2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
22 typedef struct qctx_st QCTX
;
24 static void aon_write_finish(QUIC_XSO
*xso
);
25 static int create_channel(QUIC_CONNECTION
*qc
);
26 static QUIC_XSO
*create_xso_from_stream(QUIC_CONNECTION
*qc
, QUIC_STREAM
*qs
);
27 static int qc_try_create_default_xso_for_write(QCTX
*ctx
);
28 static int qc_wait_for_default_xso_for_read(QCTX
*ctx
);
29 static void quic_lock(QUIC_CONNECTION
*qc
);
30 static void quic_unlock(QUIC_CONNECTION
*qc
);
31 static void quic_lock_for_io(QCTX
*ctx
);
32 static int quic_do_handshake(QCTX
*ctx
);
33 static void qc_update_reject_policy(QUIC_CONNECTION
*qc
);
34 static void qc_touch_default_xso(QUIC_CONNECTION
*qc
);
35 static void qc_set_default_xso(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
, int touch
);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
,
37 int touch
, QUIC_XSO
**old_xso
);
38 static SSL
*quic_conn_stream_new(QCTX
*ctx
, uint64_t flags
, int need_lock
);
39 static int quic_validate_for_write(QUIC_XSO
*xso
, int *err
);
40 static int quic_mutation_allowed(QUIC_CONNECTION
*qc
, int req_active
);
41 static int qc_blocking_mode(const QUIC_CONNECTION
*qc
);
42 static int xso_blocking_mode(const QUIC_XSO
*xso
);
45 * QUIC Front-End I/O API: Common Utilities
46 * ========================================
50 * Block until a predicate is met.
52 * Precondition: Must have a channel.
53 * Precondition: Must hold channel lock (unchecked).
56 static int block_until_pred(QUIC_CONNECTION
*qc
,
57 int (*pred
)(void *arg
), void *pred_arg
,
62 assert(qc
->ch
!= NULL
);
65 * Any attempt to block auto-disables tick inhibition as otherwise we will
66 * hang around forever.
68 ossl_quic_engine_set_inhibit_tick(qc
->engine
, 0);
70 rtor
= ossl_quic_channel_get_reactor(qc
->ch
);
71 return ossl_quic_reactor_block_until_pred(rtor
, pred
, pred_arg
, flags
,
75 static OSSL_TIME
get_time(QUIC_CONNECTION
*qc
)
77 if (qc
->override_now_cb
!= NULL
)
78 return qc
->override_now_cb(qc
->override_now_cb_arg
);
80 return ossl_time_now();
83 static OSSL_TIME
get_time_cb(void *arg
)
85 QUIC_CONNECTION
*qc
= arg
;
91 * QCTX is a utility structure which provides information we commonly wish to
92 * unwrap upon an API call being dispatched to us, namely:
94 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
96 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
97 * a QCSO with a default stream was passed);
98 * - whether a QSSO was passed (xso == NULL must not be used to determine this
99 * because it may be non-NULL when a QCSO is passed if that QCSO has a
101 * - whether we are in "I/O context", meaning that non-normal errors can
102 * be reported via SSL_get_error() as well as via ERR. Functions such as
103 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
104 * functions which are allowed to change the value returned by
105 * SSL_get_error. However, other functions (including functions which call
106 * SSL_do_handshake() implicitly) are not allowed to change the return value
112 int is_stream
, in_io
;
116 static void quic_set_last_error(QCTX
*ctx
, int last_error
)
121 if (ctx
->is_stream
&& ctx
->xso
!= NULL
)
122 ctx
->xso
->last_error
= last_error
;
123 else if (!ctx
->is_stream
&& ctx
->qc
!= NULL
)
124 ctx
->qc
->last_error
= last_error
;
128 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
129 * rather than via ERR. Note that normal errors must always be raised while
133 static int quic_raise_normal_error(QCTX
*ctx
,
137 quic_set_last_error(ctx
, err
);
143 * Raise a 'non-normal' error, meaning any error that is not reported via
144 * SSL_get_error() and must be reported via ERR.
146 * qc should be provided if available. In exceptional circumstances when qc is
147 * not known NULL may be passed. This should generally only happen when an
148 * expect_...() function defined below fails, which generally indicates a
149 * dispatch error or caller error.
151 * ctx should be NULL if the connection lock is not held.
153 static int quic_raise_non_normal_error(QCTX
*ctx
,
164 quic_set_last_error(ctx
, SSL_ERROR_SSL
);
166 if (reason
== SSL_R_PROTOCOL_IS_SHUTDOWN
&& ctx
->qc
!= NULL
)
167 ossl_quic_channel_restore_err_state(ctx
->qc
->ch
);
171 ERR_set_debug(file
, line
, func
);
174 ERR_vset_error(ERR_LIB_SSL
, reason
, fmt
, args
);
180 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
181 quic_raise_normal_error((ctx), (err))
183 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
184 quic_raise_non_normal_error((ctx), \
185 OPENSSL_FILE, OPENSSL_LINE, \
191 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
192 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
194 * After this returns 1, all fields of the passed QCTX are initialised.
195 * Returns 0 on failure. This function is intended to be used to provide API
196 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
198 static int expect_quic(const SSL
*s
, QCTX
*ctx
)
208 return QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_PASSED_NULL_PARAMETER
, NULL
);
211 case SSL_TYPE_QUIC_CONNECTION
:
212 qc
= (QUIC_CONNECTION
*)s
;
214 ctx
->xso
= qc
->default_xso
;
219 case SSL_TYPE_QUIC_XSO
:
228 return QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
233 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
234 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
237 * remote_init determines if we expect the default XSO to be remotely created or
238 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
240 * Channel mutex is acquired and retained on success.
243 static int ossl_unused
expect_quic_with_stream_lock(const SSL
*s
, int remote_init
,
244 int in_io
, QCTX
*ctx
)
246 if (!expect_quic(s
, ctx
))
250 quic_lock_for_io(ctx
);
254 if (ctx
->xso
== NULL
&& remote_init
>= 0) {
255 if (!quic_mutation_allowed(ctx
->qc
, /*req_active=*/0)) {
256 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
260 /* If we haven't finished the handshake, try to advance it. */
261 if (quic_do_handshake(ctx
) < 1)
262 /* ossl_quic_do_handshake raised error here */
265 if (remote_init
== 0) {
266 if (!qc_try_create_default_xso_for_write(ctx
))
269 if (!qc_wait_for_default_xso_for_read(ctx
))
273 ctx
->xso
= ctx
->qc
->default_xso
;
276 if (ctx
->xso
== NULL
) {
277 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
281 return 1; /* coverity[missing_unlock]: lock held */
284 quic_unlock(ctx
->qc
);
289 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
290 * be non-NULL if the QCSO has a default stream.
292 static int ossl_unused
expect_quic_conn_only(const SSL
*s
, QCTX
*ctx
)
294 if (!expect_quic(s
, ctx
))
298 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_CONN_USE_ONLY
, NULL
);
304 * Ensures that the channel mutex is held for a method which touches channel
307 * Precondition: Channel mutex is not held (unchecked)
309 static void quic_lock(QUIC_CONNECTION
*qc
)
311 #if defined(OPENSSL_THREADS)
312 ossl_crypto_mutex_lock(qc
->mutex
);
316 static void quic_lock_for_io(QCTX
*ctx
)
322 * We are entering an I/O function so we must update the values returned by
323 * SSL_get_error and SSL_want. Set no error. This will be overridden later
324 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
325 * occurs during the API call.
327 quic_set_last_error(ctx
, SSL_ERROR_NONE
);
330 /* Precondition: Channel mutex is held (unchecked) */
332 static void quic_unlock(QUIC_CONNECTION
*qc
)
334 #if defined(OPENSSL_THREADS)
335 ossl_crypto_mutex_unlock(qc
->mutex
);
340 * This predicate is the criterion which should determine API call rejection for
341 * *most* mutating API calls, particularly stream-related operations for send
344 * A call is rejected (this function returns 0) if shutdown is in progress
345 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
346 * req_active=1, the connection must be active (i.e., the IDLE state is also
349 static int quic_mutation_allowed(QUIC_CONNECTION
*qc
, int req_active
)
351 if (qc
->shutting_down
|| ossl_quic_channel_is_term_any(qc
->ch
))
354 if (req_active
&& !ossl_quic_channel_is_active(qc
->ch
))
361 * QUIC Front-End I/O API: Initialization
362 * ======================================
364 * SSL_new => ossl_quic_new
366 * SSL_reset => ossl_quic_reset
367 * SSL_clear => ossl_quic_clear
369 * SSL_free => ossl_quic_free
371 * SSL_set_options => ossl_quic_set_options
372 * SSL_get_options => ossl_quic_get_options
373 * SSL_clear_options => ossl_quic_clear_options
378 SSL
*ossl_quic_new(SSL_CTX
*ctx
)
380 QUIC_CONNECTION
*qc
= NULL
;
381 SSL
*ssl_base
= NULL
;
382 SSL_CONNECTION
*sc
= NULL
;
384 qc
= OPENSSL_zalloc(sizeof(*qc
));
386 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
389 #if defined(OPENSSL_THREADS)
390 if ((qc
->mutex
= ossl_crypto_mutex_new()) == NULL
) {
391 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
396 /* Initialise the QUIC_CONNECTION's stub header. */
398 if (!ossl_ssl_init(ssl_base
, ctx
, ctx
->method
, SSL_TYPE_QUIC_CONNECTION
)) {
400 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
404 qc
->tls
= ossl_ssl_connection_new_int(ctx
, TLS_method());
405 if (qc
->tls
== NULL
|| (sc
= SSL_CONNECTION_FROM_SSL(qc
->tls
)) == NULL
) {
406 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
410 /* override the user_ssl of the inner connection */
411 sc
->s3
.flags
|= TLS1_FLAGS_QUIC
;
413 /* Restrict options derived from the SSL_CTX. */
414 sc
->options
&= OSSL_QUIC_PERMITTED_OPTIONS_CONN
;
417 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
418 qc
->is_thread_assisted
419 = (ssl_base
->method
== OSSL_QUIC_client_thread_method());
422 qc
->as_server
= 0; /* TODO(QUIC SERVER): add server support */
423 qc
->as_server_state
= qc
->as_server
;
425 qc
->default_stream_mode
= SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
;
426 qc
->default_ssl_mode
= qc
->ssl
.ctx
->mode
;
427 qc
->default_ssl_options
= qc
->ssl
.ctx
->options
& OSSL_QUIC_PERMITTED_OPTIONS
;
428 qc
->desires_blocking
= 1;
430 qc
->incoming_stream_policy
= SSL_INCOMING_STREAM_POLICY_AUTO
;
431 qc
->last_error
= SSL_ERROR_NONE
;
433 if (!create_channel(qc
))
436 ossl_quic_channel_set_msg_callback(qc
->ch
, ctx
->msg_callback
, ssl_base
);
437 ossl_quic_channel_set_msg_callback_arg(qc
->ch
, ctx
->msg_callback_arg
);
439 qc_update_reject_policy(qc
);
442 * We do not create the default XSO yet. The reason for this is that the
443 * stream ID of the default XSO will depend on whether the stream is client
444 * or server-initiated, which depends on who transmits first. Since we do
445 * not know whether the application will be using a client-transmits-first
446 * or server-transmits-first protocol, we defer default XSO creation until
447 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
448 * we take that as a cue that the client is expecting a server-initiated
449 * stream, and vice versa if SSL_write() is called first.
454 if (ssl_base
== NULL
) {
455 #if defined(OPENSSL_THREADS)
456 ossl_crypto_mutex_free(qc
->mutex
);
467 void ossl_quic_free(SSL
*s
)
472 /* We should never be called on anything but a QSO. */
473 if (!expect_quic(s
, &ctx
))
480 * When a QSSO is freed, the XSO is freed immediately, because the XSO
481 * itself only contains API personality layer data. However the
482 * underlying QUIC_STREAM is not freed immediately but is instead marked
483 * as deleted for later collection.
