]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_impl.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
BIO_s_dgram_pair: Correct implementation of BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE
[thirdparty/openssl.git] / ssl / quic / quic_impl.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/time.h"
19
20 typedef struct qctx_st QCTX;
21
22 static void aon_write_finish(QUIC_XSO *xso);
23 static int create_channel(QUIC_CONNECTION *qc);
24 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
25 static int qc_try_create_default_xso_for_write(QCTX *ctx);
26 static int qc_wait_for_default_xso_for_read(QCTX *ctx);
27 static void quic_lock(QUIC_CONNECTION *qc);
28 static void quic_unlock(QUIC_CONNECTION *qc);
29 static int quic_do_handshake(QCTX *ctx);
30 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
31 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
32 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
33 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
34 int touch, QUIC_XSO **old_xso);
35 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
36 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
37 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
38 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
39 static int xso_blocking_mode(const QUIC_XSO *xso);
40
41 /*
42 * QUIC Front-End I/O API: Common Utilities
43 * ========================================
44 */
45
46 /*
47 * Block until a predicate is met.
48 *
49 * Precondition: Must have a channel.
50 * Precondition: Must hold channel lock (unchecked).
51 */
52 QUIC_NEEDS_LOCK
53 static int block_until_pred(QUIC_CONNECTION *qc,
54 int (*pred)(void *arg), void *pred_arg,
55 uint32_t flags)
56 {
57 QUIC_REACTOR *rtor;
58
59 assert(qc->ch != NULL);
60
61 /*
62 * Any attempt to block auto-disables tick inhibition as otherwise we will
63 * hang around forever.
64 */
65 ossl_quic_channel_set_inhibit_tick(qc->ch, 0);
66
67 rtor = ossl_quic_channel_get_reactor(qc->ch);
68 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
69 qc->mutex);
70 }
71
72 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
73 {
74 if (qc->override_now_cb != NULL)
75 return qc->override_now_cb(qc->override_now_cb_arg);
76 else
77 return ossl_time_now();
78 }
79
80 static OSSL_TIME get_time_cb(void *arg)
81 {
82 QUIC_CONNECTION *qc = arg;
83
84 return get_time(qc);
85 }
86
87 /*
88 * QCTX is a utility structure which provides information we commonly wish to
89 * unwrap upon an API call being dispatched to us, namely:
90 *
91 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
92 * was passed);
93 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
94 * a QCSO with a default stream was passed);
95 * - whether a QSSO was passed (xso == NULL must not be used to determine this
96 * because it may be non-NULL when a QCSO is passed if that QCSO has a
97 * default stream);
98 * - whether we are in "I/O context", meaning that non-normal errors can
99 * be reported via SSL_get_error() as well as via ERR. Functions such as
100 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
101 * functions which are allowed to change the value returned by
102 * SSL_get_error. However, other functions (including functions which call
103 * SSL_do_handshake() implicitly) are not allowed to change the return value
104 * of SSL_get_error.
105 */
106 struct qctx_st {
107 QUIC_CONNECTION *qc;
108 QUIC_XSO *xso;
109 int is_stream, in_io;
110 };
111
112 /*
113 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
114 * rather than via ERR. Note that normal errors must always be raised while
115 * holding a lock.
116 */
117 QUIC_NEEDS_LOCK
118 static int quic_raise_normal_error(QCTX *ctx,
119 int err)
120 {
121 if (ctx->is_stream)
122 ctx->xso->last_error = err;
123 else
124 ctx->qc->last_error = err;
125
126 return 0;
127 }
128
129 /*
130 * Raise a 'non-normal' error, meaning any error that is not reported via
131 * SSL_get_error() and must be reported via ERR.
132 *
133 * qc should be provided if available. In exceptional circumstances when qc is
134 * not known NULL may be passed. This should generally only happen when an
135 * expect_...() function defined below fails, which generally indicates a
136 * dispatch error or caller error.
137 *
138 * ctx should be NULL if the connection lock is not held.
139 */
140 static int quic_raise_non_normal_error(QCTX *ctx,
141 const char *file,
142 int line,
143 const char *func,
144 int reason,
145 const char *fmt,
146 ...)
147 {
148 va_list args;
149
150 if (ctx != NULL) {
151 if (ctx->in_io && ctx->is_stream && ctx->xso != NULL)
152 ctx->xso->last_error = SSL_ERROR_SSL;
153 else if (ctx->in_io && !ctx->is_stream && ctx->qc != NULL)
154 ctx->qc->last_error = SSL_ERROR_SSL;
155
156 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
157 ossl_quic_channel_restore_err_state(ctx->qc->ch);
158 }
159
160 ERR_new();
161 ERR_set_debug(file, line, func);
162
163 va_start(args, fmt);
164 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
165 va_end(args);
166
167 return 0;
168 }
169
170 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
171 quic_raise_normal_error((ctx), (err))
172
173 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
174 quic_raise_non_normal_error((ctx), \
175 OPENSSL_FILE, OPENSSL_LINE, \
176 OPENSSL_FUNC, \
177 (reason), \
178 (msg))
179
180 /*
181 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
182 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
183 *
184 * After this returns 1, all fields of the passed QCTX are initialised.
185 * Returns 0 on failure. This function is intended to be used to provide API
186 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
187 */
188 static int expect_quic(const SSL *s, QCTX *ctx)
189 {
190 QUIC_CONNECTION *qc;
191 QUIC_XSO *xso;
192
193 ctx->qc = NULL;
194 ctx->xso = NULL;
195 ctx->is_stream = 0;
196
197 if (s == NULL)
198 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
199
200 switch (s->type) {
201 case SSL_TYPE_QUIC_CONNECTION:
202 qc = (QUIC_CONNECTION *)s;
203 ctx->qc = qc;
204 ctx->xso = qc->default_xso;
205 ctx->is_stream = 0;
206 ctx->in_io = 0;
207 return 1;
208
209 case SSL_TYPE_QUIC_XSO:
210 xso = (QUIC_XSO *)s;
211 ctx->qc = xso->conn;
212 ctx->xso = xso;
213 ctx->is_stream = 1;
214 ctx->in_io = 0;
215 return 1;
216
217 default:
218 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
219 }
220 }
221
222 /*
223 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
224 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
225 * stream.
226 *
227 * remote_init determines if we expect the default XSO to be remotely created or
228 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
229 *
230 * Channel mutex is acquired and retained on success.
231 */
232 QUIC_ACQUIRES_LOCK
233 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
234 int in_io, QCTX *ctx)
235 {
236 if (!expect_quic(s, ctx))
237 return 0;
238
239 ctx->in_io = in_io;
240 quic_lock(ctx->qc);
241
242 if (ctx->xso == NULL && remote_init >= 0) {
243 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
244 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
245 goto err;
246 }
247
248 /* If we haven't finished the handshake, try to advance it. */
249 if (quic_do_handshake(ctx) < 1)
250 /* ossl_quic_do_handshake raised error here */
251 goto err;
252
253 if (remote_init == 0) {
254 if (!qc_try_create_default_xso_for_write(ctx))
255 goto err;
256 } else {
257 if (!qc_wait_for_default_xso_for_read(ctx))
258 goto err;
259 }
260
261 ctx->xso = ctx->qc->default_xso;
262 }
263
264 if (ctx->xso == NULL) {
265 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
266 goto err;
267 }
268
269 return 1; /* coverity[missing_unlock]: lock held */
270
271 err:
272 quic_unlock(ctx->qc);
273 return 0;
274 }
275
276 /*
277 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
278 * be non-NULL if the QCSO has a default stream.
279 */
280 static int ossl_unused expect_quic_conn_only(const SSL *s, int in_io, QCTX *ctx)
281 {
282 if (!expect_quic(s, ctx))
283 return 0;
284
285 ctx->in_io = in_io;
286 if (ctx->is_stream)
287 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
288
289 return 1;
290 }
291
292 /*
293 * Ensures that the channel mutex is held for a method which touches channel
294 * state.
295 *
296 * Precondition: Channel mutex is not held (unchecked)
297 */
298 static void quic_lock(QUIC_CONNECTION *qc)
299 {
300 #if defined(OPENSSL_THREADS)
301 ossl_crypto_mutex_lock(qc->mutex);
302 #endif
303 }
304
305 /* Precondition: Channel mutex is held (unchecked) */
306 QUIC_NEEDS_LOCK
307 static void quic_unlock(QUIC_CONNECTION *qc)
308 {
309 #if defined(OPENSSL_THREADS)
310 ossl_crypto_mutex_unlock(qc->mutex);
311 #endif
312 }
313
314 /*
315 * This predicate is the criterion which should determine API call rejection for
316 * *most* mutating API calls, particularly stream-related operations for send
317 * parts.
318 *
319 * A call is rejected (this function returns 0) if shutdown is in progress
320 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
321 * req_active=1, the connection must be active (i.e., the IDLE state is also
322 * rejected).
