]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blob
? search:


2775a4b938ebd4fcc5c6128d5b1ee15a9a5a3b23
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/time.h"
19
20 typedef struct qctx_st QCTX;
21
22 static void aon_write_finish(QUIC_XSO *xso);
23 static int create_channel(QUIC_CONNECTION *qc);
24 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
25 static int qc_try_create_default_xso_for_write(QCTX *ctx);
26 static int qc_wait_for_default_xso_for_read(QCTX *ctx);
27 static void quic_lock(QUIC_CONNECTION *qc);
28 static void quic_unlock(QUIC_CONNECTION *qc);
29 static int quic_do_handshake(QCTX *ctx);
30 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
33 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
35 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
36 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
37
38 /*
39 * QUIC Front-End I/O API: Common Utilities
40 * ========================================
41 */
42
43 /*
44 * Block until a predicate is met.
45 *
46 * Precondition: Must have a channel.
47 * Precondition: Must hold channel lock (unchecked).
48 */
49 QUIC_NEEDS_LOCK
50 static int block_until_pred(QUIC_CONNECTION *qc,
51 int (*pred)(void *arg), void *pred_arg,
52 uint32_t flags)
53 {
54 QUIC_REACTOR *rtor;
55
56 assert(qc->ch != NULL);
57
58 rtor = ossl_quic_channel_get_reactor(qc->ch);
59 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
60 qc->mutex);
61 }
62
63 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
64 {
65 if (qc->override_now_cb != NULL)
66 return qc->override_now_cb(qc->override_now_cb_arg);
67 else
68 return ossl_time_now();
69 }
70
71 static OSSL_TIME get_time_cb(void *arg)
72 {
73 QUIC_CONNECTION *qc = arg;
74
75 return get_time(qc);
76 }
77
78 /*
79 * QCTX is a utility structure which provides information we commonly wish to
80 * unwrap upon an API call being dispatched to us, namely:
81 *
82 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
83 * was passed);
84 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
85 * a QCSO with a default stream was passed);
86 * - whether a QSSO was passed (xso == NULL must not be used to determine this
87 * because it may be non-NULL when a QCSO is passed if that QCSO has a
88 * default stream).
89 */
90 struct qctx_st {
91 QUIC_CONNECTION *qc;
92 QUIC_XSO *xso;
93 int is_stream;
94 };
95
96 /*
97 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
98 * rather than via ERR. Note that normal errors must always be raised while
99 * holding a lock.
100 */
101 QUIC_NEEDS_LOCK
102 static int quic_raise_normal_error(QCTX *ctx,
103 int err)
104 {
105 if (ctx->is_stream)
106 ctx->xso->last_error = err;
107 else
108 ctx->qc->last_error = err;
109
110 return 0;
111 }
112
113 /*
114 * Raise a 'non-normal' error, meaning any error that is not reported via
115 * SSL_get_error() and must be reported via ERR.
116 *
117 * qc should be provided if available. In exceptional circumstances when qc is
118 * not known NULL may be passed. This should generally only happen when an
119 * expect_...() function defined below fails, which generally indicates a
120 * dispatch error or caller error.
121 *
122 * ctx should be NULL if the connection lock is not held.
123 */
124 static int quic_raise_non_normal_error(QCTX *ctx,
125 const char *file,
126 int line,
127 const char *func,
128 int reason,
129 const char *fmt,
130 ...)
131 {
132 va_list args;
133
134 if (ctx != NULL) {
135 if (ctx->is_stream && ctx->xso != NULL)
136 ctx->xso->last_error = SSL_ERROR_SSL;
137 else if (!ctx->is_stream && ctx->qc != NULL)
138 ctx->qc->last_error = SSL_ERROR_SSL;
139
140 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
141 ossl_quic_channel_restore_err_state(ctx->qc->ch);
142 }
143
144 ERR_new();
145 ERR_set_debug(file, line, func);
146
147 va_start(args, fmt);
148 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
149 va_end(args);
150
151 return 0;
152 }
153
154 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
155 quic_raise_normal_error((ctx), (err))
156
157 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
158 quic_raise_non_normal_error((ctx), \
159 OPENSSL_FILE, OPENSSL_LINE, \
160 OPENSSL_FUNC, \
161 (reason), \
162 (msg))
163
164 /*
165 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
166 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
167 *
168 * After this returns 1, all fields of the passed QCTX are initialised.
169 * Returns 0 on failure. This function is intended to be used to provide API
170 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
171 */
172 static int expect_quic(const SSL *s, QCTX *ctx)
173 {
174 QUIC_CONNECTION *qc;
175 QUIC_XSO *xso;
176
177 ctx->qc = NULL;
178 ctx->xso = NULL;
179 ctx->is_stream = 0;
180
181 if (s == NULL)
182 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
183
184 switch (s->type) {
185 case SSL_TYPE_QUIC_CONNECTION:
186 qc = (QUIC_CONNECTION *)s;
187 ctx->qc = qc;
188 ctx->xso = qc->default_xso;
189 ctx->is_stream = 0;
190 return 1;
191
192 case SSL_TYPE_QUIC_XSO:
193 xso = (QUIC_XSO *)s;
194 ctx->qc = xso->conn;
195 ctx->xso = xso;
196 ctx->is_stream = 1;
197 return 1;
198
199 default:
200 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
201 }
202 }
203
204 /*
205 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
206 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
207 * stream.
208 *
209 * remote_init determines if we expect the default XSO to be remotely created or
210 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
211 *
212 * Channel mutex is acquired and retained on success.
213 */
214 QUIC_ACQUIRES_LOCK
215 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
216 QCTX *ctx)
217 {
218 if (!expect_quic(s, ctx))
219 return 0;
220
221 quic_lock(ctx->qc);
222
223 if (ctx->xso == NULL && remote_init >= 0) {
224 if (ossl_quic_channel_is_term_any(ctx->qc->ch)) {
225 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
226 goto err;
227 }
228
229 /* If we haven't finished the handshake, try to advance it. */
230 if (quic_do_handshake(ctx) < 1)
231 /* ossl_quic_do_handshake raised error here */
232 goto err;
233
234 if (remote_init == 0) {
235 if (!qc_try_create_default_xso_for_write(ctx))
236 goto err;
237 } else {
238 if (!qc_wait_for_default_xso_for_read(ctx))
239 goto err;
240 }
241
242 ctx->xso = ctx->qc->default_xso;
243 }
244
245 if (ctx->xso == NULL) {
246 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
247 goto err;
248 }
249
250 return 1; /* lock held */
251
252 err:
253 quic_unlock(ctx->qc);
254 return 0;
255 }
256
257 /*
258 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
259 * be non-NULL if the QCSO has a default stream.
260 */
261 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
262 {
263 if (!expect_quic(s, ctx))
264 return 0;
265
266 if (ctx->is_stream)
267 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
268
269 return 1;
270 }
271
272 /*
273 * Ensures that the channel mutex is held for a method which touches channel
274 * state.
275 *
276 * Precondition: Channel mutex is not held (unchecked)
277 */
278 static void quic_lock(QUIC_CONNECTION *qc)
279 {
280 #if defined(OPENSSL_THREADS)
281 ossl_crypto_mutex_lock(qc->mutex);
282 #endif
283 }
284
285 /* Precondition: Channel mutex is held (unchecked) */
286 QUIC_NEEDS_LOCK
287 static void quic_unlock(QUIC_CONNECTION *qc)
288 {
289 #if defined(OPENSSL_THREADS)
290 ossl_crypto_mutex_unlock(qc->mutex);
291 #endif
292 }
293
294
295 /*
296 * QUIC Front-End I/O API: Initialization
297 * ======================================
298 *
299 * SSL_new => ossl_quic_new
300 * ossl_quic_init
301 * SSL_reset => ossl_quic_reset
302 * SSL_clear => ossl_quic_clear
303 * ossl_quic_deinit
304 * SSL_free => ossl_quic_free
305 *
306 * SSL_set_options => ossl_quic_set_options
307 * SSL_get_options => ossl_quic_get_options
308 * SSL_clear_options => ossl_quic_clear_options
309 *
310 */
311
312 /* SSL_new */
313 SSL *ossl_quic_new(SSL_CTX *ctx)
314 {
315 QUIC_CONNECTION *qc = NULL;
316 SSL *ssl_base = NULL;
317 SSL_CONNECTION *sc = NULL;
318
319 qc = OPENSSL_zalloc(sizeof(*qc));
320 if (qc == NULL)
321 goto err;
322
323 /* Initialise the QUIC_CONNECTION's stub header. */
324 ssl_base = &qc->ssl;
325 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
326 ssl_base = NULL;
327 goto err;
328 }
329
330 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
331 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
332 goto err;
333
334 /* override the user_ssl of the inner connection */
335 sc->s3.flags |= TLS1_FLAGS_QUIC;
336
337 /* Restrict options derived from the SSL_CTX. */
338 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
339 sc->pha_enabled = 0;
340
341 #if defined(OPENSSL_THREADS)
342 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
343 goto err;
344 #endif
345
346 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
347 qc->is_thread_assisted
348 = (ssl_base->method == OSSL_QUIC_client_thread_method());
349 #endif
350
351 qc->as_server = 0; /* TODO(QUIC): server support */
352 qc->as_server_state = qc->as_server;
353
354 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
355 qc->default_ssl_mode = qc->ssl.ctx->mode;
356 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
357 qc->default_blocking = 1;
358 qc->blocking = 1;
359 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
360 qc->last_error = SSL_ERROR_NONE;
361
362 if (!create_channel(qc))
363 goto err;
364
365 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
366 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
367
368 qc_update_reject_policy(qc);
369
370 /*
371 * We do not create the default XSO yet. The reason for this is that the
372 * stream ID of the default XSO will depend on whether the stream is client
373 * or server-initiated, which depends on who transmits first. Since we do
374 * not know whether the application will be using a client-transmits-first
375 * or server-transmits-first protocol, we defer default XSO creation until
376 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
377 * we take that as a cue that the client is expecting a server-initiated
378 * stream, and vice versa if SSL_write() is called first.
