]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Free the QUIC TLS object before freeing the channel
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
1 /*
2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
21
22 typedef struct qctx_st QCTX;
23
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43
44 /*
45 * QUIC Front-End I/O API: Common Utilities
46 * ========================================
47 */
48
49 /*
50 * Block until a predicate is met.
51 *
52 * Precondition: Must have a channel.
53 * Precondition: Must hold channel lock (unchecked).
54 */
55 QUIC_NEEDS_LOCK
56 static int block_until_pred(QUIC_CONNECTION *qc,
57 int (*pred)(void *arg), void *pred_arg,
58 uint32_t flags)
59 {
60 QUIC_REACTOR *rtor;
61
62 assert(qc->ch != NULL);
63
64 /*
65 * Any attempt to block auto-disables tick inhibition as otherwise we will
66 * hang around forever.
67 */
68 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
69
70 rtor = ossl_quic_channel_get_reactor(qc->ch);
71 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
72 qc->mutex);
73 }
74
75 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
76 {
77 if (qc->override_now_cb != NULL)
78 return qc->override_now_cb(qc->override_now_cb_arg);
79 else
80 return ossl_time_now();
81 }
82
83 static OSSL_TIME get_time_cb(void *arg)
84 {
85 QUIC_CONNECTION *qc = arg;
86
87 return get_time(qc);
88 }
89
90 /*
91 * QCTX is a utility structure which provides information we commonly wish to
92 * unwrap upon an API call being dispatched to us, namely:
93 *
94 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
95 * was passed);
96 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
97 * a QCSO with a default stream was passed);
98 * - whether a QSSO was passed (xso == NULL must not be used to determine this
99 * because it may be non-NULL when a QCSO is passed if that QCSO has a
100 * default stream);
101 * - whether we are in "I/O context", meaning that non-normal errors can
102 * be reported via SSL_get_error() as well as via ERR. Functions such as
103 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
104 * functions which are allowed to change the value returned by
105 * SSL_get_error. However, other functions (including functions which call
106 * SSL_do_handshake() implicitly) are not allowed to change the return value
107 * of SSL_get_error.
108 */
109 struct qctx_st {
110 QUIC_CONNECTION *qc;
111 QUIC_XSO *xso;
112 int is_stream, in_io;
113 };
114
115 QUIC_NEEDS_LOCK
116 static void quic_set_last_error(QCTX *ctx, int last_error)
117 {
118 if (!ctx->in_io)
119 return;
120
121 if (ctx->is_stream && ctx->xso != NULL)
122 ctx->xso->last_error = last_error;
123 else if (!ctx->is_stream && ctx->qc != NULL)
124 ctx->qc->last_error = last_error;
125 }
126
127 /*
128 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
129 * rather than via ERR. Note that normal errors must always be raised while
130 * holding a lock.
131 */
132 QUIC_NEEDS_LOCK
133 static int quic_raise_normal_error(QCTX *ctx,
134 int err)
135 {
136 assert(ctx->in_io);
137 quic_set_last_error(ctx, err);
138
139 return 0;
140 }
141
142 /*
143 * Raise a 'non-normal' error, meaning any error that is not reported via
144 * SSL_get_error() and must be reported via ERR.
145 *
146 * qc should be provided if available. In exceptional circumstances when qc is
147 * not known NULL may be passed. This should generally only happen when an
148 * expect_...() function defined below fails, which generally indicates a
149 * dispatch error or caller error.
150 *
151 * ctx should be NULL if the connection lock is not held.
152 */
153 static int quic_raise_non_normal_error(QCTX *ctx,
154 const char *file,
155 int line,
156 const char *func,
157 int reason,
158 const char *fmt,
159 ...)
160 {
161 va_list args;
162
163 if (ctx != NULL) {
164 quic_set_last_error(ctx, SSL_ERROR_SSL);
165
166 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
167 ossl_quic_channel_restore_err_state(ctx->qc->ch);
168 }
169
170 ERR_new();
171 ERR_set_debug(file, line, func);
172
173 va_start(args, fmt);
174 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
175 va_end(args);
176
177 return 0;
178 }
179
180 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
181 quic_raise_normal_error((ctx), (err))
182
183 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
184 quic_raise_non_normal_error((ctx), \
185 OPENSSL_FILE, OPENSSL_LINE, \
186 OPENSSL_FUNC, \
187 (reason), \
188 (msg))
189
190 /*
191 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
192 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
193 *
194 * After this returns 1, all fields of the passed QCTX are initialised.
195 * Returns 0 on failure. This function is intended to be used to provide API
196 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
197 */
198 static int expect_quic(const SSL *s, QCTX *ctx)
199 {
200 QUIC_CONNECTION *qc;
201 QUIC_XSO *xso;
202
203 ctx->qc = NULL;
204 ctx->xso = NULL;
205 ctx->is_stream = 0;
206
207 if (s == NULL)
208 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
209
210 switch (s->type) {
211 case SSL_TYPE_QUIC_CONNECTION:
212 qc = (QUIC_CONNECTION *)s;
213 ctx->qc = qc;
214 ctx->xso = qc->default_xso;
215 ctx->is_stream = 0;
216 ctx->in_io = 0;
217 return 1;
218
219 case SSL_TYPE_QUIC_XSO:
220 xso = (QUIC_XSO *)s;
221 ctx->qc = xso->conn;
222 ctx->xso = xso;
223 ctx->is_stream = 1;
224 ctx->in_io = 0;
225 return 1;
226
227 default:
228 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
229 }
230 }
231
232 /*
233 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
234 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
235 * stream.
236 *
237 * remote_init determines if we expect the default XSO to be remotely created or
238 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
239 *
240 * Channel mutex is acquired and retained on success.
241 */
242 QUIC_ACQUIRES_LOCK
243 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
244 int in_io, QCTX *ctx)
245 {
246 if (!expect_quic(s, ctx))
247 return 0;
248
249 if (in_io)
250 quic_lock_for_io(ctx);
251 else
252 quic_lock(ctx->qc);
253
254 if (ctx->xso == NULL && remote_init >= 0) {
255 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
256 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
257 goto err;
258 }
259
260 /* If we haven't finished the handshake, try to advance it. */
261 if (quic_do_handshake(ctx) < 1)
262 /* ossl_quic_do_handshake raised error here */
263 goto err;
264
265 if (remote_init == 0) {
266 if (!qc_try_create_default_xso_for_write(ctx))
267 goto err;
268 } else {
269 if (!qc_wait_for_default_xso_for_read(ctx))
270 goto err;
271 }
272
273 ctx->xso = ctx->qc->default_xso;
274 }
275
276 if (ctx->xso == NULL) {
277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
278 goto err;
279 }
280
281 return 1; /* coverity[missing_unlock]: lock held */
282
283 err:
284 quic_unlock(ctx->qc);
285 return 0;
286 }
287
288 /*
289 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
290 * be non-NULL if the QCSO has a default stream.
291 */
292 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
293 {
294 if (!expect_quic(s, ctx))
295 return 0;
296
297 if (ctx->is_stream)
298 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
299
300 return 1;
301 }
302
303 /*
304 * Ensures that the channel mutex is held for a method which touches channel
305 * state.
306 *
307 * Precondition: Channel mutex is not held (unchecked)
308 */
309 static void quic_lock(QUIC_CONNECTION *qc)
310 {
311 #if defined(OPENSSL_THREADS)
312 ossl_crypto_mutex_lock(qc->mutex);
313 #endif
314 }
315
316 static void quic_lock_for_io(QCTX *ctx)
317 {
318 quic_lock(ctx->qc);
319 ctx->in_io = 1;
320
321 /*
322 * We are entering an I/O function so we must update the values returned by
323 * SSL_get_error and SSL_want. Set no error. This will be overridden later
324 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
325 * occurs during the API call.
326 */
327 quic_set_last_error(ctx, SSL_ERROR_NONE);
328 }
329
330 /* Precondition: Channel mutex is held (unchecked) */
331 QUIC_NEEDS_LOCK
332 static void quic_unlock(QUIC_CONNECTION *qc)
333 {
334 #if defined(OPENSSL_THREADS)
335 ossl_crypto_mutex_unlock(qc->mutex);
336 #endif
337 }
338
339 /*
340 * This predicate is the criterion which should determine API call rejection for
341 * *most* mutating API calls, particularly stream-related operations for send
342 * parts.
343 *
344 * A call is rejected (this function returns 0) if shutdown is in progress
345 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
346 * req_active=1, the connection must be active (i.e., the IDLE state is also
347 * rejected).
348 */
349 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
350 {
351 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
352 return 0;
353
354 if (req_active && !ossl_quic_channel_is_active(qc->ch))
355 return 0;
356
357 return 1;
358 }
359
360 /*
361 * QUIC Front-End I/O API: Initialization
362 * ======================================
363 *
364 * SSL_new => ossl_quic_new
365 * ossl_quic_init
366 * SSL_reset => ossl_quic_reset
367 * SSL_clear => ossl_quic_clear
368 * ossl_quic_deinit
369 * SSL_free => ossl_quic_free
370 *
371 * SSL_set_options => ossl_quic_set_options
372 * SSL_get_options => ossl_quic_get_options
373 * SSL_clear_options => ossl_quic_clear_options
374 *
375 */
376
377 /* SSL_new */
378 SSL *ossl_quic_new(SSL_CTX *ctx)
379 {
380 QUIC_CONNECTION *qc = NULL;
381 SSL *ssl_base = NULL;
382 SSL_CONNECTION *sc = NULL;
383
384 qc = OPENSSL_zalloc(sizeof(*qc));
385 if (qc == NULL) {
386 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
387 return NULL;
388 }
389 #if defined(OPENSSL_THREADS)
390 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
391 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
392 goto err;
393 }
394 #endif
395
396 /* Initialise the QUIC_CONNECTION's stub header. */
397 ssl_base = &qc->ssl;
398 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
399 ssl_base = NULL;
400 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
401 goto err;
402 }
403
404 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
405 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
406 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
407 goto err;
408 }
409
410 /* override the user_ssl of the inner connection */
411 sc->s3.flags |= TLS1_FLAGS_QUIC;
412
413 /* Restrict options derived from the SSL_CTX. */
414 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
415 sc->pha_enabled = 0;
416
417 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
418 qc->is_thread_assisted
419 = (ssl_base->method == OSSL_QUIC_client_thread_method());
420 #endif
421
422 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
423 qc->as_server_state = qc->as_server;
424
425 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
426 qc->default_ssl_mode = qc->ssl.ctx->mode;
427 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
428 qc->desires_blocking = 1;
429 qc->blocking = 0;
430 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
431 qc->last_error = SSL_ERROR_NONE;
432
433 if (!create_channel(qc))
434 goto err;
435
436 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
437 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
438
439 qc_update_reject_policy(qc);
440
441 /*
442 * We do not create the default XSO yet. The reason for this is that the
443 * stream ID of the default XSO will depend on whether the stream is client
444 * or server-initiated, which depends on who transmits first. Since we do
445 * not know whether the application will be using a client-transmits-first
446 * or server-transmits-first protocol, we defer default XSO creation until
447 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
448 * we take that as a cue that the client is expecting a server-initiated
449 * stream, and vice versa if SSL_write() is called first.
450 */
451 return ssl_base;
452
453 err:
454 if (ssl_base == NULL) {
455 #if defined(OPENSSL_THREADS)
456 ossl_crypto_mutex_free(qc->mutex);
457 #endif
458 OPENSSL_free(qc);
459 } else {
460 SSL_free(ssl_base);
461 }
462 return NULL;
463 }
464
465 /* SSL_free */
466 QUIC_TAKES_LOCK
467 void ossl_quic_free(SSL *s)
468 {
469 QCTX ctx;
470 int is_default;
471
472 /* We should never be called on anything but a QSO. */
473 if (!expect_quic(s, &ctx))
474 return;
475
476 quic_lock(ctx.qc);
477
478 if (ctx.is_stream) {
479 /*
480 * When a QSSO is freed, the XSO is freed immediately, because the XSO
481 * itself only contains API personality layer data. However the
482 * underlying QUIC_STREAM is not freed immediately but is instead marked
483 * as deleted for later collection.
