args->flags, 0);
22d53c88
HL		 2282
2283 args->buf += actual_written;
2284 args->len -= actual_written;
2285 args->total_written += actual_written;
2286
3f0c310b 2287 if (args->len == 0)
22d53c88
HL		 2288 /* Written everything, done. */
2289 return 1;
2290
2291 /* Not written everything yet, keep trying. */
2292 return 0;
2293}
2294
4847599b 2295QUIC_NEEDS_LOCK
faa3a180 2296static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
113be15a 2297 uint64_t flags, size_t *written)
e44795bd 2298{
22d53c88 2299 int res;
faa3a180 2300 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 2301 struct quic_write_again_args args;
2302 size_t actual_written = 0;
2303
2304 /* First make a best effort to append as much of the data as possible. */
b119f8b8 2305 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
22d53c88
HL		 2306 /* Stream already finished or allocation error. */
2307 *written = 0;
faa3a180 2308 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2309 }
2310
113be15a 2311 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
22d53c88
HL		 2312
2313 if (actual_written == len) {
2314 /* Managed to append everything on the first try. */
2315 *written = actual_written;
2316 return 1;
2317 }
2318
2319 /*
2320 * We did not manage to append all of the data immediately, so the stream
2321 * buffer has probably filled up. This means we need to block until some of
2322 * it is freed up.
2323 */
cb5c208b 2324 args.xso = xso;
22d53c88
HL		 2325 args.buf = (const unsigned char *)buf + actual_written;
2326 args.len = len - actual_written;
2327 args.total_written = 0;
abfe3d51 2328 args.err = ERR_R_INTERNAL_ERROR;
113be15a 2329 args.flags = flags;
22d53c88 2330
cb5c208b 2331 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
22d53c88 2332 if (res <= 0) {
6d6b3a03 2333 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
faa3a180 2334 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
22d53c88 2335 else
abfe3d51 2336 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
22d53c88
HL		 2337 }
2338
2339 *written = args.total_written;
e44795bd
TM		 2340 return 1;
2341}
2342
ca41f6b7
HL		 2343/*
2344 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2345 * write semantics.
2346 */
cb5c208b 2347static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
22d53c88
HL		 2348 size_t buf_len, size_t already_sent)
2349{
cb5c208b 2350 assert(!xso->aon_write_in_progress);
22d53c88 2351
cb5c208b
HL		 2352 xso->aon_write_in_progress = 1;
2353 xso->aon_buf_base = buf;
2354 xso->aon_buf_pos = already_sent;
2355 xso->aon_buf_len = buf_len;
22d53c88
HL		 2356}
2357
cb5c208b 2358static void aon_write_finish(QUIC_XSO *xso)
22d53c88 2359{
cb5c208b
HL		 2360 xso->aon_write_in_progress = 0;
2361 xso->aon_buf_base = NULL;
2362 xso->aon_buf_pos = 0;
2363 xso->aon_buf_len = 0;
22d53c88
HL		 2364}
2365
4847599b 2366QUIC_NEEDS_LOCK
faa3a180 2367static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
113be15a
HL		 2368 size_t len, uint64_t flags,
2369 size_t *written)
e44795bd 2370{
faa3a180 2371 QUIC_XSO *xso = ctx->xso;
22d53c88
HL		 2372 const void *actual_buf;
2373 size_t actual_len, actual_written = 0;
2374 int accept_moving_buffer
cb5c208b 2375 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
22d53c88 2376
cb5c208b 2377 if (xso->aon_write_in_progress) {
22d53c88
HL		 2378 /*
2379 * We are in the middle of an AON write (i.e., a previous write did not
75b2920a
HL		 2380 * manage to append all data to the SSTREAM and we have Enable Partial
2381 * Write (EPW) mode disabled.)
22d53c88 2382 */
cb5c208b
HL		 2383 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2384 || len != xso->aon_buf_len)
22d53c88
HL		 2385 /*
2386 * Pointer must not have changed if we are not in accept moving
2387 * buffer mode. Length must never change.
2388 */
faa3a180 2389 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
22d53c88 2390
cb5c208b
HL		 2391 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2392 actual_len = len - xso->aon_buf_pos;
22d53c88
HL		 2393 assert(actual_len > 0);
2394 } else {
2395 actual_buf = buf;
2396 actual_len = len;
2397 }
2398
2399 /* First make a best effort to append as much of the data as possible. */
b119f8b8 2400 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
22d53c88
HL		 2401 /* Stream already finished or allocation error. */
2402 *written = 0;
faa3a180 2403 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2404 }
2405
113be15a
HL		 2406 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2407 flags, 1);
22d53c88
HL		 2408
2409 if (actual_written == actual_len) {
2410 /* We have sent everything. */
cb5c208b 2411 if (xso->aon_write_in_progress) {
22d53c88
HL		 2412 /*
2413 * We have sent everything, and we were in the middle of an AON
2414 * write. The output write length is the total length of the AON
2415 * buffer, not however many bytes we managed to write to the stream
2416 * in this call.
2417 */
cb5c208b
HL		 2418 *written = xso->aon_buf_len;
2419 aon_write_finish(xso);
22d53c88
HL		 2420 } else {
2421 *written = actual_written;
2422 }
2423
2424 return 1;
2425 }
2426
cb5c208b 2427 if (xso->aon_write_in_progress) {
22d53c88
HL		 2428 /*
2429 * AON write is in progress but we have not written everything yet. We
2430 * may have managed to send zero bytes, or some number of bytes less
2431 * than the total remaining which need to be appended during this
2432 * AON operation.
2433 */
cb5c208b
HL		 2434 xso->aon_buf_pos += actual_written;
2435 assert(xso->aon_buf_pos < xso->aon_buf_len);
faa3a180 2436 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
22d53c88
HL		 2437 }
2438
08e49012 2439 /*
22d53c88
HL		 2440 * Not in an existing AON operation but partial write is not enabled, so we
2441 * need to begin a new AON operation. However we needn't bother if we didn't
2442 * actually append anything.
08e49012 2443 */
22d53c88 2444 if (actual_written > 0)
cb5c208b 2445 aon_write_begin(xso, buf, len, actual_written);
e44795bd 2446
22d53c88
HL		 2447 /*
2448 * AON - We do not publicly admit to having appended anything until AON
2449 * completes.