323 */
324 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
325 {
326 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
327 return 0;
328
329 if (req_active && !ossl_quic_channel_is_active(qc->ch))
330 return 0;
331
332 return 1;
333 }
334
335 /*
336 * QUIC Front-End I/O API: Initialization
337 * ======================================
338 *
339 * SSL_new => ossl_quic_new
340 * ossl_quic_init
341 * SSL_reset => ossl_quic_reset
342 * SSL_clear => ossl_quic_clear
343 * ossl_quic_deinit
344 * SSL_free => ossl_quic_free
345 *
346 * SSL_set_options => ossl_quic_set_options
347 * SSL_get_options => ossl_quic_get_options
348 * SSL_clear_options => ossl_quic_clear_options
349 *
350 */
351
352 /* SSL_new */
353 SSL *ossl_quic_new(SSL_CTX *ctx)
354 {
355 QUIC_CONNECTION *qc = NULL;
356 SSL *ssl_base = NULL;
357 SSL_CONNECTION *sc = NULL;
358
359 qc = OPENSSL_zalloc(sizeof(*qc));
360 if (qc == NULL) {
361 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
362 goto err;
363 }
364
365 /* Initialise the QUIC_CONNECTION's stub header. */
366 ssl_base = &qc->ssl;
367 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
368 ssl_base = NULL;
369 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
370 goto err;
371 }
372
373 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
374 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
375 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
376 goto err;
377 }
378
379 /* override the user_ssl of the inner connection */
380 sc->s3.flags |= TLS1_FLAGS_QUIC;
381
382 /* Restrict options derived from the SSL_CTX. */
383 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
384 sc->pha_enabled = 0;
385
386 #if defined(OPENSSL_THREADS)
387 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
389 goto err;
390 }
391 #endif
392
393 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
394 qc->is_thread_assisted
395 = (ssl_base->method == OSSL_QUIC_client_thread_method());
396 #endif
397
398 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
399 qc->as_server_state = qc->as_server;
400
401 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
402 qc->default_ssl_mode = qc->ssl.ctx->mode;
403 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
404 qc->desires_blocking = 1;
405 qc->blocking = 0;
406 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
407 qc->last_error = SSL_ERROR_NONE;
408
409 if (!create_channel(qc))
410 goto err;
411
412 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
413 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
414
415 qc_update_reject_policy(qc);
416
417 /*
418 * We do not create the default XSO yet. The reason for this is that the
419 * stream ID of the default XSO will depend on whether the stream is client
420 * or server-initiated, which depends on who transmits first. Since we do
421 * not know whether the application will be using a client-transmits-first
422 * or server-transmits-first protocol, we defer default XSO creation until
423 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
424 * we take that as a cue that the client is expecting a server-initiated
425 * stream, and vice versa if SSL_write() is called first.
426 */
427 return ssl_base;
428
429 err:
430 if (qc != NULL) {
431 #if defined(OPENSSL_THREADS)
432 ossl_crypto_mutex_free(qc->mutex);
433 #endif
434 ossl_quic_channel_free(qc->ch);
435 SSL_free(qc->tls);
436 }
437 OPENSSL_free(qc);
438 return NULL;
439 }
440
441 /* SSL_free */
442 QUIC_TAKES_LOCK
443 void ossl_quic_free(SSL *s)
444 {
445 QCTX ctx;
446 int is_default;
447
448 /* We should never be called on anything but a QSO. */
449 if (!expect_quic(s, &ctx))
450 return;
451
452 quic_lock(ctx.qc);
453
454 if (ctx.is_stream) {
455 /*
456 * When a QSSO is freed, the XSO is freed immediately, because the XSO
457 * itself only contains API personality layer data. However the
458 * underlying QUIC_STREAM is not freed immediately but is instead marked
459 * as deleted for later collection.
460 */
461
462 assert(ctx.qc->num_xso > 0);
463 --ctx.qc->num_xso;
464
465 /* If a stream's send part has not been finished, auto-reset it. */
466 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
467 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
468 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
469 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
470 ctx.xso->stream, 0);
471
472 /* Do STOP_SENDING for the receive part, if applicable. */
473 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
474 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
475 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
476 ctx.xso->stream, 0);
477
478 /* Update stream state. */
479 ctx.xso->stream->deleted = 1;
480 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
481 ctx.xso->stream);
482
483 is_default = (ctx.xso == ctx.qc->default_xso);
484 quic_unlock(ctx.qc);
485
486 /*
487 * Unref the connection in most cases; the XSO has a ref to the QC and
488 * not vice versa. But for a default XSO, to avoid circular references,
489 * the QC refs the XSO but the XSO does not ref the QC. If we are the
490 * default XSO, we only get here when the QC is being torn down anyway,
491 * so don't call SSL_free(qc) as we are already in it.
492 */
493 if (!is_default)
494 SSL_free(&ctx.qc->ssl);
495
496 /* Note: SSL_free calls OPENSSL_free(xso) for us */
497 return;
498 }
499
500 /*
501 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
502 * stage, but is freed during the channel free when the whole QSM is freed.
503 */
504 if (ctx.qc->default_xso != NULL) {
505 QUIC_XSO *xso = ctx.qc->default_xso;
506
507 quic_unlock(ctx.qc);
508 SSL_free(&xso->ssl);
509 quic_lock(ctx.qc);
510 ctx.qc->default_xso = NULL;
511 }
512
513 /* Ensure we have no remaining XSOs. */
514 assert(ctx.qc->num_xso == 0);
515
516 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
517 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
518 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
519 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
520 }
521 #endif
522
523 ossl_quic_channel_free(ctx.qc->ch);
524
525 BIO_free(ctx.qc->net_rbio);
526 BIO_free(ctx.qc->net_wbio);
527
528 /* Note: SSL_free calls OPENSSL_free(qc) for us */
529
530 SSL_free(ctx.qc->tls);
531 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
532 #if defined(OPENSSL_THREADS)
533 ossl_crypto_mutex_free(&ctx.qc->mutex);
534 #endif
535 }
536
537 /* SSL method init */
538 int ossl_quic_init(SSL *s)
539 {
540 /* Same op as SSL_clear, forward the call. */
541 return ossl_quic_clear(s);
542 }
543
544 /* SSL method deinit */
545 void ossl_quic_deinit(SSL *s)
546 {
547 /* No-op. */
548 }
549
550 /* SSL_clear (ssl_reset method) */
551 int ossl_quic_reset(SSL *s)
552 {
553 QCTX ctx;
554
555 if (!expect_quic(s, &ctx))
556 return 0;
557
558 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
559 return 0;
560 }
561
562 /* ssl_clear method (unused) */
563 int ossl_quic_clear(SSL *s)
564 {
565 QCTX ctx;
566
567 if (!expect_quic(s, &ctx))
568 return 0;
569
570 /* TODO(QUIC FUTURE): Currently a no-op. */
571 return 1;
572 }
573
574 int ossl_quic_conn_set_override_now_cb(SSL *s,
575 OSSL_TIME (*now_cb)(void *arg),
576 void *now_cb_arg)
577 {
578 QCTX ctx;
579
580 if (!expect_quic(s, &ctx))
581 return 0;
582
583 quic_lock(ctx.qc);
584
585 ctx.qc->override_now_cb = now_cb;
586 ctx.qc->override_now_cb_arg = now_cb_arg;
587
588 quic_unlock(ctx.qc);
589 return 1;
590 }
591
592 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
593 {
594 QCTX ctx;
595
596 if (!expect_quic(s, &ctx))
597 return;
598
599 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
600 if (ctx.qc->is_thread_assisted && ctx.qc->started)
601 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
602 #endif
603 }
604
605 QUIC_NEEDS_LOCK
606 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
607 {
608 qc->default_xso_created = 1;
609 qc_update_reject_policy(qc);
610 }
611
612 /*
613 * Changes default XSO. Allows caller to keep reference to the old default XSO
614 * (if any). Reference to new XSO is transferred from caller.
615 */
616 QUIC_NEEDS_LOCK
617 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
618 int touch,
619 QUIC_XSO **old_xso)
620 {
621 int refs;
622
623 *old_xso = NULL;
624
625 if (qc->default_xso != xso) {
626 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
627
628 qc->default_xso = xso;
629
630 if (xso == NULL) {
631 /*
632 * Changing to not having a default XSO. XSO becomes standalone and
633 * now has a ref to the QC.
634 */
635 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
636 return;
637 } else {
638 /*
639 * Changing from not having a default XSO to having one. The new XSO
640 * will have had a reference to the QC we need to drop to avoid a
641 * circular reference.
642 *
643 * Currently we never change directly from one default XSO to
644 * another, though this function would also still be correct if this
645 * weren't the case.
646 */
647 assert(*old_xso == NULL);
648
649 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
650 assert(refs > 0);
651 }
652 }
653
654 if (touch)
655 qc_touch_default_xso(qc);
656 }
657
658 /*
659 * Changes default XSO, releasing the reference to any previous default XSO.
660 * Reference to new XSO is transferred from caller.
661 */
662 QUIC_NEEDS_LOCK
663 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
664 {
665 QUIC_XSO *old_xso = NULL;
666
667 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
668
669 if (old_xso != NULL)
670 SSL_free(&old_xso->ssl);
671 }
672
673 QUIC_NEEDS_LOCK
674 static void xso_update_options(QUIC_XSO *xso)
675 {
676 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
677
678 if (xso->stream->rstream != NULL)
679 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
680
681 if (xso->stream->sstream != NULL)
682 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
683 }
684
685 /*
686 * SSL_set_options
687 * ---------------
688 *
689 * Setting options on a QCSO
690 * - configures the handshake-layer options;
691 * - configures the default data-plane options for new streams;
692 * - configures the data-plane options on the default XSO, if there is one.
693 *
694 * Setting options on a QSSO
695 * - configures data-plane options for that stream only.
696 */
697 QUIC_TAKES_LOCK
698 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
699 {
700 QCTX ctx;
701 uint64_t hs_mask_value, hs_or_value, ret;
702
703 if (!expect_quic(ssl, &ctx))
704 return 0;
705
706 quic_lock(ctx.qc);
707
708 if (!ctx.is_stream) {
709 /*
710 * If we were called on the connection, we apply any handshake option
711 * changes.