484 */
485
486 assert(ctx.qc->num_xso > 0);
487 --ctx.qc->num_xso;
488
489 /* If a stream's send part has not been finished, auto-reset it. */
490 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
491 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
492 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
493 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
494 ctx.xso->stream, 0);
495
496 /* Do STOP_SENDING for the receive part, if applicable. */
497 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
498 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
499 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
500 ctx.xso->stream, 0);
501
502 /* Update stream state. */
503 ctx.xso->stream->deleted = 1;
504 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
505 ctx.xso->stream);
506
507 is_default = (ctx.xso == ctx.qc->default_xso);
508 quic_unlock(ctx.qc);
509
510 /*
511 * Unref the connection in most cases; the XSO has a ref to the QC and
512 * not vice versa. But for a default XSO, to avoid circular references,
513 * the QC refs the XSO but the XSO does not ref the QC. If we are the
514 * default XSO, we only get here when the QC is being torn down anyway,
515 * so don't call SSL_free(qc) as we are already in it.
516 */
517 if (!is_default)
518 SSL_free(&ctx.qc->ssl);
519
520 /* Note: SSL_free calls OPENSSL_free(xso) for us */
521 return;
522 }
523
524 /*
525 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
526 * stage, but is freed during the channel free when the whole QSM is freed.
527 */
528 if (ctx.qc->default_xso != NULL) {
529 QUIC_XSO *xso = ctx.qc->default_xso;
530
531 quic_unlock(ctx.qc);
532 SSL_free(&xso->ssl);
533 quic_lock(ctx.qc);
534 ctx.qc->default_xso = NULL;
535 }
536
537 /* Ensure we have no remaining XSOs. */
538 assert(ctx.qc->num_xso == 0);
539
540 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
541 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
542 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
543 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
544 }
545 #endif
546
547 SSL_free(ctx.qc->tls);
548
549 ossl_quic_channel_free(ctx.qc->ch);
550 ossl_quic_port_free(ctx.qc->port);
551 ossl_quic_engine_free(ctx.qc->engine);
552
553 BIO_free_all(ctx.qc->net_rbio);
554 BIO_free_all(ctx.qc->net_wbio);
555
556 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
557 #if defined(OPENSSL_THREADS)
558 ossl_crypto_mutex_free(&ctx.qc->mutex);
559 #endif
560
561 /*
562 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
563 * us
564 */
565 }
566
567 /* SSL method init */
568 int ossl_quic_init(SSL *s)
569 {
570 /* Same op as SSL_clear, forward the call. */
571 return ossl_quic_clear(s);
572 }
573
574 /* SSL method deinit */
575 void ossl_quic_deinit(SSL *s)
576 {
577 /* No-op. */
578 }
579
580 /* SSL_clear (ssl_reset method) */
581 int ossl_quic_reset(SSL *s)
582 {
583 QCTX ctx;
584
585 if (!expect_quic(s, &ctx))
586 return 0;
587
588 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
589 return 0;
590 }
591
592 /* ssl_clear method (unused) */
593 int ossl_quic_clear(SSL *s)
594 {
595 QCTX ctx;
596
597 if (!expect_quic(s, &ctx))
598 return 0;
599
600 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
601 return 0;
602 }
603
604 int ossl_quic_conn_set_override_now_cb(SSL *s,
605 OSSL_TIME (*now_cb)(void *arg),
606 void *now_cb_arg)
607 {
608 QCTX ctx;
609
610 if (!expect_quic(s, &ctx))
611 return 0;
612
613 quic_lock(ctx.qc);
614
615 ctx.qc->override_now_cb = now_cb;
616 ctx.qc->override_now_cb_arg = now_cb_arg;
617
618 quic_unlock(ctx.qc);
619 return 1;
620 }
621
622 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
623 {
624 QCTX ctx;
625
626 if (!expect_quic(s, &ctx))
627 return;
628
629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
630 if (ctx.qc->is_thread_assisted && ctx.qc->started)
631 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
632 #endif
633 }
634
635 QUIC_NEEDS_LOCK
636 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
637 {
638 qc->default_xso_created = 1;
639 qc_update_reject_policy(qc);
640 }
641
642 /*
643 * Changes default XSO. Allows caller to keep reference to the old default XSO
644 * (if any). Reference to new XSO is transferred from caller.
645 */
646 QUIC_NEEDS_LOCK
647 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
648 int touch,
649 QUIC_XSO **old_xso)
650 {
651 int refs;
652
653 *old_xso = NULL;
654
655 if (qc->default_xso != xso) {
656 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
657
658 qc->default_xso = xso;
659
660 if (xso == NULL) {
661 /*
662 * Changing to not having a default XSO. XSO becomes standalone and
663 * now has a ref to the QC.
664 */
665 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
666 return;
667 } else {
668 /*
669 * Changing from not having a default XSO to having one. The new XSO
670 * will have had a reference to the QC we need to drop to avoid a
671 * circular reference.
672 *
673 * Currently we never change directly from one default XSO to
674 * another, though this function would also still be correct if this
675 * weren't the case.
676 */
677 assert(*old_xso == NULL);
678
679 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
680 assert(refs > 0);
681 }
682 }
683
684 if (touch)
685 qc_touch_default_xso(qc);
686 }
687
688 /*
689 * Changes default XSO, releasing the reference to any previous default XSO.
690 * Reference to new XSO is transferred from caller.
691 */
692 QUIC_NEEDS_LOCK
693 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
694 {
695 QUIC_XSO *old_xso = NULL;
696
697 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
698
699 if (old_xso != NULL)
700 SSL_free(&old_xso->ssl);
701 }
702
703 QUIC_NEEDS_LOCK
704 static void xso_update_options(QUIC_XSO *xso)
705 {
706 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
707
708 if (xso->stream->rstream != NULL)
709 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
710
711 if (xso->stream->sstream != NULL)
712 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
713 }
714
715 /*
716 * SSL_set_options
717 * ---------------
718 *
719 * Setting options on a QCSO
720 * - configures the handshake-layer options;
721 * - configures the default data-plane options for new streams;
722 * - configures the data-plane options on the default XSO, if there is one.
723 *
724 * Setting options on a QSSO
725 * - configures data-plane options for that stream only.
726 */
727 QUIC_TAKES_LOCK
728 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
729 {
730 QCTX ctx;
731 uint64_t hs_mask_value, hs_or_value, ret;
732
733 if (!expect_quic(ssl, &ctx))
734 return 0;
735
736 quic_lock(ctx.qc);
737
738 if (!ctx.is_stream) {
739 /*
740 * If we were called on the connection, we apply any handshake option
741 * changes.
742 */
743 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
744 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
745
746 SSL_clear_options(ctx.qc->tls, hs_mask_value);
747 SSL_set_options(ctx.qc->tls, hs_or_value);
748
749 /* Update defaults for new streams. */
750 ctx.qc->default_ssl_options
751 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
752 & OSSL_QUIC_PERMITTED_OPTIONS;
753 }
754
755 if (ctx.xso != NULL) {
756 ctx.xso->ssl_options
757 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
758 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
759
760 xso_update_options(ctx.xso);
761 }
762
763 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
764
765 quic_unlock(ctx.qc);
766 return ret;
767 }
768
769 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
770 {
771 return quic_mask_or_options(ssl, 0, options);
772 }
773
774 /* SSL_clear_options */
775 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
776 {
777 return quic_mask_or_options(ssl, options, 0);
778 }
779
780 /* SSL_get_options */
781 uint64_t ossl_quic_get_options(const SSL *ssl)
782 {
783 return quic_mask_or_options((SSL *)ssl, 0, 0);
784 }
785
786 /*
787 * QUIC Front-End I/O API: Network BIO Configuration
788 * =================================================
789 *
790 * Handling the different BIOs is difficult:
791 *
792 * - It is more or less a requirement that we use non-blocking network I/O;
793 * we need to be able to have timeouts on recv() calls, and make best effort
794 * (non blocking) send() and recv() calls.
795 *
796 * The only sensible way to do this is to configure the socket into
797 * non-blocking mode. We could try to do select() before calling send() or
798 * recv() to get a guarantee that the call will not block, but this will
799 * probably run into issues with buggy OSes which generate spurious socket
800 * readiness events. In any case, relying on this to work reliably does not
801 * seem sane.
802 *
803 * Timeouts could be handled via setsockopt() socket timeout options, but
804 * this depends on OS support and adds another syscall to every network I/O
805 * operation. It also has obvious thread safety concerns if we want to move
806 * to concurrent use of a single socket at some later date.
807 *
808 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
809 * be made non-blocking. However some OSes (e.g. Windows) do not support
810 * this, so we cannot rely on this.
811 *
812 * As such, we need to configure any FD in non-blocking mode. This may
813 * confound users who pass a blocking socket to libssl. However, in practice
814 * it would be extremely strange for a user of QUIC to pass an FD to us,
815 * then also try and send receive traffic on the same socket(!). Thus the
816 * impact of this should be limited, and can be documented.
817 *
818 * - We support both blocking and non-blocking operation in terms of the API
819 * presented to the user. One prospect is to set the blocking mode based on
820 * whether the socket passed to us was already in blocking mode. However,
821 * Windows has no API for determining if a socket is in blocking mode (!),
822 * therefore this cannot be done portably. Currently therefore we expose an
823 * explicit API call to set this, and default to blocking mode.
824 *
825 * - We need to determine our initial destination UDP address. The "natural"
826 * way for a user to do this is to set the peer variable on a BIO_dgram.
827 * However, this has problems because BIO_dgram's peer variable is used for
828 * both transmission and reception. This means it can be constantly being
829 * changed to a malicious value (e.g. if some random unrelated entity on the
830 * network starts sending traffic to us) on every read call. This is not a
831 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
832 * calls only, which do not use this variable. However, we do need to let
833 * the user specify the peer in a 'normal' manner. The compromise here is
834 * that we grab the current peer value set at the time the write BIO is set
835 * and do not read the value again.
836 *
837 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
838 * Currently we do this by only supporting non-blocking mode.
839 *
840 */
841
842 /*
843 * Determines what initial destination UDP address we should use, if possible.
844 * If this fails the client must set the destination address manually, or use a
845 * BIO which does not need a destination address.
846 */
847 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
848 {
849 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
850 return 0;
851
852 return 1;
853 }
854
855 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
856 {
857 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
858
859 return ossl_quic_reactor_can_poll_r(rtor)
860 && ossl_quic_reactor_can_poll_w(rtor);
861 }
862
863 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
864 {
865 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
866 }
867
868 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
869 {
870 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
871 }
872
873 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
874 {
875 QCTX ctx;
876
877 if (!expect_quic(s, &ctx))
878 return;
879
880 if (ctx.qc->net_rbio == net_rbio)
881 return;
882
883 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
884 return;
885
886 BIO_free_all(ctx.qc->net_rbio);
887 ctx.qc->net_rbio = net_rbio;
888
889 if (net_rbio != NULL)
890 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
891
892 /*
893 * Determine if the current pair of read/write BIOs now set allows blocking
894 * mode to be supported.
895 */
896 qc_update_can_support_blocking(ctx.qc);
897 qc_update_blocking_mode(ctx.qc);
898 }
899
900 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
901 {
902 QCTX ctx;
903
904 if (!expect_quic(s, &ctx))
905 return;
906
907 if (ctx.qc->net_wbio == net_wbio)
908 return;
909
910 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
911 return;
912
913 BIO_free_all(ctx.qc->net_wbio);
914 ctx.qc->net_wbio = net_wbio;
915
916 if (net_wbio != NULL)
917 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
918
919 /*
920 * Determine if the current pair of read/write BIOs now set allows blocking
921 * mode to be supported.