486 assert(ctx
.qc
->num_xso
> 0);
489 /* If a stream's send part has not been finished, auto-reset it. */
490 if (( ctx
.xso
->stream
->send_state
== QUIC_SSTREAM_STATE_READY
491 || ctx
.xso
->stream
->send_state
== QUIC_SSTREAM_STATE_SEND
)
492 && !ossl_quic_sstream_get_final_size(ctx
.xso
->stream
->sstream
, NULL
))
493 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
496 /* Do STOP_SENDING for the receive part, if applicable. */
497 if ( ctx
.xso
->stream
->recv_state
== QUIC_RSTREAM_STATE_RECV
498 || ctx
.xso
->stream
->recv_state
== QUIC_RSTREAM_STATE_SIZE_KNOWN
)
499 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
502 /* Update stream state. */
503 ctx
.xso
->stream
->deleted
= 1;
504 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
507 is_default
= (ctx
.xso
== ctx
.qc
->default_xso
);
511 * Unref the connection in most cases; the XSO has a ref to the QC and
512 * not vice versa. But for a default XSO, to avoid circular references,
513 * the QC refs the XSO but the XSO does not ref the QC. If we are the
514 * default XSO, we only get here when the QC is being torn down anyway,
515 * so don't call SSL_free(qc) as we are already in it.
518 SSL_free(&ctx
.qc
->ssl
);
520 /* Note: SSL_free calls OPENSSL_free(xso) for us */
525 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
526 * stage, but is freed during the channel free when the whole QSM is freed.
528 if (ctx
.qc
->default_xso
!= NULL
) {
529 QUIC_XSO
*xso
= ctx
.qc
->default_xso
;
534 ctx
.qc
->default_xso
= NULL
;
537 /* Ensure we have no remaining XSOs. */
538 assert(ctx
.qc
->num_xso
== 0);
540 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
541 if (ctx
.qc
->is_thread_assisted
&& ctx
.qc
->started
) {
542 ossl_quic_thread_assist_wait_stopped(&ctx
.qc
->thread_assist
);
543 ossl_quic_thread_assist_cleanup(&ctx
.qc
->thread_assist
);
547 SSL_free(ctx
.qc
->tls
);
549 ossl_quic_channel_free(ctx
.qc
->ch
);
550 ossl_quic_port_free(ctx
.qc
->port
);
551 ossl_quic_engine_free(ctx
.qc
->engine
);
553 BIO_free_all(ctx
.qc
->net_rbio
);
554 BIO_free_all(ctx
.qc
->net_wbio
);
556 quic_unlock(ctx
.qc
); /* tsan doesn't like freeing locked mutexes */
557 #if defined(OPENSSL_THREADS)
558 ossl_crypto_mutex_free(&ctx
.qc
->mutex
);
562 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
567 /* SSL method init */
568 int ossl_quic_init(SSL
*s
)
570 /* Same op as SSL_clear, forward the call. */
571 return ossl_quic_clear(s
);
574 /* SSL method deinit */
575 void ossl_quic_deinit(SSL
*s
)
580 /* SSL_clear (ssl_reset method) */
581 int ossl_quic_reset(SSL
*s
)
585 if (!expect_quic(s
, &ctx
))
588 ERR_raise(ERR_LIB_SSL
, ERR_R_UNSUPPORTED
);
592 /* ssl_clear method (unused) */
593 int ossl_quic_clear(SSL
*s
)
597 if (!expect_quic(s
, &ctx
))
600 ERR_raise(ERR_LIB_SSL
, ERR_R_UNSUPPORTED
);
604 int ossl_quic_conn_set_override_now_cb(SSL
*s
,
605 OSSL_TIME (*now_cb
)(void *arg
),
610 if (!expect_quic(s
, &ctx
))
615 ctx
.qc
->override_now_cb
= now_cb
;
616 ctx
.qc
->override_now_cb_arg
= now_cb_arg
;
622 void ossl_quic_conn_force_assist_thread_wake(SSL
*s
)
626 if (!expect_quic(s
, &ctx
))
629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
630 if (ctx
.qc
->is_thread_assisted
&& ctx
.qc
->started
)
631 ossl_quic_thread_assist_notify_deadline_changed(&ctx
.qc
->thread_assist
);
636 static void qc_touch_default_xso(QUIC_CONNECTION
*qc
)
638 qc
->default_xso_created
= 1;
639 qc_update_reject_policy(qc
);
643 * Changes default XSO. Allows caller to keep reference to the old default XSO
644 * (if any). Reference to new XSO is transferred from caller.
647 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
,
655 if (qc
->default_xso
!= xso
) {
656 *old_xso
= qc
->default_xso
; /* transfer old XSO ref to caller */
658 qc
->default_xso
= xso
;
662 * Changing to not having a default XSO. XSO becomes standalone and
663 * now has a ref to the QC.
665 if (!ossl_assert(SSL_up_ref(&qc
->ssl
)))
669 * Changing from not having a default XSO to having one. The new XSO
670 * will have had a reference to the QC we need to drop to avoid a
671 * circular reference.
673 * Currently we never change directly from one default XSO to
674 * another, though this function would also still be correct if this
677 assert(*old_xso
== NULL
);
679 CRYPTO_DOWN_REF(&qc
->ssl
.references
, &refs
);
685 qc_touch_default_xso(qc
);
689 * Changes default XSO, releasing the reference to any previous default XSO.
690 * Reference to new XSO is transferred from caller.
693 static void qc_set_default_xso(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
, int touch
)
695 QUIC_XSO
*old_xso
= NULL
;
697 qc_set_default_xso_keep_ref(qc
, xso
, touch
, &old_xso
);
700 SSL_free(&old_xso
->ssl
);
704 static void xso_update_options(QUIC_XSO
*xso
)
706 int cleanse
= ((xso
->ssl_options
& SSL_OP_CLEANSE_PLAINTEXT
) != 0);
708 if (xso
->stream
->rstream
!= NULL
)
709 ossl_quic_rstream_set_cleanse(xso
->stream
->rstream
, cleanse
);
711 if (xso
->stream
->sstream
!= NULL
)
712 ossl_quic_sstream_set_cleanse(xso
->stream
->sstream
, cleanse
);
719 * Setting options on a QCSO
720 * - configures the handshake-layer options;
721 * - configures the default data-plane options for new streams;
722 * - configures the data-plane options on the default XSO, if there is one.
724 * Setting options on a QSSO
725 * - configures data-plane options for that stream only.
728 static uint64_t quic_mask_or_options(SSL
*ssl
, uint64_t mask_value
, uint64_t or_value
)
731 uint64_t hs_mask_value
, hs_or_value
, ret
;
733 if (!expect_quic(ssl
, &ctx
))
738 if (!ctx
.is_stream
) {
740 * If we were called on the connection, we apply any handshake option
743 hs_mask_value
= (mask_value
& OSSL_QUIC_PERMITTED_OPTIONS_CONN
);
744 hs_or_value
= (or_value
& OSSL_QUIC_PERMITTED_OPTIONS_CONN
);
746 SSL_clear_options(ctx
.qc
->tls
, hs_mask_value
);
747 SSL_set_options(ctx
.qc
->tls
, hs_or_value
);
749 /* Update defaults for new streams. */
750 ctx
.qc
->default_ssl_options
751 = ((ctx
.qc
->default_ssl_options
& ~mask_value
) | or_value
)
752 & OSSL_QUIC_PERMITTED_OPTIONS
;
755 if (ctx
.xso
!= NULL
) {
757 = ((ctx
.xso
->ssl_options
& ~mask_value
) | or_value
)
758 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM
;
760 xso_update_options(ctx
.xso
);
763 ret
= ctx
.is_stream
? ctx
.xso
->ssl_options
: ctx
.qc
->default_ssl_options
;
769 uint64_t ossl_quic_set_options(SSL
*ssl
, uint64_t options
)
771 return quic_mask_or_options(ssl
, 0, options
);
774 /* SSL_clear_options */
775 uint64_t ossl_quic_clear_options(SSL
*ssl
, uint64_t options
)
777 return quic_mask_or_options(ssl
, options
, 0);
780 /* SSL_get_options */
781 uint64_t ossl_quic_get_options(const SSL
*ssl
)
783 return quic_mask_or_options((SSL
*)ssl
, 0, 0);
787 * QUIC Front-End I/O API: Network BIO Configuration
788 * =================================================
790 * Handling the different BIOs is difficult:
792 * - It is more or less a requirement that we use non-blocking network I/O;
793 * we need to be able to have timeouts on recv() calls, and make best effort
794 * (non blocking) send() and recv() calls.
796 * The only sensible way to do this is to configure the socket into
797 * non-blocking mode. We could try to do select() before calling send() or
798 * recv() to get a guarantee that the call will not block, but this will
799 * probably run into issues with buggy OSes which generate spurious socket
800 * readiness events. In any case, relying on this to work reliably does not
803 * Timeouts could be handled via setsockopt() socket timeout options, but
804 * this depends on OS support and adds another syscall to every network I/O
805 * operation. It also has obvious thread safety concerns if we want to move
806 * to concurrent use of a single socket at some later date.
808 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
809 * be made non-blocking. However some OSes (e.g. Windows) do not support
810 * this, so we cannot rely on this.
812 * As such, we need to configure any FD in non-blocking mode. This may
813 * confound users who pass a blocking socket to libssl. However, in practice
814 * it would be extremely strange for a user of QUIC to pass an FD to us,
815 * then also try and send receive traffic on the same socket(!). Thus the
816 * impact of this should be limited, and can be documented.
818 * - We support both blocking and non-blocking operation in terms of the API
819 * presented to the user. One prospect is to set the blocking mode based on
820 * whether the socket passed to us was already in blocking mode. However,
821 * Windows has no API for determining if a socket is in blocking mode (!),
822 * therefore this cannot be done portably. Currently therefore we expose an
823 * explicit API call to set this, and default to blocking mode.
825 * - We need to determine our initial destination UDP address. The "natural"
826 * way for a user to do this is to set the peer variable on a BIO_dgram.
827 * However, this has problems because BIO_dgram's peer variable is used for
828 * both transmission and reception. This means it can be constantly being
829 * changed to a malicious value (e.g. if some random unrelated entity on the
830 * network starts sending traffic to us) on every read call. This is not a
831 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
832 * calls only, which do not use this variable. However, we do need to let
833 * the user specify the peer in a 'normal' manner. The compromise here is
834 * that we grab the current peer value set at the time the write BIO is set
835 * and do not read the value again.
837 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
838 * Currently we do this by only supporting non-blocking mode.
843 * Determines what initial destination UDP address we should use, if possible.
844 * If this fails the client must set the destination address manually, or use a
845 * BIO which does not need a destination address.
847 static int csm_analyse_init_peer_addr(BIO
*net_wbio
, BIO_ADDR
*peer
)
849 if (BIO_dgram_detect_peer_addr(net_wbio
, peer
) <= 0)
855 static int qc_can_support_blocking_cached(QUIC_CONNECTION
*qc
)
857 QUIC_REACTOR
*rtor
= ossl_quic_channel_get_reactor(qc
->ch
);
859 return ossl_quic_reactor_can_poll_r(rtor
)
860 && ossl_quic_reactor_can_poll_w(rtor
);
863 static void qc_update_can_support_blocking(QUIC_CONNECTION
*qc
)
865 ossl_quic_port_update_poll_descriptors(qc
->port
); /* best effort */
868 static void qc_update_blocking_mode(QUIC_CONNECTION
*qc
)
870 qc
->blocking
= qc
->desires_blocking
&& qc_can_support_blocking_cached(qc
);
873 void ossl_quic_conn_set0_net_rbio(SSL
*s
, BIO
*net_rbio
)
877 if (!expect_quic(s
, &ctx
))
880 if (ctx
.qc
->net_rbio
== net_rbio
)
883 if (!ossl_quic_port_set_net_rbio(ctx
.qc
->port
, net_rbio
))
886 BIO_free_all(ctx
.qc
->net_rbio
);
887 ctx
.qc
->net_rbio
= net_rbio
;
889 if (net_rbio
!= NULL
)
890 BIO_set_nbio(net_rbio
, 1); /* best effort autoconfig */
893 * Determine if the current pair of read/write BIOs now set allows blocking
894 * mode to be supported.