712 */
713 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
714 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
715
716 SSL_clear_options(ctx.qc->tls, hs_mask_value);
717 SSL_set_options(ctx.qc->tls, hs_or_value);
718
719 /* Update defaults for new streams. */
720 ctx.qc->default_ssl_options
721 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
722 & OSSL_QUIC_PERMITTED_OPTIONS;
723 }
724
725 if (ctx.xso != NULL) {
726 ctx.xso->ssl_options
727 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
728 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
729
730 xso_update_options(ctx.xso);
731 }
732
733 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
734
735 quic_unlock(ctx.qc);
736 return ret;
737 }
738
739 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
740 {
741 return quic_mask_or_options(ssl, 0, options);
742 }
743
744 /* SSL_clear_options */
745 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
746 {
747 return quic_mask_or_options(ssl, options, 0);
748 }
749
750 /* SSL_get_options */
751 uint64_t ossl_quic_get_options(const SSL *ssl)
752 {
753 return quic_mask_or_options((SSL *)ssl, 0, 0);
754 }
755
756 /*
757 * QUIC Front-End I/O API: Network BIO Configuration
758 * =================================================
759 *
760 * Handling the different BIOs is difficult:
761 *
762 * - It is more or less a requirement that we use non-blocking network I/O;
763 * we need to be able to have timeouts on recv() calls, and make best effort
764 * (non blocking) send() and recv() calls.
765 *
766 * The only sensible way to do this is to configure the socket into
767 * non-blocking mode. We could try to do select() before calling send() or
768 * recv() to get a guarantee that the call will not block, but this will
769 * probably run into issues with buggy OSes which generate spurious socket
770 * readiness events. In any case, relying on this to work reliably does not
771 * seem sane.
772 *
773 * Timeouts could be handled via setsockopt() socket timeout options, but
774 * this depends on OS support and adds another syscall to every network I/O
775 * operation. It also has obvious thread safety concerns if we want to move
776 * to concurrent use of a single socket at some later date.
777 *
778 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
779 * be made non-blocking. However some OSes (e.g. Windows) do not support
780 * this, so we cannot rely on this.
781 *
782 * As such, we need to configure any FD in non-blocking mode. This may
783 * confound users who pass a blocking socket to libssl. However, in practice
784 * it would be extremely strange for a user of QUIC to pass an FD to us,
785 * then also try and send receive traffic on the same socket(!). Thus the
786 * impact of this should be limited, and can be documented.
787 *
788 * - We support both blocking and non-blocking operation in terms of the API
789 * presented to the user. One prospect is to set the blocking mode based on
790 * whether the socket passed to us was already in blocking mode. However,
791 * Windows has no API for determining if a socket is in blocking mode (!),
792 * therefore this cannot be done portably. Currently therefore we expose an
793 * explicit API call to set this, and default to blocking mode.
794 *
795 * - We need to determine our initial destination UDP address. The "natural"
796 * way for a user to do this is to set the peer variable on a BIO_dgram.
797 * However, this has problems because BIO_dgram's peer variable is used for
798 * both transmission and reception. This means it can be constantly being
799 * changed to a malicious value (e.g. if some random unrelated entity on the
800 * network starts sending traffic to us) on every read call. This is not a
801 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
802 * calls only, which do not use this variable. However, we do need to let
803 * the user specify the peer in a 'normal' manner. The compromise here is
804 * that we grab the current peer value set at the time the write BIO is set
805 * and do not read the value again.
806 *
807 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
808 * Currently we do this by only supporting non-blocking mode.
809 *
810 */
811
812 /*
813 * Determines what initial destination UDP address we should use, if possible.
814 * If this fails the client must set the destination address manually, or use a
815 * BIO which does not need a destination address.
816 */
817 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
818 {
819 if (BIO_dgram_get_peer(net_wbio, peer) <= 0)
820 return 0;
821
822 return 1;
823 }
824
825 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
826 {
827 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
828
829 return ossl_quic_reactor_can_poll_r(rtor)
830 && ossl_quic_reactor_can_poll_w(rtor);
831 }
832
833 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
834 {
835 ossl_quic_channel_update_poll_descriptors(qc->ch); /* best effort */
836 }
837
838 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
839 {
840 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
841 }
842
843 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
844 {
845 QCTX ctx;
846
847 if (!expect_quic(s, &ctx))
848 return;
849
850 if (ctx.qc->net_rbio == net_rbio)
851 return;
852
853 if (!ossl_quic_channel_set_net_rbio(ctx.qc->ch, net_rbio))
854 return;
855
856 BIO_free(ctx.qc->net_rbio);
857 ctx.qc->net_rbio = net_rbio;
858
859 if (net_rbio != NULL)
860 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
861
862 /*
863 * Determine if the current pair of read/write BIOs now set allows blocking
864 * mode to be supported.
865 */
866 qc_update_can_support_blocking(ctx.qc);
867 qc_update_blocking_mode(ctx.qc);
868 }
869
870 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
871 {
872 QCTX ctx;
873
874 if (!expect_quic(s, &ctx))
875 return;
876
877 if (ctx.qc->net_wbio == net_wbio)
878 return;
879
880 if (!ossl_quic_channel_set_net_wbio(ctx.qc->ch, net_wbio))
881 return;
882
883 BIO_free(ctx.qc->net_wbio);
884 ctx.qc->net_wbio = net_wbio;
885
886 if (net_wbio != NULL)
887 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
888
889 /*
890 * Determine if the current pair of read/write BIOs now set allows blocking
891 * mode to be supported.
892 */
893 qc_update_can_support_blocking(ctx.qc);
894 qc_update_blocking_mode(ctx.qc);
895 }
896
897 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
898 {
899 QCTX ctx;
900
901 if (!expect_quic(s, &ctx))
902 return NULL;
903
904 return ctx.qc->net_rbio;
905 }
906
907 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
908 {
909 QCTX ctx;
910
911 if (!expect_quic(s, &ctx))
912 return NULL;
913
914 return ctx.qc->net_wbio;
915 }
916
917 int ossl_quic_conn_get_blocking_mode(const SSL *s)
918 {
919 QCTX ctx;
920
921 if (!expect_quic(s, &ctx))
922 return 0;
923
924 if (ctx.is_stream)
925 return xso_blocking_mode(ctx.xso);
926
927 return qc_blocking_mode(ctx.qc);
928 }
929
930 QUIC_TAKES_LOCK
931 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
932 {
933 int ret = 0;
934 QCTX ctx;
935
936 if (!expect_quic(s, &ctx))
937 return 0;
938
939 quic_lock(ctx.qc);
940
941 /* Sanity check - can we support the request given the current network BIO? */
942 if (blocking) {
943 /*
944 * If called directly on a QCSO, update our information on network BIO
945 * capabilities.
946 */
947 if (!ctx.is_stream)
948 qc_update_can_support_blocking(ctx.qc);
949
950 /* Cannot enable blocking mode if we do not have pollable FDs. */
951 if (!qc_can_support_blocking_cached(ctx.qc)) {
952 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
953 goto out;
954 }
955 }
956
957 if (!ctx.is_stream)
958 /*
959 * If called directly on a QCSO, update default and connection-level
960 * blocking modes.
961 */
962 ctx.qc->desires_blocking = (blocking != 0);
963
964 if (ctx.xso != NULL) {
965 /*
966 * If called on a QSSO or a QCSO with a default XSO, update the blocking
967 * mode.
968 */
969 ctx.xso->desires_blocking = (blocking != 0);
970 ctx.xso->desires_blocking_set = 1;
971 }
972
973 ret = 1;
974 out:
975 qc_update_blocking_mode(ctx.qc);
976 quic_unlock(ctx.qc);
977 return ret;
978 }
979
980 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
981 const BIO_ADDR *peer_addr)
982 {
983 QCTX ctx;
984
985 if (!expect_quic(s, &ctx))
986 return 0;
987
988 if (ctx.qc->started)
989 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
990 NULL);
991
992 if (peer_addr == NULL) {
993 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
994 return 1;
995 }
996
997 ctx.qc->init_peer_addr = *peer_addr;
998 return 1;
999 }
1000
1001 /*
1002 * QUIC Front-End I/O API: Asynchronous I/O Management
1003 * ===================================================
1004 *
1005 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1006 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1007 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1008 *
1009 */
1010
1011 /* Returns 1 if the connection is being used in blocking mode. */
1012 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1013 {
1014 return qc->blocking;
1015 }
1016
1017 static int xso_blocking_mode(const QUIC_XSO *xso)
1018 {
1019 if (xso->desires_blocking_set)
1020 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1021 else
1022 /* Only ever set if we can support blocking. */
1023 return xso->conn->blocking;
1024 }
1025
1026 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1027 QUIC_TAKES_LOCK
1028 int ossl_quic_handle_events(SSL *s)
1029 {
1030 QCTX ctx;
1031
1032 if (!expect_quic(s, &ctx))
1033 return 0;
1034
1035 quic_lock(ctx.qc);
1036 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1037 quic_unlock(ctx.qc);
1038 return 1;
1039 }
1040
1041 /*
1042 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1043 * should next have events handled by the application by calling
1044 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1045 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1046 * the value of *tv is undefined.
1047 */
1048 QUIC_TAKES_LOCK
1049 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1050 {
1051 QCTX ctx;
1052 OSSL_TIME deadline = ossl_time_infinite();
1053
1054 if (!expect_quic(s, &ctx))
1055 return 0;
1056
1057 quic_lock(ctx.qc);
1058
1059 deadline
1060 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1061
1062 if (ossl_time_is_infinite(deadline)) {
1063 *is_infinite = 1;
1064
1065 /*
1066 * Robustness against faulty applications that don't check *is_infinite;
1067 * harmless long timeout.