922 */
923 qc_update_can_support_blocking(ctx.qc);
924 qc_update_blocking_mode(ctx.qc);
925 }
926
927 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
928 {
929 QCTX ctx;
930
931 if (!expect_quic(s, &ctx))
932 return NULL;
933
934 return ctx.qc->net_rbio;
935 }
936
937 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
938 {
939 QCTX ctx;
940
941 if (!expect_quic(s, &ctx))
942 return NULL;
943
944 return ctx.qc->net_wbio;
945 }
946
947 int ossl_quic_conn_get_blocking_mode(const SSL *s)
948 {
949 QCTX ctx;
950
951 if (!expect_quic(s, &ctx))
952 return 0;
953
954 if (ctx.is_stream)
955 return xso_blocking_mode(ctx.xso);
956
957 return qc_blocking_mode(ctx.qc);
958 }
959
960 QUIC_TAKES_LOCK
961 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
962 {
963 int ret = 0;
964 QCTX ctx;
965
966 if (!expect_quic(s, &ctx))
967 return 0;
968
969 quic_lock(ctx.qc);
970
971 /* Sanity check - can we support the request given the current network BIO? */
972 if (blocking) {
973 /*
974 * If called directly on a QCSO, update our information on network BIO
975 * capabilities.
976 */
977 if (!ctx.is_stream)
978 qc_update_can_support_blocking(ctx.qc);
979
980 /* Cannot enable blocking mode if we do not have pollable FDs. */
981 if (!qc_can_support_blocking_cached(ctx.qc)) {
982 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
983 goto out;
984 }
985 }
986
987 if (!ctx.is_stream)
988 /*
989 * If called directly on a QCSO, update default and connection-level
990 * blocking modes.
991 */
992 ctx.qc->desires_blocking = (blocking != 0);
993
994 if (ctx.xso != NULL) {
995 /*
996 * If called on a QSSO or a QCSO with a default XSO, update the blocking
997 * mode.
998 */
999 ctx.xso->desires_blocking = (blocking != 0);
1000 ctx.xso->desires_blocking_set = 1;
1001 }
1002
1003 ret = 1;
1004 out:
1005 qc_update_blocking_mode(ctx.qc);
1006 quic_unlock(ctx.qc);
1007 return ret;
1008 }
1009
1010 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1011 const BIO_ADDR *peer_addr)
1012 {
1013 QCTX ctx;
1014
1015 if (!expect_quic(s, &ctx))
1016 return 0;
1017
1018 if (ctx.qc->started)
1019 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1020 NULL);
1021
1022 if (peer_addr == NULL) {
1023 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1024 return 1;
1025 }
1026
1027 ctx.qc->init_peer_addr = *peer_addr;
1028 return 1;
1029 }
1030
1031 /*
1032 * QUIC Front-End I/O API: Asynchronous I/O Management
1033 * ===================================================
1034 *
1035 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1036 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1037 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1038 *
1039 */
1040
1041 /* Returns 1 if the connection is being used in blocking mode. */
1042 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1043 {
1044 return qc->blocking;
1045 }
1046
1047 static int xso_blocking_mode(const QUIC_XSO *xso)
1048 {
1049 if (xso->desires_blocking_set)
1050 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1051 else
1052 /* Only ever set if we can support blocking. */
1053 return xso->conn->blocking;
1054 }
1055
1056 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1057 QUIC_TAKES_LOCK
1058 int ossl_quic_handle_events(SSL *s)
1059 {
1060 QCTX ctx;
1061
1062 if (!expect_quic(s, &ctx))
1063 return 0;
1064
1065 quic_lock(ctx.qc);
1066 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1067 quic_unlock(ctx.qc);
1068 return 1;
1069 }
1070
1071 /*
1072 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1073 * should next have events handled by the application by calling
1074 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1075 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1076 * the value of *tv is undefined.
1077 */
1078 QUIC_TAKES_LOCK
1079 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1080 {
1081 QCTX ctx;
1082 OSSL_TIME deadline = ossl_time_infinite();
1083
1084 if (!expect_quic(s, &ctx))
1085 return 0;
1086
1087 quic_lock(ctx.qc);
1088
1089 deadline
1090 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1091
1092 if (ossl_time_is_infinite(deadline)) {
1093 *is_infinite = 1;
1094
1095 /*
1096 * Robustness against faulty applications that don't check *is_infinite;
1097 * harmless long timeout.
1098 */
1099 tv->tv_sec = 1000000;
1100 tv->tv_usec = 0;
1101
1102 quic_unlock(ctx.qc);
1103 return 1;
1104 }
1105
1106 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1107 *is_infinite = 0;
1108 quic_unlock(ctx.qc);
1109 return 1;
1110 }
1111
1112 /* SSL_get_rpoll_descriptor */
1113 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1114 {
1115 QCTX ctx;
1116
1117 if (!expect_quic(s, &ctx))
1118 return 0;
1119
1120 if (desc == NULL || ctx.qc->net_rbio == NULL)
1121 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1122 NULL);
1123
1124 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1125 }
1126
1127 /* SSL_get_wpoll_descriptor */
1128 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1129 {
1130 QCTX ctx;
1131
1132 if (!expect_quic(s, &ctx))
1133 return 0;
1134
1135 if (desc == NULL || ctx.qc->net_wbio == NULL)
1136 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1137 NULL);
1138
1139 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1140 }
1141
1142 /* SSL_net_read_desired */
1143 QUIC_TAKES_LOCK
1144 int ossl_quic_get_net_read_desired(SSL *s)
1145 {
1146 QCTX ctx;
1147 int ret;
1148
1149 if (!expect_quic(s, &ctx))
1150 return 0;
1151
1152 quic_lock(ctx.qc);
1153 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1154 quic_unlock(ctx.qc);
1155 return ret;
1156 }
1157
1158 /* SSL_net_write_desired */
1159 QUIC_TAKES_LOCK
1160 int ossl_quic_get_net_write_desired(SSL *s)
1161 {
1162 int ret;
1163 QCTX ctx;
1164
1165 if (!expect_quic(s, &ctx))
1166 return 0;
1167
1168 quic_lock(ctx.qc);
1169 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1170 quic_unlock(ctx.qc);
1171 return ret;
1172 }
1173
1174 /*
1175 * QUIC Front-End I/O API: Connection Lifecycle Operations
1176 * =======================================================
1177 *
1178 * SSL_do_handshake => ossl_quic_do_handshake
1179 * SSL_set_connect_state => ossl_quic_set_connect_state
1180 * SSL_set_accept_state => ossl_quic_set_accept_state
1181 * SSL_shutdown => ossl_quic_shutdown
1182 * SSL_ctrl => ossl_quic_ctrl
1183 * (BIO/)SSL_connect => ossl_quic_connect
1184 * (BIO/)SSL_accept => ossl_quic_accept
1185 *
1186 */
1187
1188 QUIC_NEEDS_LOCK
1189 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1190 {
1191 QUIC_STREAM_MAP *qsm;
1192
1193 if (qc->shutting_down)
1194 return;
1195
1196 qsm = ossl_quic_channel_get_qsm(qc->ch);
1197
1198 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1199 qc->shutting_down = 1;
1200 }
1201
1202 /* Returns 1 if all shutdown-flush streams have been done with. */
1203 QUIC_NEEDS_LOCK
1204 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1205 {
1206 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1207
1208 return qc->shutting_down
1209 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1210 }
1211
1212 /* SSL_shutdown */
1213 static int quic_shutdown_wait(void *arg)
1214 {
1215 QUIC_CONNECTION *qc = arg;
1216
1217 return ossl_quic_channel_is_terminated(qc->ch);
1218 }
1219
1220 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1221 static int quic_shutdown_flush_wait(void *arg)
1222 {
1223 QUIC_CONNECTION *qc = arg;
1224
1225 return ossl_quic_channel_is_term_any(qc->ch)
1226 || qc_shutdown_flush_finished(qc);
1227 }
1228
1229 static int quic_shutdown_peer_wait(void *arg)
1230 {
1231 QUIC_CONNECTION *qc = arg;
1232 return ossl_quic_channel_is_term_any(qc->ch);
1233 }
1234
1235 QUIC_TAKES_LOCK
1236 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1237 const SSL_SHUTDOWN_EX_ARGS *args,
1238 size_t args_len)
1239 {
1240 int ret;
1241 QCTX ctx;
1242 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1243 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1244 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1245
1246 if (!expect_quic(s, &ctx))
1247 return -1;
1248
1249 if (ctx.is_stream) {
1250 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1251 return -1;
1252 }
1253
1254 quic_lock(ctx.qc);
1255
1256 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1257 quic_unlock(ctx.qc);
1258 return 1;
1259 }
1260
1261 /* Phase 1: Stream Flushing */
1262 if (!wait_peer && stream_flush) {
1263 qc_shutdown_flush_init(ctx.qc);
1264
1265 if (!qc_shutdown_flush_finished(ctx.qc)) {
1266 if (!no_block && qc_blocking_mode(ctx.qc)) {
1267 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1268 if (ret < 1) {
1269 ret = 0;
1270 goto err;
1271 }
1272 } else {
1273 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1274 }
1275 }
1276
1277 if (!qc_shutdown_flush_finished(ctx.qc)) {
1278 quic_unlock(ctx.qc);
1279 return 0; /* ongoing */
1280 }
1281 }
1282
1283 /* Phase 2: Connection Closure */
1284 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1285 if (!no_block && qc_blocking_mode(ctx.qc)) {
1286 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1287 if (ret < 1) {
1288 ret = 0;
1289 goto err;
1290 }
1291 } else {
1292 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1293 }
1294
1295 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1296 ret = 0; /* peer hasn't closed yet - still not done */
1297 goto err;
1298 }
1299
1300 /*
1301 * We are at least terminating - go through the normal process of
1302 * waiting until we are in the TERMINATED state.
1303 */
1304 }
1305
1306 /* Block mutation ops regardless of if we did stream flush. */
1307 ctx.qc->shutting_down = 1;
1308
1309 /*
1310 * This call is a no-op if we are already terminating, so it doesn't
1311 * affect the wait_peer case.
1312 */
1313 ossl_quic_channel_local_close(ctx.qc->ch,
1314 args != NULL ? args->quic_error_code : 0,
1315 args != NULL ? args->quic_reason : NULL);
1316
1317 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1318
1319 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1320 quic_unlock(ctx.qc);
1321 return 1;
1322 }
1323
1324 /* Phase 3: Terminating Wait Time */
1325 if (!no_block && qc_blocking_mode(ctx.qc)
1326 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1327 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1328 if (ret < 1) {
1329 ret = 0;
1330 goto err;
1331 }
1332 } else {
1333 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1334 }
1335
1336 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1337 err:
1338 quic_unlock(ctx.qc);
1339 return ret;
1340 }
1341
1342 /* SSL_ctrl */
1343 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1344 {
1345 QCTX ctx;
1346
1347 if (!expect_quic(s, &ctx))
1348 return 0;
1349
1350 switch (cmd) {
1351 case SSL_CTRL_MODE:
1352 /* If called on a QCSO, update the default mode. */
1353 if (!ctx.is_stream)
1354 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1355
1356 /*
1357 * If we were called on a QSSO or have a default stream, we also update
1358 * that.
1359 */
1360 if (ctx.xso != NULL) {
1361 /* Cannot enable EPW while AON write in progress. */
1362 if (ctx.xso->aon_write_in_progress)
1363 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1364
1365 ctx.xso->ssl_mode |= (uint32_t)larg;
1366 return ctx.xso->ssl_mode;
1367 }
1368
1369 return ctx.qc->default_ssl_mode;
1370 case SSL_CTRL_CLEAR_MODE:
1371 if (!ctx.is_stream)
1372 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1373
1374 if (ctx.xso != NULL) {
1375 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1376 return ctx.xso->ssl_mode;
1377 }
1378
1379 return ctx.qc->default_ssl_mode;
1380
1381 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1382 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1383 /* This ctrl also needs to be passed to the internal SSL object */
1384 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1385
1386 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1387 {
1388 int is_infinite;
1389
1390 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1391 return 0;
1392
1393 return !is_infinite;
1394 }
1395 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1396 /* For legacy compatibility with DTLS calls. */
1397 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1398
1399 /* Mask ctrls we shouldn't support for QUIC. */
1400 case SSL_CTRL_GET_READ_AHEAD:
1401 case SSL_CTRL_SET_READ_AHEAD:
1402 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1403 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1404 case SSL_CTRL_SET_MAX_PIPELINES:
1405 return 0;
1406
1407 default:
1408 /*
1409 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1410 * implementation. Either SSL_ctrl will handle it itself by direct
1411 * access into handshake layer state, or failing that, it will be passed
1412 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1413 * supported by anything, the handshake layer's ctrl method will finally
1414 * return 0.