379 */
380 return ssl_base;
381
382 err:
383 if (qc != NULL) {
384 #if defined(OPENSSL_THREADS)
385 ossl_crypto_mutex_free(qc->mutex);
386 #endif
387 ossl_quic_channel_free(qc->ch);
388 SSL_free(qc->tls);
389 }
390 OPENSSL_free(qc);
391 return NULL;
392 }
393
394 /* SSL_free */
395 QUIC_TAKES_LOCK
396 void ossl_quic_free(SSL *s)
397 {
398 QCTX ctx;
399 int is_default;
400
401 /* We should never be called on anything but a QSO. */
402 if (!expect_quic(s, &ctx))
403 return;
404
405 quic_lock(ctx.qc);
406
407 if (ctx.is_stream) {
408 /*
409 * When a QSSO is freed, the XSO is freed immediately, because the XSO
410 * itself only contains API personality layer data. However the
411 * underlying QUIC_STREAM is not freed immediately but is instead marked
412 * as deleted for later collection.
413 */
414
415 assert(ctx.qc->num_xso > 0);
416 --ctx.qc->num_xso;
417
418 /* If a stream's send part has not been finished, auto-reset it. */
419 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
420 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
421 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
422 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
423 ctx.xso->stream, 0);
424
425 /* Do STOP_SENDING for the receive part, if applicable. */
426 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
427 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
428 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
429 ctx.xso->stream, 0);
430
431 /* Update stream state. */
432 ctx.xso->stream->deleted = 1;
433 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
434 ctx.xso->stream);
435
436 is_default = (ctx.xso == ctx.qc->default_xso);
437 quic_unlock(ctx.qc);
438
439 /*
440 * Unref the connection in most cases; the XSO has a ref to the QC and
441 * not vice versa. But for a default XSO, to avoid circular references,
442 * the QC refs the XSO but the XSO does not ref the QC. If we are the
443 * default XSO, we only get here when the QC is being torn down anyway,
444 * so don't call SSL_free(qc) as we are already in it.
445 */
446 if (!is_default)
447 SSL_free(&ctx.qc->ssl);
448
449 /* Note: SSL_free calls OPENSSL_free(xso) for us */
450 return;
451 }
452
453 /*
454 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
455 * stage, but is freed during the channel free when the whole QSM is freed.
456 */
457 if (ctx.qc->default_xso != NULL) {
458 QUIC_XSO *xso = ctx.qc->default_xso;
459
460 quic_unlock(ctx.qc);
461 SSL_free(&xso->ssl);
462 quic_lock(ctx.qc);
463 ctx.qc->default_xso = NULL;
464 }
465
466 /* Ensure we have no remaining XSOs. */
467 assert(ctx.qc->num_xso == 0);
468
469 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
470 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
471 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
472 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
473 }
474 #endif
475
476 ossl_quic_channel_free(ctx.qc->ch);
477
478 BIO_free(ctx.qc->net_rbio);
479 BIO_free(ctx.qc->net_wbio);
480
481 /* Note: SSL_free calls OPENSSL_free(qc) for us */
482
483 SSL_free(ctx.qc->tls);
484 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
485 #if defined(OPENSSL_THREADS)
486 ossl_crypto_mutex_free(&ctx.qc->mutex);
487 #endif
488 }
489
490 /* SSL method init */
491 int ossl_quic_init(SSL *s)
492 {
493 /* Same op as SSL_clear, forward the call. */
494 return ossl_quic_clear(s);
495 }
496
497 /* SSL method deinit */
498 void ossl_quic_deinit(SSL *s)
499 {
500 /* No-op. */
501 }
502
503 /* SSL_clear (ssl_reset method) */
504 int ossl_quic_reset(SSL *s)
505 {
506 QCTX ctx;
507
508 if (!expect_quic(s, &ctx))
509 return 0;
510
511 /* Not supported. */
512 return 0;
513 }
514
515 /* ssl_clear method (unused) */
516 int ossl_quic_clear(SSL *s)
517 {
518 QCTX ctx;
519
520 if (!expect_quic(s, &ctx))
521 return 0;
522
523 /* TODO(QUIC): Currently a no-op. */
524 return 1;
525 }
526
527 int ossl_quic_conn_set_override_now_cb(SSL *s,
528 OSSL_TIME (*now_cb)(void *arg),
529 void *now_cb_arg)
530 {
531 QCTX ctx;
532
533 if (!expect_quic(s, &ctx))
534 return 0;
535
536 quic_lock(ctx.qc);
537
538 ctx.qc->override_now_cb = now_cb;
539 ctx.qc->override_now_cb_arg = now_cb_arg;
540
541 quic_unlock(ctx.qc);
542 return 1;
543 }
544
545 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
546 {
547 QCTX ctx;
548
549 if (!expect_quic(s, &ctx))
550 return;
551
552 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
553 if (ctx.qc->is_thread_assisted && ctx.qc->started)
554 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
555 #endif
556 }
557
558 QUIC_NEEDS_LOCK
559 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
560 {
561 qc->default_xso_created = 1;
562 qc_update_reject_policy(qc);
563 }
564
565 /*
566 * Changes default XSO. Allows caller to keep reference to the old default XSO
567 * (if any). Reference to new XSO is transferred from caller.
568 */
569 QUIC_NEEDS_LOCK
570 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
571 int touch,
572 QUIC_XSO **old_xso)
573 {
574 int refs;
575
576 *old_xso = NULL;
577
578 if (qc->default_xso != xso) {
579 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
580
581 qc->default_xso = xso;
582
583 if (xso == NULL) {
584 /*
585 * Changing to not having a default XSO. XSO becomes standalone and
586 * now has a ref to the QC.
587 */
588 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
589 return;
590 } else {
591 /*
592 * Changing from not having a default XSO to having one. The new XSO
593 * will have had a reference to the QC we need to drop to avoid a
594 * circular reference.
595 *
596 * Currently we never change directly from one default XSO to
597 * another, though this function would also still be correct if this
598 * weren't the case.
599 */
600 assert(*old_xso == NULL);
601
602 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
603 assert(refs > 0);
604 }
605 }
606
607 if (touch)
608 qc_touch_default_xso(qc);
609 }
610
611 /*
612 * Changes default XSO, releasing the reference to any previous default XSO.
613 * Reference to new XSO is transferred from caller.
614 */
615 QUIC_NEEDS_LOCK
616 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
617 {
618 QUIC_XSO *old_xso = NULL;
619
620 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
621
622 if (old_xso != NULL)
623 SSL_free(&old_xso->ssl);
624 }
625
626 QUIC_NEEDS_LOCK
627 static void xso_update_options(QUIC_XSO *xso)
628 {
629 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
630
631 if (xso->stream->rstream != NULL)
632 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
633
634 if (xso->stream->sstream != NULL)
635 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
636 }
637
638 /*
639 * SSL_set_options
640 * ---------------
641 *
642 * Setting options on a QCSO
643 * - configures the handshake-layer options;
644 * - configures the default data-plane options for new streams;
645 * - configures the data-plane options on the default XSO, if there is one.
646 *
647 * Setting options on a QSSO
648 * - configures data-plane options for that stream only.
649 */
650 QUIC_TAKES_LOCK
651 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
652 {
653 QCTX ctx;
654 uint64_t hs_mask_value, hs_or_value, ret;
655
656 if (!expect_quic(ssl, &ctx))
657 return 0;
658
659 quic_lock(ctx.qc);
660
661 if (!ctx.is_stream) {
662 /*
663 * If we were called on the connection, we apply any handshake option
664 * changes.
665 */
666 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
667 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
668
669 SSL_clear_options(ctx.qc->tls, hs_mask_value);
670 SSL_set_options(ctx.qc->tls, hs_or_value);
671
672 /* Update defaults for new streams. */
673 ctx.qc->default_ssl_options
674 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
675 & OSSL_QUIC_PERMITTED_OPTIONS;
676 }
677
678 if (ctx.xso != NULL) {
679 ctx.xso->ssl_options
680 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
681 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
682
683 xso_update_options(ctx.xso);
684 }
685
686 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
687
688 quic_unlock(ctx.qc);
689 return ret;
690 }
691
692 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
693 {
694 return quic_mask_or_options(ssl, 0, options);
695 }
696
697 /* SSL_clear_options */
698 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
699 {
700 return quic_mask_or_options(ssl, options, 0);
701 }
702
703 /* SSL_get_options */
704 uint64_t ossl_quic_get_options(const SSL *ssl)
705 {
706 return quic_mask_or_options((SSL *)ssl, 0, 0);
707 }
708
709 /*
710 * QUIC Front-End I/O API: Network BIO Configuration
711 * =================================================
712 *
713 * Handling the different BIOs is difficult:
714 *
715 * - It is more or less a requirement that we use non-blocking network I/O;
716 * we need to be able to have timeouts on recv() calls, and make best effort
717 * (non blocking) send() and recv() calls.
718 *
719 * The only sensible way to do this is to configure the socket into
720 * non-blocking mode. We could try to do select() before calling send() or
721 * recv() to get a guarantee that the call will not block, but this will
722 * probably run into issues with buggy OSes which generate spurious socket
723 * readiness events. In any case, relying on this to work reliably does not
724 * seem sane.
725 *
726 * Timeouts could be handled via setsockopt() socket timeout options, but
727 * this depends on OS support and adds another syscall to every network I/O
728 * operation. It also has obvious thread safety concerns if we want to move
729 * to concurrent use of a single socket at some later date.
730 *
731 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
732 * be made non-blocking. However some OSes (e.g. Windows) do not support
733 * this, so we cannot rely on this.
734 *
735 * As such, we need to configure any FD in non-blocking mode. This may
736 * confound users who pass a blocking socket to libssl. However, in practice
737 * it would be extremely strange for a user of QUIC to pass an FD to us,
738 * then also try and send receive traffic on the same socket(!). Thus the
739 * impact of this should be limited, and can be documented.
740 *
741 * - We support both blocking and non-blocking operation in terms of the API
742 * presented to the user. One prospect is to set the blocking mode based on
743 * whether the socket passed to us was already in blocking mode. However,
744 * Windows has no API for determining if a socket is in blocking mode (!),
745 * therefore this cannot be done portably. Currently therefore we expose an
746 * explicit API call to set this, and default to blocking mode.
747 *
748 * - We need to determine our initial destination UDP address. The "natural"
749 * way for a user to do this is to set the peer variable on a BIO_dgram.
750 * However, this has problems because BIO_dgram's peer variable is used for
751 * both transmission and reception. This means it can be constantly being
752 * changed to a malicious value (e.g. if some random unrelated entity on the
753 * network starts sending traffic to us) on every read call. This is not a
754 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
755 * calls only, which do not use this variable. However, we do need to let
756 * the user specify the peer in a 'normal' manner. The compromise here is
757 * that we grab the current peer value set at the time the write BIO is set
758 * and do not read the value again.