1068 */
1069 tv->tv_sec = 1000000;
1070 tv->tv_usec = 0;
1071
1072 quic_unlock(ctx.qc);
1073 return 1;
1074 }
1075
1076 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1077 *is_infinite = 0;
1078 quic_unlock(ctx.qc);
1079 return 1;
1080 }
1081
1082 /* SSL_get_rpoll_descriptor */
1083 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1084 {
1085 QCTX ctx;
1086
1087 if (!expect_quic(s, &ctx))
1088 return 0;
1089
1090 if (desc == NULL || ctx.qc->net_rbio == NULL)
1091 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1092 NULL);
1093
1094 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1095 }
1096
1097 /* SSL_get_wpoll_descriptor */
1098 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1099 {
1100 QCTX ctx;
1101
1102 if (!expect_quic(s, &ctx))
1103 return 0;
1104
1105 if (desc == NULL || ctx.qc->net_wbio == NULL)
1106 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1107 NULL);
1108
1109 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1110 }
1111
1112 /* SSL_net_read_desired */
1113 QUIC_TAKES_LOCK
1114 int ossl_quic_get_net_read_desired(SSL *s)
1115 {
1116 QCTX ctx;
1117 int ret;
1118
1119 if (!expect_quic(s, &ctx))
1120 return 0;
1121
1122 quic_lock(ctx.qc);
1123 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1124 quic_unlock(ctx.qc);
1125 return ret;
1126 }
1127
1128 /* SSL_net_write_desired */
1129 QUIC_TAKES_LOCK
1130 int ossl_quic_get_net_write_desired(SSL *s)
1131 {
1132 int ret;
1133 QCTX ctx;
1134
1135 if (!expect_quic(s, &ctx))
1136 return 0;
1137
1138 quic_lock(ctx.qc);
1139 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1140 quic_unlock(ctx.qc);
1141 return ret;
1142 }
1143
1144 /*
1145 * QUIC Front-End I/O API: Connection Lifecycle Operations
1146 * =======================================================
1147 *
1148 * SSL_do_handshake => ossl_quic_do_handshake
1149 * SSL_set_connect_state => ossl_quic_set_connect_state
1150 * SSL_set_accept_state => ossl_quic_set_accept_state
1151 * SSL_shutdown => ossl_quic_shutdown
1152 * SSL_ctrl => ossl_quic_ctrl
1153 * (BIO/)SSL_connect => ossl_quic_connect
1154 * (BIO/)SSL_accept => ossl_quic_accept
1155 *
1156 */
1157
1158 QUIC_NEEDS_LOCK
1159 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1160 {
1161 QUIC_STREAM_MAP *qsm;
1162
1163 if (qc->shutting_down)
1164 return;
1165
1166 qsm = ossl_quic_channel_get_qsm(qc->ch);
1167
1168 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1169 qc->shutting_down = 1;
1170 }
1171
1172 /* Returns 1 if all shutdown-flush streams have been done with. */
1173 QUIC_NEEDS_LOCK
1174 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1175 {
1176 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1177
1178 return qc->shutting_down
1179 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1180 }
1181
1182 /* SSL_shutdown */
1183 static int quic_shutdown_wait(void *arg)
1184 {
1185 QUIC_CONNECTION *qc = arg;
1186
1187 return ossl_quic_channel_is_terminated(qc->ch);
1188 }
1189
1190 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1191 static int quic_shutdown_flush_wait(void *arg)
1192 {
1193 QUIC_CONNECTION *qc = arg;
1194
1195 return ossl_quic_channel_is_term_any(qc->ch)
1196 || qc_shutdown_flush_finished(qc);
1197 }
1198
1199 static int quic_shutdown_peer_wait(void *arg)
1200 {
1201 QUIC_CONNECTION *qc = arg;
1202 return ossl_quic_channel_is_term_any(qc->ch);
1203 }
1204
1205 QUIC_TAKES_LOCK
1206 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1207 const SSL_SHUTDOWN_EX_ARGS *args,
1208 size_t args_len)
1209 {
1210 int ret;
1211 QCTX ctx;
1212 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1213 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1214 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1215
1216 if (!expect_quic(s, &ctx))
1217 return -1;
1218
1219 if (ctx.is_stream) {
1220 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1221 return -1;
1222 }
1223
1224 quic_lock(ctx.qc);
1225
1226 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1227 quic_unlock(ctx.qc);
1228 return 1;
1229 }
1230
1231 /* Phase 1: Stream Flushing */
1232 if (!wait_peer && stream_flush) {
1233 qc_shutdown_flush_init(ctx.qc);
1234
1235 if (!qc_shutdown_flush_finished(ctx.qc)) {
1236 if (!no_block && qc_blocking_mode(ctx.qc)) {
1237 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1238 if (ret < 1) {
1239 ret = 0;
1240 goto err;
1241 }
1242 } else {
1243 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1244 }
1245 }
1246
1247 if (!qc_shutdown_flush_finished(ctx.qc)) {
1248 quic_unlock(ctx.qc);
1249 return 0; /* ongoing */
1250 }
1251 }
1252
1253 /* Phase 2: Connection Closure */
1254 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1255 if (!no_block && qc_blocking_mode(ctx.qc)) {
1256 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1257 if (ret < 1) {
1258 ret = 0;
1259 goto err;
1260 }
1261 } else {
1262 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1263 }
1264
1265 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1266 ret = 0; /* peer hasn't closed yet - still not done */
1267 goto err;
1268 }
1269
1270 /*
1271 * We are at least terminating - go through the normal process of
1272 * waiting until we are in the TERMINATED state.
1273 */
1274 }
1275
1276 /* Block mutation ops regardless of if we did stream flush. */
1277 ctx.qc->shutting_down = 1;
1278
1279 /*
1280 * This call is a no-op if we are already terminating, so it doesn't
1281 * affect the wait_peer case.
1282 */
1283 ossl_quic_channel_local_close(ctx.qc->ch,
1284 args != NULL ? args->quic_error_code : 0,
1285 args != NULL ? args->quic_reason : NULL);
1286
1287 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1288
1289 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1290 quic_unlock(ctx.qc);
1291 return 1;
1292 }
1293
1294 /* Phase 3: Terminating Wait Time */
1295 if (!no_block && qc_blocking_mode(ctx.qc)
1296 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1297 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1298 if (ret < 1) {
1299 ret = 0;
1300 goto err;
1301 }
1302 } else {
1303 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1304 }
1305
1306 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1307 err:
1308 quic_unlock(ctx.qc);
1309 return ret;
1310 }
1311
1312 /* SSL_ctrl */
1313 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1314 {
1315 QCTX ctx;
1316
1317 if (!expect_quic(s, &ctx))
1318 return 0;
1319
1320 switch (cmd) {
1321 case SSL_CTRL_MODE:
1322 /* If called on a QCSO, update the default mode. */
1323 if (!ctx.is_stream)
1324 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1325
1326 /*
1327 * If we were called on a QSSO or have a default stream, we also update
1328 * that.
1329 */
1330 if (ctx.xso != NULL) {
1331 /* Cannot enable EPW while AON write in progress. */
1332 if (ctx.xso->aon_write_in_progress)
1333 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1334
1335 ctx.xso->ssl_mode |= (uint32_t)larg;
1336 return ctx.xso->ssl_mode;
1337 }
1338
1339 return ctx.qc->default_ssl_mode;
1340 case SSL_CTRL_CLEAR_MODE:
1341 if (!ctx.is_stream)
1342 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1343
1344 if (ctx.xso != NULL) {
1345 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1346 return ctx.xso->ssl_mode;
1347 }
1348
1349 return ctx.qc->default_ssl_mode;
1350
1351 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1352 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1353 /* This ctrl also needs to be passed to the internal SSL object */
1354 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1355
1356 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1357 {
1358 int is_infinite;
1359
1360 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1361 return 0;
1362
1363 return !is_infinite;
1364 }
1365 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1366 /* For legacy compatibility with DTLS calls. */
1367 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1368
1369 /* Mask ctrls we shouldn't support for QUIC. */
1370 case SSL_CTRL_GET_READ_AHEAD:
1371 case SSL_CTRL_SET_READ_AHEAD:
1372 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1373 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1374 case SSL_CTRL_SET_MAX_PIPELINES:
1375 return 0;
1376
1377 default:
1378 /*
1379 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1380 * implementation. Either SSL_ctrl will handle it itself by direct
1381 * access into handshake layer state, or failing that, it will be passed
1382 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1383 * supported by anything, the handshake layer's ctrl method will finally
1384 * return 0.
1385 */
1386 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1387 }
1388 }
1389
1390 /* SSL_set_connect_state */
1391 void ossl_quic_set_connect_state(SSL *s)
1392 {
1393 QCTX ctx;
1394
1395 if (!expect_quic(s, &ctx))
1396 return;
1397
1398 /* Cannot be changed after handshake started */
1399 if (ctx.qc->started || ctx.is_stream)
1400 return;
1401
1402 ctx.qc->as_server_state = 0;
1403 }
1404
1405 /* SSL_set_accept_state */
1406 void ossl_quic_set_accept_state(SSL *s)
1407 {
1408 QCTX ctx;
1409
1410 if (!expect_quic(s, &ctx))
1411 return;
1412
1413 /* Cannot be changed after handshake started */
1414 if (ctx.qc->started || ctx.is_stream)
1415 return;
1416
1417 ctx.qc->as_server_state = 1;
1418 }
1419
1420 /* SSL_do_handshake */
1421 struct quic_handshake_wait_args {
1422 QUIC_CONNECTION *qc;
1423 };
1424
1425 static int quic_handshake_wait(void *arg)
1426 {
1427 struct quic_handshake_wait_args *args = arg;
1428
1429 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1430 return -1;
1431
1432 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1433 return 1;
1434
1435 return 0;
1436 }
1437
1438 static int configure_channel(QUIC_CONNECTION *qc)
1439 {
1440 assert(qc->ch != NULL);
1441
1442 if (!ossl_quic_channel_set_net_rbio(qc->ch, qc->net_rbio)
1443 || !ossl_quic_channel_set_net_wbio(qc->ch, qc->net_wbio)
1444 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1445 return 0;
1446
1447 return 1;
1448 }
1449
1450 QUIC_NEEDS_LOCK
1451 static int create_channel(QUIC_CONNECTION *qc)
1452 {
1453 QUIC_CHANNEL_ARGS args = {0};
1454
1455 args.libctx = qc->ssl.ctx->libctx;
1456 args.propq = qc->ssl.ctx->propq;
1457 args.is_server = qc->as_server;
1458 args.tls = qc->tls;
1459 args.mutex = qc->mutex;
1460 args.now_cb = get_time_cb;
1461 args.now_cb_arg = qc;
1462
1463 qc->ch = ossl_quic_channel_new(&args);
1464 if (qc->ch == NULL) {
1465 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1466 return 0;
1467 }
1468
1469 return 1;
1470 }
1471
1472 /*
1473 * Configures a channel with the information we have accumulated via calls made
1474 * to us from the application prior to starting a handshake attempt.