1415 */
1416 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1417 }
1418 }
1419
1420 /* SSL_set_connect_state */
1421 void ossl_quic_set_connect_state(SSL *s)
1422 {
1423 QCTX ctx;
1424
1425 if (!expect_quic(s, &ctx))
1426 return;
1427
1428 /* Cannot be changed after handshake started */
1429 if (ctx.qc->started || ctx.is_stream)
1430 return;
1431
1432 ctx.qc->as_server_state = 0;
1433 }
1434
1435 /* SSL_set_accept_state */
1436 void ossl_quic_set_accept_state(SSL *s)
1437 {
1438 QCTX ctx;
1439
1440 if (!expect_quic(s, &ctx))
1441 return;
1442
1443 /* Cannot be changed after handshake started */
1444 if (ctx.qc->started || ctx.is_stream)
1445 return;
1446
1447 ctx.qc->as_server_state = 1;
1448 }
1449
1450 /* SSL_do_handshake */
1451 struct quic_handshake_wait_args {
1452 QUIC_CONNECTION *qc;
1453 };
1454
1455 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1456 {
1457 int want = SSL_want(qc->tls);
1458
1459 if (want == SSL_X509_LOOKUP
1460 || want == SSL_CLIENT_HELLO_CB
1461 || want == SSL_RETRY_VERIFY)
1462 return 1;
1463
1464 return 0;
1465 }
1466
1467 static int quic_handshake_wait(void *arg)
1468 {
1469 struct quic_handshake_wait_args *args = arg;
1470
1471 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1472 return -1;
1473
1474 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1475 return 1;
1476
1477 if (tls_wants_non_io_retry(args->qc))
1478 return 1;
1479
1480 return 0;
1481 }
1482
1483 static int configure_channel(QUIC_CONNECTION *qc)
1484 {
1485 assert(qc->ch != NULL);
1486
1487 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1488 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1489 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1490 return 0;
1491
1492 return 1;
1493 }
1494
1495 QUIC_NEEDS_LOCK
1496 static int create_channel(QUIC_CONNECTION *qc)
1497 {
1498 QUIC_ENGINE_ARGS engine_args = {0};
1499 QUIC_PORT_ARGS port_args = {0};
1500
1501 engine_args.libctx = qc->ssl.ctx->libctx;
1502 engine_args.propq = qc->ssl.ctx->propq;
1503 engine_args.mutex = qc->mutex;
1504 engine_args.now_cb = get_time_cb;
1505 engine_args.now_cb_arg = qc;
1506 qc->engine = ossl_quic_engine_new(&engine_args);
1507 if (qc->engine == NULL) {
1508 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1509 return 0;
1510 }
1511
1512 port_args.channel_ctx = qc->ssl.ctx;
1513 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1514 if (qc->port == NULL) {
1515 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1516 ossl_quic_engine_free(qc->engine);
1517 return 0;
1518 }
1519
1520 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1521 if (qc->ch == NULL) {
1522 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1523 ossl_quic_port_free(qc->port);
1524 ossl_quic_engine_free(qc->engine);
1525 return 0;
1526 }
1527
1528 return 1;
1529 }
1530
1531 /*
1532 * Configures a channel with the information we have accumulated via calls made
1533 * to us from the application prior to starting a handshake attempt.
1534 */
1535 QUIC_NEEDS_LOCK
1536 static int ensure_channel_started(QCTX *ctx)
1537 {
1538 QUIC_CONNECTION *qc = ctx->qc;
1539
1540 if (!qc->started) {
1541 if (!configure_channel(qc)) {
1542 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1543 "failed to configure channel");
1544 return 0;
1545 }
1546
1547 if (!ossl_quic_channel_start(qc->ch)) {
1548 ossl_quic_channel_restore_err_state(qc->ch);
1549 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1550 "failed to start channel");
1551 return 0;
1552 }
1553
1554 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1555 if (qc->is_thread_assisted)
1556 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1557 qc->override_now_cb,
1558 qc->override_now_cb_arg)) {
1559 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1560 "failed to start assist thread");
1561 return 0;
1562 }
1563 #endif
1564 }
1565
1566 qc->started = 1;
1567 return 1;
1568 }
1569
1570 QUIC_NEEDS_LOCK
1571 static int quic_do_handshake(QCTX *ctx)
1572 {
1573 int ret;
1574 QUIC_CONNECTION *qc = ctx->qc;
1575
1576 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1577 /* Handshake already completed. */
1578 return 1;
1579
1580 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1581 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1582
1583 if (qc->as_server != qc->as_server_state) {
1584 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1585 return -1; /* Non-protocol error */
1586 }
1587
1588 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1589 /* Need read and write BIOs. */
1590 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1591 return -1; /* Non-protocol error */
1592 }
1593
1594 /*
1595 * We need to determine our addressing mode. There are basically two
1596 * ways we can use L4 addresses:
1597 *
1598 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1599 * addresses attached to them which we expect the underlying network BIO
1600 * to handle;
1601 *
1602 * - Unaddressed mode, in which the BIO provided to us on the
1603 * network side neither provides us with L4 addresses nor is capable of
1604 * honouring ones we provide. We don't know where the QUIC traffic we
1605 * send ends up exactly and trust the application to know what it is
1606 * doing.
1607 *
1608 * Addressed mode is preferred because it enables support for connection
1609 * migration, multipath, etc. in the future. Addressed mode is automatically
1610 * enabled if we are using e.g. BIO_s_datagram, with or without
1611 * BIO_s_connect.
1612 *
1613 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1614 * use unaddressed mode unless that BIO supports capability flags indicating
1615 * it can provide and honour L4 addresses.
1616 *
1617 * Our strategy for determining address mode is simple: we probe the
1618 * underlying network BIOs for their capabilities. If the network BIOs
1619 * support what we need, we use addressed mode. Otherwise, we use
1620 * unaddressed mode.
1621 *
1622 * If addressed mode is chosen, we require an initial peer address to be
1623 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1624 * require this, as such an address is superfluous, though it can be set if
1625 * desired.
1626 */
1627 if (!qc->started && !qc->addressing_probe_done) {
1628 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1629 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1630
1631 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1632 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1633 qc->addressing_probe_done = 1;
1634 }
1635
1636 if (!qc->started && qc->addressed_mode_w
1637 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1638 /*
1639 * We are trying to connect and are using addressed mode, which means we
1640 * need an initial peer address; if we do not have a peer address yet,
1641 * we should try to autodetect one.
1642 *
1643 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1644 * may not be able to provide us with a peer address until they have
1645 * finished their own processing. They may not be able to perform this
1646 * processing until an application has finished configuring that BIO
1647 * (e.g. with setter calls), which might happen after SSL_set_bio is
1648 * called.
1649 */
1650 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1651 /* best effort */
1652 BIO_ADDR_clear(&qc->init_peer_addr);
1653 else
1654 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1655 }
1656
1657 if (!qc->started
1658 && qc->addressed_mode_w
1659 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1660 /*
1661 * If we still don't have a peer address in addressed mode, we can't do
1662 * anything.
1663 */
1664 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1665 return -1; /* Non-protocol error */
1666 }
1667
1668 /*
1669 * Start connection process. Note we may come here multiple times in
1670 * non-blocking mode, which is fine.
1671 */
1672 if (!ensure_channel_started(ctx)) /* raises on failure */
1673 return -1; /* Non-protocol error */
1674
1675 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1676 /* The handshake is now done. */
1677 return 1;
1678
1679 if (!qc_blocking_mode(qc)) {
1680 /* Try to advance the reactor. */
1681 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1682
1683 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1684 /* The handshake is now done. */
1685 return 1;
1686
1687 if (ossl_quic_channel_is_term_any(qc->ch)) {
1688 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1689 return 0;
1690 } else if (qc->desires_blocking) {
1691 /*
1692 * As a special case when doing a handshake when blocking mode is
1693 * desired yet not available, see if the network BIOs have become
1694 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1695 * which do late creation of socket FDs and therefore cannot expose
1696 * a poll descriptor until after a network BIO is set on the QCSO.
1697 */
1698 assert(!qc->blocking);
1699 qc_update_can_support_blocking(qc);
1700 qc_update_blocking_mode(qc);
1701 }
1702 }
1703
1704 /*
1705 * We are either in blocking mode or just entered it due to the code above.
1706 */
1707 if (qc_blocking_mode(qc)) {
1708 /* In blocking mode, wait for the handshake to complete. */
1709 struct quic_handshake_wait_args args;
1710
1711 args.qc = qc;
1712
1713 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1714 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1715 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1716 return 0; /* Shutdown before completion */
1717 } else if (ret <= 0) {
1718 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1719 return -1; /* Non-protocol error */
1720 }
1721
1722 if (tls_wants_non_io_retry(qc)) {
1723 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1724 return -1;
1725 }
1726
1727 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1728 return 1;
1729 }
1730
1731 if (tls_wants_non_io_retry(qc)) {
1732 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1733 return -1;
1734 }
1735
1736 /*
1737 * Otherwise, indicate that the handshake isn't done yet.
1738 * We can only get here in non-blocking mode.
1739 */
1740 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1741 return -1; /* Non-protocol error */
1742 }
1743
1744 QUIC_TAKES_LOCK
1745 int ossl_quic_do_handshake(SSL *s)
1746 {
1747 int ret;
1748 QCTX ctx;
1749
1750 if (!expect_quic(s, &ctx))
1751 return 0;
1752
1753 quic_lock_for_io(&ctx);
1754
1755 ret = quic_do_handshake(&ctx);
1756 quic_unlock(ctx.qc);
1757 return ret;
1758 }
1759
1760 /* SSL_connect */
1761 int ossl_quic_connect(SSL *s)
1762 {
1763 /* Ensure we are in connect state (no-op if non-idle). */
1764 ossl_quic_set_connect_state(s);
1765
1766 /* Begin or continue the handshake */
1767 return ossl_quic_do_handshake(s);
1768 }
1769
1770 /* SSL_accept */
1771 int ossl_quic_accept(SSL *s)
1772 {
1773 /* Ensure we are in accept state (no-op if non-idle). */
1774 ossl_quic_set_accept_state(s);
1775
1776 /* Begin or continue the handshake */
1777 return ossl_quic_do_handshake(s);
1778 }
1779
1780 /*
1781 * QUIC Front-End I/O API: Stream Lifecycle Operations
1782 * ===================================================
1783 *
1784 * SSL_stream_new => ossl_quic_conn_stream_new
1785 *
1786 */
1787
1788 /*
1789 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1790 * default XSO was created. Returns 0 if it was not (e.g. because it already
1791 * exists). Note that this is NOT an error condition.
1792 */
1793 QUIC_NEEDS_LOCK
1794 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1795 {
1796 uint64_t flags = 0;
1797 QUIC_CONNECTION *qc = ctx->qc;
1798
1799 if (qc->default_xso_created
1800 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1801 /*
1802 * We only do this once. If the user detaches a previously created
1803 * default XSO we don't auto-create another one.