896 qc_update_can_support_blocking(ctx
.qc
);
897 qc_update_blocking_mode(ctx
.qc
);
900 void ossl_quic_conn_set0_net_wbio(SSL
*s
, BIO
*net_wbio
)
904 if (!expect_quic(s
, &ctx
))
907 if (ctx
.qc
->net_wbio
== net_wbio
)
910 if (!ossl_quic_port_set_net_wbio(ctx
.qc
->port
, net_wbio
))
913 BIO_free_all(ctx
.qc
->net_wbio
);
914 ctx
.qc
->net_wbio
= net_wbio
;
916 if (net_wbio
!= NULL
)
917 BIO_set_nbio(net_wbio
, 1); /* best effort autoconfig */
920 * Determine if the current pair of read/write BIOs now set allows blocking
921 * mode to be supported.
923 qc_update_can_support_blocking(ctx
.qc
);
924 qc_update_blocking_mode(ctx
.qc
);
927 BIO
*ossl_quic_conn_get_net_rbio(const SSL
*s
)
931 if (!expect_quic(s
, &ctx
))
934 return ctx
.qc
->net_rbio
;
937 BIO
*ossl_quic_conn_get_net_wbio(const SSL
*s
)
941 if (!expect_quic(s
, &ctx
))
944 return ctx
.qc
->net_wbio
;
947 int ossl_quic_conn_get_blocking_mode(const SSL
*s
)
951 if (!expect_quic(s
, &ctx
))
955 return xso_blocking_mode(ctx
.xso
);
957 return qc_blocking_mode(ctx
.qc
);
961 int ossl_quic_conn_set_blocking_mode(SSL
*s
, int blocking
)
966 if (!expect_quic(s
, &ctx
))
971 /* Sanity check - can we support the request given the current network BIO? */
974 * If called directly on a QCSO, update our information on network BIO
978 qc_update_can_support_blocking(ctx
.qc
);
980 /* Cannot enable blocking mode if we do not have pollable FDs. */
981 if (!qc_can_support_blocking_cached(ctx
.qc
)) {
982 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_UNSUPPORTED
, NULL
);
989 * If called directly on a QCSO, update default and connection-level
992 ctx
.qc
->desires_blocking
= (blocking
!= 0);
994 if (ctx
.xso
!= NULL
) {
996 * If called on a QSSO or a QCSO with a default XSO, update the blocking
999 ctx
.xso
->desires_blocking
= (blocking
!= 0);
1000 ctx
.xso
->desires_blocking_set
= 1;
1005 qc_update_blocking_mode(ctx
.qc
);
1006 quic_unlock(ctx
.qc
);
1010 int ossl_quic_conn_set_initial_peer_addr(SSL
*s
,
1011 const BIO_ADDR
*peer_addr
)
1015 if (!expect_quic(s
, &ctx
))
1018 if (ctx
.qc
->started
)
1019 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
1022 if (peer_addr
== NULL
) {
1023 BIO_ADDR_clear(&ctx
.qc
->init_peer_addr
);
1027 ctx
.qc
->init_peer_addr
= *peer_addr
;
1032 * QUIC Front-End I/O API: Asynchronous I/O Management
1033 * ===================================================
1035 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1036 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1037 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1041 /* Returns 1 if the connection is being used in blocking mode. */
1042 static int qc_blocking_mode(const QUIC_CONNECTION
*qc
)
1044 return qc
->blocking
;
1047 static int xso_blocking_mode(const QUIC_XSO
*xso
)
1049 if (xso
->desires_blocking_set
)
1050 return xso
->desires_blocking
&& qc_can_support_blocking_cached(xso
->conn
);
1052 /* Only ever set if we can support blocking. */
1053 return xso
->conn
->blocking
;
1056 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1058 int ossl_quic_handle_events(SSL
*s
)
1062 if (!expect_quic(s
, &ctx
))
1066 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1067 quic_unlock(ctx
.qc
);
1072 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1073 * should next have events handled by the application by calling
1074 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1075 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1076 * the value of *tv is undefined.
1079 int ossl_quic_get_event_timeout(SSL
*s
, struct timeval
*tv
, int *is_infinite
)
1082 OSSL_TIME deadline
= ossl_time_infinite();
1084 if (!expect_quic(s
, &ctx
))
1090 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1092 if (ossl_time_is_infinite(deadline
)) {
1096 * Robustness against faulty applications that don't check *is_infinite;
1097 * harmless long timeout.
1099 tv
->tv_sec
= 1000000;
1102 quic_unlock(ctx
.qc
);
1106 *tv
= ossl_time_to_timeval(ossl_time_subtract(deadline
, get_time(ctx
.qc
)));
1108 quic_unlock(ctx
.qc
);
1112 /* SSL_get_rpoll_descriptor */
1113 int ossl_quic_get_rpoll_descriptor(SSL
*s
, BIO_POLL_DESCRIPTOR
*desc
)
1117 if (!expect_quic(s
, &ctx
))
1120 if (desc
== NULL
|| ctx
.qc
->net_rbio
== NULL
)
1121 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
1124 return BIO_get_rpoll_descriptor(ctx
.qc
->net_rbio
, desc
);
1127 /* SSL_get_wpoll_descriptor */
1128 int ossl_quic_get_wpoll_descriptor(SSL
*s
, BIO_POLL_DESCRIPTOR
*desc
)
1132 if (!expect_quic(s
, &ctx
))
1135 if (desc
== NULL
|| ctx
.qc
->net_wbio
== NULL
)
1136 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
1139 return BIO_get_wpoll_descriptor(ctx
.qc
->net_wbio
, desc
);
1142 /* SSL_net_read_desired */
1144 int ossl_quic_get_net_read_desired(SSL
*s
)
1149 if (!expect_quic(s
, &ctx
))
1153 ret
= ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1154 quic_unlock(ctx
.qc
);
1158 /* SSL_net_write_desired */
1160 int ossl_quic_get_net_write_desired(SSL
*s
)
1165 if (!expect_quic(s
, &ctx
))
1169 ret
= ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1170 quic_unlock(ctx
.qc
);
1175 * QUIC Front-End I/O API: Connection Lifecycle Operations
1176 * =======================================================
1178 * SSL_do_handshake => ossl_quic_do_handshake
1179 * SSL_set_connect_state => ossl_quic_set_connect_state
1180 * SSL_set_accept_state => ossl_quic_set_accept_state
1181 * SSL_shutdown => ossl_quic_shutdown
1182 * SSL_ctrl => ossl_quic_ctrl
1183 * (BIO/)SSL_connect => ossl_quic_connect
1184 * (BIO/)SSL_accept => ossl_quic_accept
1189 static void qc_shutdown_flush_init(QUIC_CONNECTION
*qc
)
1191 QUIC_STREAM_MAP
*qsm
;
1193 if (qc
->shutting_down
)
1196 qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
1198 ossl_quic_stream_map_begin_shutdown_flush(qsm
);
1199 qc
->shutting_down
= 1;
1202 /* Returns 1 if all shutdown-flush streams have been done with. */
1204 static int qc_shutdown_flush_finished(QUIC_CONNECTION
*qc
)
1206 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
1208 return qc
->shutting_down
1209 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm
);
1213 static int quic_shutdown_wait(void *arg
)
1215 QUIC_CONNECTION
*qc
= arg
;
1217 return ossl_quic_channel_is_terminated(qc
->ch
);
1220 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1221 static int quic_shutdown_flush_wait(void *arg
)
1223 QUIC_CONNECTION
*qc
= arg
;
1225 return ossl_quic_channel_is_term_any(qc
->ch
)
1226 || qc_shutdown_flush_finished(qc
);
1229 static int quic_shutdown_peer_wait(void *arg
)
1231 QUIC_CONNECTION
*qc
= arg
;
1232 return ossl_quic_channel_is_term_any(qc
->ch
);
1236 int ossl_quic_conn_shutdown(SSL
*s
, uint64_t flags
,
1237 const SSL_SHUTDOWN_EX_ARGS
*args
,
1242 int stream_flush
= ((flags
& SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH
) == 0);
1243 int no_block
= ((flags
& SSL_SHUTDOWN_FLAG_NO_BLOCK
) != 0);
1244 int wait_peer
= ((flags
& SSL_SHUTDOWN_FLAG_WAIT_PEER
) != 0);
1246 if (!expect_quic(s
, &ctx
))
1249 if (ctx
.is_stream
) {
1250 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_CONN_USE_ONLY
, NULL
);
1256 if (ossl_quic_channel_is_terminated(ctx
.qc
->ch
)) {
1257 quic_unlock(ctx
.qc
);
1261 /* Phase 1: Stream Flushing */
1262 if (!wait_peer
&& stream_flush
) {
1263 qc_shutdown_flush_init(ctx
.qc
);
1265 if (!qc_shutdown_flush_finished(ctx
.qc
)) {
1266 if (!no_block
&& qc_blocking_mode(ctx
.qc
)) {
1267 ret
= block_until_pred(ctx
.qc
, quic_shutdown_flush_wait
, ctx
.qc
, 0);
1273 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1277 if (!qc_shutdown_flush_finished(ctx
.qc
)) {
1278 quic_unlock(ctx
.qc
);
1279 return 0; /* ongoing */
1283 /* Phase 2: Connection Closure */
1284 if (wait_peer
&& !ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
1285 if (!no_block
&& qc_blocking_mode(ctx
.qc
)) {
1286 ret
= block_until_pred(ctx
.qc
, quic_shutdown_peer_wait
, ctx
.qc
, 0);
1292 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1295 if (!ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
1296 ret
= 0; /* peer hasn't closed yet - still not done */
1301 * We are at least terminating - go through the normal process of
1302 * waiting until we are in the TERMINATED state.
1306 /* Block mutation ops regardless of if we did stream flush. */
1307 ctx
.qc
->shutting_down
= 1;
1310 * This call is a no-op if we are already terminating, so it doesn't
1311 * affect the wait_peer case.