759 *
760 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
761 * Currently we do this by only supporting non-blocking mode.
762 *
763 */
764
765 /*
766 * Determines what initial destination UDP address we should use, if possible.
767 * If this fails the client must set the destination address manually, or use a
768 * BIO which does not need a destination address.
769 */
770 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
771 {
772 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
773 return 0;
774
775 return 1;
776 }
777
778 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
779 {
780 QCTX ctx;
781
782 if (!expect_quic(s, &ctx))
783 return;
784
785 if (ctx.qc->net_rbio == net_rbio)
786 return;
787
788 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
789 return;
790
791 BIO_free(ctx.qc->net_rbio);
792 ctx.qc->net_rbio = net_rbio;
793
794 /*
795 * If what we have is not pollable (e.g. a BIO_dgram_pair) disable blocking
796 * mode as we do not support it for non-pollable BIOs.
797 */
798 if (net_rbio != NULL) {
799 BIO_POLL_DESCRIPTOR d = {0};
800
801 if (!BIO_get_rpoll_descriptor(net_rbio, &d)
802 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
803 ctx.qc->blocking = 0;
804 ctx.qc->default_blocking = 0;
805 ctx.qc->can_poll_net_rbio = 0;
806 } else {
807 ctx.qc->can_poll_net_rbio = 1;
808 }
809 }
810 }
811
812 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
813 {
814 QCTX ctx;
815
816 if (!expect_quic(s, &ctx))
817 return;
818
819 if (ctx.qc->net_wbio == net_wbio)
820 return;
821
822 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
823 return;
824
825 BIO_free(ctx.qc->net_wbio);
826 ctx.qc->net_wbio = net_wbio;
827
828 if (net_wbio != NULL) {
829 BIO_POLL_DESCRIPTOR d = {0};
830
831 if (!BIO_get_wpoll_descriptor(net_wbio, &d)
832 || d.type != BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) {
833 ctx.qc->blocking = 0;
834 ctx.qc->default_blocking = 0;
835 ctx.qc->can_poll_net_wbio = 0;
836 } else {
837 ctx.qc->can_poll_net_wbio = 1;
838 }
839
840 /*
841 * If we do not have a peer address yet, and we have not started trying
842 * to connect yet, try to autodetect one.
843 */
844 if (BIO_ADDR_family(&ctx.qc->init_peer_addr) == AF_UNSPEC
845 && !ctx.qc->started) {
846 if (!csm_analyse_init_peer_addr(net_wbio, &ctx.qc->init_peer_addr))
847 /* best effort */
848 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
849
850 ossl_quic_channel_set_peer_addr(ctx.qc->ch,
851 &ctx.qc->init_peer_addr);
852 }
853 }
854 }
855
856 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
857 {
858 QCTX ctx;
859
860 if (!expect_quic(s, &ctx))
861 return NULL;
862
863 return ctx.qc->net_rbio;
864 }
865
866 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
867 {
868 QCTX ctx;
869
870 if (!expect_quic(s, &ctx))
871 return NULL;
872
873 return ctx.qc->net_wbio;
874 }
875
876 int ossl_quic_conn_get_blocking_mode(const SSL *s)
877 {
878 QCTX ctx;
879
880 if (!expect_quic(s, &ctx))
881 return 0;
882
883 if (ctx.is_stream)
884 return ctx.xso->blocking;
885
886 return ctx.qc->blocking;
887 }
888
889 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
890 {
891 QCTX ctx;
892
893 if (!expect_quic(s, &ctx))
894 return 0;
895
896 /* Cannot enable blocking mode if we do not have pollable FDs. */
897 if (blocking != 0 &&
898 (!ctx.qc->can_poll_net_rbio || !ctx.qc->can_poll_net_wbio))
899 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
900
901 if (!ctx.is_stream) {
902 /*
903 * If called on a QCSO, update default and connection-level blocking
904 * modes.
905 */
906 ctx.qc->blocking = (blocking != 0);
907 ctx.qc->default_blocking = ctx.qc->blocking;
908 }
909
910 if (ctx.xso != NULL)
911 /*
912 * If called on a QSSO or QCSO with a default XSO, update blocking
913 * mode.
914 */
915 ctx.xso->blocking = (blocking != 0);
916
917 return 1;
918 }
919
920 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
921 const BIO_ADDR *peer_addr)
922 {
923 QCTX ctx;
924
925 if (!expect_quic(s, &ctx))
926 return 0;
927
928 if (ctx.qc->started)
929 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
930 NULL);
931
932 if (peer_addr == NULL) {
933 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
934 return 1;
935 }
936
937 ctx.qc->init_peer_addr = *peer_addr;
938 return 1;
939 }
940
941 /*
942 * QUIC Front-End I/O API: Asynchronous I/O Management
943 * ===================================================
944 *
945 * (BIO/)SSL_handle_events => ossl_quic_handle_events
946 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
947 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
948 *
949 */
950
951 /* Returns 1 if the connection is being used in blocking mode. */
952 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
953 {
954 return qc->blocking;
955 }
956
957 static int xso_blocking_mode(const QUIC_XSO *xso)
958 {
959 return xso->blocking
960 && xso->conn->can_poll_net_rbio
961 && xso->conn->can_poll_net_wbio;
962 }
963
964 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
965 QUIC_TAKES_LOCK
966 int ossl_quic_handle_events(SSL *s)
967 {
968 QCTX ctx;
969
970 if (!expect_quic(s, &ctx))
971 return 0;
972
973 quic_lock(ctx.qc);
974 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
975 quic_unlock(ctx.qc);
976 return 1;
977 }
978
979 /*
980 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
981 * should next have events handled by the application by calling
982 * SSL_handle_events(). tv is set to 0 if the object should have events handled
983 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
984 * the value of *tv is undefined.
985 */
986 QUIC_TAKES_LOCK
987 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
988 {
989 QCTX ctx;
990 OSSL_TIME deadline = ossl_time_infinite();
991
992 if (!expect_quic(s, &ctx))
993 return 0;
994
995 quic_lock(ctx.qc);
996
997 deadline
998 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
999
1000 if (ossl_time_is_infinite(deadline)) {
1001 *is_infinite = 1;
1002
1003 /*
1004 * Robustness against faulty applications that don't check *is_infinite;
1005 * harmless long timeout.
1006 */
1007 tv->tv_sec = 1000000;
1008 tv->tv_usec = 0;
1009
1010 quic_unlock(ctx.qc);
1011 return 1;
1012 }
1013
1014 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1015 *is_infinite = 0;
1016 quic_unlock(ctx.qc);
1017 return 1;
1018 }
1019
1020 /* SSL_get_rpoll_descriptor */
1021 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1022 {
1023 QCTX ctx;
1024
1025 if (!expect_quic(s, &ctx))
1026 return 0;
1027
1028 if (desc == NULL || ctx.qc->net_rbio == NULL)
1029 return 0;
1030
1031 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1032 }
1033
1034 /* SSL_get_wpoll_descriptor */
1035 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1036 {
1037 QCTX ctx;
1038
1039 if (!expect_quic(s, &ctx))
1040 return 0;
1041
1042 if (desc == NULL || ctx.qc->net_wbio == NULL)
1043 return 0;
1044
1045 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1046 }
1047
1048 /* SSL_net_read_desired */
1049 QUIC_TAKES_LOCK
1050 int ossl_quic_get_net_read_desired(SSL *s)
1051 {
1052 QCTX ctx;
1053 int ret;
1054
1055 if (!expect_quic(s, &ctx))
1056 return 0;
1057
1058 quic_lock(ctx.qc);
1059 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1060 quic_unlock(ctx.qc);
1061 return ret;
1062 }
1063
1064 /* SSL_net_write_desired */
1065 QUIC_TAKES_LOCK
1066 int ossl_quic_get_net_write_desired(SSL *s)
1067 {
1068 int ret;
1069 QCTX ctx;
1070
1071 if (!expect_quic(s, &ctx))
1072 return 0;
1073
1074 quic_lock(ctx.qc);
1075 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1076 quic_unlock(ctx.qc);
1077 return ret;
1078 }
1079
1080 /*
1081 * QUIC Front-End I/O API: Connection Lifecycle Operations
1082 * =======================================================
1083 *
1084 * SSL_do_handshake => ossl_quic_do_handshake
1085 * SSL_set_connect_state => ossl_quic_set_connect_state
1086 * SSL_set_accept_state => ossl_quic_set_accept_state
1087 * SSL_shutdown => ossl_quic_shutdown
1088 * SSL_ctrl => ossl_quic_ctrl
1089 * (BIO/)SSL_connect => ossl_quic_connect
1090 * (BIO/)SSL_accept => ossl_quic_accept
1091 *
1092 */
1093
1094 /* SSL_shutdown */
1095 static int quic_shutdown_wait(void *arg)
1096 {
1097 QUIC_CONNECTION *qc = arg;
1098
1099 return ossl_quic_channel_is_terminated(qc->ch);
1100 }
1101
1102 QUIC_TAKES_LOCK
1103 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1104 const SSL_SHUTDOWN_EX_ARGS *args,
1105 size_t args_len)
1106 {
1107 int ret;
1108 QCTX ctx;
1109
1110 if (!expect_quic(s, &ctx))
1111 return 0;
1112
1113 if (ctx.is_stream)
1114 /* TODO(QUIC): Semantics currently undefined for QSSOs */
1115 return -1;
1116
1117 quic_lock(ctx.qc);
1118
1119 ossl_quic_channel_local_close(ctx.qc->ch,
1120 args != NULL ? args->quic_error_code : 0);
1121
1122 /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
1123
1124 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1125 quic_unlock(ctx.qc);
1126 return 1;
1127 }
1128
1129 if (qc_blocking_mode(ctx.qc) && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0)
1130 block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1131 else
1132 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1133
1134 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1135 quic_unlock(ctx.qc);
1136 return ret;
1137 }
1138
1139 /* SSL_ctrl */
1140 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1141 {
1142 QCTX ctx;
1143
1144 if (!expect_quic(s, &ctx))
1145 return 0;
1146
1147 switch (cmd) {
1148 case SSL_CTRL_MODE:
1149 /* If called on a QCSO, update the default mode. */
1150 if (!ctx.is_stream)
1151 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1152
1153 /*
1154 * If we were called on a QSSO or have a default stream, we also update
1155 * that.