1804 */
1805 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1806
1807 /* Create a locally-initiated stream. */
1808 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1809 flags |= SSL_STREAM_FLAG_UNI;
1810
1811 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1812 /*needs_lock=*/0),
1813 /*touch=*/0);
1814 if (qc->default_xso == NULL)
1815 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1816
1817 qc_touch_default_xso(qc);
1818 return 1;
1819 }
1820
1821 struct quic_wait_for_stream_args {
1822 QUIC_CONNECTION *qc;
1823 QUIC_STREAM *qs;
1824 QCTX *ctx;
1825 uint64_t expect_id;
1826 };
1827
1828 QUIC_NEEDS_LOCK
1829 static int quic_wait_for_stream(void *arg)
1830 {
1831 struct quic_wait_for_stream_args *args = arg;
1832
1833 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1834 /* If connection is torn down due to an error while blocking, stop. */
1835 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1836 return -1;
1837 }
1838
1839 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1840 args->expect_id | QUIC_STREAM_DIR_BIDI);
1841 if (args->qs == NULL)
1842 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1843 args->expect_id | QUIC_STREAM_DIR_UNI);
1844
1845 if (args->qs != NULL)
1846 return 1; /* stream now exists */
1847
1848 return 0; /* did not get a stream, keep trying */
1849 }
1850
1851 QUIC_NEEDS_LOCK
1852 static int qc_wait_for_default_xso_for_read(QCTX *ctx)
1853 {
1854 /* Called on a QCSO and we don't currently have a default stream. */
1855 uint64_t expect_id;
1856 QUIC_CONNECTION *qc = ctx->qc;
1857 QUIC_STREAM *qs;
1858 int res;
1859 struct quic_wait_for_stream_args wargs;
1860 OSSL_RTT_INFO rtt_info;
1861
1862 /*
1863 * If default stream functionality is disabled or we already detached
1864 * one, don't make another default stream and just fail.
1865 */
1866 if (qc->default_xso_created
1867 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1868 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1869
1870 /*
1871 * The peer may have opened a stream since we last ticked. So tick and
1872 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1873 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1874 * first stream created by a peer must have an ordinal of 0.
1875 */
1876 expect_id = qc->as_server
1877 ? QUIC_STREAM_INITIATOR_CLIENT
1878 : QUIC_STREAM_INITIATOR_SERVER;
1879
1880 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1881 expect_id | QUIC_STREAM_DIR_BIDI);
1882 if (qs == NULL)
1883 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1884 expect_id | QUIC_STREAM_DIR_UNI);
1885
1886 if (qs == NULL) {
1887 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1888
1889 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1890 expect_id);
1891 }
1892
1893 if (qs == NULL) {
1894 if (!qc_blocking_mode(qc))
1895 /* Non-blocking mode, so just bail immediately. */
1896 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1897
1898 /* Block until we have a stream. */
1899 wargs.qc = qc;
1900 wargs.qs = NULL;
1901 wargs.ctx = ctx;
1902 wargs.expect_id = expect_id;
1903
1904 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1905 if (res == 0)
1906 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1907 else if (res < 0 || wargs.qs == NULL)
1908 /* quic_wait_for_stream raised error here */
1909 return 0;
1910
1911 qs = wargs.qs;
1912 }
1913
1914 /*
1915 * We now have qs != NULL. Remove it from the incoming stream queue so that
1916 * it isn't also returned by any future SSL_accept_stream calls.
1917 */
1918 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1919 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1920 qs, rtt_info.smoothed_rtt);
1921
1922 /*
1923 * Now make qs the default stream, creating the necessary XSO.
1924 */
1925 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1926 if (qc->default_xso == NULL)
1927 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1928
1929 qc_touch_default_xso(qc); /* inhibits default XSO */
1930 return 1;
1931 }
1932
1933 QUIC_NEEDS_LOCK
1934 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1935 {
1936 QUIC_XSO *xso = NULL;
1937
1938 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1939 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1940 goto err;
1941 }
1942
1943 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1944 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1945 goto err;
1946 }
1947
1948 /* XSO refs QC */
1949 if (!SSL_up_ref(&qc->ssl)) {
1950 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1951 goto err;
1952 }
1953
1954 xso->conn = qc;
1955 xso->ssl_mode = qc->default_ssl_mode;
1956 xso->ssl_options
1957 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1958 xso->last_error = SSL_ERROR_NONE;
1959
1960 xso->stream = qs;
1961
1962 ++qc->num_xso;
1963 xso_update_options(xso);
1964 return xso;
1965
1966 err:
1967 OPENSSL_free(xso);
1968 return NULL;
1969 }
1970
1971 struct quic_new_stream_wait_args {
1972 QUIC_CONNECTION *qc;
1973 int is_uni;
1974 };
1975
1976 static int quic_new_stream_wait(void *arg)
1977 {
1978 struct quic_new_stream_wait_args *args = arg;
1979 QUIC_CONNECTION *qc = args->qc;
1980
1981 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1982 return -1;
1983
1984 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1985 return 1;
1986
1987 return 0;
1988 }
1989
1990 /* locking depends on need_lock */
1991 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1992 {
1993 int ret;
1994 QUIC_CONNECTION *qc = ctx->qc;
1995 QUIC_XSO *xso = NULL;
1996 QUIC_STREAM *qs = NULL;
1997 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
1998 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
1999 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2000
2001 if (need_lock)
2002 quic_lock(qc);
2003
2004 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2005 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2006 goto err;
2007 }
2008
2009 if (!advance
2010 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2011 struct quic_new_stream_wait_args args;
2012
2013 /*
2014 * Stream count flow control currently doesn't permit this stream to be
2015 * opened.
2016 */
2017 if (no_blocking || !qc_blocking_mode(qc)) {
2018 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2019 goto err;
2020 }
2021
2022 args.qc = qc;
2023 args.is_uni = is_uni;
2024
2025 /* Blocking mode - wait until we can get a stream. */
2026 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2027 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2028 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2029 goto err; /* Shutdown before completion */
2030 } else if (ret <= 0) {
2031 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2032 goto err; /* Non-protocol error */
2033 }
2034 }
2035
2036 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2037 if (qs == NULL) {
2038 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2039 goto err;
2040 }
2041
2042 xso = create_xso_from_stream(qc, qs);
2043 if (xso == NULL)
2044 goto err;
2045
2046 qc_touch_default_xso(qc); /* inhibits default XSO */
2047 if (need_lock)
2048 quic_unlock(qc);
2049
2050 return &xso->ssl;
2051
2052 err:
2053 OPENSSL_free(xso);
2054 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2055 if (need_lock)
2056 quic_unlock(qc);
2057
2058 return NULL;
2059
2060 }
2061
2062 QUIC_TAKES_LOCK
2063 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2064 {
2065 QCTX ctx;
2066
2067 if (!expect_quic_conn_only(s, &ctx))
2068 return NULL;
2069
2070 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2071 }
2072
2073 /*
2074 * QUIC Front-End I/O API: Steady-State Operations
2075 * ===============================================
2076 *
2077 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2078 * is, the functions used during the established phase of a QUIC connection
2079 * (e.g. SSL_read, SSL_write).
2080 *
2081 * Each function must handle both blocking and non-blocking modes. As discussed
2082 * above, all QUIC I/O is implemented using non-blocking mode internally.
2083 *
2084 * SSL_get_error => partially implemented by ossl_quic_get_error
2085 * SSL_want => ossl_quic_want
2086 * (BIO/)SSL_read => ossl_quic_read
2087 * (BIO/)SSL_write => ossl_quic_write
2088 * SSL_pending => ossl_quic_pending
2089 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2090 * SSL_key_update => ossl_quic_key_update
2091 */
2092
2093 /* SSL_get_error */
2094 int ossl_quic_get_error(const SSL *s, int i)
2095 {
2096 QCTX ctx;
2097 int net_error, last_error;
2098
2099 if (!expect_quic(s, &ctx))
2100 return 0;
2101
2102 quic_lock(ctx.qc);
2103 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2104 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2105 quic_unlock(ctx.qc);
2106
2107 if (net_error)
2108 return SSL_ERROR_SYSCALL;
2109
2110 return last_error;
2111 }
2112
2113 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2114 static int error_to_want(int error)
2115 {
2116 switch (error) {
2117 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2118 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2119 case SSL_ERROR_ZERO_RETURN:
2120 default:
2121 return SSL_NOTHING;
2122
2123 case SSL_ERROR_WANT_READ:
2124 return SSL_READING;
2125
2126 case SSL_ERROR_WANT_WRITE:
2127 return SSL_WRITING;
2128
2129 case SSL_ERROR_WANT_RETRY_VERIFY:
2130 return SSL_RETRY_VERIFY;
2131
2132 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2133 return SSL_CLIENT_HELLO_CB;
2134
2135 case SSL_ERROR_WANT_X509_LOOKUP:
2136 return SSL_X509_LOOKUP;
2137 }
2138 }
2139
2140 /* SSL_want */
2141 int ossl_quic_want(const SSL *s)
2142 {
2143 QCTX ctx;
2144 int w;
2145
2146 if (!expect_quic(s, &ctx))
2147 return SSL_NOTHING;
2148
2149 quic_lock(ctx.qc);
2150
2151 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2152
2153 quic_unlock(ctx.qc);
2154 return w;
2155 }
2156
2157 /*
2158 * SSL_write
2159 * ---------
2160 *
2161 * The set of functions below provide the implementation of the public SSL_write
2162 * function. We must handle:
2163 *
2164 * - both blocking and non-blocking operation at the application level,
2165 * depending on how we are configured;
2166 *
2167 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2168 *
2169 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2170 *
2171 */
2172 QUIC_NEEDS_LOCK
2173 static void quic_post_write(QUIC_XSO *xso, int did_append,
2174 int did_append_all, uint64_t flags,
2175 int do_tick)
2176 {
2177 /*
2178 * We have appended at least one byte to the stream.
2179 * Potentially mark stream as active, depending on FC.
2180 */
2181 if (did_append)
2182 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2183 xso->stream);
2184
2185 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2186 ossl_quic_sstream_fin(xso->stream->sstream);
2187
2188 /*
2189 * Try and send.
2190 *
2191 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2192 * immediately, plus we should eventually consider Nagle's algorithm.
2193 */
2194 if (do_tick)
2195 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2196 }
2197
2198 struct quic_write_again_args {
2199 QUIC_XSO *xso;
2200 const unsigned char *buf;
2201 size_t len;
2202 size_t total_written;
2203 int err;
2204 uint64_t flags;
2205 };
2206
2207 /*
2208 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2209 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2210 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2211 */
2212 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2213
2214 /*
2215 * Ensure spare buffer space available (up until a limit, at least).
2216 */
2217 QUIC_NEEDS_LOCK
2218 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2219 {
2220 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2221 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2222 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2223 size_t new_sz, growth;
2224
2225 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2226 return 1;
2227
2228 growth = spare_ - avail;
2229 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2230 new_sz = MAX_WRITE_BUF_SIZE;
2231 else
2232 new_sz = cur_sz + growth;
2233
2234 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2235 }
2236
2237 /*
2238 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2239 * as needed according to flow control.
2240 */
2241 QUIC_NEEDS_LOCK
2242 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2243 size_t len, size_t *actual_written)
2244 {
2245 QUIC_SSTREAM *sstream = xso->stream->sstream;
2246 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2247 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2248 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2249
2250 if (len > permitted)
2251 len = (size_t)permitted;
2252
2253 if (!sstream_ensure_spare(sstream, len))
2254 return 0;
2255
2256 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2257 }
2258
2259 QUIC_NEEDS_LOCK
2260 static int quic_write_again(void *arg)
2261 {
2262 struct quic_write_again_args *args = arg;
2263 size_t actual_written = 0;
2264
2265 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2266 /* If connection is torn down due to an error while blocking, stop. */
2267 return -2;
2268
2269 if (!quic_validate_for_write(args->xso, &args->err))
2270 /*
2271 * Stream may have become invalid for write due to connection events
2272 * while we blocked.