1313 ossl_quic_channel_local_close(ctx
.qc
->ch
,
1314 args
!= NULL
? args
->quic_error_code
: 0,
1315 args
!= NULL
? args
->quic_reason
: NULL
);
1317 SSL_set_shutdown(ctx
.qc
->tls
, SSL_SENT_SHUTDOWN
);
1319 if (ossl_quic_channel_is_terminated(ctx
.qc
->ch
)) {
1320 quic_unlock(ctx
.qc
);
1324 /* Phase 3: Terminating Wait Time */
1325 if (!no_block
&& qc_blocking_mode(ctx
.qc
)
1326 && (flags
& SSL_SHUTDOWN_FLAG_RAPID
) == 0) {
1327 ret
= block_until_pred(ctx
.qc
, quic_shutdown_wait
, ctx
.qc
, 0);
1333 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1336 ret
= ossl_quic_channel_is_terminated(ctx
.qc
->ch
);
1338 quic_unlock(ctx
.qc
);
1343 long ossl_quic_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
1347 if (!expect_quic(s
, &ctx
))
1352 /* If called on a QCSO, update the default mode. */
1354 ctx
.qc
->default_ssl_mode
|= (uint32_t)larg
;
1357 * If we were called on a QSSO or have a default stream, we also update
1360 if (ctx
.xso
!= NULL
) {
1361 /* Cannot enable EPW while AON write in progress. */
1362 if (ctx
.xso
->aon_write_in_progress
)
1363 larg
&= ~SSL_MODE_ENABLE_PARTIAL_WRITE
;
1365 ctx
.xso
->ssl_mode
|= (uint32_t)larg
;
1366 return ctx
.xso
->ssl_mode
;
1369 return ctx
.qc
->default_ssl_mode
;
1370 case SSL_CTRL_CLEAR_MODE
:
1372 ctx
.qc
->default_ssl_mode
&= ~(uint32_t)larg
;
1374 if (ctx
.xso
!= NULL
) {
1375 ctx
.xso
->ssl_mode
&= ~(uint32_t)larg
;
1376 return ctx
.xso
->ssl_mode
;
1379 return ctx
.qc
->default_ssl_mode
;
1381 case SSL_CTRL_SET_MSG_CALLBACK_ARG
:
1382 ossl_quic_channel_set_msg_callback_arg(ctx
.qc
->ch
, parg
);
1383 /* This ctrl also needs to be passed to the internal SSL object */
1384 return SSL_ctrl(ctx
.qc
->tls
, cmd
, larg
, parg
);
1386 case DTLS_CTRL_GET_TIMEOUT
: /* DTLSv1_get_timeout */
1390 if (!ossl_quic_get_event_timeout(s
, parg
, &is_infinite
))
1393 return !is_infinite
;
1395 case DTLS_CTRL_HANDLE_TIMEOUT
: /* DTLSv1_handle_timeout */
1396 /* For legacy compatibility with DTLS calls. */
1397 return ossl_quic_handle_events(s
) == 1 ? 1 : -1;
1399 /* Mask ctrls we shouldn't support for QUIC. */
1400 case SSL_CTRL_GET_READ_AHEAD
:
1401 case SSL_CTRL_SET_READ_AHEAD
:
1402 case SSL_CTRL_SET_MAX_SEND_FRAGMENT
:
1403 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT
:
1404 case SSL_CTRL_SET_MAX_PIPELINES
:
1409 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1410 * implementation. Either SSL_ctrl will handle it itself by direct
1411 * access into handshake layer state, or failing that, it will be passed
1412 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1413 * supported by anything, the handshake layer's ctrl method will finally
1416 return ossl_ctrl_internal(&ctx
.qc
->ssl
, cmd
, larg
, parg
, /*no_quic=*/1);
1420 /* SSL_set_connect_state */
1421 void ossl_quic_set_connect_state(SSL
*s
)
1425 if (!expect_quic(s
, &ctx
))
1428 /* Cannot be changed after handshake started */
1429 if (ctx
.qc
->started
|| ctx
.is_stream
)
1432 ctx
.qc
->as_server_state
= 0;
1435 /* SSL_set_accept_state */
1436 void ossl_quic_set_accept_state(SSL
*s
)
1440 if (!expect_quic(s
, &ctx
))
1443 /* Cannot be changed after handshake started */
1444 if (ctx
.qc
->started
|| ctx
.is_stream
)
1447 ctx
.qc
->as_server_state
= 1;
1450 /* SSL_do_handshake */
1451 struct quic_handshake_wait_args
{
1452 QUIC_CONNECTION
*qc
;
1455 static int tls_wants_non_io_retry(QUIC_CONNECTION
*qc
)
1457 int want
= SSL_want(qc
->tls
);
1459 if (want
== SSL_X509_LOOKUP
1460 || want
== SSL_CLIENT_HELLO_CB
1461 || want
== SSL_RETRY_VERIFY
)
1467 static int quic_handshake_wait(void *arg
)
1469 struct quic_handshake_wait_args
*args
= arg
;
1471 if (!quic_mutation_allowed(args
->qc
, /*req_active=*/1))
1474 if (ossl_quic_channel_is_handshake_complete(args
->qc
->ch
))
1477 if (tls_wants_non_io_retry(args
->qc
))
1483 static int configure_channel(QUIC_CONNECTION
*qc
)
1485 assert(qc
->ch
!= NULL
);
1487 if (!ossl_quic_port_set_net_rbio(qc
->port
, qc
->net_rbio
)
1488 || !ossl_quic_port_set_net_wbio(qc
->port
, qc
->net_wbio
)
1489 || !ossl_quic_channel_set_peer_addr(qc
->ch
, &qc
->init_peer_addr
))
1496 static int create_channel(QUIC_CONNECTION
*qc
)
1498 QUIC_ENGINE_ARGS engine_args
= {0};
1499 QUIC_PORT_ARGS port_args
= {0};
1501 engine_args
.libctx
= qc
->ssl
.ctx
->libctx
;
1502 engine_args
.propq
= qc
->ssl
.ctx
->propq
;
1503 engine_args
.mutex
= qc
->mutex
;
1504 engine_args
.now_cb
= get_time_cb
;
1505 engine_args
.now_cb_arg
= qc
;
1506 qc
->engine
= ossl_quic_engine_new(&engine_args
);
1507 if (qc
->engine
== NULL
) {
1508 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1512 port_args
.channel_ctx
= qc
->ssl
.ctx
;
1513 qc
->port
= ossl_quic_engine_create_port(qc
->engine
, &port_args
);
1514 if (qc
->port
== NULL
) {
1515 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1516 ossl_quic_engine_free(qc
->engine
);
1520 qc
->ch
= ossl_quic_port_create_outgoing(qc
->port
, qc
->tls
);
1521 if (qc
->ch
== NULL
) {
1522 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1523 ossl_quic_port_free(qc
->port
);
1524 ossl_quic_engine_free(qc
->engine
);
1532 * Configures a channel with the information we have accumulated via calls made
1533 * to us from the application prior to starting a handshake attempt.
1536 static int ensure_channel_started(QCTX
*ctx
)
1538 QUIC_CONNECTION
*qc
= ctx
->qc
;
1541 if (!configure_channel(qc
)) {
1542 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1543 "failed to configure channel");
1547 if (!ossl_quic_channel_start(qc
->ch
)) {
1548 ossl_quic_channel_restore_err_state(qc
->ch
);
1549 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1550 "failed to start channel");
1554 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1555 if (qc
->is_thread_assisted
)
1556 if (!ossl_quic_thread_assist_init_start(&qc
->thread_assist
, qc
->ch
,
1557 qc
->override_now_cb
,
1558 qc
->override_now_cb_arg
)) {
1559 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1560 "failed to start assist thread");
1571 static int quic_do_handshake(QCTX
*ctx
)
1574 QUIC_CONNECTION
*qc
= ctx
->qc
;
1576 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1577 /* Handshake already completed. */
1580 if (!quic_mutation_allowed(qc
, /*req_active=*/0))
1581 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1583 if (qc
->as_server
!= qc
->as_server_state
) {
1584 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
1585 return -1; /* Non-protocol error */
1588 if (qc
->net_rbio
== NULL
|| qc
->net_wbio
== NULL
) {
1589 /* Need read and write BIOs. */
1590 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_BIO_NOT_SET
, NULL
);
1591 return -1; /* Non-protocol error */
1595 * We need to determine our addressing mode. There are basically two
1596 * ways we can use L4 addresses:
1598 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1599 * addresses attached to them which we expect the underlying network BIO
1602 * - Unaddressed mode, in which the BIO provided to us on the
1603 * network side neither provides us with L4 addresses nor is capable of
1604 * honouring ones we provide. We don't know where the QUIC traffic we
1605 * send ends up exactly and trust the application to know what it is
1608 * Addressed mode is preferred because it enables support for connection
1609 * migration, multipath, etc. in the future. Addressed mode is automatically
1610 * enabled if we are using e.g. BIO_s_datagram, with or without
1613 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1614 * use unaddressed mode unless that BIO supports capability flags indicating
1615 * it can provide and honour L4 addresses.
1617 * Our strategy for determining address mode is simple: we probe the
1618 * underlying network BIOs for their capabilities. If the network BIOs
1619 * support what we need, we use addressed mode. Otherwise, we use
1622 * If addressed mode is chosen, we require an initial peer address to be
1623 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1624 * require this, as such an address is superfluous, though it can be set if
1627 if (!qc
->started
&& !qc
->addressing_probe_done
) {
1628 long rcaps
= BIO_dgram_get_effective_caps(qc
->net_rbio
);
1629 long wcaps
= BIO_dgram_get_effective_caps(qc
->net_wbio
);
1631 qc
->addressed_mode_r
= ((rcaps
& BIO_DGRAM_CAP_PROVIDES_SRC_ADDR
) != 0);
1632 qc
->addressed_mode_w
= ((wcaps
& BIO_DGRAM_CAP_HANDLES_DST_ADDR
) != 0);
1633 qc
->addressing_probe_done
= 1;
1636 if (!qc
->started
&& qc
->addressed_mode_w
1637 && BIO_ADDR_family(&qc
->init_peer_addr
) == AF_UNSPEC
) {
1639 * We are trying to connect and are using addressed mode, which means we
1640 * need an initial peer address; if we do not have a peer address yet,
1641 * we should try to autodetect one.
1643 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1644 * may not be able to provide us with a peer address until they have
1645 * finished their own processing. They may not be able to perform this
1646 * processing until an application has finished configuring that BIO
1647 * (e.g. with setter calls), which might happen after SSL_set_bio is
1650 if (!csm_analyse_init_peer_addr(qc
->net_wbio
, &qc
->init_peer_addr
))
1652 BIO_ADDR_clear(&qc
->init_peer_addr
);
1654 ossl_quic_channel_set_peer_addr(qc
->ch
, &qc
->init_peer_addr
);
1658 && qc
->addressed_mode_w
1659 && BIO_ADDR_family(&qc
->init_peer_addr
) == AF_UNSPEC
) {
1661 * If we still don't have a peer address in addressed mode, we can't do
1664 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET
, NULL
);
1665 return -1; /* Non-protocol error */
1669 * Start connection process. Note we may come here multiple times in
1670 * non-blocking mode, which is fine.
1672 if (!ensure_channel_started(ctx
)) /* raises on failure */
1673 return -1; /* Non-protocol error */
1675 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1676 /* The handshake is now done. */
1679 if (!qc_blocking_mode(qc
)) {
1680 /* Try to advance the reactor. */
1681 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc
->ch
), 0);
1683 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1684 /* The handshake is now done. */
1687 if (ossl_quic_channel_is_term_any(qc
->ch
)) {
1688 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1690 } else if (qc
->desires_blocking
) {
1692 * As a special case when doing a handshake when blocking mode is
1693 * desired yet not available, see if the network BIOs have become
1694 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1695 * which do late creation of socket FDs and therefore cannot expose
1696 * a poll descriptor until after a network BIO is set on the QCSO.
1698 assert(!qc
->blocking
);
1699 qc_update_can_support_blocking(qc
);
1700 qc_update_blocking_mode(qc
);
1705 * We are either in blocking mode or just entered it due to the code above.
1707 if (qc_blocking_mode(qc
)) {
1708 /* In blocking mode, wait for the handshake to complete. */
1709 struct quic_handshake_wait_args args
;
1713 ret
= block_until_pred(qc
, quic_handshake_wait
, &args
, 0);
1714 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
1715 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1716 return 0; /* Shutdown before completion */
1717 } else if (ret
<= 0) {
1718 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1719 return -1; /* Non-protocol error */
1722 if (tls_wants_non_io_retry(qc
)) {
1723 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_get_error(qc
->tls
, 0));
1727 assert(ossl_quic_channel_is_handshake_complete(qc
->ch
));
1731 if (tls_wants_non_io_retry(qc
)) {
1732 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_get_error(qc
->tls
, 0));
1737 * Otherwise, indicate that the handshake isn't done yet.
1738 * We can only get here in non-blocking mode.
1740 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_READ
);
1741 return -1; /* Non-protocol error */
1745 int ossl_quic_do_handshake(SSL
*s
)
1750 if (!expect_quic(s
, &ctx
))
1753 quic_lock_for_io(&ctx
);
1755 ret
= quic_do_handshake(&ctx
);
1756 quic_unlock(ctx
.qc
);
1761 int ossl_quic_connect(SSL
*s
)
1763 /* Ensure we are in connect state (no-op if non-idle). */
1764 ossl_quic_set_connect_state(s
);
1766 /* Begin or continue the handshake */
1767 return ossl_quic_do_handshake(s
);
1771 int ossl_quic_accept(SSL
*s
)
1773 /* Ensure we are in accept state (no-op if non-idle). */
1774 ossl_quic_set_accept_state(s
);
1776 /* Begin or continue the handshake */
1777 return ossl_quic_do_handshake(s
);
1781 * QUIC Front-End I/O API: Stream Lifecycle Operations
1782 * ===================================================
1784 * SSL_stream_new => ossl_quic_conn_stream_new
1789 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1790 * default XSO was created. Returns 0 if it was not (e.g. because it already
1791 * exists). Note that this is NOT an error condition.