1156 */
1157 if (ctx.xso != NULL) {
1158 /* Cannot enable EPW while AON write in progress. */
1159 if (ctx.xso->aon_write_in_progress)
1160 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1161
1162 ctx.xso->ssl_mode |= (uint32_t)larg;
1163 return ctx.xso->ssl_mode;
1164 }
1165
1166 return ctx.qc->default_ssl_mode;
1167 case SSL_CTRL_CLEAR_MODE:
1168 if (!ctx.is_stream)
1169 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1170
1171 if (ctx.xso != NULL) {
1172 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1173 return ctx.xso->ssl_mode;
1174 }
1175
1176 return ctx.qc->default_ssl_mode;
1177
1178 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1179 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1180 /* This ctrl also needs to be passed to the internal SSL object */
1181 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1182
1183 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1184 {
1185 int is_infinite;
1186
1187 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1188 return 0;
1189
1190 return !is_infinite;
1191 }
1192 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1193 /* For legacy compatibility with DTLS calls. */
1194 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1195 default:
1196 /* Probably a TLS related ctrl. Defer to our internal SSL object */
1197 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1198 }
1199 }
1200
1201 /* SSL_set_connect_state */
1202 void ossl_quic_set_connect_state(SSL *s)
1203 {
1204 QCTX ctx;
1205
1206 if (!expect_quic(s, &ctx))
1207 return;
1208
1209 /* Cannot be changed after handshake started */
1210 if (ctx.qc->started || ctx.is_stream)
1211 return;
1212
1213 ctx.qc->as_server_state = 0;
1214 }
1215
1216 /* SSL_set_accept_state */
1217 void ossl_quic_set_accept_state(SSL *s)
1218 {
1219 QCTX ctx;
1220
1221 if (!expect_quic(s, &ctx))
1222 return;
1223
1224 /* Cannot be changed after handshake started */
1225 if (ctx.qc->started || ctx.is_stream)
1226 return;
1227
1228 ctx.qc->as_server_state = 1;
1229 }
1230
1231 /* SSL_do_handshake */
1232 struct quic_handshake_wait_args {
1233 QUIC_CONNECTION *qc;
1234 };
1235
1236 static int quic_handshake_wait(void *arg)
1237 {
1238 struct quic_handshake_wait_args *args = arg;
1239
1240 if (!ossl_quic_channel_is_active(args->qc->ch))
1241 return -1;
1242
1243 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1244 return 1;
1245
1246 return 0;
1247 }
1248
1249 static int configure_channel(QUIC_CONNECTION *qc)
1250 {
1251 assert(qc->ch != NULL);
1252
1253 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1254 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
1255 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1256 return 0;
1257
1258 return 1;
1259 }
1260
1261 QUIC_NEEDS_LOCK
1262 static int create_channel(QUIC_CONNECTION *qc)
1263 {
1264 QUIC_CHANNEL_ARGS args = {0};
1265
1266 args.libctx = qc->ssl.ctx->libctx;
1267 args.propq = qc->ssl.ctx->propq;
1268 args.is_server = qc->as_server;
1269 args.tls = qc->tls;
1270 args.mutex = qc->mutex;
1271 args.now_cb = get_time_cb;
1272 args.now_cb_arg = qc;
1273
1274 qc->ch = ossl_quic_channel_new(&args);
1275 if (qc->ch == NULL)
1276 return 0;
1277
1278 return 1;
1279 }
1280
1281 /*
1282 * Creates a channel and configures it with the information we have accumulated
1283 * via calls made to us from the application prior to starting a handshake
1284 * attempt.
1285 */
1286 QUIC_NEEDS_LOCK
1287 static int ensure_channel_started(QUIC_CONNECTION *qc)
1288 {
1289 if (!qc->started) {
1290 if (!configure_channel(qc)
1291 || !ossl_quic_channel_start(qc->ch))
1292 goto err;
1293
1294 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1295 if (qc->is_thread_assisted)
1296 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch))
1297 goto err;
1298 #endif
1299 }
1300
1301 qc->started = 1;
1302 return 1;
1303
1304 err:
1305 ossl_quic_channel_free(qc->ch);
1306 qc->ch = NULL;
1307 return 0;
1308 }
1309
1310 QUIC_NEEDS_LOCK
1311 static int quic_do_handshake(QCTX *ctx)
1312 {
1313 int ret;
1314 QUIC_CONNECTION *qc = ctx->qc;
1315
1316 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1317 /* Handshake already completed. */
1318 return 1;
1319
1320 if (ossl_quic_channel_is_term_any(qc->ch))
1321 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1322
1323 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1324 /* Peer address must have been set. */
1325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1326 return -1; /* Non-protocol error */
1327 }
1328
1329 if (qc->as_server != qc->as_server_state) {
1330 /* TODO(QUIC): Must match the method used to create the QCSO */
1331 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1332 return -1; /* Non-protocol error */
1333 }
1334
1335 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1336 /* Need read and write BIOs. */
1337 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1338 return -1; /* Non-protocol error */
1339 }
1340
1341 /*
1342 * Start connection process. Note we may come here multiple times in
1343 * non-blocking mode, which is fine.
1344 */
1345 if (!ensure_channel_started(qc)) {
1346 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1347 return -1; /* Non-protocol error */
1348 }
1349
1350 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1351 /* The handshake is now done. */
1352 return 1;
1353
1354 if (qc_blocking_mode(qc)) {
1355 /* In blocking mode, wait for the handshake to complete. */
1356 struct quic_handshake_wait_args args;
1357
1358 args.qc = qc;
1359
1360 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1361 if (!ossl_quic_channel_is_active(qc->ch)) {
1362 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1363 return 0; /* Shutdown before completion */
1364 } else if (ret <= 0) {
1365 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1366 return -1; /* Non-protocol error */
1367 }
1368
1369 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1370 return 1;
1371 } else {
1372 /* Try to advance the reactor. */
1373 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1374
1375 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1376 /* The handshake is now done. */
1377 return 1;
1378
1379 /* Otherwise, indicate that the handshake isn't done yet. */
1380 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1381 return -1; /* Non-protocol error */
1382 }
1383 }
1384
1385 QUIC_TAKES_LOCK
1386 int ossl_quic_do_handshake(SSL *s)
1387 {
1388 int ret;
1389 QCTX ctx;
1390
1391 if (!expect_quic(s, &ctx))
1392 return 0;
1393
1394 quic_lock(ctx.qc);
1395
1396 ret = quic_do_handshake(&ctx);
1397 quic_unlock(ctx.qc);
1398 return ret;
1399 }
1400
1401 /* SSL_connect */
1402 int ossl_quic_connect(SSL *s)
1403 {
1404 /* Ensure we are in connect state (no-op if non-idle). */
1405 ossl_quic_set_connect_state(s);
1406
1407 /* Begin or continue the handshake */
1408 return ossl_quic_do_handshake(s);
1409 }
1410
1411 /* SSL_accept */
1412 int ossl_quic_accept(SSL *s)
1413 {
1414 /* Ensure we are in accept state (no-op if non-idle). */
1415 ossl_quic_set_accept_state(s);
1416
1417 /* Begin or continue the handshake */
1418 return ossl_quic_do_handshake(s);
1419 }
1420
1421 /*
1422 * QUIC Front-End I/O API: Stream Lifecycle Operations
1423 * ===================================================
1424 *
1425 * SSL_stream_new => ossl_quic_conn_stream_new
1426 *
1427 */
1428
1429 /*
1430 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1431 * default XSO was created. Returns 0 if it was not (e.g. because it already
1432 * exists). Note that this is NOT an error condition.
1433 */
1434 QUIC_NEEDS_LOCK
1435 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1436 {
1437 uint64_t flags = 0;
1438 QUIC_CONNECTION *qc = ctx->qc;
1439
1440 if (qc->default_xso_created
1441 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1442 /*
1443 * We only do this once. If the user detaches a previously created
1444 * default XSO we don't auto-create another one.
1445 */
1446 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1447
1448 /* Create a locally-initiated stream. */
1449 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1450 flags |= SSL_STREAM_FLAG_UNI;
1451
1452 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1453 /*needs_lock=*/0),
1454 /*touch=*/0);
1455 if (qc->default_xso == NULL)
1456 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1457
1458 qc_touch_default_xso(qc);
1459 return 1;
1460 }
1461
1462 struct quic_wait_for_stream_args {
1463 QUIC_CONNECTION *qc;
1464 QUIC_STREAM *qs;
1465 QCTX *ctx;
1466 uint64_t expect_id;
1467 };
1468
1469 QUIC_NEEDS_LOCK
1470 static int quic_wait_for_stream(void *arg)
1471 {
1472 struct quic_wait_for_stream_args *args = arg;
1473
1474 if (!ossl_quic_channel_is_active(args->qc->ch)) {
1475 /* If connection is torn down due to an error while blocking, stop. */
1476 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1477 return -1;
1478 }
1479
1480 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1481 args->expect_id | QUIC_STREAM_DIR_BIDI);
1482 if (args->qs == NULL)
1483 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1484 args->expect_id | QUIC_STREAM_DIR_UNI);
1485
1486 if (args->qs != NULL)
1487 return 1; /* stream now exists */
1488
1489 return 0; /* did not get a stream, keep trying */
1490 }
1491
1492 QUIC_NEEDS_LOCK
1493 static int qc_wait_for_default_xso_for_read(QCTX *ctx)
1494 {
1495 /* Called on a QCSO and we don't currently have a default stream. */
1496 uint64_t expect_id;
1497 QUIC_CONNECTION *qc = ctx->qc;
1498 QUIC_STREAM *qs;
1499 int res;
1500 struct quic_wait_for_stream_args wargs;
1501
1502 /*
1503 * If default stream functionality is disabled or we already detached
1504 * one, don't make another default stream and just fail.
1505 */
1506 if (qc->default_xso_created
1507 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1508 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1509
1510 /*
1511 * The peer may have opened a stream since we last ticked. So tick and
1512 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1513 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1514 * first stream created by a peer must have an ordinal of 0.