2273 */
2274 return -2;
2275
2276 args->err = ERR_R_INTERNAL_ERROR;
2277 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2278 return -2;
2279
2280 quic_post_write(args->xso, actual_written > 0,
2281 args->len == actual_written, args->flags, 0);
2282
2283 args->buf += actual_written;
2284 args->len -= actual_written;
2285 args->total_written += actual_written;
2286
2287 if (args->len == 0)
2288 /* Written everything, done. */
2289 return 1;
2290
2291 /* Not written everything yet, keep trying. */
2292 return 0;
2293 }
2294
2295 QUIC_NEEDS_LOCK
2296 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2297 uint64_t flags, size_t *written)
2298 {
2299 int res;
2300 QUIC_XSO *xso = ctx->xso;
2301 struct quic_write_again_args args;
2302 size_t actual_written = 0;
2303
2304 /* First make a best effort to append as much of the data as possible. */
2305 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2306 /* Stream already finished or allocation error. */
2307 *written = 0;
2308 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2309 }
2310
2311 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2312
2313 if (actual_written == len) {
2314 /* Managed to append everything on the first try. */
2315 *written = actual_written;
2316 return 1;
2317 }
2318
2319 /*
2320 * We did not manage to append all of the data immediately, so the stream
2321 * buffer has probably filled up. This means we need to block until some of
2322 * it is freed up.
2323 */
2324 args.xso = xso;
2325 args.buf = (const unsigned char *)buf + actual_written;
2326 args.len = len - actual_written;
2327 args.total_written = 0;
2328 args.err = ERR_R_INTERNAL_ERROR;
2329 args.flags = flags;
2330
2331 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2332 if (res <= 0) {
2333 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2334 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2335 else
2336 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2337 }
2338
2339 *written = args.total_written;
2340 return 1;
2341 }
2342
2343 /*
2344 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2345 * write semantics.
2346 */
2347 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2348 size_t buf_len, size_t already_sent)
2349 {
2350 assert(!xso->aon_write_in_progress);
2351
2352 xso->aon_write_in_progress = 1;
2353 xso->aon_buf_base = buf;
2354 xso->aon_buf_pos = already_sent;
2355 xso->aon_buf_len = buf_len;
2356 }
2357
2358 static void aon_write_finish(QUIC_XSO *xso)
2359 {
2360 xso->aon_write_in_progress = 0;
2361 xso->aon_buf_base = NULL;
2362 xso->aon_buf_pos = 0;
2363 xso->aon_buf_len = 0;
2364 }
2365
2366 QUIC_NEEDS_LOCK
2367 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2368 size_t len, uint64_t flags,
2369 size_t *written)
2370 {
2371 QUIC_XSO *xso = ctx->xso;
2372 const void *actual_buf;
2373 size_t actual_len, actual_written = 0;
2374 int accept_moving_buffer
2375 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2376
2377 if (xso->aon_write_in_progress) {
2378 /*
2379 * We are in the middle of an AON write (i.e., a previous write did not
2380 * manage to append all data to the SSTREAM and we have Enable Partial
2381 * Write (EPW) mode disabled.)
2382 */
2383 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2384 || len != xso->aon_buf_len)
2385 /*
2386 * Pointer must not have changed if we are not in accept moving
2387 * buffer mode. Length must never change.
2388 */
2389 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2390
2391 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2392 actual_len = len - xso->aon_buf_pos;
2393 assert(actual_len > 0);
2394 } else {
2395 actual_buf = buf;
2396 actual_len = len;
2397 }
2398
2399 /* First make a best effort to append as much of the data as possible. */
2400 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2401 /* Stream already finished or allocation error. */
2402 *written = 0;
2403 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2404 }
2405
2406 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2407 flags, 1);
2408
2409 if (actual_written == actual_len) {
2410 /* We have sent everything. */
2411 if (xso->aon_write_in_progress) {
2412 /*
2413 * We have sent everything, and we were in the middle of an AON
2414 * write. The output write length is the total length of the AON
2415 * buffer, not however many bytes we managed to write to the stream
2416 * in this call.
2417 */
2418 *written = xso->aon_buf_len;
2419 aon_write_finish(xso);
2420 } else {
2421 *written = actual_written;
2422 }
2423
2424 return 1;
2425 }
2426
2427 if (xso->aon_write_in_progress) {
2428 /*
2429 * AON write is in progress but we have not written everything yet. We
2430 * may have managed to send zero bytes, or some number of bytes less
2431 * than the total remaining which need to be appended during this
2432 * AON operation.
2433 */
2434 xso->aon_buf_pos += actual_written;
2435 assert(xso->aon_buf_pos < xso->aon_buf_len);
2436 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2437 }
2438
2439 /*
2440 * Not in an existing AON operation but partial write is not enabled, so we
2441 * need to begin a new AON operation. However we needn't bother if we didn't
2442 * actually append anything.
2443 */
2444 if (actual_written > 0)
2445 aon_write_begin(xso, buf, len, actual_written);
2446
2447 /*
2448 * AON - We do not publicly admit to having appended anything until AON
2449 * completes.
2450 */
2451 *written = 0;
2452 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2453 }
2454
2455 QUIC_NEEDS_LOCK
2456 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2457 uint64_t flags, size_t *written)
2458 {
2459 QUIC_XSO *xso = ctx->xso;
2460
2461 /* Simple best effort operation. */
2462 if (!xso_sstream_append(xso, buf, len, written)) {
2463 /* Stream already finished or allocation error. */
2464 *written = 0;
2465 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2466 }
2467
2468 quic_post_write(xso, *written > 0, *written == len, flags, 1);
2469 return 1;
2470 }
2471
2472 QUIC_NEEDS_LOCK
2473 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2474 {
2475 QUIC_STREAM_MAP *qsm;
2476
2477 if (xso == NULL || xso->stream == NULL) {
2478 *err = ERR_R_INTERNAL_ERROR;
2479 return 0;
2480 }
2481
2482 switch (xso->stream->send_state) {
2483 default:
2484 case QUIC_SSTREAM_STATE_NONE:
2485 *err = SSL_R_STREAM_RECV_ONLY;
2486 return 0;
2487
2488 case QUIC_SSTREAM_STATE_READY:
2489 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2490
2491 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2492 *err = ERR_R_INTERNAL_ERROR;
2493 return 0;
2494 }
2495
2496 /* FALLTHROUGH */
2497 case QUIC_SSTREAM_STATE_SEND:
2498 case QUIC_SSTREAM_STATE_DATA_SENT:
2499 case QUIC_SSTREAM_STATE_DATA_RECVD:
2500 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2501 *err = SSL_R_STREAM_FINISHED;
2502 return 0;
2503 }
2504
2505 return 1;
2506
2507 case QUIC_SSTREAM_STATE_RESET_SENT:
2508 case QUIC_SSTREAM_STATE_RESET_RECVD:
2509 *err = SSL_R_STREAM_RESET;
2510 return 0;
2511 }
2512 }
2513
2514 QUIC_TAKES_LOCK
2515 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2516 uint64_t flags, size_t *written)
2517 {
2518 int ret;
2519 QCTX ctx;
2520 int partial_write, err;
2521
2522 *written = 0;
2523
2524 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2525 return 0;
2526
2527 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
2528
2529 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2530 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2531 goto out;
2532 }
2533
2534 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2535 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2536 goto out;
2537 }
2538
2539 /*
2540 * If we haven't finished the handshake, try to advance it.
2541 * We don't accept writes until the handshake is completed.
2542 */
2543 if (quic_do_handshake(&ctx) < 1) {
2544 ret = 0;
2545 goto out;
2546 }
2547
2548 /* Ensure correct stream state, stream send part not concluded, etc. */
2549 if (!quic_validate_for_write(ctx.xso, &err)) {
2550 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2551 goto out;
2552 }
2553
2554 if (len == 0) {
2555 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2556 quic_post_write(ctx.xso, 0, 1, flags, 1);
2557
2558 ret = 1;
2559 goto out;
2560 }
2561
2562 if (xso_blocking_mode(ctx.xso))
2563 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2564 else if (partial_write)
2565 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2566 else
2567 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2568
2569 out:
2570 quic_unlock(ctx.qc);
2571 return ret;
2572 }
2573
2574 QUIC_TAKES_LOCK
2575 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2576 {
2577 return ossl_quic_write_flags(s, buf, len, 0, written);
2578 }
2579
2580 /*
2581 * SSL_read
2582 * --------
2583 */
2584 struct quic_read_again_args {
2585 QCTX *ctx;
2586 QUIC_STREAM *stream;
2587 void *buf;
2588 size_t len;
2589 size_t *bytes_read;
2590 int peek;
2591 };
2592
2593 QUIC_NEEDS_LOCK
2594 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2595 {
2596 QUIC_STREAM_MAP *qsm;
2597
2598 *eos = 0;
2599
2600 if (xso == NULL || xso->stream == NULL) {
2601 *err = ERR_R_INTERNAL_ERROR;
2602 return 0;
2603 }
2604
2605 switch (xso->stream->recv_state) {
2606 default:
2607 case QUIC_RSTREAM_STATE_NONE:
2608 *err = SSL_R_STREAM_SEND_ONLY;
2609 return 0;
2610
2611 case QUIC_RSTREAM_STATE_RECV:
2612 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2613 case QUIC_RSTREAM_STATE_DATA_RECVD:
2614 return 1;
2615
2616 case QUIC_RSTREAM_STATE_DATA_READ:
2617 *eos = 1;
2618 return 0;
2619
2620 case QUIC_RSTREAM_STATE_RESET_RECVD:
2621 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2622 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2623
2624 /* FALLTHROUGH */
2625 case QUIC_RSTREAM_STATE_RESET_READ:
2626 *err = SSL_R_STREAM_RESET;
2627 return 0;
2628 }
2629 }
2630
2631 QUIC_NEEDS_LOCK
2632 static int quic_read_actual(QCTX *ctx,
2633 QUIC_STREAM *stream,
2634 void *buf, size_t buf_len,
2635 size_t *bytes_read,
2636 int peek)
2637 {
2638 int is_fin = 0, err, eos;
2639 QUIC_CONNECTION *qc = ctx->qc;
2640
2641 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2642 if (eos)
2643 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2644 else
2645 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2646 }
2647
2648 if (peek) {
2649 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2650 bytes_read, &is_fin))
2651 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2652
2653 } else {
2654 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2655 bytes_read, &is_fin))
2656 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2657 }
2658
2659 if (!peek) {
2660 if (*bytes_read > 0) {
2661 /*
2662 * We have read at least one byte from the stream. Inform stream-level
2663 * RXFC of the retirement of controlled bytes. Update the active stream
2664 * status (the RXFC may now want to emit a frame granting more credit to
2665 * the peer).
2666 */
2667 OSSL_RTT_INFO rtt_info;
2668
2669 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2670
2671 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2672 rtt_info.smoothed_rtt))
2673 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2674 }
2675
2676 if (is_fin && !peek) {
2677 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2678
2679 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2680 }
2681
2682 if (*bytes_read > 0)
2683 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2684 stream);
2685 }
2686
2687 if (*bytes_read == 0 && is_fin)
2688 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2689
2690 return 1;
2691 }
2692
2693 QUIC_NEEDS_LOCK
2694 static int quic_read_again(void *arg)
2695 {
2696 struct quic_read_again_args *args = arg;
2697
2698 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2699 /* If connection is torn down due to an error while blocking, stop. */
2700 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2701 return -1;
2702 }
2703
2704 if (!quic_read_actual(args->ctx, args->stream,
2705 args->buf, args->len, args->bytes_read,
2706 args->peek))
2707 return -1;
2708
2709 if (*args->bytes_read > 0)
2710 /* got at least one byte, the SSL_read op can finish now */
2711 return 1;
2712
2713 return 0; /* did not read anything, keep trying */
2714 }
2715
2716 QUIC_TAKES_LOCK
2717 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2718 {
2719 int ret, res;
2720 QCTX ctx;
2721 struct quic_read_again_args args;
2722
2723 *bytes_read = 0;
2724
2725 if (!expect_quic(s, &ctx))
2726 return 0;
2727
2728 quic_lock_for_io(&ctx);
2729
2730 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2731 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2732 goto out;
2733 }
2734
2735 /* If we haven't finished the handshake, try to advance it. */
2736 if (quic_do_handshake(&ctx) < 1) {
2737 ret = 0; /* ossl_quic_do_handshake raised error here */
2738 goto out;
2739 }
2740
2741 if (ctx.xso == NULL) {
2742 /*
2743 * Called on a QCSO and we don't currently have a default stream.