2450 */
2451 *written = 0;
faa3a180 2452 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
e44795bd
TM		 2453}
2454
4847599b 2455QUIC_NEEDS_LOCK
faa3a180 2456static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
113be15a 2457 uint64_t flags, size_t *written)
e44795bd 2458{
faa3a180
HL		 2459 QUIC_XSO *xso = ctx->xso;
2460
22d53c88 2461 /* Simple best effort operation. */
b119f8b8 2462 if (!xso_sstream_append(xso, buf, len, written)) {
22d53c88
HL		 2463 /* Stream already finished or allocation error. */
2464 *written = 0;
faa3a180 2465 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2466 }
2467
113be15a 2468 quic_post_write(xso, *written > 0, *written == len, flags, 1);
e44795bd
TM		 2469 return 1;
2470}
d5ab48a1 2471
abfe3d51
HL		 2472QUIC_NEEDS_LOCK
2473static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2474{
2475 QUIC_STREAM_MAP *qsm;
2476
2477 if (xso == NULL || xso->stream == NULL) {
2478 *err = ERR_R_INTERNAL_ERROR;
2479 return 0;
2480 }
2481
2482 switch (xso->stream->send_state) {
2483 default:
2484 case QUIC_SSTREAM_STATE_NONE:
2485 *err = SSL_R_STREAM_RECV_ONLY;
2486 return 0;
2487
2488 case QUIC_SSTREAM_STATE_READY:
2489 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2490
2491 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2492 *err = ERR_R_INTERNAL_ERROR;
2493 return 0;
2494 }
2495
2496 /* FALLTHROUGH */
2497 case QUIC_SSTREAM_STATE_SEND:
2498 case QUIC_SSTREAM_STATE_DATA_SENT:
2499 case QUIC_SSTREAM_STATE_DATA_RECVD:
2500 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2501 *err = SSL_R_STREAM_FINISHED;
2502 return 0;
2503 }
2504
2505 return 1;
2506
2507 case QUIC_SSTREAM_STATE_RESET_SENT:
2508 case QUIC_SSTREAM_STATE_RESET_RECVD:
2509 *err = SSL_R_STREAM_RESET;
2510 return 0;
2511 }
2512}
2513
a8489257 2514QUIC_TAKES_LOCK
113be15a
HL		 2515int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2516 uint64_t flags, size_t *written)
d5ab48a1 2517{
a8489257 2518 int ret;
072328dd 2519 QCTX ctx;
abfe3d51 2520 int partial_write, err;
22d53c88
HL		 2521
2522 *written = 0;
2523
a954f761 2524 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
8b7be3aa 2525 return 0;
a8489257 2526
cb5c208b 2527 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
072328dd 2528
113be15a
HL		 2529 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2530 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2531 goto out;
2532 }
2533
6d6b3a03 2534 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
faa3a180 2535 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 2536 goto out;
2537 }
22d53c88 2538
ca41f6b7
HL		 2539 /*
2540 * If we haven't finished the handshake, try to advance it.
2541 * We don't accept writes until the handshake is completed.
2542 */
faa3a180 2543 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 2544 ret = 0;
2545 goto out;
2546 }
ca41f6b7 2547
abfe3d51
HL		 2548 /* Ensure correct stream state, stream send part not concluded, etc. */
2549 if (!quic_validate_for_write(ctx.xso, &err)) {
2550 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
a8489257
HL		 2551 goto out;
2552 }
22d53c88 2553
33f6ad17 2554 if (len == 0) {
113be15a
HL		 2555 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2556 quic_post_write(ctx.xso, 0, 1, flags, 1);
2557
33f6ad17
MC		 2558 ret = 1;
2559 goto out;
2560 }
2561
cb5c208b 2562 if (xso_blocking_mode(ctx.xso))
113be15a 2563 ret = quic_write_blocking(&ctx, buf, len, flags, written);
22d53c88 2564 else if (partial_write)
113be15a 2565 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
22d53c88 2566 else
113be15a 2567 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
a8489257
HL		 2568
2569out:
072328dd 2570 quic_unlock(ctx.qc);
a8489257 2571 return ret;
d5ab48a1
RL		 2572}
2573
113be15a
HL		 2574QUIC_TAKES_LOCK
2575int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2576{
2577 return ossl_quic_write_flags(s, buf, len, 0, written);
2578}
2579
d5ab48a1 2580/*
22d53c88
HL		 2581 * SSL_read
2582 * --------
d5ab48a1 2583 */
22d53c88 2584struct quic_read_again_args {
faa3a180 2585 QCTX *ctx;
22d53c88
HL		 2586 QUIC_STREAM *stream;
2587 void *buf;
2588 size_t len;
2589 size_t *bytes_read;
2590 int peek;
2591};
2592
e0bd2825
HL		 2593QUIC_NEEDS_LOCK
2594static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2595{
08d4b7eb 2596 QUIC_STREAM_MAP *qsm;
e0bd2825 2597
5ed3a435
HL		 2598 *eos = 0;
2599
e0bd2825
HL		 2600 if (xso == NULL || xso->stream == NULL) {
2601 *err = ERR_R_INTERNAL_ERROR;
2602 return 0;
2603 }
2604
2605 switch (xso->stream->recv_state) {
2606 default:
2607 case QUIC_RSTREAM_STATE_NONE:
2608 *err = SSL_R_STREAM_SEND_ONLY;
2609 return 0;
2610
2611 case QUIC_RSTREAM_STATE_RECV:
2612 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2613 case QUIC_RSTREAM_STATE_DATA_RECVD:
2614 return 1;
2615
2616 case QUIC_RSTREAM_STATE_DATA_READ:
2617 *eos = 1;
2618 return 0;
2619
2620 case QUIC_RSTREAM_STATE_RESET_RECVD:
08d4b7eb
HL		 2621 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2622 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2623
2624 /* FALLTHROUGH */
e0bd2825
HL		 2625 case QUIC_RSTREAM_STATE_RESET_READ:
2626 *err = SSL_R_STREAM_RESET;
2627 return 0;
2628 }
2629}
2630
4847599b 2631QUIC_NEEDS_LOCK
faa3a180 2632static int quic_read_actual(QCTX *ctx,
22d53c88
HL		 2633 QUIC_STREAM *stream,
2634 void *buf, size_t buf_len,
2635 size_t *bytes_read,
2636 int peek)
d5ab48a1 2637{
e0bd2825 2638 int is_fin = 0, err, eos;
faa3a180 2639 QUIC_CONNECTION *qc = ctx->qc;
22d53c88 2640
e0bd2825
HL		 2641 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2642 if (eos)
2643 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2644 else
2645 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2646 }
2647
22d53c88
HL		 2648 if (peek) {
2649 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2650 bytes_read, &is_fin))
faa3a180 2651 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2652
2653 } else {
2654 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2655 bytes_read, &is_fin))
faa3a180 2656 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2657 }
2658
2659 if (!peek) {
2660 if (*bytes_read > 0) {
2661 /*
2662 * We have read at least one byte from the stream. Inform stream-level
2663 * RXFC of the retirement of controlled bytes. Update the active stream
2664 * status (the RXFC may now want to emit a frame granting more credit to
2665 * the peer).