1794 static int qc_try_create_default_xso_for_write(QCTX
*ctx
)
1797 QUIC_CONNECTION
*qc
= ctx
->qc
;
1799 if (qc
->default_xso_created
1800 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
1802 * We only do this once. If the user detaches a previously created
1803 * default XSO we don't auto-create another one.
1805 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
1807 /* Create a locally-initiated stream. */
1808 if (qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_AUTO_UNI
)
1809 flags
|= SSL_STREAM_FLAG_UNI
;
1811 qc_set_default_xso(qc
, (QUIC_XSO
*)quic_conn_stream_new(ctx
, flags
,
1814 if (qc
->default_xso
== NULL
)
1815 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1817 qc_touch_default_xso(qc
);
1821 struct quic_wait_for_stream_args
{
1822 QUIC_CONNECTION
*qc
;
1829 static int quic_wait_for_stream(void *arg
)
1831 struct quic_wait_for_stream_args
*args
= arg
;
1833 if (!quic_mutation_allowed(args
->qc
, /*req_active=*/1)) {
1834 /* If connection is torn down due to an error while blocking, stop. */
1835 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1839 args
->qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args
->qc
->ch
),
1840 args
->expect_id
| QUIC_STREAM_DIR_BIDI
);
1841 if (args
->qs
== NULL
)
1842 args
->qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args
->qc
->ch
),
1843 args
->expect_id
| QUIC_STREAM_DIR_UNI
);
1845 if (args
->qs
!= NULL
)
1846 return 1; /* stream now exists */
1848 return 0; /* did not get a stream, keep trying */
1852 static int qc_wait_for_default_xso_for_read(QCTX
*ctx
)
1854 /* Called on a QCSO and we don't currently have a default stream. */
1856 QUIC_CONNECTION
*qc
= ctx
->qc
;
1859 struct quic_wait_for_stream_args wargs
;
1860 OSSL_RTT_INFO rtt_info
;
1863 * If default stream functionality is disabled or we already detached
1864 * one, don't make another default stream and just fail.
1866 if (qc
->default_xso_created
1867 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
1868 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
1871 * The peer may have opened a stream since we last ticked. So tick and
1872 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1873 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1874 * first stream created by a peer must have an ordinal of 0.
1876 expect_id
= qc
->as_server
1877 ? QUIC_STREAM_INITIATOR_CLIENT
1878 : QUIC_STREAM_INITIATOR_SERVER
;
1880 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1881 expect_id
| QUIC_STREAM_DIR_BIDI
);
1883 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1884 expect_id
| QUIC_STREAM_DIR_UNI
);
1887 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc
->ch
), 0);
1889 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1894 if (!qc_blocking_mode(qc
))
1895 /* Non-blocking mode, so just bail immediately. */
1896 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_READ
);
1898 /* Block until we have a stream. */
1902 wargs
.expect_id
= expect_id
;
1904 res
= block_until_pred(qc
, quic_wait_for_stream
, &wargs
, 0);
1906 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1907 else if (res
< 0 || wargs
.qs
== NULL
)
1908 /* quic_wait_for_stream raised error here */
1915 * We now have qs != NULL. Remove it from the incoming stream queue so that
1916 * it isn't also returned by any future SSL_accept_stream calls.
1918 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc
->ch
), &rtt_info
);
1919 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc
->ch
),
1920 qs
, rtt_info
.smoothed_rtt
);
1923 * Now make qs the default stream, creating the necessary XSO.
1925 qc_set_default_xso(qc
, create_xso_from_stream(qc
, qs
), /*touch=*/0);
1926 if (qc
->default_xso
== NULL
)
1927 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1929 qc_touch_default_xso(qc
); /* inhibits default XSO */
1934 static QUIC_XSO
*create_xso_from_stream(QUIC_CONNECTION
*qc
, QUIC_STREAM
*qs
)
1936 QUIC_XSO
*xso
= NULL
;
1938 if ((xso
= OPENSSL_zalloc(sizeof(*xso
))) == NULL
) {
1939 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
1943 if (!ossl_ssl_init(&xso
->ssl
, qc
->ssl
.ctx
, qc
->ssl
.method
, SSL_TYPE_QUIC_XSO
)) {
1944 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1949 if (!SSL_up_ref(&qc
->ssl
)) {
1950 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_SSL_LIB
, NULL
);
1955 xso
->ssl_mode
= qc
->default_ssl_mode
;
1957 = qc
->default_ssl_options
& OSSL_QUIC_PERMITTED_OPTIONS_STREAM
;
1958 xso
->last_error
= SSL_ERROR_NONE
;
1963 xso_update_options(xso
);
1971 struct quic_new_stream_wait_args
{
1972 QUIC_CONNECTION
*qc
;
1976 static int quic_new_stream_wait(void *arg
)
1978 struct quic_new_stream_wait_args
*args
= arg
;
1979 QUIC_CONNECTION
*qc
= args
->qc
;
1981 if (!quic_mutation_allowed(qc
, /*req_active=*/1))
1984 if (ossl_quic_channel_is_new_local_stream_admissible(qc
->ch
, args
->is_uni
))
1990 /* locking depends on need_lock */
1991 static SSL
*quic_conn_stream_new(QCTX
*ctx
, uint64_t flags
, int need_lock
)
1994 QUIC_CONNECTION
*qc
= ctx
->qc
;
1995 QUIC_XSO
*xso
= NULL
;
1996 QUIC_STREAM
*qs
= NULL
;
1997 int is_uni
= ((flags
& SSL_STREAM_FLAG_UNI
) != 0);
1998 int no_blocking
= ((flags
& SSL_STREAM_FLAG_NO_BLOCK
) != 0);
1999 int advance
= ((flags
& SSL_STREAM_FLAG_ADVANCE
) != 0);
2004 if (!quic_mutation_allowed(qc
, /*req_active=*/0)) {
2005 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2010 && !ossl_quic_channel_is_new_local_stream_admissible(qc
->ch
, is_uni
)) {
2011 struct quic_new_stream_wait_args args
;
2014 * Stream count flow control currently doesn't permit this stream to be
2017 if (no_blocking
|| !qc_blocking_mode(qc
)) {
2018 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_STREAM_COUNT_LIMITED
, NULL
);
2023 args
.is_uni
= is_uni
;
2025 /* Blocking mode - wait until we can get a stream. */
2026 ret
= block_until_pred(ctx
->qc
, quic_new_stream_wait
, &args
, 0);
2027 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
2028 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2029 goto err
; /* Shutdown before completion */
2030 } else if (ret
<= 0) {
2031 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2032 goto err
; /* Non-protocol error */
2036 qs
= ossl_quic_channel_new_stream_local(qc
->ch
, is_uni
);
2038 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2042 xso
= create_xso_from_stream(qc
, qs
);
2046 qc_touch_default_xso(qc
); /* inhibits default XSO */
2054 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc
->ch
), qs
);
2063 SSL
*ossl_quic_conn_stream_new(SSL
*s
, uint64_t flags
)
2067 if (!expect_quic_conn_only(s
, &ctx
))
2070 return quic_conn_stream_new(&ctx
, flags
, /*need_lock=*/1);
2074 * QUIC Front-End I/O API: Steady-State Operations
2075 * ===============================================
2077 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2078 * is, the functions used during the established phase of a QUIC connection
2079 * (e.g. SSL_read, SSL_write).
2081 * Each function must handle both blocking and non-blocking modes. As discussed
2082 * above, all QUIC I/O is implemented using non-blocking mode internally.
2084 * SSL_get_error => partially implemented by ossl_quic_get_error
2085 * SSL_want => ossl_quic_want
2086 * (BIO/)SSL_read => ossl_quic_read
2087 * (BIO/)SSL_write => ossl_quic_write
2088 * SSL_pending => ossl_quic_pending
2089 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2090 * SSL_key_update => ossl_quic_key_update
2094 int ossl_quic_get_error(const SSL
*s
, int i
)
2097 int net_error
, last_error
;
2099 if (!expect_quic(s
, &ctx
))
2103 net_error
= ossl_quic_channel_net_error(ctx
.qc
->ch
);
2104 last_error
= ctx
.is_stream
? ctx
.xso
->last_error
: ctx
.qc
->last_error
;
2105 quic_unlock(ctx
.qc
);
2108 return SSL_ERROR_SYSCALL
;
2113 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2114 static int error_to_want(int error
)
2117 case SSL_ERROR_WANT_CONNECT
: /* never used - UDP is connectionless */
2118 case SSL_ERROR_WANT_ACCEPT
: /* never used - UDP is connectionless */
2119 case SSL_ERROR_ZERO_RETURN
:
2123 case SSL_ERROR_WANT_READ
:
2126 case SSL_ERROR_WANT_WRITE
:
2129 case SSL_ERROR_WANT_RETRY_VERIFY
:
2130 return SSL_RETRY_VERIFY
;
2132 case SSL_ERROR_WANT_CLIENT_HELLO_CB
:
2133 return SSL_CLIENT_HELLO_CB
;
2135 case SSL_ERROR_WANT_X509_LOOKUP
:
2136 return SSL_X509_LOOKUP
;
2141 int ossl_quic_want(const SSL
*s
)
2146 if (!expect_quic(s
, &ctx
))
2151 w
= error_to_want(ctx
.is_stream
? ctx
.xso
->last_error
: ctx
.qc
->last_error
);
2153 quic_unlock(ctx
.qc
);
2161 * The set of functions below provide the implementation of the public SSL_write
2162 * function. We must handle:
2164 * - both blocking and non-blocking operation at the application level,
2165 * depending on how we are configured;
2167 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2169 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2173 static void quic_post_write(QUIC_XSO
*xso
, int did_append
,
2174 int did_append_all
, uint64_t flags
,
2178 * We have appended at least one byte to the stream.
2179 * Potentially mark stream as active, depending on FC.
2182 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso
->conn
->ch
),
2185 if (did_append_all
&& (flags
& SSL_WRITE_FLAG_CONCLUDE
) != 0)
2186 ossl_quic_sstream_fin(xso
->stream
->sstream
);
2191 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2192 * immediately, plus we should eventually consider Nagle's algorithm.
2195 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso
->conn
->ch
), 0);
2198 struct quic_write_again_args
{
2200 const unsigned char *buf
;
2202 size_t total_written
;
2208 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2209 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2210 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2212 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2215 * Ensure spare buffer space available (up until a limit, at least).
2218 static int sstream_ensure_spare(QUIC_SSTREAM
*sstream
, uint64_t spare
)
2220 size_t cur_sz
= ossl_quic_sstream_get_buffer_size(sstream
);
2221 size_t avail
= ossl_quic_sstream_get_buffer_avail(sstream
);
2222 size_t spare_
= (spare
> SIZE_MAX
) ? SIZE_MAX
: (size_t)spare
;
2223 size_t new_sz
, growth
;
2225 if (spare_
<= avail
|| cur_sz
== MAX_WRITE_BUF_SIZE
)
2228 growth
= spare_
- avail
;
2229 if (cur_sz
+ growth
> MAX_WRITE_BUF_SIZE
)
2230 new_sz
= MAX_WRITE_BUF_SIZE
;
2232 new_sz
= cur_sz
+ growth
;
2234 return ossl_quic_sstream_set_buffer_size(sstream
, new_sz
);
2238 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2239 * as needed according to flow control.