1515 */
1516 expect_id = qc->as_server
1517 ? QUIC_STREAM_INITIATOR_CLIENT
1518 : QUIC_STREAM_INITIATOR_SERVER;
1519
1520 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1521 expect_id | QUIC_STREAM_DIR_BIDI);
1522 if (qs == NULL)
1523 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1524 expect_id | QUIC_STREAM_DIR_UNI);
1525
1526 if (qs == NULL) {
1527 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1528
1529 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1530 expect_id);
1531 }
1532
1533 if (qs == NULL) {
1534 if (!qc_blocking_mode(qc))
1535 /* Non-blocking mode, so just bail immediately. */
1536 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1537
1538 /* Block until we have a stream. */
1539 wargs.qc = qc;
1540 wargs.qs = NULL;
1541 wargs.ctx = ctx;
1542 wargs.expect_id = expect_id;
1543
1544 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1545 if (res == 0)
1546 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1547 else if (res < 0 || wargs.qs == NULL)
1548 /* quic_wait_for_stream raised error here */
1549 return 0;
1550
1551 qs = wargs.qs;
1552 }
1553
1554 /*
1555 * We now have qs != NULL. Make it the default stream, creating the
1556 * necessary XSO.
1557 */
1558 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1559 if (qc->default_xso == NULL)
1560 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1561
1562 qc_touch_default_xso(qc); /* inhibits default XSO */
1563 return 1;
1564 }
1565
1566 QUIC_NEEDS_LOCK
1567 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1568 {
1569 QUIC_XSO *xso = NULL;
1570
1571 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL)
1572 goto err;
1573
1574 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO))
1575 goto err;
1576
1577 /* XSO refs QC */
1578 if (!SSL_up_ref(&qc->ssl))
1579 goto err;
1580
1581 xso->conn = qc;
1582 xso->blocking = qc->default_blocking;
1583 xso->ssl_mode = qc->default_ssl_mode;
1584 xso->ssl_options
1585 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1586 xso->last_error = SSL_ERROR_NONE;
1587
1588 xso->stream = qs;
1589
1590 ++qc->num_xso;
1591 xso_update_options(xso);
1592 return xso;
1593
1594 err:
1595 OPENSSL_free(xso);
1596 return NULL;
1597 }
1598
1599 /* locking depends on need_lock */
1600 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1601 {
1602 QUIC_CONNECTION *qc = ctx->qc;
1603 QUIC_XSO *xso = NULL;
1604 QUIC_STREAM *qs = NULL;
1605 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
1606
1607 if (need_lock)
1608 quic_lock(qc);
1609
1610 if (ossl_quic_channel_is_term_any(qc->ch)) {
1611 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1612 goto err;
1613 }
1614
1615 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
1616 if (qs == NULL)
1617 goto err;
1618
1619 xso = create_xso_from_stream(qc, qs);
1620 if (xso == NULL)
1621 goto err;
1622
1623 qc_touch_default_xso(qc); /* inhibits default XSO */
1624 if (need_lock)
1625 quic_unlock(qc);
1626
1627 return &xso->ssl;
1628
1629 err:
1630 OPENSSL_free(xso);
1631 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1632 if (need_lock)
1633 quic_unlock(qc);
1634
1635 return NULL;
1636
1637 }
1638
1639 QUIC_TAKES_LOCK
1640 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1641 {
1642 QCTX ctx;
1643
1644 if (!expect_quic_conn_only(s, &ctx))
1645 return NULL;
1646
1647 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
1648 }
1649
1650 /*
1651 * QUIC Front-End I/O API: Steady-State Operations
1652 * ===============================================
1653 *
1654 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1655 * is, the functions used during the established phase of a QUIC connection
1656 * (e.g. SSL_read, SSL_write).
1657 *
1658 * Each function must handle both blocking and non-blocking modes. As discussed
1659 * above, all QUIC I/O is implemented using non-blocking mode internally.
1660 *
1661 * SSL_get_error => partially implemented by ossl_quic_get_error
1662 * (BIO/)SSL_read => ossl_quic_read
1663 * (BIO/)SSL_write => ossl_quic_write
1664 * SSL_pending => ossl_quic_pending
1665 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
1666 * SSL_key_update => ossl_quic_key_update
1667 */
1668
1669 /* SSL_get_error */
1670 int ossl_quic_get_error(const SSL *s, int i)
1671 {
1672 QCTX ctx;
1673 int net_error, last_error;
1674
1675 if (!expect_quic(s, &ctx))
1676 return 0;
1677
1678 quic_lock(ctx.qc);
1679 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
1680 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
1681 quic_unlock(ctx.qc);
1682
1683 if (net_error)
1684 return SSL_ERROR_SYSCALL;
1685
1686 return last_error;
1687 }
1688
1689 /*
1690 * SSL_write
1691 * ---------
1692 *
1693 * The set of functions below provide the implementation of the public SSL_write
1694 * function. We must handle:
1695 *
1696 * - both blocking and non-blocking operation at the application level,
1697 * depending on how we are configured;
1698 *
1699 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1700 *
1701 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1702 *
1703 */
1704 QUIC_NEEDS_LOCK
1705 static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
1706 {
1707 /*
1708 * We have appended at least one byte to the stream.
1709 * Potentially mark stream as active, depending on FC.
1710 */
1711 if (did_append)
1712 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1713 xso->stream);
1714
1715 /*
1716 * Try and send.
1717 *
1718 * TODO(QUIC): It is probably inefficient to try and do this immediately,
1719 * plus we should eventually consider Nagle's algorithm.
1720 */
1721 if (do_tick)
1722 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
1723 }
1724
1725 struct quic_write_again_args {
1726 QUIC_XSO *xso;
1727 const unsigned char *buf;
1728 size_t len;
1729 size_t total_written;
1730 int err;
1731 };
1732
1733 QUIC_NEEDS_LOCK
1734 static int quic_write_again(void *arg)
1735 {
1736 struct quic_write_again_args *args = arg;
1737 size_t actual_written = 0;
1738
1739 if (!ossl_quic_channel_is_active(args->xso->conn->ch))
1740 /* If connection is torn down due to an error while blocking, stop. */
1741 return -2;
1742
1743 if (!quic_validate_for_write(args->xso, &args->err))
1744 /*
1745 * Stream may have become invalid for write due to connection events
1746 * while we blocked.
1747 */
1748 return -2;
1749
1750 args->err = ERR_R_INTERNAL_ERROR;
1751 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
1752 args->buf, args->len, &actual_written))
1753 return -2;
1754
1755 quic_post_write(args->xso, actual_written > 0, 0);
1756
1757 args->buf += actual_written;
1758 args->len -= actual_written;
1759 args->total_written += actual_written;
1760
1761 if (args->len == 0)
1762 /* Written everything, done. */
1763 return 1;
1764
1765 /* Not written everything yet, keep trying. */
1766 return 0;
1767 }
1768
1769 QUIC_NEEDS_LOCK
1770 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
1771 size_t *written)
1772 {
1773 int res;
1774 QUIC_XSO *xso = ctx->xso;
1775 struct quic_write_again_args args;
1776 size_t actual_written = 0;
1777
1778 /* First make a best effort to append as much of the data as possible. */
1779 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
1780 &actual_written)) {
1781 /* Stream already finished or allocation error. */
1782 *written = 0;
1783 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1784 }
1785
1786 quic_post_write(xso, actual_written > 0, 1);
1787
1788 if (actual_written == len) {
1789 /* Managed to append everything on the first try. */
1790 *written = actual_written;
1791 return 1;
1792 }
1793
1794 /*
1795 * We did not manage to append all of the data immediately, so the stream
1796 * buffer has probably filled up. This means we need to block until some of
1797 * it is freed up.
1798 */
1799 args.xso = xso;
1800 args.buf = (const unsigned char *)buf + actual_written;
1801 args.len = len - actual_written;
1802 args.total_written = 0;
1803 args.err = ERR_R_INTERNAL_ERROR;
1804
1805 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
1806 if (res <= 0) {
1807 if (!ossl_quic_channel_is_active(xso->conn->ch))
1808 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1809 else
1810 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
1811 }
1812
1813 *written = args.total_written;
1814 return 1;
1815 }
1816
1817 /*
1818 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
1819 * write semantics.
1820 */
1821 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
1822 size_t buf_len, size_t already_sent)
1823 {
1824 assert(!xso->aon_write_in_progress);
1825
1826 xso->aon_write_in_progress = 1;
1827 xso->aon_buf_base = buf;
1828 xso->aon_buf_pos = already_sent;
1829 xso->aon_buf_len = buf_len;
1830 }
1831
1832 static void aon_write_finish(QUIC_XSO *xso)
1833 {
1834 xso->aon_write_in_progress = 0;
1835 xso->aon_buf_base = NULL;
1836 xso->aon_buf_pos = 0;
1837 xso->aon_buf_len = 0;
1838 }
1839
1840 QUIC_NEEDS_LOCK
1841 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
1842 size_t len, size_t *written)
1843 {
1844 QUIC_XSO *xso = ctx->xso;
1845 const void *actual_buf;
1846 size_t actual_len, actual_written = 0;
1847 int accept_moving_buffer
1848 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
1849
1850 if (xso->aon_write_in_progress) {
1851 /*
1852 * We are in the middle of an AON write (i.e., a previous write did not
1853 * manage to append all data to the SSTREAM and we have Enable Partial
1854 * Write (EPW) mode disabled.)
1855 */
1856 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
1857 || len != xso->aon_buf_len)
1858 /*
1859 * Pointer must not have changed if we are not in accept moving
1860 * buffer mode. Length must never change.
1861 */
1862 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
1863
1864 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
1865 actual_len = len - xso->aon_buf_pos;
1866 assert(actual_len > 0);
1867 } else {
1868 actual_buf = buf;
1869 actual_len = len;
1870 }
1871
1872 /* First make a best effort to append as much of the data as possible. */
1873 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
1874 &actual_written)) {
1875 /* Stream already finished or allocation error. */
1876 *written = 0;
1877 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1878 }
1879
1880 quic_post_write(xso, actual_written > 0, 1);
1881
1882 if (actual_written == actual_len) {
1883 /* We have sent everything. */
1884 if (xso->aon_write_in_progress) {
1885 /*
1886 * We have sent everything, and we were in the middle of an AON
1887 * write. The output write length is the total length of the AON
1888 * buffer, not however many bytes we managed to write to the stream
1889 * in this call.