2666 */
2667 OSSL_RTT_INFO rtt_info;
d50e750e 2668
22d53c88
HL		 2669 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2670
cb5c208b 2671 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
22d53c88 2672 rtt_info.smoothed_rtt))
faa3a180 2673 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
22d53c88
HL		 2674 }
2675
08d4b7eb
HL		 2676 if (is_fin && !peek) {
2677 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2678
2679 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2680 }
22d53c88
HL		 2681
2682 if (*bytes_read > 0)
2683 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
cb5c208b 2684 stream);
22d53c88
HL		 2685 }
2686
72622c0b
MC		 2687 if (*bytes_read == 0 && is_fin)
2688 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2689
d5ab48a1
RL		 2690 return 1;
2691}
2692
4847599b 2693QUIC_NEEDS_LOCK
22d53c88 2694static int quic_read_again(void *arg)
d5ab48a1 2695{
22d53c88
HL		 2696 struct quic_read_again_args *args = arg;
2697
6d6b3a03 2698 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
22d53c88 2699 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 2700 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
ca41f6b7 2701 return -1;
a9979965 2702 }
22d53c88 2703
faa3a180 2704 if (!quic_read_actual(args->ctx, args->stream,
22d53c88
HL		 2705 args->buf, args->len, args->bytes_read,
2706 args->peek))
2707 return -1;
2708
2709 if (*args->bytes_read > 0)
2710 /* got at least one byte, the SSL_read op can finish now */
2711 return 1;
2712
81b6b43c 2713 return 0; /* did not read anything, keep trying */
d5ab48a1
RL		 2714}
2715
a8489257 2716QUIC_TAKES_LOCK
22d53c88 2717static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
d5ab48a1 2718{
a8489257 2719 int ret, res;
072328dd 2720 QCTX ctx;
22d53c88
HL		 2721 struct quic_read_again_args args;
2722
2723 *bytes_read = 0;
2724
8b7be3aa 2725 if (!expect_quic(s, &ctx))
22d53c88
HL		 2726 return 0;
2727
72ca0b88 2728 quic_lock_for_io(&ctx);
a8489257 2729
6d6b3a03 2730 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
faa3a180 2731 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
a8489257
HL		 2732 goto out;
2733 }
22d53c88 2734
a9979965 2735 /* If we haven't finished the handshake, try to advance it. */
faa3a180 2736 if (quic_do_handshake(&ctx) < 1) {
a8489257
HL		 2737 ret = 0; /* ossl_quic_do_handshake raised error here */
2738 goto out;
2739 }
22d53c88 2740
8b7be3aa
HL		 2741 if (ctx.xso == NULL) {
2742 /*
2743 * Called on a QCSO and we don't currently have a default stream.
2744 *
2745 * Wait until we get a stream initiated by the peer (blocking mode) or
2746 * fail if we don't have one yet (non-blocking mode).
2747 */
faa3a180 2748 if (!qc_wait_for_default_xso_for_read(&ctx)) {
8b7be3aa
HL		 2749 ret = 0; /* error already raised here */
2750 goto out;
2751 }
2752
2753 ctx.xso = ctx.qc->default_xso;
2754 }
2755
faa3a180 2756 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
a8489257
HL		 2757 ret = 0; /* quic_read_actual raised error here */
2758 goto out;
2759 }
22d53c88
HL		 2760
2761 if (*bytes_read > 0) {
2762 /*
2763 * Even though we succeeded, tick the reactor here to ensure we are
2764 * handling other aspects of the QUIC connection.
2765 */
072328dd 2766 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
a8489257 2767 ret = 1;
cb5c208b 2768 } else if (xso_blocking_mode(ctx.xso)) {
22d53c88
HL		 2769 /*
2770 * We were not able to read anything immediately, so our stream
2771 * buffer is empty. This means we need to block until we get
2772 * at least one byte.
2773 */
faa3a180 2774 args.ctx = &ctx;
cb5c208b 2775 args.stream = ctx.xso->stream;
22d53c88
HL		 2776 args.buf = buf;
2777 args.len = len;
2778 args.bytes_read = bytes_read;
2779 args.peek = peek;
2780
072328dd 2781 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
a8489257 2782 if (res == 0) {
faa3a180 2783 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257
HL		 2784 goto out;
2785 } else if (res < 0) {
2786 ret = 0; /* quic_read_again raised error here */
2787 goto out;
2788 }
22d53c88 2789
a8489257 2790 ret = 1;
af8b52cf 2791 } else {
780b2527
HL		 2792 /*
2793 * We did not get any bytes and are not in blocking mode.
2794 * Tick to see if this delivers any more.