1475 */
1476 QUIC_NEEDS_LOCK
1477 static int ensure_channel_started(QCTX *ctx)
1478 {
1479 QUIC_CONNECTION *qc = ctx->qc;
1480
1481 if (!qc->started) {
1482 if (!configure_channel(qc)) {
1483 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1484 "failed to configure channel");
1485 return 0;
1486 }
1487
1488 if (!ossl_quic_channel_start(qc->ch)) {
1489 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1490 "failed to start channel");
1491 return 0;
1492 }
1493
1494 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1495 if (qc->is_thread_assisted)
1496 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) {
1497 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1498 "failed to start assist thread");
1499 return 0;
1500 }
1501 #endif
1502 }
1503
1504 qc->started = 1;
1505 return 1;
1506 }
1507
1508 QUIC_NEEDS_LOCK
1509 static int quic_do_handshake(QCTX *ctx)
1510 {
1511 int ret;
1512 QUIC_CONNECTION *qc = ctx->qc;
1513
1514 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1515 /* Handshake already completed. */
1516 return 1;
1517
1518 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1519 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1520
1521 if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1522 /* Peer address must have been set. */
1523 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1524 return -1; /* Non-protocol error */
1525 }
1526
1527 if (qc->as_server != qc->as_server_state) {
1528 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1529 return -1; /* Non-protocol error */
1530 }
1531
1532 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1533 /* Need read and write BIOs. */
1534 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1535 return -1; /* Non-protocol error */
1536 }
1537
1538 /*
1539 * Start connection process. Note we may come here multiple times in
1540 * non-blocking mode, which is fine.
1541 */
1542 if (!ensure_channel_started(qc)) /* raises on failure */
1543 return -1; /* Non-protocol error */
1544
1545 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1546 /* The handshake is now done. */
1547 return 1;
1548
1549 if (!qc_blocking_mode(qc)) {
1550 /* Try to advance the reactor. */
1551 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1552
1553 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1554 /* The handshake is now done. */
1555 return 1;
1556
1557 if (ossl_quic_channel_is_term_any(qc->ch)) {
1558 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1559 return 0;
1560 } else if (qc->desires_blocking) {
1561 /*
1562 * As a special case when doing a handshake when blocking mode is
1563 * desired yet not available, see if the network BIOs have become
1564 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1565 * which do late creation of socket FDs and therefore cannot expose
1566 * a poll descriptor until after a network BIO is set on the QCSO.
1567 */
1568 assert(!qc->blocking);
1569 qc_update_can_support_blocking(qc);
1570 qc_update_blocking_mode(qc);
1571 }
1572 }
1573
1574 /*
1575 * We are either in blocking mode or just entered it due to the code above.
1576 */
1577 if (qc_blocking_mode(qc)) {
1578 /* In blocking mode, wait for the handshake to complete. */
1579 struct quic_handshake_wait_args args;
1580
1581 args.qc = qc;
1582
1583 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1584 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1585 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1586 return 0; /* Shutdown before completion */
1587 } else if (ret <= 0) {
1588 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1589 return -1; /* Non-protocol error */
1590 }
1591
1592 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1593 return 1;
1594 }
1595
1596 /*
1597 * Otherwise, indicate that the handshake isn't done yet.
1598 * We can only get here in non-blocking mode.
1599 */
1600 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1601 return -1; /* Non-protocol error */
1602 }
1603
1604 QUIC_TAKES_LOCK
1605 int ossl_quic_do_handshake(SSL *s)
1606 {
1607 int ret;
1608 QCTX ctx;
1609
1610 if (!expect_quic(s, &ctx))
1611 return 0;
1612
1613 ctx.in_io = 1;
1614 quic_lock(ctx.qc);
1615
1616 ret = quic_do_handshake(&ctx);
1617 quic_unlock(ctx.qc);
1618 return ret;
1619 }
1620
1621 /* SSL_connect */
1622 int ossl_quic_connect(SSL *s)
1623 {
1624 /* Ensure we are in connect state (no-op if non-idle). */
1625 ossl_quic_set_connect_state(s);
1626
1627 /* Begin or continue the handshake */
1628 return ossl_quic_do_handshake(s);
1629 }
1630
1631 /* SSL_accept */
1632 int ossl_quic_accept(SSL *s)
1633 {
1634 /* Ensure we are in accept state (no-op if non-idle). */
1635 ossl_quic_set_accept_state(s);
1636
1637 /* Begin or continue the handshake */
1638 return ossl_quic_do_handshake(s);
1639 }
1640
1641 /*
1642 * QUIC Front-End I/O API: Stream Lifecycle Operations
1643 * ===================================================
1644 *
1645 * SSL_stream_new => ossl_quic_conn_stream_new
1646 *
1647 */
1648
1649 /*
1650 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1651 * default XSO was created. Returns 0 if it was not (e.g. because it already
1652 * exists). Note that this is NOT an error condition.
1653 */
1654 QUIC_NEEDS_LOCK
1655 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1656 {
1657 uint64_t flags = 0;
1658 QUIC_CONNECTION *qc = ctx->qc;
1659
1660 if (qc->default_xso_created
1661 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1662 /*
1663 * We only do this once. If the user detaches a previously created
1664 * default XSO we don't auto-create another one.
1665 */
1666 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1667
1668 /* Create a locally-initiated stream. */
1669 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1670 flags |= SSL_STREAM_FLAG_UNI;
1671
1672 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1673 /*needs_lock=*/0),
1674 /*touch=*/0);
1675 if (qc->default_xso == NULL)
1676 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1677
1678 qc_touch_default_xso(qc);
1679 return 1;
1680 }
1681
1682 struct quic_wait_for_stream_args {
1683 QUIC_CONNECTION *qc;
1684 QUIC_STREAM *qs;
1685 QCTX *ctx;
1686 uint64_t expect_id;
1687 };
1688
1689 QUIC_NEEDS_LOCK
1690 static int quic_wait_for_stream(void *arg)
1691 {
1692 struct quic_wait_for_stream_args *args = arg;
1693
1694 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1695 /* If connection is torn down due to an error while blocking, stop. */
1696 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1697 return -1;
1698 }
1699
1700 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1701 args->expect_id | QUIC_STREAM_DIR_BIDI);
1702 if (args->qs == NULL)
1703 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1704 args->expect_id | QUIC_STREAM_DIR_UNI);
1705
1706 if (args->qs != NULL)
1707 return 1; /* stream now exists */
1708
1709 return 0; /* did not get a stream, keep trying */
1710 }
1711
1712 QUIC_NEEDS_LOCK
1713 static int qc_wait_for_default_xso_for_read(QCTX *ctx)
1714 {
1715 /* Called on a QCSO and we don't currently have a default stream. */
1716 uint64_t expect_id;
1717 QUIC_CONNECTION *qc = ctx->qc;
1718 QUIC_STREAM *qs;
1719 int res;
1720 struct quic_wait_for_stream_args wargs;
1721
1722 /*
1723 * If default stream functionality is disabled or we already detached
1724 * one, don't make another default stream and just fail.
1725 */
1726 if (qc->default_xso_created
1727 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1728 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1729
1730 /*
1731 * The peer may have opened a stream since we last ticked. So tick and
1732 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1733 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1734 * first stream created by a peer must have an ordinal of 0.
1735 */
1736 expect_id = qc->as_server
1737 ? QUIC_STREAM_INITIATOR_CLIENT
1738 : QUIC_STREAM_INITIATOR_SERVER;
1739
1740 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1741 expect_id | QUIC_STREAM_DIR_BIDI);
1742 if (qs == NULL)
1743 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1744 expect_id | QUIC_STREAM_DIR_UNI);
1745
1746 if (qs == NULL) {
1747 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc->ch), 0);
1748
1749 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1750 expect_id);
1751 }
1752
1753 if (qs == NULL) {
1754 if (!qc_blocking_mode(qc))
1755 /* Non-blocking mode, so just bail immediately. */
1756 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1757
1758 /* Block until we have a stream. */
1759 wargs.qc = qc;
1760 wargs.qs = NULL;
1761 wargs.ctx = ctx;
1762 wargs.expect_id = expect_id;
1763
1764 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1765 if (res == 0)
1766 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1767 else if (res < 0 || wargs.qs == NULL)
1768 /* quic_wait_for_stream raised error here */
1769 return 0;
1770
1771 qs = wargs.qs;
1772 }
1773
1774 /*
1775 * We now have qs != NULL. Make it the default stream, creating the
1776 * necessary XSO.