1890 */
1891 *written = xso->aon_buf_len;
1892 aon_write_finish(xso);
1893 } else {
1894 *written = actual_written;
1895 }
1896
1897 return 1;
1898 }
1899
1900 if (xso->aon_write_in_progress) {
1901 /*
1902 * AON write is in progress but we have not written everything yet. We
1903 * may have managed to send zero bytes, or some number of bytes less
1904 * than the total remaining which need to be appended during this
1905 * AON operation.
1906 */
1907 xso->aon_buf_pos += actual_written;
1908 assert(xso->aon_buf_pos < xso->aon_buf_len);
1909 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
1910 }
1911
1912 /*
1913 * Not in an existing AON operation but partial write is not enabled, so we
1914 * need to begin a new AON operation. However we needn't bother if we didn't
1915 * actually append anything.
1916 */
1917 if (actual_written > 0)
1918 aon_write_begin(xso, buf, len, actual_written);
1919
1920 /*
1921 * AON - We do not publicly admit to having appended anything until AON
1922 * completes.
1923 */
1924 *written = 0;
1925 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
1926 }
1927
1928 QUIC_NEEDS_LOCK
1929 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
1930 size_t *written)
1931 {
1932 QUIC_XSO *xso = ctx->xso;
1933
1934 /* Simple best effort operation. */
1935 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
1936 /* Stream already finished or allocation error. */
1937 *written = 0;
1938 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1939 }
1940
1941 quic_post_write(xso, *written > 0, 1);
1942 return 1;
1943 }
1944
1945 QUIC_NEEDS_LOCK
1946 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
1947 {
1948 QUIC_STREAM_MAP *qsm;
1949
1950 if (xso == NULL || xso->stream == NULL) {
1951 *err = ERR_R_INTERNAL_ERROR;
1952 return 0;
1953 }
1954
1955 switch (xso->stream->send_state) {
1956 default:
1957 case QUIC_SSTREAM_STATE_NONE:
1958 *err = SSL_R_STREAM_RECV_ONLY;
1959 return 0;
1960
1961 case QUIC_SSTREAM_STATE_READY:
1962 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
1963
1964 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
1965 *err = ERR_R_INTERNAL_ERROR;
1966 return 0;
1967 }
1968
1969 /* FALLTHROUGH */
1970 case QUIC_SSTREAM_STATE_SEND:
1971 case QUIC_SSTREAM_STATE_DATA_SENT:
1972 case QUIC_SSTREAM_STATE_DATA_RECVD:
1973 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
1974 *err = SSL_R_STREAM_FINISHED;
1975 return 0;
1976 }
1977
1978 return 1;
1979
1980 case QUIC_SSTREAM_STATE_RESET_SENT:
1981 case QUIC_SSTREAM_STATE_RESET_RECVD:
1982 *err = SSL_R_STREAM_RESET;
1983 return 0;
1984 }
1985 }
1986
1987 QUIC_TAKES_LOCK
1988 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
1989 {
1990 int ret;
1991 QCTX ctx;
1992 int partial_write, err;
1993
1994 *written = 0;
1995
1996 if (len == 0)
1997 return 1;
1998
1999 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
2000 return 0;
2001
2002 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
2003
2004 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
2005 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2006 goto out;
2007 }
2008
2009 /*
2010 * If we haven't finished the handshake, try to advance it.
2011 * We don't accept writes until the handshake is completed.
2012 */
2013 if (quic_do_handshake(&ctx) < 1) {
2014 ret = 0;
2015 goto out;
2016 }
2017
2018 /* Ensure correct stream state, stream send part not concluded, etc. */
2019 if (!quic_validate_for_write(ctx.xso, &err)) {
2020 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2021 goto out;
2022 }
2023
2024 if (xso_blocking_mode(ctx.xso))
2025 ret = quic_write_blocking(&ctx, buf, len, written);
2026 else if (partial_write)
2027 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
2028 else
2029 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
2030
2031 out:
2032 quic_unlock(ctx.qc);
2033 return ret;
2034 }
2035
2036 /*
2037 * SSL_read
2038 * --------
2039 */
2040 struct quic_read_again_args {
2041 QCTX *ctx;
2042 QUIC_STREAM *stream;
2043 void *buf;
2044 size_t len;
2045 size_t *bytes_read;
2046 int peek;
2047 };
2048
2049 QUIC_NEEDS_LOCK
2050 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2051 {
2052 QUIC_STREAM_MAP *qsm;
2053
2054 *eos = 0;
2055
2056 if (xso == NULL || xso->stream == NULL) {
2057 *err = ERR_R_INTERNAL_ERROR;
2058 return 0;
2059 }
2060
2061 switch (xso->stream->recv_state) {
2062 default:
2063 case QUIC_RSTREAM_STATE_NONE:
2064 *err = SSL_R_STREAM_SEND_ONLY;
2065 return 0;
2066
2067 case QUIC_RSTREAM_STATE_RECV:
2068 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2069 case QUIC_RSTREAM_STATE_DATA_RECVD:
2070 return 1;
2071
2072 case QUIC_RSTREAM_STATE_DATA_READ:
2073 *eos = 1;
2074 return 0;
2075
2076 case QUIC_RSTREAM_STATE_RESET_RECVD:
2077 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2078 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2079
2080 /* FALLTHROUGH */
2081 case QUIC_RSTREAM_STATE_RESET_READ:
2082 *err = SSL_R_STREAM_RESET;
2083 return 0;
2084 }
2085 }
2086
2087 QUIC_NEEDS_LOCK
2088 static int quic_read_actual(QCTX *ctx,
2089 QUIC_STREAM *stream,
2090 void *buf, size_t buf_len,
2091 size_t *bytes_read,
2092 int peek)
2093 {
2094 int is_fin = 0, err, eos;
2095 QUIC_CONNECTION *qc = ctx->qc;
2096
2097 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2098 if (eos)
2099 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2100 else
2101 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2102 }
2103
2104 if (peek) {
2105 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2106 bytes_read, &is_fin))
2107 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2108
2109 } else {
2110 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2111 bytes_read, &is_fin))
2112 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2113 }
2114
2115 if (!peek) {
2116 if (*bytes_read > 0) {
2117 /*
2118 * We have read at least one byte from the stream. Inform stream-level
2119 * RXFC of the retirement of controlled bytes. Update the active stream
2120 * status (the RXFC may now want to emit a frame granting more credit to
2121 * the peer).
2122 */
2123 OSSL_RTT_INFO rtt_info;
2124
2125 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2126
2127 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2128 rtt_info.smoothed_rtt))
2129 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2130 }
2131
2132 if (is_fin && !peek) {
2133 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2134
2135 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2136 }
2137
2138 if (*bytes_read > 0)
2139 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2140 stream);
2141 }
2142
2143 return 1;
2144 }
2145
2146 QUIC_NEEDS_LOCK
2147 static int quic_read_again(void *arg)
2148 {
2149 struct quic_read_again_args *args = arg;
2150
2151 if (!ossl_quic_channel_is_active(args->ctx->qc->ch)) {
2152 /* If connection is torn down due to an error while blocking, stop. */
2153 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2154 return -1;
2155 }
2156
2157 if (!quic_read_actual(args->ctx, args->stream,
2158 args->buf, args->len, args->bytes_read,
2159 args->peek))
2160 return -1;
2161
2162 if (*args->bytes_read > 0)
2163 /* got at least one byte, the SSL_read op can finish now */
2164 return 1;
2165
2166 return 0; /* did not read anything, keep trying */
2167 }
2168
2169 QUIC_TAKES_LOCK
2170 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2171 {
2172 int ret, res;
2173 QCTX ctx;
2174 struct quic_read_again_args args;
2175
2176 *bytes_read = 0;
2177
2178 if (!expect_quic(s, &ctx))
2179 return 0;
2180
2181 quic_lock(ctx.qc);
2182
2183 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
2184 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2185 goto out;
2186 }
2187
2188 /* If we haven't finished the handshake, try to advance it. */
2189 if (quic_do_handshake(&ctx) < 1) {
2190 ret = 0; /* ossl_quic_do_handshake raised error here */
2191 goto out;
2192 }
2193
2194 if (ctx.xso == NULL) {
2195 /*
2196 * Called on a QCSO and we don't currently have a default stream.
2197 *
2198 * Wait until we get a stream initiated by the peer (blocking mode) or
2199 * fail if we don't have one yet (non-blocking mode).
2200 */
2201 if (!qc_wait_for_default_xso_for_read(&ctx)) {
2202 ret = 0; /* error already raised here */
2203 goto out;
2204 }
2205
2206 ctx.xso = ctx.qc->default_xso;
2207 }
2208
2209 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2210 ret = 0; /* quic_read_actual raised error here */
2211 goto out;
2212 }
2213
2214 if (*bytes_read > 0) {
2215 /*
2216 * Even though we succeeded, tick the reactor here to ensure we are
2217 * handling other aspects of the QUIC connection.
2218 */
2219 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2220 ret = 1;
2221 } else if (xso_blocking_mode(ctx.xso)) {
2222 /*
2223 * We were not able to read anything immediately, so our stream
2224 * buffer is empty. This means we need to block until we get
2225 * at least one byte.
2226 */
2227 args.ctx = &ctx;
2228 args.stream = ctx.xso->stream;
2229 args.buf = buf;
2230 args.len = len;
2231 args.bytes_read = bytes_read;
2232 args.peek = peek;
2233
2234 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2235 if (res == 0) {
2236 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2237 goto out;
2238 } else if (res < 0) {
2239 ret = 0; /* quic_read_again raised error here */
2240 goto out;
2241 }
2242
2243 ret = 1;
2244 } else {
2245 /*
2246 * We did not get any bytes and are not in blocking mode.
2247 * Tick to see if this delivers any more.