2795 */
2796 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2797
2798 /* Try the read again. */
2799 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2800 ret = 0; /* quic_read_actual raised error here */
2801 goto out;
2802 }
2803
2804 if (*bytes_read > 0)
2805 ret = 1; /* Succeeded this time. */
2806 else
2807 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
af8b52cf 2808 }
a8489257
HL		 2809
2810out:
072328dd 2811 quic_unlock(ctx.qc);
a8489257 2812 return ret;
d5ab48a1
RL		 2813}
2814
22d53c88
HL		 2815int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2816{
2817 return quic_read(s, buf, len, bytes_read, 0);
2818}
2819
2820int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2821{
2822 return quic_read(s, buf, len, bytes_read, 1);
2823}
2824
2825/*
2826 * SSL_pending
2827 * -----------
2828 */
9280d26a 2829
a8489257 2830QUIC_TAKES_LOCK
d6e7ebba 2831static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
22d53c88 2832{
072328dd 2833 QCTX ctx;
433d107a 2834 size_t avail = 0;
22d53c88
HL		 2835 int fin = 0;
2836
c31f0612
MC		 2837
2838 if (!expect_quic(s, &ctx))
22d53c88
HL		 2839 return 0;
2840
c31f0612
MC		 2841 quic_lock(ctx.qc);
2842
8ee3ee10 2843 if (ctx.xso == NULL) {
a954f761 2844 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
c31f0612 2845 goto out;
8ee3ee10 2846 }
c31f0612 2847
2f018d14 2848 if (ctx.xso->stream == NULL
8ee3ee10 2849 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
a954f761 2850 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
a8489257 2851 goto out;
8ee3ee10 2852 }
22d53c88 2853
cb5c208b 2854 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
a8489257 2855 avail = 0;
22d53c88 2856
d6e7ebba
HL		 2857 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2858 avail = 1;
2859
a8489257 2860out:
072328dd 2861 quic_unlock(ctx.qc);
22d53c88
HL		 2862 return avail;
2863}
2864
560470b5
MC		 2865size_t ossl_quic_pending(const SSL *s)
2866{
d6e7ebba 2867 return ossl_quic_pending_int(s, /*check_channel=*/0);
560470b5
MC		 2868}
2869
072328dd 2870int ossl_quic_has_pending(const SSL *s)
560470b5 2871{
9280d26a 2872 /* Do we have app-side pending data or pending URXEs or RXEs? */
d6e7ebba 2873 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
560470b5
MC		 2874}
2875
a9979965
HL		 2876/*
2877 * SSL_stream_conclude
2878 * -------------------
2879 */
a8489257 2880QUIC_TAKES_LOCK
072328dd 2881int ossl_quic_conn_stream_conclude(SSL *s)
a9979965 2882{
072328dd
HL		 2883 QCTX ctx;
2884 QUIC_STREAM *qs;
abfe3d51 2885 int err;
072328dd 2886
a954f761 2887 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
072328dd
HL		 2888 return 0;
2889
cb5c208b 2890 qs = ctx.xso->stream;
a9979965 2891
6d6b3a03 2892 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
072328dd 2893 quic_unlock(ctx.qc);
abfe3d51
HL		 2894 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2895 }
2896
2897 if (!quic_validate_for_write(ctx.xso, &err)) {
2898 quic_unlock(ctx.qc);
2899 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
a8489257
HL		 2900 }
2901
2f018d14 2902 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
072328dd 2903 quic_unlock(ctx.qc);
a9979965 2904 return 1;
a8489257 2905 }
a9979965
HL		 2906
2907 ossl_quic_sstream_fin(qs->sstream);
113be15a 2908 quic_post_write(ctx.xso, 1, 0, 0, 1);
072328dd 2909 quic_unlock(ctx.qc);
a9979965
HL		 2910 return 1;
2911}
2912
553a4e00
HL		 2913/*
2914 * SSL_inject_net_dgram
2915 * --------------------
2916 */
5129e594 2917QUIC_TAKES_LOCK
553a4e00
HL		 2918int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2919 size_t buf_len,
2920 const BIO_ADDR *peer,
2921 const BIO_ADDR *local)
2922{
5129e594 2923 int ret;
072328dd 2924 QCTX ctx;
553a4e00
HL		 2925 QUIC_DEMUX *demux;
2926
072328dd 2927 if (!expect_quic(s, &ctx))
553a4e00
HL		 2928 return 0;
2929
072328dd 2930 quic_lock(ctx.qc);
5129e594 2931
072328dd 2932 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
5129e594
HL		 2933 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2934
072328dd 2935 quic_unlock(ctx.qc);
5129e594 2936 return ret;
553a4e00
HL		 2937}
2938
020d0389
HL		 2939/*
2940 * SSL_get0_connection
2941 * -------------------
2942 */
2943SSL *ossl_quic_get0_connection(SSL *s)
2944{
2945 QCTX ctx;
2946
2947 if (!expect_quic(s, &ctx))
2948 return NULL;
2949
2950 return &ctx.qc->ssl;
2951}
2952
1bca3f1b
HL		 2953/*
2954 * SSL_get_stream_type
2955 * -------------------
2956 */
2957int ossl_quic_get_stream_type(SSL *s)
2958{
2959 QCTX ctx;
2960
2961 if (!expect_quic(s, &ctx))
59c5c016 2962 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2963
2964 if (ctx.xso == NULL) {
2965 /*
59c5c016
HL		 2966 * If deferred XSO creation has yet to occur, proceed according to the
2967 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2968 * what kind of stream will be created yet, so return BIDI on the basis
2969 * that at this time, the client still has the option of calling
2970 * SSL_read() or SSL_write() first.