2242 static int xso_sstream_append(QUIC_XSO
*xso
, const unsigned char *buf
,
2243 size_t len
, size_t *actual_written
)
2245 QUIC_SSTREAM
*sstream
= xso
->stream
->sstream
;
2246 uint64_t cur
= ossl_quic_sstream_get_cur_size(sstream
);
2247 uint64_t cwm
= ossl_quic_txfc_get_cwm(&xso
->stream
->txfc
);
2248 uint64_t permitted
= (cwm
>= cur
? cwm
- cur
: 0);
2250 if (len
> permitted
)
2251 len
= (size_t)permitted
;
2253 if (!sstream_ensure_spare(sstream
, len
))
2256 return ossl_quic_sstream_append(sstream
, buf
, len
, actual_written
);
2260 static int quic_write_again(void *arg
)
2262 struct quic_write_again_args
*args
= arg
;
2263 size_t actual_written
= 0;
2265 if (!quic_mutation_allowed(args
->xso
->conn
, /*req_active=*/1))
2266 /* If connection is torn down due to an error while blocking, stop. */
2269 if (!quic_validate_for_write(args
->xso
, &args
->err
))
2271 * Stream may have become invalid for write due to connection events
2276 args
->err
= ERR_R_INTERNAL_ERROR
;
2277 if (!xso_sstream_append(args
->xso
, args
->buf
, args
->len
, &actual_written
))
2280 quic_post_write(args
->xso
, actual_written
> 0,
2281 args
->len
== actual_written
, args
->flags
, 0);
2283 args
->buf
+= actual_written
;
2284 args
->len
-= actual_written
;
2285 args
->total_written
+= actual_written
;
2288 /* Written everything, done. */
2291 /* Not written everything yet, keep trying. */
2296 static int quic_write_blocking(QCTX
*ctx
, const void *buf
, size_t len
,
2297 uint64_t flags
, size_t *written
)
2300 QUIC_XSO
*xso
= ctx
->xso
;
2301 struct quic_write_again_args args
;
2302 size_t actual_written
= 0;
2304 /* First make a best effort to append as much of the data as possible. */
2305 if (!xso_sstream_append(xso
, buf
, len
, &actual_written
)) {
2306 /* Stream already finished or allocation error. */
2308 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2311 quic_post_write(xso
, actual_written
> 0, actual_written
== len
, flags
, 1);
2313 if (actual_written
== len
) {
2314 /* Managed to append everything on the first try. */
2315 *written
= actual_written
;
2320 * We did not manage to append all of the data immediately, so the stream
2321 * buffer has probably filled up. This means we need to block until some of
2325 args
.buf
= (const unsigned char *)buf
+ actual_written
;
2326 args
.len
= len
- actual_written
;
2327 args
.total_written
= 0;
2328 args
.err
= ERR_R_INTERNAL_ERROR
;
2331 res
= block_until_pred(xso
->conn
, quic_write_again
, &args
, 0);
2333 if (!quic_mutation_allowed(xso
->conn
, /*req_active=*/1))
2334 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2336 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, args
.err
, NULL
);
2339 *written
= args
.total_written
;
2344 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2347 static void aon_write_begin(QUIC_XSO
*xso
, const unsigned char *buf
,
2348 size_t buf_len
, size_t already_sent
)
2350 assert(!xso
->aon_write_in_progress
);
2352 xso
->aon_write_in_progress
= 1;
2353 xso
->aon_buf_base
= buf
;
2354 xso
->aon_buf_pos
= already_sent
;
2355 xso
->aon_buf_len
= buf_len
;
2358 static void aon_write_finish(QUIC_XSO
*xso
)
2360 xso
->aon_write_in_progress
= 0;
2361 xso
->aon_buf_base
= NULL
;
2362 xso
->aon_buf_pos
= 0;
2363 xso
->aon_buf_len
= 0;
2367 static int quic_write_nonblocking_aon(QCTX
*ctx
, const void *buf
,
2368 size_t len
, uint64_t flags
,
2371 QUIC_XSO
*xso
= ctx
->xso
;
2372 const void *actual_buf
;
2373 size_t actual_len
, actual_written
= 0;
2374 int accept_moving_buffer
2375 = ((xso
->ssl_mode
& SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
) != 0);
2377 if (xso
->aon_write_in_progress
) {
2379 * We are in the middle of an AON write (i.e., a previous write did not
2380 * manage to append all data to the SSTREAM and we have Enable Partial
2381 * Write (EPW) mode disabled.)
2383 if ((!accept_moving_buffer
&& xso
->aon_buf_base
!= buf
)
2384 || len
!= xso
->aon_buf_len
)
2386 * Pointer must not have changed if we are not in accept moving
2387 * buffer mode. Length must never change.
2389 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_BAD_WRITE_RETRY
, NULL
);
2391 actual_buf
= (unsigned char *)buf
+ xso
->aon_buf_pos
;
2392 actual_len
= len
- xso
->aon_buf_pos
;
2393 assert(actual_len
> 0);
2399 /* First make a best effort to append as much of the data as possible. */
2400 if (!xso_sstream_append(xso
, actual_buf
, actual_len
, &actual_written
)) {
2401 /* Stream already finished or allocation error. */
2403 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2406 quic_post_write(xso
, actual_written
> 0, actual_written
== actual_len
,
2409 if (actual_written
== actual_len
) {
2410 /* We have sent everything. */
2411 if (xso
->aon_write_in_progress
) {
2413 * We have sent everything, and we were in the middle of an AON
2414 * write. The output write length is the total length of the AON
2415 * buffer, not however many bytes we managed to write to the stream
2418 *written
= xso
->aon_buf_len
;
2419 aon_write_finish(xso
);
2421 *written
= actual_written
;
2427 if (xso
->aon_write_in_progress
) {
2429 * AON write is in progress but we have not written everything yet. We
2430 * may have managed to send zero bytes, or some number of bytes less
2431 * than the total remaining which need to be appended during this
2434 xso
->aon_buf_pos
+= actual_written
;
2435 assert(xso
->aon_buf_pos
< xso
->aon_buf_len
);
2436 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_WRITE
);
2440 * Not in an existing AON operation but partial write is not enabled, so we
2441 * need to begin a new AON operation. However we needn't bother if we didn't
2442 * actually append anything.
2444 if (actual_written
> 0)
2445 aon_write_begin(xso
, buf
, len
, actual_written
);
2448 * AON - We do not publicly admit to having appended anything until AON
2452 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_WRITE
);
2456 static int quic_write_nonblocking_epw(QCTX
*ctx
, const void *buf
, size_t len
,
2457 uint64_t flags
, size_t *written
)
2459 QUIC_XSO
*xso
= ctx
->xso
;
2461 /* Simple best effort operation. */
2462 if (!xso_sstream_append(xso
, buf
, len
, written
)) {
2463 /* Stream already finished or allocation error. */
2465 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2468 quic_post_write(xso
, *written
> 0, *written
== len
, flags
, 1);
2473 static int quic_validate_for_write(QUIC_XSO
*xso
, int *err
)
2475 QUIC_STREAM_MAP
*qsm
;
2477 if (xso
== NULL
|| xso
->stream
== NULL
) {
2478 *err
= ERR_R_INTERNAL_ERROR
;
2482 switch (xso
->stream
->send_state
) {
2484 case QUIC_SSTREAM_STATE_NONE
:
2485 *err
= SSL_R_STREAM_RECV_ONLY
;
2488 case QUIC_SSTREAM_STATE_READY
:
2489 qsm
= ossl_quic_channel_get_qsm(xso
->conn
->ch
);
2491 if (!ossl_quic_stream_map_ensure_send_part_id(qsm
, xso
->stream
)) {
2492 *err
= ERR_R_INTERNAL_ERROR
;
2497 case QUIC_SSTREAM_STATE_SEND
:
2498 case QUIC_SSTREAM_STATE_DATA_SENT
:
2499 case QUIC_SSTREAM_STATE_DATA_RECVD
:
2500 if (ossl_quic_sstream_get_final_size(xso
->stream
->sstream
, NULL
)) {
2501 *err
= SSL_R_STREAM_FINISHED
;
2507 case QUIC_SSTREAM_STATE_RESET_SENT
:
2508 case QUIC_SSTREAM_STATE_RESET_RECVD
:
2509 *err
= SSL_R_STREAM_RESET
;
2515 int ossl_quic_write_flags(SSL
*s
, const void *buf
, size_t len
,
2516 uint64_t flags
, size_t *written
)
2520 int partial_write
, err
;
2524 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/0, /*io=*/1, &ctx
))
2527 partial_write
= ((ctx
.xso
->ssl_mode
& SSL_MODE_ENABLE_PARTIAL_WRITE
) != 0);
2529 if ((flags
& ~SSL_WRITE_FLAG_CONCLUDE
) != 0) {
2530 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_UNSUPPORTED_WRITE_FLAG
, NULL
);
2534 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/0)) {
2535 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2540 * If we haven't finished the handshake, try to advance it.
2541 * We don't accept writes until the handshake is completed.
2543 if (quic_do_handshake(&ctx
) < 1) {
2548 /* Ensure correct stream state, stream send part not concluded, etc. */
2549 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
2550 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
2555 if ((flags
& SSL_WRITE_FLAG_CONCLUDE
) != 0)
2556 quic_post_write(ctx
.xso
, 0, 1, flags
, 1);
2562 if (xso_blocking_mode(ctx
.xso
))
2563 ret
= quic_write_blocking(&ctx
, buf
, len
, flags
, written
);
2564 else if (partial_write
)
2565 ret
= quic_write_nonblocking_epw(&ctx
, buf
, len
, flags
, written
);
2567 ret
= quic_write_nonblocking_aon(&ctx
, buf
, len
, flags
, written
);
2570 quic_unlock(ctx
.qc
);
2575 int ossl_quic_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
2577 return ossl_quic_write_flags(s
, buf
, len
, 0, written
);
2584 struct quic_read_again_args
{
2586 QUIC_STREAM
*stream
;
2594 static int quic_validate_for_read(QUIC_XSO
*xso
, int *err
, int *eos
)
2596 QUIC_STREAM_MAP
*qsm
;
2600 if (xso
== NULL
|| xso
->stream
== NULL
) {
2601 *err
= ERR_R_INTERNAL_ERROR
;
2605 switch (xso
->stream
->recv_state
) {
2607 case QUIC_RSTREAM_STATE_NONE
:
2608 *err
= SSL_R_STREAM_SEND_ONLY
;
2611 case QUIC_RSTREAM_STATE_RECV
:
2612 case QUIC_RSTREAM_STATE_SIZE_KNOWN
:
2613 case QUIC_RSTREAM_STATE_DATA_RECVD
:
2616 case QUIC_RSTREAM_STATE_DATA_READ
:
2620 case QUIC_RSTREAM_STATE_RESET_RECVD
:
2621 qsm
= ossl_quic_channel_get_qsm(xso
->conn
->ch
);
2622 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm
, xso
->stream
);
2625 case QUIC_RSTREAM_STATE_RESET_READ
:
2626 *err
= SSL_R_STREAM_RESET
;
2632 static int quic_read_actual(QCTX
*ctx
,
2633 QUIC_STREAM
*stream
,
2634 void *buf
, size_t buf_len
,
2638 int is_fin
= 0, err
, eos
;
2639 QUIC_CONNECTION
*qc
= ctx
->qc
;
2641 if (!quic_validate_for_read(ctx
->xso
, &err
, &eos
)) {
2643 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_ZERO_RETURN
);
2645 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, err
, NULL
);
2649 if (!ossl_quic_rstream_peek(stream
->rstream
, buf
, buf_len
,
2650 bytes_read
, &is_fin
))
2651 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2654 if (!ossl_quic_rstream_read(stream
->rstream
, buf
, buf_len
,
2655 bytes_read
, &is_fin
))
2656 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2660 if (*bytes_read
> 0) {
2662 * We have read at least one byte from the stream. Inform stream-level
2663 * RXFC of the retirement of controlled bytes. Update the active stream
2664 * status (the RXFC may now want to emit a frame granting more credit to
2667 OSSL_RTT_INFO rtt_info
;
2669 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc
->ch
), &rtt_info
);
2671 if (!ossl_quic_rxfc_on_retire(&stream
->rxfc
, *bytes_read
,
2672 rtt_info
.smoothed_rtt
))
2673 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2676 if (is_fin
&& !peek
) {
2677 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(ctx
->qc
->ch
);
2679 ossl_quic_stream_map_notify_totally_read(qsm
, ctx
->xso
->stream
);
2682 if (*bytes_read
> 0)
2683 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc
->ch
),
2687 if (*bytes_read
== 0 && is_fin
)
2688 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_ZERO_RETURN
);
2694 static int quic_read_again(void *arg
)
2696 struct quic_read_again_args
*args
= arg
;
2698 if (!quic_mutation_allowed(args
->ctx
->qc
, /*req_active=*/1)) {
2699 /* If connection is torn down due to an error while blocking, stop. */
2700 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2704 if (!quic_read_actual(args
->ctx
, args
->stream
,
2705 args
->buf
, args
->len
, args
->bytes_read
,
2709 if (*args
->bytes_read
> 0)
2710 /* got at least one byte, the SSL_read op can finish now */
2713 return 0; /* did not read anything, keep trying */
2717 static int quic_read(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
, int peek
)
2721 struct quic_read_again_args args
;
2725 if (!expect_quic(s
, &ctx
))
2728 quic_lock_for_io(&ctx
);
2730 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/0)) {
2731 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2735 /* If we haven't finished the handshake, try to advance it. */
2736 if (quic_do_handshake(&ctx
) < 1) {
2737 ret
= 0; /* ossl_quic_do_handshake raised error here */
2741 if (ctx
.xso
== NULL
) {
2743 * Called on a QCSO and we don't currently have a default stream.