2744 *
2745 * Wait until we get a stream initiated by the peer (blocking mode) or
2746 * fail if we don't have one yet (non-blocking mode).
2747 */
2748 if (!qc_wait_for_default_xso_for_read(&ctx)) {
2749 ret = 0; /* error already raised here */
2750 goto out;
2751 }
2752
2753 ctx.xso = ctx.qc->default_xso;
2754 }
2755
2756 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2757 ret = 0; /* quic_read_actual raised error here */
2758 goto out;
2759 }
2760
2761 if (*bytes_read > 0) {
2762 /*
2763 * Even though we succeeded, tick the reactor here to ensure we are
2764 * handling other aspects of the QUIC connection.
2765 */
2766 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2767 ret = 1;
2768 } else if (xso_blocking_mode(ctx.xso)) {
2769 /*
2770 * We were not able to read anything immediately, so our stream
2771 * buffer is empty. This means we need to block until we get
2772 * at least one byte.
2773 */
2774 args.ctx = &ctx;
2775 args.stream = ctx.xso->stream;
2776 args.buf = buf;
2777 args.len = len;
2778 args.bytes_read = bytes_read;
2779 args.peek = peek;
2780
2781 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2782 if (res == 0) {
2783 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2784 goto out;
2785 } else if (res < 0) {
2786 ret = 0; /* quic_read_again raised error here */
2787 goto out;
2788 }
2789
2790 ret = 1;
2791 } else {
2792 /*
2793 * We did not get any bytes and are not in blocking mode.
2794 * Tick to see if this delivers any more.
2795 */
2796 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2797
2798 /* Try the read again. */
2799 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2800 ret = 0; /* quic_read_actual raised error here */
2801 goto out;
2802 }
2803
2804 if (*bytes_read > 0)
2805 ret = 1; /* Succeeded this time. */
2806 else
2807 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2808 }
2809
2810 out:
2811 quic_unlock(ctx.qc);
2812 return ret;
2813 }
2814
2815 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2816 {
2817 return quic_read(s, buf, len, bytes_read, 0);
2818 }
2819
2820 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2821 {
2822 return quic_read(s, buf, len, bytes_read, 1);
2823 }
2824
2825 /*
2826 * SSL_pending
2827 * -----------
2828 */
2829
2830 QUIC_TAKES_LOCK
2831 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2832 {
2833 QCTX ctx;
2834 size_t avail = 0;
2835 int fin = 0;
2836
2837
2838 if (!expect_quic(s, &ctx))
2839 return 0;
2840
2841 quic_lock(ctx.qc);
2842
2843 if (ctx.xso == NULL) {
2844 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2845 goto out;
2846 }
2847
2848 if (ctx.xso->stream == NULL
2849 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
2850 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2851 goto out;
2852 }
2853
2854 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
2855 avail = 0;
2856
2857 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2858 avail = 1;
2859
2860 out:
2861 quic_unlock(ctx.qc);
2862 return avail;
2863 }
2864
2865 size_t ossl_quic_pending(const SSL *s)
2866 {
2867 return ossl_quic_pending_int(s, /*check_channel=*/0);
2868 }
2869
2870 int ossl_quic_has_pending(const SSL *s)
2871 {
2872 /* Do we have app-side pending data or pending URXEs or RXEs? */
2873 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2874 }
2875
2876 /*
2877 * SSL_stream_conclude
2878 * -------------------
2879 */
2880 QUIC_TAKES_LOCK
2881 int ossl_quic_conn_stream_conclude(SSL *s)
2882 {
2883 QCTX ctx;
2884 QUIC_STREAM *qs;
2885 int err;
2886
2887 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2888 return 0;
2889
2890 qs = ctx.xso->stream;
2891
2892 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2893 quic_unlock(ctx.qc);
2894 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2895 }
2896
2897 if (!quic_validate_for_write(ctx.xso, &err)) {
2898 quic_unlock(ctx.qc);
2899 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2900 }
2901
2902 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2903 quic_unlock(ctx.qc);
2904 return 1;
2905 }
2906
2907 ossl_quic_sstream_fin(qs->sstream);
2908 quic_post_write(ctx.xso, 1, 0, 0, 1);
2909 quic_unlock(ctx.qc);
2910 return 1;
2911 }
2912
2913 /*
2914 * SSL_inject_net_dgram
2915 * --------------------
2916 */
2917 QUIC_TAKES_LOCK
2918 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2919 size_t buf_len,
2920 const BIO_ADDR *peer,
2921 const BIO_ADDR *local)
2922 {
2923 int ret;
2924 QCTX ctx;
2925 QUIC_DEMUX *demux;
2926
2927 if (!expect_quic(s, &ctx))
2928 return 0;
2929
2930 quic_lock(ctx.qc);
2931
2932 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2933 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2934
2935 quic_unlock(ctx.qc);
2936 return ret;
2937 }
2938
2939 /*
2940 * SSL_get0_connection
2941 * -------------------
2942 */
2943 SSL *ossl_quic_get0_connection(SSL *s)
2944 {
2945 QCTX ctx;
2946
2947 if (!expect_quic(s, &ctx))
2948 return NULL;
2949
2950 return &ctx.qc->ssl;
2951 }
2952
2953 /*
2954 * SSL_get_stream_type
2955 * -------------------
2956 */
2957 int ossl_quic_get_stream_type(SSL *s)
2958 {
2959 QCTX ctx;
2960
2961 if (!expect_quic(s, &ctx))
2962 return SSL_STREAM_TYPE_BIDI;
2963
2964 if (ctx.xso == NULL) {
2965 /*
2966 * If deferred XSO creation has yet to occur, proceed according to the
2967 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2968 * what kind of stream will be created yet, so return BIDI on the basis
2969 * that at this time, the client still has the option of calling
2970 * SSL_read() or SSL_write() first.
2971 */
2972 if (ctx.qc->default_xso_created
2973 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2974 return SSL_STREAM_TYPE_NONE;
2975 else
2976 return SSL_STREAM_TYPE_BIDI;
2977 }
2978
2979 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2980 return SSL_STREAM_TYPE_BIDI;
2981
2982 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2983 return SSL_STREAM_TYPE_READ;
2984 else
2985 return SSL_STREAM_TYPE_WRITE;
2986 }
2987
2988 /*
2989 * SSL_get_stream_id
2990 * -----------------
2991 */
2992 QUIC_TAKES_LOCK
2993 uint64_t ossl_quic_get_stream_id(SSL *s)
2994 {
2995 QCTX ctx;
2996 uint64_t id;
2997
2998 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
2999 return UINT64_MAX;
3000
3001 id = ctx.xso->stream->id;
3002 quic_unlock(ctx.qc);
3003
3004 return id;
3005 }
3006
3007 /*
3008 * SSL_is_stream_local
3009 * -------------------
3010 */
3011 QUIC_TAKES_LOCK
3012 int ossl_quic_is_stream_local(SSL *s)
3013 {
3014 QCTX ctx;
3015 int is_local;
3016
3017 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3018 return -1;
3019
3020 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3021 quic_unlock(ctx.qc);
3022
3023 return is_local;
3024 }
3025
3026 /*
3027 * SSL_set_default_stream_mode
3028 * ---------------------------
3029 */
3030 QUIC_TAKES_LOCK
3031 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3032 {
3033 QCTX ctx;
3034
3035 if (!expect_quic_conn_only(s, &ctx))
3036 return 0;
3037
3038 quic_lock(ctx.qc);
3039
3040 if (ctx.qc->default_xso_created) {
3041 quic_unlock(ctx.qc);
3042 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3043 "too late to change default stream mode");
3044 }
3045
3046 switch (mode) {
3047 case SSL_DEFAULT_STREAM_MODE_NONE:
3048 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3049 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3050 ctx.qc->default_stream_mode = mode;
3051 break;
3052 default:
3053 quic_unlock(ctx.qc);
3054 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3055 "bad default stream type");
3056 }
3057
3058 quic_unlock(ctx.qc);
3059 return 1;
3060 }
3061
3062 /*
3063 * SSL_detach_stream
3064 * -----------------
3065 */
3066 QUIC_TAKES_LOCK
3067 SSL *ossl_quic_detach_stream(SSL *s)
3068 {
3069 QCTX ctx;
3070 QUIC_XSO *xso = NULL;
3071
3072 if (!expect_quic_conn_only(s, &ctx))
3073 return NULL;
3074
3075 quic_lock(ctx.qc);
3076
3077 /* Calling this function inhibits default XSO autocreation. */
3078 /* QC ref to any default XSO is transferred to us and to caller. */
3079 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3080
3081 quic_unlock(ctx.qc);
3082
3083 return xso != NULL ? &xso->ssl : NULL;
3084 }
3085
3086 /*
3087 * SSL_attach_stream
3088 * -----------------
3089 */
3090 QUIC_TAKES_LOCK
3091 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3092 {
3093 QCTX ctx;
3094 QUIC_XSO *xso;
3095 int nref;
3096
3097 if (!expect_quic_conn_only(conn, &ctx))
3098 return 0;
3099
3100 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3101 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3102 "stream to attach must be a valid QUIC stream");
3103
3104 xso = (QUIC_XSO *)stream;
3105
3106 quic_lock(ctx.qc);
3107
3108 if (ctx.qc->default_xso != NULL) {
3109 quic_unlock(ctx.qc);
3110 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3111 "connection already has a default stream");
3112 }
3113
3114 /*
3115 * It is a caller error for the XSO being attached as a default XSO to have
3116 * more than one ref.