1bca3f1b 2971 */
59c5c016
HL		 2972 if (ctx.qc->default_xso_created
2973 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1bca3f1b 2974 return SSL_STREAM_TYPE_NONE;
59c5c016
HL		 2975 else
2976 return SSL_STREAM_TYPE_BIDI;
1bca3f1b
HL		 2977 }
2978
2979 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2980 return SSL_STREAM_TYPE_BIDI;
2981
2982 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2983 return SSL_STREAM_TYPE_READ;
2984 else
2985 return SSL_STREAM_TYPE_WRITE;
2986}
2987
19cb0887
HL		 2988/*
2989 * SSL_get_stream_id
2990 * -----------------
2991 */
cb68ce9f 2992QUIC_TAKES_LOCK
19cb0887
HL		 2993uint64_t ossl_quic_get_stream_id(SSL *s)
2994{
2995 QCTX ctx;
8b7be3aa 2996 uint64_t id;
19cb0887 2997
a954f761 2998 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
19cb0887
HL		 2999 return UINT64_MAX;
3000
8b7be3aa
HL		 3001 id = ctx.xso->stream->id;
3002 quic_unlock(ctx.qc);
3003
3004 return id;
3005}
3006
d2e9e12b
HL		 3007/*
3008 * SSL_is_stream_local
3009 * -------------------
3010 */
3011QUIC_TAKES_LOCK
3012int ossl_quic_is_stream_local(SSL *s)
3013{
3014 QCTX ctx;
3015 int is_local;
3016
7b1ca599 3017 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
d2e9e12b
HL		 3018 return -1;
3019
3020 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3021 quic_unlock(ctx.qc);
3022
3023 return is_local;
3024}
3025
8b7be3aa
HL		 3026/*
3027 * SSL_set_default_stream_mode
3028 * ---------------------------
3029 */
cb68ce9f 3030QUIC_TAKES_LOCK
8b7be3aa
HL		 3031int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3032{
3033 QCTX ctx;
3034
56df4cf2 3035 if (!expect_quic_conn_only(s, &ctx))
8b7be3aa
HL		 3036 return 0;
3037
3038 quic_lock(ctx.qc);
3039
4669a3d7
HL		 3040 if (ctx.qc->default_xso_created) {
3041 quic_unlock(ctx.qc);
a954f761 3042 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 3043 "too late to change default stream mode");
4669a3d7 3044 }
8b7be3aa
HL		 3045
3046 switch (mode) {
3047 case SSL_DEFAULT_STREAM_MODE_NONE:
3048 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3049 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3050 ctx.qc->default_stream_mode = mode;
3051 break;
3052 default:
3053 quic_unlock(ctx.qc);
a954f761 3054 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10 3055 "bad default stream type");
8b7be3aa
HL		 3056 }
3057
3058 quic_unlock(ctx.qc);
3059 return 1;
3060}
3061
3062/*
3063 * SSL_detach_stream
3064 * -----------------
3065 */
cb68ce9f 3066QUIC_TAKES_LOCK
8b7be3aa
HL		 3067SSL *ossl_quic_detach_stream(SSL *s)
3068{
3069 QCTX ctx;
9cab4bd5 3070 QUIC_XSO *xso = NULL;
8b7be3aa 3071
56df4cf2 3072 if (!expect_quic_conn_only(s, &ctx))
8b7be3aa
HL		 3073 return NULL;
3074
3075 quic_lock(ctx.qc);
3076
8b7be3aa 3077 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5
HL		 3078 /* QC ref to any default XSO is transferred to us and to caller. */
3079 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
8b7be3aa
HL		 3080
3081 quic_unlock(ctx.qc);
3082
9cab4bd5 3083 return xso != NULL ? &xso->ssl : NULL;
8b7be3aa
HL		 3084}
3085
3086/*
3087 * SSL_attach_stream
3088 * -----------------
3089 */
cb68ce9f 3090QUIC_TAKES_LOCK
8b7be3aa
HL		 3091int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3092{
3093 QCTX ctx;
9cab4bd5
HL		 3094 QUIC_XSO *xso;
3095 int nref;
8b7be3aa 3096
56df4cf2 3097 if (!expect_quic_conn_only(conn, &ctx))
8b7be3aa
HL		 3098 return 0;
3099
3100 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
a954f761 3101 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
8ee3ee10 3102 "stream to attach must be a valid QUIC stream");
8b7be3aa 3103
9cab4bd5
HL		 3104 xso = (QUIC_XSO *)stream;
3105
8b7be3aa
HL		 3106 quic_lock(ctx.qc);
3107
3108 if (ctx.qc->default_xso != NULL) {
3109 quic_unlock(ctx.qc);
a954f761 3110 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
8ee3ee10 3111 "connection already has a default stream");
8b7be3aa
HL		 3112 }
3113
9cab4bd5
HL		 3114 /*
3115 * It is a caller error for the XSO being attached as a default XSO to have
3116 * more than one ref.
3117 */
4eecc6aa 3118 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
9cab4bd5 3119 quic_unlock(ctx.qc);
a954f761 3120 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
8ee3ee10 3121 "ref");
9cab4bd5
HL		 3122 }
3123
3124 if (nref != 1) {
3125 quic_unlock(ctx.qc);
a954f761 3126 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
8ee3ee10
TM		 3127 "stream being attached must have "
3128 "only 1 reference");
9cab4bd5
HL		 3129 }
3130
3131 /* Caller's reference to the XSO is transferred to us. */
8b7be3aa 3132 /* Calling this function inhibits default XSO autocreation. */
9cab4bd5 3133 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
8b7be3aa
HL		 3134
3135 quic_unlock(ctx.qc);
3136 return 1;
19cb0887
HL		 3137}
3138
8a90df34 3139/*
83df44ae
HL		 3140 * SSL_set_incoming_stream_policy
3141 * ------------------------------
8a90df34 3142 */
995ff282 3143QUIC_NEEDS_LOCK
83df44ae 3144static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
995ff282 3145{
83df44ae
HL		 3146 switch (qc->incoming_stream_policy) {
3147 case SSL_INCOMING_STREAM_POLICY_AUTO:
995ff282
HL		 3148 if ((qc->default_xso == NULL && !qc->default_xso_created)
3149 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
83df44ae 3150 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
995ff282 3151 else
83df44ae 3152 return SSL_INCOMING_STREAM_POLICY_REJECT;
995ff282
HL		 3153
3154 default:
83df44ae 3155 return qc->incoming_stream_policy;
995ff282
HL		 3156 }
3157}
3158
3159QUIC_NEEDS_LOCK
3160static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3161{
83df44ae
HL		 3162 int policy = qc_get_effective_incoming_stream_policy(qc);
3163 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
995ff282
HL		 3164
3165 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3166 enable_reject,
83df44ae 3167 qc->incoming_stream_aec);
995ff282
HL		 3168}
3169
cb68ce9f 3170QUIC_TAKES_LOCK
83df44ae
HL		 3171int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3172 uint64_t aec)
8a90df34
HL		 3173{
3174 int ret = 1;
3175 QCTX ctx;
3176
56df4cf2 3177 if (!expect_quic_conn_only(s, &ctx))
8a90df34
HL		 3178 return 0;
3179
3180 quic_lock(ctx.qc);
3181
3182 switch (policy) {
83df44ae
HL		 3183 case SSL_INCOMING_STREAM_POLICY_AUTO:
3184 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3185 case SSL_INCOMING_STREAM_POLICY_REJECT:
3186 ctx.qc->incoming_stream_policy = policy;
3187 ctx.qc->incoming_stream_aec = aec;
8a90df34
HL		 3188 break;