1777 */
1778 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1779 if (qc->default_xso == NULL)
1780 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1781
1782 qc_touch_default_xso(qc); /* inhibits default XSO */
1783 return 1;
1784 }
1785
1786 QUIC_NEEDS_LOCK
1787 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1788 {
1789 QUIC_XSO *xso = NULL;
1790
1791 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1792 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1793 goto err;
1794 }
1795
1796 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1797 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1798 goto err;
1799 }
1800
1801 /* XSO refs QC */
1802 if (!SSL_up_ref(&qc->ssl)) {
1803 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1804 goto err;
1805 }
1806
1807 xso->conn = qc;
1808 xso->ssl_mode = qc->default_ssl_mode;
1809 xso->ssl_options
1810 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1811 xso->last_error = SSL_ERROR_NONE;
1812
1813 xso->stream = qs;
1814
1815 ++qc->num_xso;
1816 xso_update_options(xso);
1817 return xso;
1818
1819 err:
1820 OPENSSL_free(xso);
1821 return NULL;
1822 }
1823
1824 struct quic_new_stream_wait_args {
1825 QUIC_CONNECTION *qc;
1826 int is_uni;
1827 };
1828
1829 static int quic_new_stream_wait(void *arg)
1830 {
1831 struct quic_new_stream_wait_args *args = arg;
1832 QUIC_CONNECTION *qc = args->qc;
1833
1834 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1835 return -1;
1836
1837 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1838 return 1;
1839
1840 return 0;
1841 }
1842
1843 /* locking depends on need_lock */
1844 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1845 {
1846 int ret;
1847 QUIC_CONNECTION *qc = ctx->qc;
1848 QUIC_XSO *xso = NULL;
1849 QUIC_STREAM *qs = NULL;
1850 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
1851 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
1852 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
1853
1854 if (need_lock)
1855 quic_lock(qc);
1856
1857 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
1858 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1859 goto err;
1860 }
1861
1862 if (!advance
1863 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
1864 struct quic_new_stream_wait_args args;
1865
1866 /*
1867 * Stream count flow control currently doesn't permit this stream to be
1868 * opened.
1869 */
1870 if (no_blocking || !qc_blocking_mode(qc)) {
1871 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
1872 goto err;
1873 }
1874
1875 args.qc = qc;
1876 args.is_uni = is_uni;
1877
1878 /* Blocking mode - wait until we can get a stream. */
1879 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
1880 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1881 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1882 goto err; /* Shutdown before completion */
1883 } else if (ret <= 0) {
1884 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1885 goto err; /* Non-protocol error */
1886 }
1887 }
1888
1889 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
1890 if (qs == NULL) {
1891 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1892 goto err;
1893 }
1894
1895 xso = create_xso_from_stream(qc, qs);
1896 if (xso == NULL)
1897 goto err;
1898
1899 qc_touch_default_xso(qc); /* inhibits default XSO */
1900 if (need_lock)
1901 quic_unlock(qc);
1902
1903 return &xso->ssl;
1904
1905 err:
1906 OPENSSL_free(xso);
1907 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
1908 if (need_lock)
1909 quic_unlock(qc);
1910
1911 return NULL;
1912
1913 }
1914
1915 QUIC_TAKES_LOCK
1916 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
1917 {
1918 QCTX ctx;
1919
1920 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
1921 return NULL;
1922
1923 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
1924 }
1925
1926 /*
1927 * QUIC Front-End I/O API: Steady-State Operations
1928 * ===============================================
1929 *
1930 * Here we dispatch calls to the steady-state front-end I/O API functions; that
1931 * is, the functions used during the established phase of a QUIC connection
1932 * (e.g. SSL_read, SSL_write).
1933 *
1934 * Each function must handle both blocking and non-blocking modes. As discussed
1935 * above, all QUIC I/O is implemented using non-blocking mode internally.
1936 *
1937 * SSL_get_error => partially implemented by ossl_quic_get_error
1938 * (BIO/)SSL_read => ossl_quic_read
1939 * (BIO/)SSL_write => ossl_quic_write
1940 * SSL_pending => ossl_quic_pending
1941 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
1942 * SSL_key_update => ossl_quic_key_update
1943 */
1944
1945 /* SSL_get_error */
1946 int ossl_quic_get_error(const SSL *s, int i)
1947 {
1948 QCTX ctx;
1949 int net_error, last_error;
1950
1951 if (!expect_quic(s, &ctx))
1952 return 0;
1953
1954 quic_lock(ctx.qc);
1955 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
1956 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
1957 quic_unlock(ctx.qc);
1958
1959 if (net_error)
1960 return SSL_ERROR_SYSCALL;
1961
1962 return last_error;
1963 }
1964
1965 /*
1966 * SSL_write
1967 * ---------
1968 *
1969 * The set of functions below provide the implementation of the public SSL_write
1970 * function. We must handle:
1971 *
1972 * - both blocking and non-blocking operation at the application level,
1973 * depending on how we are configured;
1974 *
1975 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
1976 *
1977 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1978 *
1979 */
1980 QUIC_NEEDS_LOCK
1981 static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick)
1982 {
1983 /*
1984 * We have appended at least one byte to the stream.
1985 * Potentially mark stream as active, depending on FC.
1986 */
1987 if (did_append)
1988 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
1989 xso->stream);
1990
1991 /*
1992 * Try and send.
1993 *
1994 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
1995 * immediately, plus we should eventually consider Nagle's algorithm.
1996 */
1997 if (do_tick)
1998 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
1999 }
2000
2001 struct quic_write_again_args {
2002 QUIC_XSO *xso;
2003 const unsigned char *buf;
2004 size_t len;
2005 size_t total_written;
2006 int err;
2007 };
2008
2009 QUIC_NEEDS_LOCK
2010 static int quic_write_again(void *arg)
2011 {
2012 struct quic_write_again_args *args = arg;
2013 size_t actual_written = 0;
2014
2015 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2016 /* If connection is torn down due to an error while blocking, stop. */
2017 return -2;
2018
2019 if (!quic_validate_for_write(args->xso, &args->err))
2020 /*
2021 * Stream may have become invalid for write due to connection events
2022 * while we blocked.
2023 */
2024 return -2;
2025
2026 args->err = ERR_R_INTERNAL_ERROR;
2027 if (!ossl_quic_sstream_append(args->xso->stream->sstream,
2028 args->buf, args->len, &actual_written))
2029 return -2;
2030
2031 quic_post_write(args->xso, actual_written > 0, 0);
2032
2033 args->buf += actual_written;
2034 args->len -= actual_written;
2035 args->total_written += actual_written;
2036
2037 if (args->len == 0)
2038 /* Written everything, done. */
2039 return 1;
2040
2041 /* Not written everything yet, keep trying. */
2042 return 0;
2043 }
2044
2045 QUIC_NEEDS_LOCK
2046 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2047 size_t *written)
2048 {
2049 int res;
2050 QUIC_XSO *xso = ctx->xso;
2051 struct quic_write_again_args args;
2052 size_t actual_written = 0;
2053
2054 /* First make a best effort to append as much of the data as possible. */
2055 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len,
2056 &actual_written)) {
2057 /* Stream already finished or allocation error. */
2058 *written = 0;
2059 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2060 }
2061
2062 quic_post_write(xso, actual_written > 0, 1);
2063
2064 if (actual_written == len) {
2065 /* Managed to append everything on the first try. */
2066 *written = actual_written;
2067 return 1;
2068 }
2069
2070 /*
2071 * We did not manage to append all of the data immediately, so the stream
2072 * buffer has probably filled up. This means we need to block until some of
2073 * it is freed up.
2074 */
2075 args.xso = xso;
2076 args.buf = (const unsigned char *)buf + actual_written;
2077 args.len = len - actual_written;
2078 args.total_written = 0;
2079 args.err = ERR_R_INTERNAL_ERROR;
2080
2081 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2082 if (res <= 0) {
2083 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2084 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2085 else
2086 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2087 }
2088
2089 *written = args.total_written;
2090 return 1;
2091 }
2092
2093 /*
2094 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2095 * write semantics.
2096 */
2097 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2098 size_t buf_len, size_t already_sent)
2099 {
2100 assert(!xso->aon_write_in_progress);
2101
2102 xso->aon_write_in_progress = 1;
2103 xso->aon_buf_base = buf;
2104 xso->aon_buf_pos = already_sent;
2105 xso->aon_buf_len = buf_len;
2106 }
2107
2108 static void aon_write_finish(QUIC_XSO *xso)
2109 {
2110 xso->aon_write_in_progress = 0;
2111 xso->aon_buf_base = NULL;
2112 xso->aon_buf_pos = 0;
2113 xso->aon_buf_len = 0;
2114 }
2115
2116 QUIC_NEEDS_LOCK
2117 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2118 size_t len, size_t *written)
2119 {
2120 QUIC_XSO *xso = ctx->xso;
2121 const void *actual_buf;
2122 size_t actual_len, actual_written = 0;
2123 int accept_moving_buffer
2124 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2125
2126 if (xso->aon_write_in_progress) {
2127 /*
2128 * We are in the middle of an AON write (i.e., a previous write did not
2129 * manage to append all data to the SSTREAM and we have Enable Partial
2130 * Write (EPW) mode disabled.)
2131 */
2132 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2133 || len != xso->aon_buf_len)
2134 /*
2135 * Pointer must not have changed if we are not in accept moving
2136 * buffer mode. Length must never change.
2137 */
2138 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2139
2140 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2141 actual_len = len - xso->aon_buf_pos;
2142 assert(actual_len > 0);
2143 } else {
2144 actual_buf = buf;
2145 actual_len = len;
2146 }
2147
2148 /* First make a best effort to append as much of the data as possible. */
2149 if (!ossl_quic_sstream_append(xso->stream->sstream, actual_buf, actual_len,
2150 &actual_written)) {
2151 /* Stream already finished or allocation error. */
2152 *written = 0;
2153 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2154 }
2155
2156 quic_post_write(xso, actual_written > 0, 1);
2157
2158 if (actual_written == actual_len) {
2159 /* We have sent everything. */
2160 if (xso->aon_write_in_progress) {
2161 /*
2162 * We have sent everything, and we were in the middle of an AON
2163 * write. The output write length is the total length of the AON
2164 * buffer, not however many bytes we managed to write to the stream
2165 * in this call.