2745 * Wait until we get a stream initiated by the peer (blocking mode) or
2746 * fail if we don't have one yet (non-blocking mode).
2748 if (!qc_wait_for_default_xso_for_read(&ctx
)) {
2749 ret
= 0; /* error already raised here */
2753 ctx
.xso
= ctx
.qc
->default_xso
;
2756 if (!quic_read_actual(&ctx
, ctx
.xso
->stream
, buf
, len
, bytes_read
, peek
)) {
2757 ret
= 0; /* quic_read_actual raised error here */
2761 if (*bytes_read
> 0) {
2763 * Even though we succeeded, tick the reactor here to ensure we are
2764 * handling other aspects of the QUIC connection.
2766 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
2768 } else if (xso_blocking_mode(ctx
.xso
)) {
2770 * We were not able to read anything immediately, so our stream
2771 * buffer is empty. This means we need to block until we get
2772 * at least one byte.
2775 args
.stream
= ctx
.xso
->stream
;
2778 args
.bytes_read
= bytes_read
;
2781 res
= block_until_pred(ctx
.qc
, quic_read_again
, &args
, 0);
2783 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2785 } else if (res
< 0) {
2786 ret
= 0; /* quic_read_again raised error here */
2793 * We did not get any bytes and are not in blocking mode.
2794 * Tick to see if this delivers any more.
2796 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
2798 /* Try the read again. */
2799 if (!quic_read_actual(&ctx
, ctx
.xso
->stream
, buf
, len
, bytes_read
, peek
)) {
2800 ret
= 0; /* quic_read_actual raised error here */
2804 if (*bytes_read
> 0)
2805 ret
= 1; /* Succeeded this time. */
2807 ret
= QUIC_RAISE_NORMAL_ERROR(&ctx
, SSL_ERROR_WANT_READ
);
2811 quic_unlock(ctx
.qc
);
2815 int ossl_quic_read(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
)
2817 return quic_read(s
, buf
, len
, bytes_read
, 0);
2820 int ossl_quic_peek(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
)
2822 return quic_read(s
, buf
, len
, bytes_read
, 1);
2831 static size_t ossl_quic_pending_int(const SSL
*s
, int check_channel
)
2838 if (!expect_quic(s
, &ctx
))
2843 if (ctx
.xso
== NULL
) {
2844 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_NO_STREAM
, NULL
);
2848 if (ctx
.xso
->stream
== NULL
2849 || !ossl_quic_stream_has_recv_buffer(ctx
.xso
->stream
)) {
2850 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2854 if (!ossl_quic_rstream_available(ctx
.xso
->stream
->rstream
, &avail
, &fin
))
2857 if (avail
== 0 && check_channel
&& ossl_quic_channel_has_pending(ctx
.qc
->ch
))
2861 quic_unlock(ctx
.qc
);
2865 size_t ossl_quic_pending(const SSL
*s
)
2867 return ossl_quic_pending_int(s
, /*check_channel=*/0);
2870 int ossl_quic_has_pending(const SSL
*s
)
2872 /* Do we have app-side pending data or pending URXEs or RXEs? */
2873 return ossl_quic_pending_int(s
, /*check_channel=*/1) > 0;
2877 * SSL_stream_conclude
2878 * -------------------
2881 int ossl_quic_conn_stream_conclude(SSL
*s
)
2887 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/0, /*io=*/0, &ctx
))
2890 qs
= ctx
.xso
->stream
;
2892 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/1)) {
2893 quic_unlock(ctx
.qc
);
2894 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2897 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
2898 quic_unlock(ctx
.qc
);
2899 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
2902 if (ossl_quic_sstream_get_final_size(qs
->sstream
, NULL
)) {
2903 quic_unlock(ctx
.qc
);
2907 ossl_quic_sstream_fin(qs
->sstream
);
2908 quic_post_write(ctx
.xso
, 1, 0, 0, 1);
2909 quic_unlock(ctx
.qc
);
2914 * SSL_inject_net_dgram
2915 * --------------------
2918 int SSL_inject_net_dgram(SSL
*s
, const unsigned char *buf
,
2920 const BIO_ADDR
*peer
,
2921 const BIO_ADDR
*local
)
2927 if (!expect_quic(s
, &ctx
))
2932 demux
= ossl_quic_channel_get0_demux(ctx
.qc
->ch
);
2933 ret
= ossl_quic_demux_inject(demux
, buf
, buf_len
, peer
, local
);
2935 quic_unlock(ctx
.qc
);
2940 * SSL_get0_connection
2941 * -------------------
2943 SSL
*ossl_quic_get0_connection(SSL
*s
)
2947 if (!expect_quic(s
, &ctx
))
2950 return &ctx
.qc
->ssl
;
2954 * SSL_get_stream_type
2955 * -------------------
2957 int ossl_quic_get_stream_type(SSL
*s
)
2961 if (!expect_quic(s
, &ctx
))
2962 return SSL_STREAM_TYPE_BIDI
;
2964 if (ctx
.xso
== NULL
) {
2966 * If deferred XSO creation has yet to occur, proceed according to the
2967 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2968 * what kind of stream will be created yet, so return BIDI on the basis
2969 * that at this time, the client still has the option of calling
2970 * SSL_read() or SSL_write() first.
2972 if (ctx
.qc
->default_xso_created
2973 || ctx
.qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
2974 return SSL_STREAM_TYPE_NONE
;
2976 return SSL_STREAM_TYPE_BIDI
;
2979 if (ossl_quic_stream_is_bidi(ctx
.xso
->stream
))
2980 return SSL_STREAM_TYPE_BIDI
;
2982 if (ossl_quic_stream_is_server_init(ctx
.xso
->stream
) != ctx
.qc
->as_server
)
2983 return SSL_STREAM_TYPE_READ
;
2985 return SSL_STREAM_TYPE_WRITE
;
2993 uint64_t ossl_quic_get_stream_id(SSL
*s
)
2998 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3001 id
= ctx
.xso
->stream
->id
;
3002 quic_unlock(ctx
.qc
);
3008 * SSL_is_stream_local
3009 * -------------------
3012 int ossl_quic_is_stream_local(SSL
*s
)
3017 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3020 is_local
= ossl_quic_stream_is_local_init(ctx
.xso
->stream
);
3021 quic_unlock(ctx
.qc
);
3027 * SSL_set_default_stream_mode
3028 * ---------------------------
3031 int ossl_quic_set_default_stream_mode(SSL
*s
, uint32_t mode
)
3035 if (!expect_quic_conn_only(s
, &ctx
))
3040 if (ctx
.qc
->default_xso_created
) {
3041 quic_unlock(ctx
.qc
);
3042 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
3043 "too late to change default stream mode");
3047 case SSL_DEFAULT_STREAM_MODE_NONE
:
3048 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
:
3049 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI
:
3050 ctx
.qc
->default_stream_mode
= mode
;
3053 quic_unlock(ctx
.qc
);
3054 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
3055 "bad default stream type");
3058 quic_unlock(ctx
.qc
);
3067 SSL
*ossl_quic_detach_stream(SSL
*s
)
3070 QUIC_XSO
*xso
= NULL
;
3072 if (!expect_quic_conn_only(s
, &ctx
))
3077 /* Calling this function inhibits default XSO autocreation. */
3078 /* QC ref to any default XSO is transferred to us and to caller. */
3079 qc_set_default_xso_keep_ref(ctx
.qc
, NULL
, /*touch=*/1, &xso
);
3081 quic_unlock(ctx
.qc
);
3083 return xso
!= NULL
? &xso
->ssl
: NULL
;
3091 int ossl_quic_attach_stream(SSL
*conn
, SSL
*stream
)
3097 if (!expect_quic_conn_only(conn
, &ctx
))
3100 if (stream
== NULL
|| stream
->type
!= SSL_TYPE_QUIC_XSO
)
3101 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_NULL_PARAMETER
,
3102 "stream to attach must be a valid QUIC stream");
3104 xso
= (QUIC_XSO
*)stream
;
3108 if (ctx
.qc
->default_xso
!= NULL
) {
3109 quic_unlock(ctx
.qc
);
3110 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
3111 "connection already has a default stream");
3115 * It is a caller error for the XSO being attached as a default XSO to have
3116 * more than one ref.