3189
3190 default:
a954f761 3191 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
8a90df34
HL		 3192 ret = 0;
3193 break;
3194 }
3195
995ff282 3196 qc_update_reject_policy(ctx.qc);
8a90df34
HL		 3197 quic_unlock(ctx.qc);
3198 return ret;
3199}
3200
57eee469
HL		 3201/*
3202 * SSL_get_value, SSL_set_value
3203 * ----------------------------
3204 */
3205QUIC_TAKES_LOCK
3206static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3207 uint64_t *p_value_out, uint64_t *p_value_in)
3208{
3209 int ret = 0;
39a387f4 3210 uint64_t value_out = 0, value_in;
57eee469
HL		 3211
3212 quic_lock(ctx->qc);
3213
3214 switch (class_) {
3215 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3216 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3217
3218 if (p_value_in != NULL) {
3219 value_in = *p_value_in;
3220 if (value_in > OSSL_QUIC_VLINT_MAX) {
3221 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3222 NULL);
3223 goto err;
3224 }
3225
3226 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3227 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3228 NULL);
3229 goto err;
3230 }
3231
3232 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3233 }
3234 break;
3235
3236 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3237 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3238 if (p_value_in != NULL) {
3239 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3240 NULL);
3241 goto err;
3242 }
3243
3244 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3245 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3246 NULL);
3247 goto err;
3248 }
3249
3250 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3251 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3252 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3253 break;
3254
3255 default:
3256 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3257 NULL);
3258 goto err;
3259 }
3260
3261 ret = 1;
3262err:
3263 quic_unlock(ctx->qc);
3264 if (ret && p_value_out != NULL)
3265 *p_value_out = value_out;
3266
3267 return ret;
3268}
3269
3270QUIC_TAKES_LOCK
3271static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3272 int is_uni, int is_remote,
3273 uint64_t *value)
3274{
3275 int ret = 0;
3276
3277 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3278 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3279 NULL);
3280 return 0;
3281 }
3282
3283 quic_lock(ctx->qc);
3284
3285 *value = is_remote
3286 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3287 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3288
3289 ret = 1;
3290 quic_unlock(ctx->qc);
3291 return ret;
3292}
3293
3294QUIC_TAKES_LOCK
3295int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3296 uint64_t *value)
3297{
3298 QCTX ctx;
3299
3300 if (!expect_quic_conn_only(s, &ctx))
3301 return 0;
3302
99a5cfc1
HL		 3303 if (value == NULL)
3304 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3305 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3306
57eee469
HL		 3307 switch (id) {
3308 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3309 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3310
3311 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3312 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3313 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3314 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3315 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3316 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3317 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3318 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3319
3320 default:
3321 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3322 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3323 }
3324
3325 return 1;
3326}
3327
3328QUIC_TAKES_LOCK
3329int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3330 uint64_t value)
3331{
3332 QCTX ctx;
3333
3334 if (!expect_quic_conn_only(s, &ctx))
3335 return 0;
3336
3337 switch (id) {
3338 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3339 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3340
3341 default:
3342 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3343 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3344 }
3345
3346 return 1;
3347}
3348
cb68ce9f
HL		 3349/*
3350 * SSL_accept_stream
3351 * -----------------
3352 */
cb68ce9f 3353struct wait_for_incoming_stream_args {
faa3a180 3354 QCTX *ctx;
cb68ce9f
HL		 3355 QUIC_STREAM *qs;
3356};
3357
3358QUIC_NEEDS_LOCK
3359static int wait_for_incoming_stream(void *arg)
3360{
3361 struct wait_for_incoming_stream_args *args = arg;
faa3a180
HL		 3362 QUIC_CONNECTION *qc = args->ctx->qc;
3363 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
cb68ce9f 3364
6d6b3a03 3365 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
cb68ce9f 3366 /* If connection is torn down due to an error while blocking, stop. */
faa3a180 3367 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
cb68ce9f
HL		 3368 return -1;
3369 }
3370
3371 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3372 if (args->qs != NULL)
3373 return 1; /* got a stream */
3374
3375 return 0; /* did not get a stream, keep trying */
3376}
3377
3378QUIC_TAKES_LOCK
3379SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3380{
3381 QCTX ctx;
3382 int ret;
3383 SSL *new_s = NULL;
3384 QUIC_STREAM_MAP *qsm;
3385 QUIC_STREAM *qs;
3386 QUIC_XSO *xso;
90cecc40 3387 OSSL_RTT_INFO rtt_info;
cb68ce9f 3388
56df4cf2 3389 if (!expect_quic_conn_only(s, &ctx))
cb68ce9f
HL		 3390 return NULL;
3391
3392 quic_lock(ctx.qc);
3393
83df44ae 3394 if (qc_get_effective_incoming_stream_policy(ctx.qc)
8ee3ee10 3395 == SSL_INCOMING_STREAM_POLICY_REJECT) {
a954f761 3396 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
cb68ce9f 3397 goto out;
8ee3ee10 3398 }
cb68ce9f
HL		 3399
3400 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3401
3402 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3403 if (qs == NULL) {
3404 if (qc_blocking_mode(ctx.qc)
3405 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3406 struct wait_for_incoming_stream_args args;
3407
faa3a180 3408 args.ctx = &ctx;
cb68ce9f
HL		 3409 args.qs = NULL;
3410
3411 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3412 if (ret == 0) {
faa3a180 3413 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
cb68ce9f
HL		 3414 goto out;
3415 } else if (ret < 0 || args.qs == NULL) {
3416 goto out;
3417 }
3418
3419 qs = args.qs;
3420 } else {
3421 goto out;
3422 }
3423 }
3424