2166 */
2167 *written = xso->aon_buf_len;
2168 aon_write_finish(xso);
2169 } else {
2170 *written = actual_written;
2171 }
2172
2173 return 1;
2174 }
2175
2176 if (xso->aon_write_in_progress) {
2177 /*
2178 * AON write is in progress but we have not written everything yet. We
2179 * may have managed to send zero bytes, or some number of bytes less
2180 * than the total remaining which need to be appended during this
2181 * AON operation.
2182 */
2183 xso->aon_buf_pos += actual_written;
2184 assert(xso->aon_buf_pos < xso->aon_buf_len);
2185 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2186 }
2187
2188 /*
2189 * Not in an existing AON operation but partial write is not enabled, so we
2190 * need to begin a new AON operation. However we needn't bother if we didn't
2191 * actually append anything.
2192 */
2193 if (actual_written > 0)
2194 aon_write_begin(xso, buf, len, actual_written);
2195
2196 /*
2197 * AON - We do not publicly admit to having appended anything until AON
2198 * completes.
2199 */
2200 *written = 0;
2201 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2202 }
2203
2204 QUIC_NEEDS_LOCK
2205 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2206 size_t *written)
2207 {
2208 QUIC_XSO *xso = ctx->xso;
2209
2210 /* Simple best effort operation. */
2211 if (!ossl_quic_sstream_append(xso->stream->sstream, buf, len, written)) {
2212 /* Stream already finished or allocation error. */
2213 *written = 0;
2214 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2215 }
2216
2217 quic_post_write(xso, *written > 0, 1);
2218 return 1;
2219 }
2220
2221 QUIC_NEEDS_LOCK
2222 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2223 {
2224 QUIC_STREAM_MAP *qsm;
2225
2226 if (xso == NULL || xso->stream == NULL) {
2227 *err = ERR_R_INTERNAL_ERROR;
2228 return 0;
2229 }
2230
2231 switch (xso->stream->send_state) {
2232 default:
2233 case QUIC_SSTREAM_STATE_NONE:
2234 *err = SSL_R_STREAM_RECV_ONLY;
2235 return 0;
2236
2237 case QUIC_SSTREAM_STATE_READY:
2238 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2239
2240 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2241 *err = ERR_R_INTERNAL_ERROR;
2242 return 0;
2243 }
2244
2245 /* FALLTHROUGH */
2246 case QUIC_SSTREAM_STATE_SEND:
2247 case QUIC_SSTREAM_STATE_DATA_SENT:
2248 case QUIC_SSTREAM_STATE_DATA_RECVD:
2249 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2250 *err = SSL_R_STREAM_FINISHED;
2251 return 0;
2252 }
2253
2254 return 1;
2255
2256 case QUIC_SSTREAM_STATE_RESET_SENT:
2257 case QUIC_SSTREAM_STATE_RESET_RECVD:
2258 *err = SSL_R_STREAM_RESET;
2259 return 0;
2260 }
2261 }
2262
2263 QUIC_TAKES_LOCK
2264 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2265 {
2266 int ret;
2267 QCTX ctx;
2268 int partial_write, err;
2269
2270 *written = 0;
2271
2272 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2273 return 0;
2274
2275 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
2276
2277 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2278 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2279 goto out;
2280 }
2281
2282 /*
2283 * If we haven't finished the handshake, try to advance it.
2284 * We don't accept writes until the handshake is completed.
2285 */
2286 if (quic_do_handshake(&ctx) < 1) {
2287 ret = 0;
2288 goto out;
2289 }
2290
2291 /* Ensure correct stream state, stream send part not concluded, etc. */
2292 if (!quic_validate_for_write(ctx.xso, &err)) {
2293 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2294 goto out;
2295 }
2296
2297 if (len == 0) {
2298 ret = 1;
2299 goto out;
2300 }
2301
2302 if (xso_blocking_mode(ctx.xso))
2303 ret = quic_write_blocking(&ctx, buf, len, written);
2304 else if (partial_write)
2305 ret = quic_write_nonblocking_epw(&ctx, buf, len, written);
2306 else
2307 ret = quic_write_nonblocking_aon(&ctx, buf, len, written);
2308
2309 out:
2310 quic_unlock(ctx.qc);
2311 return ret;
2312 }
2313
2314 /*
2315 * SSL_read
2316 * --------
2317 */
2318 struct quic_read_again_args {
2319 QCTX *ctx;
2320 QUIC_STREAM *stream;
2321 void *buf;
2322 size_t len;
2323 size_t *bytes_read;
2324 int peek;
2325 };
2326
2327 QUIC_NEEDS_LOCK
2328 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2329 {
2330 QUIC_STREAM_MAP *qsm;
2331
2332 *eos = 0;
2333
2334 if (xso == NULL || xso->stream == NULL) {
2335 *err = ERR_R_INTERNAL_ERROR;
2336 return 0;
2337 }
2338
2339 switch (xso->stream->recv_state) {
2340 default:
2341 case QUIC_RSTREAM_STATE_NONE:
2342 *err = SSL_R_STREAM_SEND_ONLY;
2343 return 0;
2344
2345 case QUIC_RSTREAM_STATE_RECV:
2346 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2347 case QUIC_RSTREAM_STATE_DATA_RECVD:
2348 return 1;
2349
2350 case QUIC_RSTREAM_STATE_DATA_READ:
2351 *eos = 1;
2352 return 0;
2353
2354 case QUIC_RSTREAM_STATE_RESET_RECVD:
2355 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2356 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2357
2358 /* FALLTHROUGH */
2359 case QUIC_RSTREAM_STATE_RESET_READ:
2360 *err = SSL_R_STREAM_RESET;
2361 return 0;
2362 }
2363 }
2364
2365 QUIC_NEEDS_LOCK
2366 static int quic_read_actual(QCTX *ctx,
2367 QUIC_STREAM *stream,
2368 void *buf, size_t buf_len,
2369 size_t *bytes_read,
2370 int peek)
2371 {
2372 int is_fin = 0, err, eos;
2373 QUIC_CONNECTION *qc = ctx->qc;
2374
2375 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2376 if (eos)
2377 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2378 else
2379 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2380 }
2381
2382 if (peek) {
2383 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2384 bytes_read, &is_fin))
2385 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2386
2387 } else {
2388 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2389 bytes_read, &is_fin))
2390 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2391 }
2392
2393 if (!peek) {
2394 if (*bytes_read > 0) {
2395 /*
2396 * We have read at least one byte from the stream. Inform stream-level
2397 * RXFC of the retirement of controlled bytes. Update the active stream
2398 * status (the RXFC may now want to emit a frame granting more credit to
2399 * the peer).
2400 */
2401 OSSL_RTT_INFO rtt_info;
2402
2403 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2404
2405 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2406 rtt_info.smoothed_rtt))
2407 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2408 }
2409
2410 if (is_fin && !peek) {
2411 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2412
2413 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2414 }
2415
2416 if (*bytes_read > 0)
2417 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2418 stream);
2419 }
2420
2421 if (*bytes_read == 0 && is_fin)
2422 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2423
2424 return 1;
2425 }
2426
2427 QUIC_NEEDS_LOCK
2428 static int quic_read_again(void *arg)
2429 {
2430 struct quic_read_again_args *args = arg;
2431
2432 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2433 /* If connection is torn down due to an error while blocking, stop. */
2434 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2435 return -1;
2436 }
2437
2438 if (!quic_read_actual(args->ctx, args->stream,
2439 args->buf, args->len, args->bytes_read,
2440 args->peek))
2441 return -1;
2442
2443 if (*args->bytes_read > 0)
2444 /* got at least one byte, the SSL_read op can finish now */
2445 return 1;
2446
2447 return 0; /* did not read anything, keep trying */
2448 }
2449
2450 QUIC_TAKES_LOCK
2451 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2452 {
2453 int ret, res;
2454 QCTX ctx;
2455 struct quic_read_again_args args;
2456
2457 *bytes_read = 0;
2458
2459 if (!expect_quic(s, &ctx))
2460 return 0;
2461
2462 ctx.in_io = 1;
2463 quic_lock(ctx.qc);
2464
2465 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2466 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2467 goto out;
2468 }
2469
2470 /* If we haven't finished the handshake, try to advance it. */
2471 if (quic_do_handshake(&ctx) < 1) {
2472 ret = 0; /* ossl_quic_do_handshake raised error here */
2473 goto out;
2474 }
2475
2476 if (ctx.xso == NULL) {
2477 /*
2478 * Called on a QCSO and we don't currently have a default stream.
2479 *
2480 * Wait until we get a stream initiated by the peer (blocking mode) or
2481 * fail if we don't have one yet (non-blocking mode).
2482 */
2483 if (!qc_wait_for_default_xso_for_read(&ctx)) {
2484 ret = 0; /* error already raised here */
2485 goto out;
2486 }
2487
2488 ctx.xso = ctx.qc->default_xso;
2489 }
2490
2491 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2492 ret = 0; /* quic_read_actual raised error here */
2493 goto out;
2494 }
2495
2496 if (*bytes_read > 0) {
2497 /*
2498 * Even though we succeeded, tick the reactor here to ensure we are
2499 * handling other aspects of the QUIC connection.
2500 */
2501 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2502 ret = 1;
2503 } else if (xso_blocking_mode(ctx.xso)) {
2504 /*
2505 * We were not able to read anything immediately, so our stream
2506 * buffer is empty. This means we need to block until we get
2507 * at least one byte.
2508 */
2509 args.ctx = &ctx;
2510 args.stream = ctx.xso->stream;
2511 args.buf = buf;
2512 args.len = len;
2513 args.bytes_read = bytes_read;
2514 args.peek = peek;
2515
2516 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2517 if (res == 0) {
2518 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2519 goto out;
2520 } else if (res < 0) {
2521 ret = 0; /* quic_read_again raised error here */
2522 goto out;
2523 }
2524
2525 ret = 1;
2526 } else {
2527 /*
2528 * We did not get any bytes and are not in blocking mode.