2248 */
2249 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2250
2251 /* Try the read again. */
2252 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2253 ret = 0; /* quic_read_actual raised error here */
2254 goto out;
2255 }
2256
2257 if (*bytes_read > 0)
2258 ret = 1; /* Succeeded this time. */
2259 else
2260 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2261 }
2262
2263 out:
2264 quic_unlock(ctx.qc);
2265 return ret;
2266 }
2267
2268 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2269 {
2270 return quic_read(s, buf, len, bytes_read, 0);
2271 }
2272
2273 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2274 {
2275 return quic_read(s, buf, len, bytes_read, 1);
2276 }
2277
2278 /*
2279 * SSL_pending
2280 * -----------
2281 */
2282
2283 QUIC_TAKES_LOCK
2284 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2285 {
2286 QCTX ctx;
2287 size_t avail = 0;
2288 int fin = 0;
2289
2290 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
2291 return 0;
2292
2293 if (ctx.xso->stream == NULL
2294 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream))
2295 /* Cannot raise errors here because we are const, just fail. */
2296 goto out;
2297
2298 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
2299 avail = 0;
2300
2301 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2302 avail = 1;
2303
2304 out:
2305 quic_unlock(ctx.qc);
2306 return avail;
2307 }
2308
2309 size_t ossl_quic_pending(const SSL *s)
2310 {
2311 return ossl_quic_pending_int(s, /*check_channel=*/0);
2312 }
2313
2314 int ossl_quic_has_pending(const SSL *s)
2315 {
2316 /* Do we have app-side pending data or pending URXEs or RXEs? */
2317 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2318 }
2319
2320 /*
2321 * SSL_stream_conclude
2322 * -------------------
2323 */
2324 QUIC_TAKES_LOCK
2325 int ossl_quic_conn_stream_conclude(SSL *s)
2326 {
2327 QCTX ctx;
2328 QUIC_STREAM *qs;
2329 int err;
2330
2331 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, &ctx))
2332 return 0;
2333
2334 qs = ctx.xso->stream;
2335
2336 if (!ossl_quic_channel_is_active(ctx.qc->ch)) {
2337 quic_unlock(ctx.qc);
2338 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2339 }
2340
2341 if (!quic_validate_for_write(ctx.xso, &err)) {
2342 quic_unlock(ctx.qc);
2343 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2344 }
2345
2346 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2347 quic_unlock(ctx.qc);
2348 return 1;
2349 }
2350
2351 ossl_quic_sstream_fin(qs->sstream);
2352 quic_post_write(ctx.xso, 1, 1);
2353 quic_unlock(ctx.qc);
2354 return 1;
2355 }
2356
2357 /*
2358 * SSL_inject_net_dgram
2359 * --------------------
2360 */
2361 QUIC_TAKES_LOCK
2362 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2363 size_t buf_len,
2364 const BIO_ADDR *peer,
2365 const BIO_ADDR *local)
2366 {
2367 int ret;
2368 QCTX ctx;
2369 QUIC_DEMUX *demux;
2370
2371 if (!expect_quic(s, &ctx))
2372 return 0;
2373
2374 quic_lock(ctx.qc);
2375
2376 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2377 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2378
2379 quic_unlock(ctx.qc);
2380 return ret;
2381 }
2382
2383 /*
2384 * SSL_get0_connection
2385 * -------------------
2386 */
2387 SSL *ossl_quic_get0_connection(SSL *s)
2388 {
2389 QCTX ctx;
2390
2391 if (!expect_quic(s, &ctx))
2392 return NULL;
2393
2394 return &ctx.qc->ssl;
2395 }
2396
2397 /*
2398 * SSL_get_stream_type
2399 * -------------------
2400 */
2401 int ossl_quic_get_stream_type(SSL *s)
2402 {
2403 QCTX ctx;
2404
2405 if (!expect_quic(s, &ctx))
2406 return SSL_STREAM_TYPE_BIDI;
2407
2408 if (ctx.xso == NULL) {
2409 /*
2410 * If deferred XSO creation has yet to occur, proceed according to the
2411 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2412 * what kind of stream will be created yet, so return BIDI on the basis
2413 * that at this time, the client still has the option of calling
2414 * SSL_read() or SSL_write() first.
2415 */
2416 if (ctx.qc->default_xso_created
2417 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2418 return SSL_STREAM_TYPE_NONE;
2419 else
2420 return SSL_STREAM_TYPE_BIDI;
2421 }
2422
2423 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2424 return SSL_STREAM_TYPE_BIDI;
2425
2426 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2427 return SSL_STREAM_TYPE_READ;
2428 else
2429 return SSL_STREAM_TYPE_WRITE;
2430 }
2431
2432 /*
2433 * SSL_get_stream_id
2434 * -----------------
2435 */
2436 QUIC_TAKES_LOCK
2437 uint64_t ossl_quic_get_stream_id(SSL *s)
2438 {
2439 QCTX ctx;
2440 uint64_t id;
2441
2442 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
2443 return UINT64_MAX;
2444
2445 id = ctx.xso->stream->id;
2446 quic_unlock(ctx.qc);
2447
2448 return id;
2449 }
2450
2451 /*
2452 * SSL_set_default_stream_mode
2453 * ---------------------------
2454 */
2455 QUIC_TAKES_LOCK
2456 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2457 {
2458 QCTX ctx;
2459
2460 if (!expect_quic_conn_only(s, &ctx))
2461 return 0;
2462
2463 quic_lock(ctx.qc);
2464
2465 if (ctx.qc->default_xso_created)
2466 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
2467 "too late to change default stream mode");
2468
2469 switch (mode) {
2470 case SSL_DEFAULT_STREAM_MODE_NONE:
2471 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2472 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2473 ctx.qc->default_stream_mode = mode;
2474 break;
2475 default:
2476 quic_unlock(ctx.qc);
2477 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
2478 "bad default stream type");
2479 }
2480
2481 quic_unlock(ctx.qc);
2482 return 1;
2483 }
2484
2485 /*
2486 * SSL_detach_stream
2487 * -----------------
2488 */
2489 QUIC_TAKES_LOCK
2490 SSL *ossl_quic_detach_stream(SSL *s)
2491 {
2492 QCTX ctx;
2493 QUIC_XSO *xso = NULL;
2494
2495 if (!expect_quic_conn_only(s, &ctx))
2496 return NULL;
2497
2498 quic_lock(ctx.qc);
2499
2500 /* Calling this function inhibits default XSO autocreation. */
2501 /* QC ref to any default XSO is transferred to us and to caller. */
2502 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
2503
2504 quic_unlock(ctx.qc);
2505
2506 return xso != NULL ? &xso->ssl : NULL;
2507 }
2508
2509 /*
2510 * SSL_attach_stream
2511 * -----------------
2512 */
2513 QUIC_TAKES_LOCK
2514 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2515 {
2516 QCTX ctx;
2517 QUIC_XSO *xso;
2518 int nref;
2519
2520 if (!expect_quic_conn_only(conn, &ctx))
2521 return 0;
2522
2523 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
2524 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
2525 "stream to attach must be a valid QUIC stream");
2526
2527 xso = (QUIC_XSO *)stream;
2528
2529 quic_lock(ctx.qc);
2530
2531 if (ctx.qc->default_xso != NULL) {
2532 quic_unlock(ctx.qc);
2533 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
2534 "connection already has a default stream");
2535 }
2536
2537 /*
2538 * It is a caller error for the XSO being attached as a default XSO to have
2539 * more than one ref.
2540 */
2541 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
2542 quic_unlock(ctx.qc);
2543 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
2544 "ref");
2545 }
2546
2547 if (nref != 1) {
2548 quic_unlock(ctx.qc);
2549 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
2550 "stream being attached must have "
2551 "only 1 reference");
2552 }
2553
2554 /* Caller's reference to the XSO is transferred to us. */
2555 /* Calling this function inhibits default XSO autocreation. */
2556 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
2557
2558 quic_unlock(ctx.qc);
2559 return 1;
2560 }
2561
2562 /*
2563 * SSL_set_incoming_stream_policy
2564 * ------------------------------
2565 */
2566 QUIC_NEEDS_LOCK
2567 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
2568 {
2569 switch (qc->incoming_stream_policy) {
2570 case SSL_INCOMING_STREAM_POLICY_AUTO:
2571 if ((qc->default_xso == NULL && !qc->default_xso_created)
2572 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2573 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
2574 else
2575 return SSL_INCOMING_STREAM_POLICY_REJECT;
2576
2577 default:
2578 return qc->incoming_stream_policy;
2579 }
2580 }
2581
2582 QUIC_NEEDS_LOCK
2583 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2584 {
2585 int policy = qc_get_effective_incoming_stream_policy(qc);
2586 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
2587
2588 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2589 enable_reject,
2590 qc->incoming_stream_aec);
2591 }
2592
2593 QUIC_TAKES_LOCK
2594 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2595 uint64_t aec)
2596 {
2597 int ret = 1;
2598 QCTX ctx;
2599
2600 if (!expect_quic_conn_only(s, &ctx))
2601 return 0;
2602
2603 quic_lock(ctx.qc);
2604
2605 switch (policy) {
2606 case SSL_INCOMING_STREAM_POLICY_AUTO:
2607 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2608 case SSL_INCOMING_STREAM_POLICY_REJECT:
2609 ctx.qc->incoming_stream_policy = policy;
2610 ctx.qc->incoming_stream_aec = aec;
2611 break;
2612
2613 default:
2614 ret = 0;
2615 break;
2616 }
2617
2618 qc_update_reject_policy(ctx.qc);
2619 quic_unlock(ctx.qc);
2620 return ret;
2621 }
2622
2623 /*
2624 * SSL_accept_stream
2625 * -----------------
2626 */
2627 struct wait_for_incoming_stream_args {
2628 QCTX *ctx;
2629 QUIC_STREAM *qs;
2630 };
2631
2632 QUIC_NEEDS_LOCK
2633 static int wait_for_incoming_stream(void *arg)
2634 {
2635 struct wait_for_incoming_stream_args *args = arg;
2636 QUIC_CONNECTION *qc = args->ctx->qc;
2637 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
2638
2639 if (!ossl_quic_channel_is_active(qc->ch)) {
2640 /* If connection is torn down due to an error while blocking, stop. */
2641 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2642 return -1;
2643 }
2644
2645 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2646 if (args->qs != NULL)
2647 return 1; /* got a stream */
2648
2649 return 0; /* did not get a stream, keep trying */
2650 }
2651
2652 QUIC_TAKES_LOCK
2653 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2654 {
2655 QCTX ctx;
2656 int ret;
2657 SSL *new_s = NULL;
2658 QUIC_STREAM_MAP *qsm;
2659 QUIC_STREAM *qs;
2660 QUIC_XSO *xso;
2661 OSSL_RTT_INFO rtt_info;
2662
2663 if (!expect_quic_conn_only(s, &ctx))
2664 return NULL;
2665
2666 quic_lock(ctx.qc);
2667
2668 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2669 == SSL_INCOMING_STREAM_POLICY_REJECT)
2670 goto out;
2671
2672 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2673
2674 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2675 if (qs == NULL) {
2676 if (qc_blocking_mode(ctx.qc)
2677 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2678 struct wait_for_incoming_stream_args args;
2679
2680 args.ctx = &ctx;
2681 args.qs = NULL;
2682
2683 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2684 if (ret == 0) {
2685 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2686 goto out;
2687 } else if (ret < 0 || args.qs == NULL) {
2688 goto out;
2689 }
2690
2691 qs = args.qs;
2692 } else {
2693 goto out;
2694 }
2695 }
2696
2697 xso = create_xso_from_stream(ctx.qc, qs);
2698 if (xso == NULL)
2699 goto out;
2700
2701 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2702 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2703 rtt_info.smoothed_rtt);
2704 new_s = &xso->ssl;
2705
2706 /* Calling this function inhibits default XSO autocreation. */
2707 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
2708
2709 out:
2710 quic_unlock(ctx.qc);
2711 return new_s;
2712 }
2713
2714 /*
2715 * SSL_get_accept_stream_queue_len
2716 * -------------------------------
2717 */
2718 QUIC_TAKES_LOCK
2719 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
2720 {
2721 QCTX ctx;
2722 size_t v;
2723
2724 if (!expect_quic_conn_only(s, &ctx))
2725 return 0;
2726
2727 quic_lock(ctx.qc);
2728
2729 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
2730
2731 quic_unlock(ctx.qc);
2732 return v;
2733 }
2734
2735 /*
2736 * SSL_stream_reset
2737 * ----------------
2738 */
2739 int ossl_quic_stream_reset(SSL *ssl,
2740 const SSL_STREAM_RESET_ARGS *args,
2741 size_t args_len)
2742 {
2743 QCTX ctx;
2744 QUIC_STREAM_MAP *qsm;
2745 QUIC_STREAM *qs;
2746 uint64_t error_code;
2747 int ok, err;
2748
2749 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, &ctx))
2750 return 0;
2751
2752 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2753 qs = ctx.xso->stream;
2754 error_code = (args != NULL ? args->quic_error_code : 0);
2755
2756 if (!quic_validate_for_write(ctx.xso, &err)) {
2757 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2758 goto err;
2759 }
2760
2761 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
2762
2763 err:
2764 quic_unlock(ctx.qc);
2765 return ok;
2766 }
2767
2768 /*
2769 * SSL_get_stream_read_state
2770 * -------------------------
2771 */
2772 static void quic_classify_stream(QUIC_CONNECTION *qc,
2773 QUIC_STREAM *qs,
2774 int is_write,
2775 int *state,
2776 uint64_t *app_error_code)
2777 {
2778 int local_init;
2779 uint64_t final_size;
2780
2781 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
2782
2783 if (app_error_code != NULL)
2784 *app_error_code = UINT64_MAX;
2785 else
2786 app_error_code = &final_size; /* throw away value */
2787
2788 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
2789 /*
2790 * Unidirectional stream and this direction of transmission doesn't
2791 * exist.