3425 xso = create_xso_from_stream(ctx.qc, qs);
3426 if (xso == NULL)
3427 goto out;
3428
90cecc40
HL		 3429 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3430 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3431 rtt_info.smoothed_rtt);
cb68ce9f
HL		 3432 new_s = &xso->ssl;
3433
3434 /* Calling this function inhibits default XSO autocreation. */
995ff282 3435 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
cb68ce9f
HL		 3436
3437out:
3438 quic_unlock(ctx.qc);
3439 return new_s;
3440}
3441
3442/*
3443 * SSL_get_accept_stream_queue_len
3444 * -------------------------------
3445 */
3446QUIC_TAKES_LOCK
3447size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3448{
3449 QCTX ctx;
3450 size_t v;
3451
56df4cf2 3452 if (!expect_quic_conn_only(s, &ctx))
cb68ce9f
HL		 3453 return 0;
3454
3455 quic_lock(ctx.qc);
3456
3457 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3458
3459 quic_unlock(ctx.qc);
3460 return v;
3461}
3462
c3a04ea2
HL		 3463/*
3464 * SSL_stream_reset
3465 * ----------------
3466 */
3467int ossl_quic_stream_reset(SSL *ssl,
3468 const SSL_STREAM_RESET_ARGS *args,
3469 size_t args_len)
3470{
3471 QCTX ctx;
3472 QUIC_STREAM_MAP *qsm;
3473 QUIC_STREAM *qs;
3474 uint64_t error_code;
e0bd2825 3475 int ok, err;
c3a04ea2 3476
a954f761 3477 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
c3a04ea2
HL		 3478 return 0;
3479
3480 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3481 qs = ctx.xso->stream;
3482 error_code = (args != NULL ? args->quic_error_code : 0);
3483
1d547f8f
HL		 3484 if (!quic_validate_for_write(ctx.xso, &err)) {
3485 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3486 goto err;
3487 }
e0bd2825 3488
2f018d14 3489 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
c3a04ea2 3490
1d547f8f 3491err:
c3a04ea2 3492 quic_unlock(ctx.qc);
2f018d14 3493 return ok;
c3a04ea2
HL		 3494}
3495
3496/*
3497 * SSL_get_stream_read_state
3498 * -------------------------
3499 */
3500static void quic_classify_stream(QUIC_CONNECTION *qc,
3501 QUIC_STREAM *qs,
3502 int is_write,
3503 int *state,
3504 uint64_t *app_error_code)
3505{
3506 int local_init;
3507 uint64_t final_size;
3508
3509 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3510
3511 if (app_error_code != NULL)
3512 *app_error_code = UINT64_MAX;
3513 else
3514 app_error_code = &final_size; /* throw away value */
3515
3516 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3517 /*
3518 * Unidirectional stream and this direction of transmission doesn't
3519 * exist.
3520 */
3521 *state = SSL_STREAM_STATE_WRONG_DIR;
3522 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3523 /* Connection already closed. */
3524 *state = SSL_STREAM_STATE_CONN_CLOSED;
5ed3a435 3525 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
c3a04ea2
HL		 3526 /* Application has read a FIN. */
3527 *state = SSL_STREAM_STATE_FINISHED;
3528 } else if ((!is_write && qs->stop_sending)
2f018d14 3529 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
c3a04ea2
HL		 3530 /*
3531 * Stream has been reset locally. FIN takes precedence over this for the
3532 * read case as the application need not care if the stream is reset
3533 * after a FIN has been successfully processed.
3534 */
3535 *state = SSL_STREAM_STATE_RESET_LOCAL;
3536 *app_error_code = !is_write
3537 ? qs->stop_sending_aec
3538 : qs->reset_stream_aec;
2f018d14 3539 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
c3a04ea2
HL		 3540 || (is_write && qs->peer_stop_sending)) {
3541 /*
3542 * Stream has been reset remotely. */
3543 *state = SSL_STREAM_STATE_RESET_REMOTE;
3544 *app_error_code = !is_write
3545 ? qs->peer_reset_stream_aec
3546 : qs->peer_stop_sending_aec;
3547 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3548 &final_size)) {
3549 /*
3550 * Stream has been finished. Stream reset takes precedence over this for
3551 * the write case as peer may not have received all data.
3552 */
3553 *state = SSL_STREAM_STATE_FINISHED;
3554 } else {
3555 /* Stream still healthy. */
3556 *state = SSL_STREAM_STATE_OK;
3557 }
3558}
3559
3560static int quic_get_stream_state(SSL *ssl, int is_write)
3561{
3562 QCTX ctx;
3563 int state;
3564
a954f761 3565 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
c3a04ea2
HL		 3566 return SSL_STREAM_STATE_NONE;
3567
3568 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3569 quic_unlock(ctx.qc);
3570 return state;
3571}
3572
3573int ossl_quic_get_stream_read_state(SSL *ssl)
3574{
3575 return quic_get_stream_state(ssl, /*is_write=*/0);
3576}
3577
3578/*
3579 * SSL_get_stream_write_state
3580 * --------------------------
3581 */
3582int ossl_quic_get_stream_write_state(SSL *ssl)
3583{
3584 return quic_get_stream_state(ssl, /*is_write=*/1);
3585}
3586
3587/*
3588 * SSL_get_stream_read_error_code
3589 * ------------------------------
3590 */
3591static int quic_get_stream_error_code(SSL *ssl, int is_write,
3592 uint64_t *app_error_code)
3593{
3594 QCTX ctx;
3595 int state;
3596
a954f761 3597 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
c3a04ea2
HL		 3598 return -1;
3599
3600 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3601 &state, app_error_code);
3602
3603 quic_unlock(ctx.qc);
3604 switch (state) {
3605 case SSL_STREAM_STATE_FINISHED:
3606 return 0;
3607 case SSL_STREAM_STATE_RESET_LOCAL:
3608 case SSL_STREAM_STATE_RESET_REMOTE:
3609 return 1;
3610 default:
3611 return -1;
3612 }
3613}
3614
3615int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3616{
3617 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3618}
3619
3620/*
3621 * SSL_get_stream_write_error_code
3622 * -------------------------------
3623 */
3624int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3625{
3626 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3627}
3628
3415677e
HL		 3629/*
3630 * Write buffer size mutation
3631 * --------------------------
3632 */
3633int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3634{
3635 int ret = 0;
3636 QCTX ctx;
3637
a954f761 3638 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3415677e
HL		 3639 return 0;
3640
96014840 3641 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3415677e 3642 /* Called on a unidirectional receive-only stream - error. */
a954f761 3643 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3415677e 3644 goto out;
96014840 3645 }
3415677e
HL		 3646
3647 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3648 /*
3649 * If the stream has a send part but we have disposed of it because we
3650 * no longer need it, this is a no-op.