3117 */
3118 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3119 quic_unlock(ctx.qc);
3120 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3121 "ref");
3122 }
3123
3124 if (nref != 1) {
3125 quic_unlock(ctx.qc);
3126 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3127 "stream being attached must have "
3128 "only 1 reference");
3129 }
3130
3131 /* Caller's reference to the XSO is transferred to us. */
3132 /* Calling this function inhibits default XSO autocreation. */
3133 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3134
3135 quic_unlock(ctx.qc);
3136 return 1;
3137 }
3138
3139 /*
3140 * SSL_set_incoming_stream_policy
3141 * ------------------------------
3142 */
3143 QUIC_NEEDS_LOCK
3144 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3145 {
3146 switch (qc->incoming_stream_policy) {
3147 case SSL_INCOMING_STREAM_POLICY_AUTO:
3148 if ((qc->default_xso == NULL && !qc->default_xso_created)
3149 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3150 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3151 else
3152 return SSL_INCOMING_STREAM_POLICY_REJECT;
3153
3154 default:
3155 return qc->incoming_stream_policy;
3156 }
3157 }
3158
3159 QUIC_NEEDS_LOCK
3160 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3161 {
3162 int policy = qc_get_effective_incoming_stream_policy(qc);
3163 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3164
3165 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3166 enable_reject,
3167 qc->incoming_stream_aec);
3168 }
3169
3170 QUIC_TAKES_LOCK
3171 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3172 uint64_t aec)
3173 {
3174 int ret = 1;
3175 QCTX ctx;
3176
3177 if (!expect_quic_conn_only(s, &ctx))
3178 return 0;
3179
3180 quic_lock(ctx.qc);
3181
3182 switch (policy) {
3183 case SSL_INCOMING_STREAM_POLICY_AUTO:
3184 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3185 case SSL_INCOMING_STREAM_POLICY_REJECT:
3186 ctx.qc->incoming_stream_policy = policy;
3187 ctx.qc->incoming_stream_aec = aec;
3188 break;
3189
3190 default:
3191 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3192 ret = 0;
3193 break;
3194 }
3195
3196 qc_update_reject_policy(ctx.qc);
3197 quic_unlock(ctx.qc);
3198 return ret;
3199 }
3200
3201 /*
3202 * SSL_accept_stream
3203 * -----------------
3204 */
3205 struct wait_for_incoming_stream_args {
3206 QCTX *ctx;
3207 QUIC_STREAM *qs;
3208 };
3209
3210 QUIC_NEEDS_LOCK
3211 static int wait_for_incoming_stream(void *arg)
3212 {
3213 struct wait_for_incoming_stream_args *args = arg;
3214 QUIC_CONNECTION *qc = args->ctx->qc;
3215 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3216
3217 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3218 /* If connection is torn down due to an error while blocking, stop. */
3219 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3220 return -1;
3221 }
3222
3223 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3224 if (args->qs != NULL)
3225 return 1; /* got a stream */
3226
3227 return 0; /* did not get a stream, keep trying */
3228 }
3229
3230 QUIC_TAKES_LOCK
3231 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3232 {
3233 QCTX ctx;
3234 int ret;
3235 SSL *new_s = NULL;
3236 QUIC_STREAM_MAP *qsm;
3237 QUIC_STREAM *qs;
3238 QUIC_XSO *xso;
3239 OSSL_RTT_INFO rtt_info;
3240
3241 if (!expect_quic_conn_only(s, &ctx))
3242 return NULL;
3243
3244 quic_lock(ctx.qc);
3245
3246 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3247 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3248 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3249 goto out;
3250 }
3251
3252 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3253
3254 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3255 if (qs == NULL) {
3256 if (qc_blocking_mode(ctx.qc)
3257 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3258 struct wait_for_incoming_stream_args args;
3259
3260 args.ctx = &ctx;
3261 args.qs = NULL;
3262
3263 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3264 if (ret == 0) {
3265 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3266 goto out;
3267 } else if (ret < 0 || args.qs == NULL) {
3268 goto out;
3269 }
3270
3271 qs = args.qs;
3272 } else {
3273 goto out;
3274 }
3275 }
3276
3277 xso = create_xso_from_stream(ctx.qc, qs);
3278 if (xso == NULL)
3279 goto out;
3280
3281 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3282 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3283 rtt_info.smoothed_rtt);
3284 new_s = &xso->ssl;
3285
3286 /* Calling this function inhibits default XSO autocreation. */
3287 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3288
3289 out:
3290 quic_unlock(ctx.qc);
3291 return new_s;
3292 }
3293
3294 /*
3295 * SSL_get_accept_stream_queue_len
3296 * -------------------------------
3297 */
3298 QUIC_TAKES_LOCK
3299 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3300 {
3301 QCTX ctx;
3302 size_t v;
3303
3304 if (!expect_quic_conn_only(s, &ctx))
3305 return 0;
3306
3307 quic_lock(ctx.qc);
3308
3309 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3310
3311 quic_unlock(ctx.qc);
3312 return v;
3313 }
3314
3315 /*
3316 * SSL_stream_reset
3317 * ----------------
3318 */
3319 int ossl_quic_stream_reset(SSL *ssl,
3320 const SSL_STREAM_RESET_ARGS *args,
3321 size_t args_len)
3322 {
3323 QCTX ctx;
3324 QUIC_STREAM_MAP *qsm;
3325 QUIC_STREAM *qs;
3326 uint64_t error_code;
3327 int ok, err;
3328
3329 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3330 return 0;
3331
3332 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3333 qs = ctx.xso->stream;
3334 error_code = (args != NULL ? args->quic_error_code : 0);
3335
3336 if (!quic_validate_for_write(ctx.xso, &err)) {
3337 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3338 goto err;
3339 }
3340
3341 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3342
3343 err:
3344 quic_unlock(ctx.qc);
3345 return ok;
3346 }
3347
3348 /*
3349 * SSL_get_stream_read_state
3350 * -------------------------
3351 */
3352 static void quic_classify_stream(QUIC_CONNECTION *qc,
3353 QUIC_STREAM *qs,
3354 int is_write,
3355 int *state,
3356 uint64_t *app_error_code)
3357 {
3358 int local_init;
3359 uint64_t final_size;
3360
3361 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3362
3363 if (app_error_code != NULL)
3364 *app_error_code = UINT64_MAX;
3365 else
3366 app_error_code = &final_size; /* throw away value */
3367
3368 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3369 /*
3370 * Unidirectional stream and this direction of transmission doesn't
3371 * exist.
3372 */
3373 *state = SSL_STREAM_STATE_WRONG_DIR;
3374 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3375 /* Connection already closed. */
3376 *state = SSL_STREAM_STATE_CONN_CLOSED;
3377 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3378 /* Application has read a FIN. */
3379 *state = SSL_STREAM_STATE_FINISHED;
3380 } else if ((!is_write && qs->stop_sending)
3381 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3382 /*
3383 * Stream has been reset locally. FIN takes precedence over this for the
3384 * read case as the application need not care if the stream is reset
3385 * after a FIN has been successfully processed.
3386 */
3387 *state = SSL_STREAM_STATE_RESET_LOCAL;
3388 *app_error_code = !is_write
3389 ? qs->stop_sending_aec
3390 : qs->reset_stream_aec;
3391 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3392 || (is_write && qs->peer_stop_sending)) {
3393 /*
3394 * Stream has been reset remotely. */
3395 *state = SSL_STREAM_STATE_RESET_REMOTE;
3396 *app_error_code = !is_write
3397 ? qs->peer_reset_stream_aec
3398 : qs->peer_stop_sending_aec;
3399 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3400 &final_size)) {
3401 /*
3402 * Stream has been finished. Stream reset takes precedence over this for
3403 * the write case as peer may not have received all data.
3404 */
3405 *state = SSL_STREAM_STATE_FINISHED;
3406 } else {
3407 /* Stream still healthy. */
3408 *state = SSL_STREAM_STATE_OK;
3409 }
3410 }
3411
3412 static int quic_get_stream_state(SSL *ssl, int is_write)
3413 {
3414 QCTX ctx;
3415 int state;
3416
3417 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3418 return SSL_STREAM_STATE_NONE;
3419
3420 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3421 quic_unlock(ctx.qc);
3422 return state;
3423 }
3424
3425 int ossl_quic_get_stream_read_state(SSL *ssl)
3426 {
3427 return quic_get_stream_state(ssl, /*is_write=*/0);
3428 }
3429
3430 /*
3431 * SSL_get_stream_write_state
3432 * --------------------------
3433 */
3434 int ossl_quic_get_stream_write_state(SSL *ssl)
3435 {
3436 return quic_get_stream_state(ssl, /*is_write=*/1);
3437 }
3438
3439 /*
3440 * SSL_get_stream_read_error_code
3441 * ------------------------------
3442 */
3443 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3444 uint64_t *app_error_code)
3445 {
3446 QCTX ctx;
3447 int state;
3448
3449 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3450 return -1;
3451
3452 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3453 &state, app_error_code);
3454
3455 quic_unlock(ctx.qc);
3456 switch (state) {
3457 case SSL_STREAM_STATE_FINISHED:
3458 return 0;
3459 case SSL_STREAM_STATE_RESET_LOCAL:
3460 case SSL_STREAM_STATE_RESET_REMOTE:
3461 return 1;
3462 default:
3463 return -1;
3464 }
3465 }
3466
3467 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3468 {
3469 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3470 }
3471
3472 /*
3473 * SSL_get_stream_write_error_code
3474 * -------------------------------
3475 */
3476 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3477 {
3478 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3479 }
3480
3481 /*
3482 * Write buffer size mutation
3483 * --------------------------
3484 */
3485 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3486 {
3487 int ret = 0;
3488 QCTX ctx;
3489
3490 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3491 return 0;
3492
3493 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3494 /* Called on a unidirectional receive-only stream - error. */
3495 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3496 goto out;
3497 }
3498
3499 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3500 /*
3501 * If the stream has a send part but we have disposed of it because we
3502 * no longer need it, this is a no-op.
3503 */
3504 ret = 1;
3505 goto out;
3506 }
3507
3508 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3509 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3510 goto out;
3511 }
3512
3513 ret = 1;
3514
3515 out:
3516 quic_unlock(ctx.qc);
3517 return ret;
3518 }
3519
3520 /*
3521 * SSL_get_conn_close_info
3522 * -----------------------
3523 */
3524 int ossl_quic_get_conn_close_info(SSL *ssl,
3525 SSL_CONN_CLOSE_INFO *info,
3526 size_t info_len)
3527 {
3528 QCTX ctx;
3529 const QUIC_TERMINATE_CAUSE *tc;
3530
3531 if (!expect_quic_conn_only(ssl, &ctx))
3532 return -1;
3533
3534 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3535 if (tc == NULL)
3536 return 0;
3537
3538 info->error_code = tc->error_code;
3539 info->frame_type = tc->frame_type;
3540 info->reason = tc->reason;
3541 info->reason_len = tc->reason_len;
3542 info->flags = 0;
3543 if (!tc->remote)
3544 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3545 if (!tc->app)
3546 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3547 return 1;
3548 }
3549
3550 /*
3551 * SSL_key_update
3552 * --------------
3553 */
3554 int ossl_quic_key_update(SSL *ssl, int update_type)
3555 {
3556 QCTX ctx;
3557
3558 if (!expect_quic_conn_only(ssl, &ctx))
3559 return 0;
3560
3561 switch (update_type) {
3562 case SSL_KEY_UPDATE_NOT_REQUESTED:
3563 /*
3564 * QUIC signals peer key update implicily by triggering a local
3565 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3566 */
3567 case SSL_KEY_UPDATE_REQUESTED:
3568 break;
3569
3570 default:
3571 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3572 return 0;
3573 }
3574
3575 quic_lock(ctx.qc);
3576
3577 /* Attempt to perform a TXKU. */
3578 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3579 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3580 quic_unlock(ctx.qc);
3581 return 0;
3582 }
3583
3584 quic_unlock(ctx.qc);
3585 return 1;
3586 }
3587
3588 /*
3589 * SSL_get_key_update_type
3590 * -----------------------
3591 */
3592 int ossl_quic_get_key_update_type(const SSL *s)
3593 {
3594 /*
3595 * We always handle key updates immediately so a key update is never
3596 * pending.
3597 */
3598 return SSL_KEY_UPDATE_NONE;
3599 }
3600
3601 /*
3602 * QUIC Front-End I/O API: SSL_CTX Management
3603 * ==========================================
3604 */
3605
3606 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3607 {
3608 switch (cmd) {
3609 default:
3610 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3611 }
3612 }
3613
3614 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3615 {
3616 QCTX ctx;
3617
3618 if (!expect_quic_conn_only(s, &ctx))
3619 return 0;
3620
3621 switch (cmd) {
3622 case SSL_CTRL_SET_MSG_CALLBACK:
3623 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3624 &ctx.qc->ssl);
3625 /* This callback also needs to be set on the internal SSL object */
3626 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3627
3628 default:
3629 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3630 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3631 }
3632 }
3633
3634 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3635 {
3636 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3637 }
3638
3639 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3640 {
3641 /* We never do renegotiation. */
3642 return 0;
3643 }
3644
3645 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3646 {
3647 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3648
3649 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3650 return NULL;
3651
3652 return ciph;
3653 }
3654
3655 /*
3656 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3657 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3658 */
3659
3660 int ossl_quic_num_ciphers(void)
3661 {
3662 return 0;
3663 }
3664
3665 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3666 {
3667 return NULL;
3668 }
3669
3670 /*
3671 * SSL_get_shutdown()
3672 * ------------------
3673 */
3674 int ossl_quic_get_shutdown(const SSL *s)
3675 {
3676 QCTX ctx;
3677 int shut = 0;
3678
3679 if (!expect_quic_conn_only(s, &ctx))
3680 return 0;
3681
3682 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
3683 shut |= SSL_SENT_SHUTDOWN;
3684 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
3685 shut |= SSL_RECEIVED_SHUTDOWN;
3686 }
3687
3688 return shut;
3689 }
3690
3691 /*
3692 * Internal Testing APIs
3693 * =====================
3694 */
3695
3696 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3697 {
3698 QCTX ctx;
3699
3700 if (!expect_quic_conn_only(s, &ctx))
3701 return NULL;
3702
3703 return ctx.qc->ch;
3704 }
A mirror of the official openssl repository