3118 if (!CRYPTO_GET_REF(&xso
->ssl
.references
, &nref
)) {
3119 quic_unlock(ctx
.qc
);
3120 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
,
3125 quic_unlock(ctx
.qc
);
3126 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
3127 "stream being attached must have "
3128 "only 1 reference");
3131 /* Caller's reference to the XSO is transferred to us. */
3132 /* Calling this function inhibits default XSO autocreation. */
3133 qc_set_default_xso(ctx
.qc
, xso
, /*touch=*/1);
3135 quic_unlock(ctx
.qc
);
3140 * SSL_set_incoming_stream_policy
3141 * ------------------------------
3144 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION
*qc
)
3146 switch (qc
->incoming_stream_policy
) {
3147 case SSL_INCOMING_STREAM_POLICY_AUTO
:
3148 if ((qc
->default_xso
== NULL
&& !qc
->default_xso_created
)
3149 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
3150 return SSL_INCOMING_STREAM_POLICY_ACCEPT
;
3152 return SSL_INCOMING_STREAM_POLICY_REJECT
;
3155 return qc
->incoming_stream_policy
;
3160 static void qc_update_reject_policy(QUIC_CONNECTION
*qc
)
3162 int policy
= qc_get_effective_incoming_stream_policy(qc
);
3163 int enable_reject
= (policy
== SSL_INCOMING_STREAM_POLICY_REJECT
);
3165 ossl_quic_channel_set_incoming_stream_auto_reject(qc
->ch
,
3167 qc
->incoming_stream_aec
);
3171 int ossl_quic_set_incoming_stream_policy(SSL
*s
, int policy
,
3177 if (!expect_quic_conn_only(s
, &ctx
))
3183 case SSL_INCOMING_STREAM_POLICY_AUTO
:
3184 case SSL_INCOMING_STREAM_POLICY_ACCEPT
:
3185 case SSL_INCOMING_STREAM_POLICY_REJECT
:
3186 ctx
.qc
->incoming_stream_policy
= policy
;
3187 ctx
.qc
->incoming_stream_aec
= aec
;
3191 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
3196 qc_update_reject_policy(ctx
.qc
);
3197 quic_unlock(ctx
.qc
);
3205 struct wait_for_incoming_stream_args
{
3211 static int wait_for_incoming_stream(void *arg
)
3213 struct wait_for_incoming_stream_args
*args
= arg
;
3214 QUIC_CONNECTION
*qc
= args
->ctx
->qc
;
3215 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
3217 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
3218 /* If connection is torn down due to an error while blocking, stop. */
3219 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
3223 args
->qs
= ossl_quic_stream_map_peek_accept_queue(qsm
);
3224 if (args
->qs
!= NULL
)
3225 return 1; /* got a stream */
3227 return 0; /* did not get a stream, keep trying */
3231 SSL
*ossl_quic_accept_stream(SSL
*s
, uint64_t flags
)
3236 QUIC_STREAM_MAP
*qsm
;
3239 OSSL_RTT_INFO rtt_info
;
3241 if (!expect_quic_conn_only(s
, &ctx
))
3246 if (qc_get_effective_incoming_stream_policy(ctx
.qc
)
3247 == SSL_INCOMING_STREAM_POLICY_REJECT
) {
3248 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
, NULL
);
3252 qsm
= ossl_quic_channel_get_qsm(ctx
.qc
->ch
);
3254 qs
= ossl_quic_stream_map_peek_accept_queue(qsm
);
3256 if (qc_blocking_mode(ctx
.qc
)
3257 && (flags
& SSL_ACCEPT_STREAM_NO_BLOCK
) == 0) {
3258 struct wait_for_incoming_stream_args args
;
3263 ret
= block_until_pred(ctx
.qc
, wait_for_incoming_stream
, &args
, 0);
3265 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
3267 } else if (ret
< 0 || args
.qs
== NULL
) {
3277 xso
= create_xso_from_stream(ctx
.qc
, qs
);
3281 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx
.qc
->ch
), &rtt_info
);
3282 ossl_quic_stream_map_remove_from_accept_queue(qsm
, qs
,
3283 rtt_info
.smoothed_rtt
);
3286 /* Calling this function inhibits default XSO autocreation. */
3287 qc_touch_default_xso(ctx
.qc
); /* inhibits default XSO */
3290 quic_unlock(ctx
.qc
);
3295 * SSL_get_accept_stream_queue_len
3296 * -------------------------------
3299 size_t ossl_quic_get_accept_stream_queue_len(SSL
*s
)
3304 if (!expect_quic_conn_only(s
, &ctx
))
3309 v
= ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx
.qc
->ch
));
3311 quic_unlock(ctx
.qc
);
3319 int ossl_quic_stream_reset(SSL
*ssl
,
3320 const SSL_STREAM_RESET_ARGS
*args
,
3324 QUIC_STREAM_MAP
*qsm
;
3326 uint64_t error_code
;
3329 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/0, /*io=*/0, &ctx
))
3332 qsm
= ossl_quic_channel_get_qsm(ctx
.qc
->ch
);
3333 qs
= ctx
.xso
->stream
;
3334 error_code
= (args
!= NULL
? args
->quic_error_code
: 0);
3336 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
3337 ok
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
3341 ok
= ossl_quic_stream_map_reset_stream_send_part(qsm
, qs
, error_code
);
3344 quic_unlock(ctx
.qc
);
3349 * SSL_get_stream_read_state
3350 * -------------------------
3352 static void quic_classify_stream(QUIC_CONNECTION
*qc
,
3356 uint64_t *app_error_code
)
3359 uint64_t final_size
;
3361 local_init
= (ossl_quic_stream_is_server_init(qs
) == qc
->as_server
);
3363 if (app_error_code
!= NULL
)
3364 *app_error_code
= UINT64_MAX
;
3366 app_error_code
= &final_size
; /* throw away value */
3368 if (!ossl_quic_stream_is_bidi(qs
) && local_init
!= is_write
) {
3370 * Unidirectional stream and this direction of transmission doesn't
3373 *state
= SSL_STREAM_STATE_WRONG_DIR
;
3374 } else if (ossl_quic_channel_is_term_any(qc
->ch
)) {
3375 /* Connection already closed. */
3376 *state
= SSL_STREAM_STATE_CONN_CLOSED
;
3377 } else if (!is_write
&& qs
->recv_state
== QUIC_RSTREAM_STATE_DATA_READ
) {
3378 /* Application has read a FIN. */
3379 *state
= SSL_STREAM_STATE_FINISHED
;
3380 } else if ((!is_write
&& qs
->stop_sending
)
3381 || (is_write
&& ossl_quic_stream_send_is_reset(qs
))) {
3383 * Stream has been reset locally. FIN takes precedence over this for the
3384 * read case as the application need not care if the stream is reset
3385 * after a FIN has been successfully processed.
3387 *state
= SSL_STREAM_STATE_RESET_LOCAL
;
3388 *app_error_code
= !is_write
3389 ? qs
->stop_sending_aec
3390 : qs
->reset_stream_aec
;
3391 } else if ((!is_write
&& ossl_quic_stream_recv_is_reset(qs
))
3392 || (is_write
&& qs
->peer_stop_sending
)) {
3394 * Stream has been reset remotely. */
3395 *state
= SSL_STREAM_STATE_RESET_REMOTE
;
3396 *app_error_code
= !is_write
3397 ? qs
->peer_reset_stream_aec
3398 : qs
->peer_stop_sending_aec
;
3399 } else if (is_write
&& ossl_quic_sstream_get_final_size(qs
->sstream
,
3402 * Stream has been finished. Stream reset takes precedence over this for
3403 * the write case as peer may not have received all data.
3405 *state
= SSL_STREAM_STATE_FINISHED
;
3407 /* Stream still healthy. */
3408 *state
= SSL_STREAM_STATE_OK
;
3412 static int quic_get_stream_state(SSL
*ssl
, int is_write
)
3417 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3418 return SSL_STREAM_STATE_NONE
;
3420 quic_classify_stream(ctx
.qc
, ctx
.xso
->stream
, is_write
, &state
, NULL
);
3421 quic_unlock(ctx
.qc
);
3425 int ossl_quic_get_stream_read_state(SSL
*ssl
)
3427 return quic_get_stream_state(ssl
, /*is_write=*/0);
3431 * SSL_get_stream_write_state
3432 * --------------------------
3434 int ossl_quic_get_stream_write_state(SSL
*ssl
)
3436 return quic_get_stream_state(ssl
, /*is_write=*/1);
3440 * SSL_get_stream_read_error_code
3441 * ------------------------------
3443 static int quic_get_stream_error_code(SSL
*ssl
, int is_write
,
3444 uint64_t *app_error_code
)
3449 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3452 quic_classify_stream(ctx
.qc
, ctx
.xso
->stream
, /*is_write=*/0,
3453 &state
, app_error_code
);
3455 quic_unlock(ctx
.qc
);
3457 case SSL_STREAM_STATE_FINISHED
:
3459 case SSL_STREAM_STATE_RESET_LOCAL
:
3460 case SSL_STREAM_STATE_RESET_REMOTE
:
3467 int ossl_quic_get_stream_read_error_code(SSL
*ssl
, uint64_t *app_error_code
)
3469 return quic_get_stream_error_code(ssl
, /*is_write=*/0, app_error_code
);
3473 * SSL_get_stream_write_error_code
3474 * -------------------------------
3476 int ossl_quic_get_stream_write_error_code(SSL
*ssl
, uint64_t *app_error_code
)
3478 return quic_get_stream_error_code(ssl
, /*is_write=*/1, app_error_code
);
3482 * Write buffer size mutation
3483 * --------------------------
3485 int ossl_quic_set_write_buffer_size(SSL
*ssl
, size_t size
)
3490 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3493 if (!ossl_quic_stream_has_send(ctx
.xso
->stream
)) {
3494 /* Called on a unidirectional receive-only stream - error. */
3495 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
, NULL
);
3499 if (!ossl_quic_stream_has_send_buffer(ctx
.xso
->stream
)) {
3501 * If the stream has a send part but we have disposed of it because we
3502 * no longer need it, this is a no-op.
3508 if (!ossl_quic_sstream_set_buffer_size(ctx
.xso
->stream
->sstream
, size
)) {
3509 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
3516 quic_unlock(ctx
.qc
);
3521 * SSL_get_conn_close_info
3522 * -----------------------
3524 int ossl_quic_get_conn_close_info(SSL
*ssl
,
3525 SSL_CONN_CLOSE_INFO
*info
,
3529 const QUIC_TERMINATE_CAUSE
*tc
;
3531 if (!expect_quic_conn_only(ssl
, &ctx
))
3534 tc
= ossl_quic_channel_get_terminate_cause(ctx
.qc
->ch
);
3538 info
->error_code
= tc
->error_code
;
3539 info
->frame_type
= tc
->frame_type
;
3540 info
->reason
= tc
->reason
;
3541 info
->reason_len
= tc
->reason_len
;
3544 info
->flags
|= SSL_CONN_CLOSE_FLAG_LOCAL
;
3546 info
->flags
|= SSL_CONN_CLOSE_FLAG_TRANSPORT
;
3554 int ossl_quic_key_update(SSL
*ssl
, int update_type
)
3558 if (!expect_quic_conn_only(ssl
, &ctx
))
3561 switch (update_type
) {
3562 case SSL_KEY_UPDATE_NOT_REQUESTED
:
3564 * QUIC signals peer key update implicily by triggering a local
3565 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3567 case SSL_KEY_UPDATE_REQUESTED
:
3571 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
3577 /* Attempt to perform a TXKU. */
3578 if (!ossl_quic_channel_trigger_txku(ctx
.qc
->ch
)) {
3579 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_TOO_MANY_KEY_UPDATES
, NULL
);
3580 quic_unlock(ctx
.qc
);
3584 quic_unlock(ctx
.qc
);
3589 * SSL_get_key_update_type
3590 * -----------------------
3592 int ossl_quic_get_key_update_type(const SSL
*s
)
3595 * We always handle key updates immediately so a key update is never
3598 return SSL_KEY_UPDATE_NONE
;
3602 * QUIC Front-End I/O API: SSL_CTX Management
3603 * ==========================================
3606 long ossl_quic_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3610 return ssl3_ctx_ctrl(ctx
, cmd
, larg
, parg
);
3614 long ossl_quic_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3618 if (!expect_quic_conn_only(s
, &ctx
))
3622 case SSL_CTRL_SET_MSG_CALLBACK
:
3623 ossl_quic_channel_set_msg_callback(ctx
.qc
->ch
, (ossl_msg_cb
)fp
,
3625 /* This callback also needs to be set on the internal SSL object */
3626 return ssl3_callback_ctrl(ctx
.qc
->tls
, cmd
, fp
);;
3629 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3630 return ssl3_callback_ctrl(ctx
.qc
->tls
, cmd
, fp
);
3634 long ossl_quic_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
3636 return ssl3_ctx_callback_ctrl(ctx
, cmd
, fp
);
3639 int ossl_quic_renegotiate_check(SSL
*ssl
, int initok
)
3641 /* We never do renegotiation. */
3645 const SSL_CIPHER
*ossl_quic_get_cipher_by_char(const unsigned char *p
)
3647 const SSL_CIPHER
*ciph
= ssl3_get_cipher_by_char(p
);
3649 if ((ciph
->algorithm2
& SSL_QUIC
) == 0)
3656 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3657 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3660 int ossl_quic_num_ciphers(void)
3665 const SSL_CIPHER
*ossl_quic_get_cipher(unsigned int u
)
3671 * SSL_get_shutdown()
3672 * ------------------
3674 int ossl_quic_get_shutdown(const SSL
*s
)
3679 if (!expect_quic_conn_only(s
, &ctx
))
3682 if (ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
3683 shut
|= SSL_SENT_SHUTDOWN
;
3684 if (!ossl_quic_channel_is_closing(ctx
.qc
->ch
))
3685 shut
|= SSL_RECEIVED_SHUTDOWN
;
3692 * Internal Testing APIs
3693 * =====================
3696 QUIC_CHANNEL
*ossl_quic_conn_get_channel(SSL
*s
)
3700 if (!expect_quic_conn_only(s
, &ctx
))