3651 */
3652 ret = 1;
3653 goto out;
3654 }
3655
96014840 3656 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
a954f761 3657 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3415677e 3658 goto out;
96014840 3659 }
3415677e
HL		 3660
3661 ret = 1;
3662
3663out:
3664 quic_unlock(ctx.qc);
3665 return ret;
3666}
3667
c3a04ea2
HL		 3668/*
3669 * SSL_get_conn_close_info
3670 * -----------------------
3671 */
3672int ossl_quic_get_conn_close_info(SSL *ssl,
3673 SSL_CONN_CLOSE_INFO *info,
3674 size_t info_len)
3675{
3676 QCTX ctx;
3677 const QUIC_TERMINATE_CAUSE *tc;
3678
56df4cf2 3679 if (!expect_quic_conn_only(ssl, &ctx))
c3a04ea2
HL		 3680 return -1;
3681
3682 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3683 if (tc == NULL)
3684 return 0;
3685
3686 info->error_code = tc->error_code;
55abe748 3687 info->frame_type = tc->frame_type;
40c8c756
HL		 3688 info->reason = tc->reason;
3689 info->reason_len = tc->reason_len;
7d9e447a
HL		 3690 info->flags = 0;
3691 if (!tc->remote)
016a80dc 3692 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
7d9e447a
HL		 3693 if (!tc->app)
3694 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
c3a04ea2
HL		 3695 return 1;
3696}
3697
2525109f
HL		 3698/*
3699 * SSL_key_update
3700 * --------------
3701 */
3702int ossl_quic_key_update(SSL *ssl, int update_type)
3703{
3704 QCTX ctx;
3705
56df4cf2 3706 if (!expect_quic_conn_only(ssl, &ctx))
2525109f
HL		 3707 return 0;
3708
3709 switch (update_type) {
3710 case SSL_KEY_UPDATE_NOT_REQUESTED:
3711 /*
3712 * QUIC signals peer key update implicily by triggering a local
3713 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3714 */
3715 case SSL_KEY_UPDATE_REQUESTED:
3716 break;
3717
3718 default:
a954f761 3719 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
2525109f
HL		 3720 return 0;
3721 }
3722
3723 quic_lock(ctx.qc);
3724
3725 /* Attempt to perform a TXKU. */
3726 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
a954f761 3727 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
2525109f
HL		 3728 quic_unlock(ctx.qc);
3729 return 0;
3730 }
3731
3732 quic_unlock(ctx.qc);
3733 return 1;
3734}
3735
3736/*
3737 * SSL_get_key_update_type
3738 * -----------------------
3739 */
3740int ossl_quic_get_key_update_type(const SSL *s)
3741{
3742 /*
3743 * We always handle key updates immediately so a key update is never
3744 * pending.
3745 */
3746 return SSL_KEY_UPDATE_NONE;
3747}
3748
22d53c88
HL		 3749/*
3750 * QUIC Front-End I/O API: SSL_CTX Management
3751 * ==========================================
3752 */
3753
3754long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3755{
3756 switch (cmd) {
3757 default:
8a1a6d6d 3758 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
22d53c88
HL		 3759 }
3760}
3761
3762long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3763{
63dfde87
MC		 3764 QCTX ctx;
3765
56df4cf2 3766 if (!expect_quic_conn_only(s, &ctx))
63dfde87
MC		 3767 return 0;
3768
3769 switch (cmd) {
3770 case SSL_CTRL_SET_MSG_CALLBACK:
5cf99b40
MC		 3771 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3772 &ctx.qc->ssl);
63dfde87
MC		 3773 /* This callback also needs to be set on the internal SSL object */
3774 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3775
3776 default:
3777 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3778 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3779 }
22d53c88
HL		 3780}
3781
3782long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3783{
8a1a6d6d 3784 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
22d53c88
HL		 3785}
3786
3787int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3788{
3789 /* We never do renegotiation. */
3790 return 0;
3791}
3792
547ea588
MC		 3793const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3794{
3795 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3796
3797 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3798 return NULL;
3799
3800 return ciph;
3801}
3802
22d53c88 3803/*
d518854c
MC		 3804 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3805 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
22d53c88 3806 */
22d53c88
HL		 3807
3808int ossl_quic_num_ciphers(void)
3809{
d518854c 3810 return 0;
22d53c88
HL		 3811}
3812
3813const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3814{
d518854c 3815 return NULL;
d5ab48a1 3816}
16f3b542 3817
7757f5ef
TM		 3818/*
3819 * SSL_get_shutdown()
3820 * ------------------
3821 */
3822int ossl_quic_get_shutdown(const SSL *s)
3823{
3824 QCTX ctx;
3825 int shut = 0;
3826
3827 if (!expect_quic_conn_only(s, &ctx))
3828 return 0;
3829
3830 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
3831 shut |= SSL_SENT_SHUTDOWN;
3832 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
3833 shut |= SSL_RECEIVED_SHUTDOWN;
3834 }
3835
3836 return shut;
3837}
3838
16f3b542
HL		 3839/*
3840 * Internal Testing APIs
3841 * =====================
3842 */
3843
3844QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3845{
3846 QCTX ctx;
3847
56df4cf2 3848 if (!expect_quic_conn_only(s, &ctx))
16f3b542
HL		 3849 return NULL;
3850
3851 return ctx.qc->ch;
3852}
fb1a0bb9
HL		 3853
3854int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
3855{
3856#ifndef OPENSSL_NO_QLOG
3857 OPENSSL_free(ctx->qlog_title);
3858 ctx->qlog_title = NULL;
3859
3860 if (title == NULL)
3861 return 1;
3862
3863 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
3864 return 0;
3865#endif
3866
3867 return 1;
3868}
A mirror of the official openssl repository