2792 */
2793 *state = SSL_STREAM_STATE_WRONG_DIR;
2794 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
2795 /* Connection already closed. */
2796 *state = SSL_STREAM_STATE_CONN_CLOSED;
2797 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
2798 /* Application has read a FIN. */
2799 *state = SSL_STREAM_STATE_FINISHED;
2800 } else if ((!is_write && qs->stop_sending)
2801 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
2802 /*
2803 * Stream has been reset locally. FIN takes precedence over this for the
2804 * read case as the application need not care if the stream is reset
2805 * after a FIN has been successfully processed.
2806 */
2807 *state = SSL_STREAM_STATE_RESET_LOCAL;
2808 *app_error_code = !is_write
2809 ? qs->stop_sending_aec
2810 : qs->reset_stream_aec;
2811 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
2812 || (is_write && qs->peer_stop_sending)) {
2813 /*
2814 * Stream has been reset remotely. */
2815 *state = SSL_STREAM_STATE_RESET_REMOTE;
2816 *app_error_code = !is_write
2817 ? qs->peer_reset_stream_aec
2818 : qs->peer_stop_sending_aec;
2819 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
2820 &final_size)) {
2821 /*
2822 * Stream has been finished. Stream reset takes precedence over this for
2823 * the write case as peer may not have received all data.
2824 */
2825 *state = SSL_STREAM_STATE_FINISHED;
2826 } else {
2827 /* Stream still healthy. */
2828 *state = SSL_STREAM_STATE_OK;
2829 }
2830 }
2831
2832 static int quic_get_stream_state(SSL *ssl, int is_write)
2833 {
2834 QCTX ctx;
2835 int state;
2836
2837 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2838 return SSL_STREAM_STATE_NONE;
2839
2840 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
2841 quic_unlock(ctx.qc);
2842 return state;
2843 }
2844
2845 int ossl_quic_get_stream_read_state(SSL *ssl)
2846 {
2847 return quic_get_stream_state(ssl, /*is_write=*/0);
2848 }
2849
2850 /*
2851 * SSL_get_stream_write_state
2852 * --------------------------
2853 */
2854 int ossl_quic_get_stream_write_state(SSL *ssl)
2855 {
2856 return quic_get_stream_state(ssl, /*is_write=*/1);
2857 }
2858
2859 /*
2860 * SSL_get_stream_read_error_code
2861 * ------------------------------
2862 */
2863 static int quic_get_stream_error_code(SSL *ssl, int is_write,
2864 uint64_t *app_error_code)
2865 {
2866 QCTX ctx;
2867 int state;
2868
2869 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2870 return -1;
2871
2872 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
2873 &state, app_error_code);
2874
2875 quic_unlock(ctx.qc);
2876 switch (state) {
2877 case SSL_STREAM_STATE_FINISHED:
2878 return 0;
2879 case SSL_STREAM_STATE_RESET_LOCAL:
2880 case SSL_STREAM_STATE_RESET_REMOTE:
2881 return 1;
2882 default:
2883 return -1;
2884 }
2885 }
2886
2887 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
2888 {
2889 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
2890 }
2891
2892 /*
2893 * SSL_get_stream_write_error_code
2894 * -------------------------------
2895 */
2896 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
2897 {
2898 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
2899 }
2900
2901 /*
2902 * Write buffer size mutation
2903 * --------------------------
2904 */
2905 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
2906 {
2907 int ret = 0;
2908 QCTX ctx;
2909
2910 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
2911 return 0;
2912
2913 if (!ossl_quic_stream_has_send(ctx.xso->stream))
2914 /* Called on a unidirectional receive-only stream - error. */
2915 goto out;
2916
2917 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
2918 /*
2919 * If the stream has a send part but we have disposed of it because we
2920 * no longer need it, this is a no-op.
2921 */
2922 ret = 1;
2923 goto out;
2924 }
2925
2926 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size))
2927 goto out;
2928
2929 ret = 1;
2930
2931 out:
2932 quic_unlock(ctx.qc);
2933 return ret;
2934 }
2935
2936 /*
2937 * SSL_get_conn_close_info
2938 * -----------------------
2939 */
2940 int ossl_quic_get_conn_close_info(SSL *ssl,
2941 SSL_CONN_CLOSE_INFO *info,
2942 size_t info_len)
2943 {
2944 QCTX ctx;
2945 const QUIC_TERMINATE_CAUSE *tc;
2946
2947 if (!expect_quic_conn_only(ssl, &ctx))
2948 return -1;
2949
2950 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
2951 if (tc == NULL)
2952 return 0;
2953
2954 info->error_code = tc->error_code;
2955 info->reason = NULL; /* TODO(QUIC): Wire reason */
2956 info->reason_len = 0;
2957 info->is_local = !tc->remote;
2958 info->is_transport = !tc->app;
2959 return 1;
2960 }
2961
2962 /*
2963 * SSL_key_update
2964 * --------------
2965 */
2966 int ossl_quic_key_update(SSL *ssl, int update_type)
2967 {
2968 QCTX ctx;
2969
2970 if (!expect_quic_conn_only(ssl, &ctx))
2971 return 0;
2972
2973 switch (update_type) {
2974 case SSL_KEY_UPDATE_NOT_REQUESTED:
2975 /*
2976 * QUIC signals peer key update implicily by triggering a local
2977 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
2978 */
2979 case SSL_KEY_UPDATE_REQUESTED:
2980 break;
2981
2982 default:
2983 /* Unknown type - error. */
2984 return 0;
2985 }
2986
2987 quic_lock(ctx.qc);
2988
2989 /* Attempt to perform a TXKU. */
2990 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
2991 quic_unlock(ctx.qc);
2992 return 0;
2993 }
2994
2995 quic_unlock(ctx.qc);
2996 return 1;
2997 }
2998
2999 /*
3000 * SSL_get_key_update_type
3001 * -----------------------
3002 */
3003 int ossl_quic_get_key_update_type(const SSL *s)
3004 {
3005 /*
3006 * We always handle key updates immediately so a key update is never
3007 * pending.
3008 */
3009 return SSL_KEY_UPDATE_NONE;
3010 }
3011
3012 /*
3013 * QUIC Front-End I/O API: SSL_CTX Management
3014 * ==========================================
3015 */
3016
3017 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3018 {
3019 switch (cmd) {
3020 default:
3021 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3022 }
3023 }
3024
3025 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3026 {
3027 QCTX ctx;
3028
3029 if (!expect_quic_conn_only(s, &ctx))
3030 return 0;
3031
3032 switch (cmd) {
3033 case SSL_CTRL_SET_MSG_CALLBACK:
3034 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3035 &ctx.qc->ssl);
3036 /* This callback also needs to be set on the internal SSL object */
3037 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3038
3039 default:
3040 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3041 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3042 }
3043 }
3044
3045 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3046 {
3047 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3048 }
3049
3050 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3051 {
3052 /* We never do renegotiation. */
3053 return 0;
3054 }
3055
3056 /*
3057 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3058 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3059 */
3060
3061 int ossl_quic_num_ciphers(void)
3062 {
3063 return 0;
3064 }
3065
3066 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3067 {
3068 return NULL;
3069 }
3070
3071 /*
3072 * Internal Testing APIs
3073 * =====================
3074 */
3075
3076 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3077 {
3078 QCTX ctx;
3079
3080 if (!expect_quic_conn_only(s, &ctx))
3081 return NULL;
3082
3083 return ctx.qc->ch;
3084 }
A mirror of the official openssl repository