2529 * Tick to see if this delivers any more.
2530 */
2531 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
2532
2533 /* Try the read again. */
2534 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2535 ret = 0; /* quic_read_actual raised error here */
2536 goto out;
2537 }
2538
2539 if (*bytes_read > 0)
2540 ret = 1; /* Succeeded this time. */
2541 else
2542 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2543 }
2544
2545 out:
2546 quic_unlock(ctx.qc);
2547 return ret;
2548 }
2549
2550 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2551 {
2552 return quic_read(s, buf, len, bytes_read, 0);
2553 }
2554
2555 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2556 {
2557 return quic_read(s, buf, len, bytes_read, 1);
2558 }
2559
2560 /*
2561 * SSL_pending
2562 * -----------
2563 */
2564
2565 QUIC_TAKES_LOCK
2566 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2567 {
2568 QCTX ctx;
2569 size_t avail = 0;
2570 int fin = 0;
2571
2572
2573 if (!expect_quic(s, &ctx))
2574 return 0;
2575
2576 quic_lock(ctx.qc);
2577
2578 if (ctx.xso == NULL) {
2579 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2580 goto out;
2581 }
2582
2583 if (ctx.xso->stream == NULL
2584 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
2585 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2586 goto out;
2587 }
2588
2589 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
2590 avail = 0;
2591
2592 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2593 avail = 1;
2594
2595 out:
2596 quic_unlock(ctx.qc);
2597 return avail;
2598 }
2599
2600 size_t ossl_quic_pending(const SSL *s)
2601 {
2602 return ossl_quic_pending_int(s, /*check_channel=*/0);
2603 }
2604
2605 int ossl_quic_has_pending(const SSL *s)
2606 {
2607 /* Do we have app-side pending data or pending URXEs or RXEs? */
2608 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2609 }
2610
2611 /*
2612 * SSL_stream_conclude
2613 * -------------------
2614 */
2615 QUIC_TAKES_LOCK
2616 int ossl_quic_conn_stream_conclude(SSL *s)
2617 {
2618 QCTX ctx;
2619 QUIC_STREAM *qs;
2620 int err;
2621
2622 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2623 return 0;
2624
2625 qs = ctx.xso->stream;
2626
2627 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2628 quic_unlock(ctx.qc);
2629 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2630 }
2631
2632 if (!quic_validate_for_write(ctx.xso, &err)) {
2633 quic_unlock(ctx.qc);
2634 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2635 }
2636
2637 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2638 quic_unlock(ctx.qc);
2639 return 1;
2640 }
2641
2642 ossl_quic_sstream_fin(qs->sstream);
2643 quic_post_write(ctx.xso, 1, 1);
2644 quic_unlock(ctx.qc);
2645 return 1;
2646 }
2647
2648 /*
2649 * SSL_inject_net_dgram
2650 * --------------------
2651 */
2652 QUIC_TAKES_LOCK
2653 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2654 size_t buf_len,
2655 const BIO_ADDR *peer,
2656 const BIO_ADDR *local)
2657 {
2658 int ret;
2659 QCTX ctx;
2660 QUIC_DEMUX *demux;
2661
2662 if (!expect_quic(s, &ctx))
2663 return 0;
2664
2665 quic_lock(ctx.qc);
2666
2667 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2668 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2669
2670 quic_unlock(ctx.qc);
2671 return ret;
2672 }
2673
2674 /*
2675 * SSL_get0_connection
2676 * -------------------
2677 */
2678 SSL *ossl_quic_get0_connection(SSL *s)
2679 {
2680 QCTX ctx;
2681
2682 if (!expect_quic(s, &ctx))
2683 return NULL;
2684
2685 return &ctx.qc->ssl;
2686 }
2687
2688 /*
2689 * SSL_get_stream_type
2690 * -------------------
2691 */
2692 int ossl_quic_get_stream_type(SSL *s)
2693 {
2694 QCTX ctx;
2695
2696 if (!expect_quic(s, &ctx))
2697 return SSL_STREAM_TYPE_BIDI;
2698
2699 if (ctx.xso == NULL) {
2700 /*
2701 * If deferred XSO creation has yet to occur, proceed according to the
2702 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2703 * what kind of stream will be created yet, so return BIDI on the basis
2704 * that at this time, the client still has the option of calling
2705 * SSL_read() or SSL_write() first.
2706 */
2707 if (ctx.qc->default_xso_created
2708 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2709 return SSL_STREAM_TYPE_NONE;
2710 else
2711 return SSL_STREAM_TYPE_BIDI;
2712 }
2713
2714 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2715 return SSL_STREAM_TYPE_BIDI;
2716
2717 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2718 return SSL_STREAM_TYPE_READ;
2719 else
2720 return SSL_STREAM_TYPE_WRITE;
2721 }
2722
2723 /*
2724 * SSL_get_stream_id
2725 * -----------------
2726 */
2727 QUIC_TAKES_LOCK
2728 uint64_t ossl_quic_get_stream_id(SSL *s)
2729 {
2730 QCTX ctx;
2731 uint64_t id;
2732
2733 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
2734 return UINT64_MAX;
2735
2736 id = ctx.xso->stream->id;
2737 quic_unlock(ctx.qc);
2738
2739 return id;
2740 }
2741
2742 /*
2743 * SSL_set_default_stream_mode
2744 * ---------------------------
2745 */
2746 QUIC_TAKES_LOCK
2747 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
2748 {
2749 QCTX ctx;
2750
2751 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
2752 return 0;
2753
2754 quic_lock(ctx.qc);
2755
2756 if (ctx.qc->default_xso_created) {
2757 quic_unlock(ctx.qc);
2758 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
2759 "too late to change default stream mode");
2760 }
2761
2762 switch (mode) {
2763 case SSL_DEFAULT_STREAM_MODE_NONE:
2764 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
2765 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
2766 ctx.qc->default_stream_mode = mode;
2767 break;
2768 default:
2769 quic_unlock(ctx.qc);
2770 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
2771 "bad default stream type");
2772 }
2773
2774 quic_unlock(ctx.qc);
2775 return 1;
2776 }
2777
2778 /*
2779 * SSL_detach_stream
2780 * -----------------
2781 */
2782 QUIC_TAKES_LOCK
2783 SSL *ossl_quic_detach_stream(SSL *s)
2784 {
2785 QCTX ctx;
2786 QUIC_XSO *xso = NULL;
2787
2788 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
2789 return NULL;
2790
2791 quic_lock(ctx.qc);
2792
2793 /* Calling this function inhibits default XSO autocreation. */
2794 /* QC ref to any default XSO is transferred to us and to caller. */
2795 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
2796
2797 quic_unlock(ctx.qc);
2798
2799 return xso != NULL ? &xso->ssl : NULL;
2800 }
2801
2802 /*
2803 * SSL_attach_stream
2804 * -----------------
2805 */
2806 QUIC_TAKES_LOCK
2807 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
2808 {
2809 QCTX ctx;
2810 QUIC_XSO *xso;
2811 int nref;
2812
2813 if (!expect_quic_conn_only(conn, /*io=*/0, &ctx))
2814 return 0;
2815
2816 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
2817 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
2818 "stream to attach must be a valid QUIC stream");
2819
2820 xso = (QUIC_XSO *)stream;
2821
2822 quic_lock(ctx.qc);
2823
2824 if (ctx.qc->default_xso != NULL) {
2825 quic_unlock(ctx.qc);
2826 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
2827 "connection already has a default stream");
2828 }
2829
2830 /*
2831 * It is a caller error for the XSO being attached as a default XSO to have
2832 * more than one ref.
2833 */
2834 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
2835 quic_unlock(ctx.qc);
2836 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
2837 "ref");
2838 }
2839
2840 if (nref != 1) {
2841 quic_unlock(ctx.qc);
2842 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
2843 "stream being attached must have "
2844 "only 1 reference");
2845 }
2846
2847 /* Caller's reference to the XSO is transferred to us. */
2848 /* Calling this function inhibits default XSO autocreation. */
2849 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
2850
2851 quic_unlock(ctx.qc);
2852 return 1;
2853 }
2854
2855 /*
2856 * SSL_set_incoming_stream_policy
2857 * ------------------------------
2858 */
2859 QUIC_NEEDS_LOCK
2860 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
2861 {
2862 switch (qc->incoming_stream_policy) {
2863 case SSL_INCOMING_STREAM_POLICY_AUTO:
2864 if ((qc->default_xso == NULL && !qc->default_xso_created)
2865 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2866 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
2867 else
2868 return SSL_INCOMING_STREAM_POLICY_REJECT;
2869
2870 default:
2871 return qc->incoming_stream_policy;
2872 }
2873 }
2874
2875 QUIC_NEEDS_LOCK
2876 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
2877 {
2878 int policy = qc_get_effective_incoming_stream_policy(qc);
2879 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
2880
2881 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
2882 enable_reject,
2883 qc->incoming_stream_aec);
2884 }
2885
2886 QUIC_TAKES_LOCK
2887 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
2888 uint64_t aec)
2889 {
2890 int ret = 1;
2891 QCTX ctx;
2892
2893 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
2894 return 0;
2895
2896 quic_lock(ctx.qc);
2897
2898 switch (policy) {
2899 case SSL_INCOMING_STREAM_POLICY_AUTO:
2900 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
2901 case SSL_INCOMING_STREAM_POLICY_REJECT:
2902 ctx.qc->incoming_stream_policy = policy;
2903 ctx.qc->incoming_stream_aec = aec;
2904 break;
2905
2906 default:
2907 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
2908 ret = 0;
2909 break;
2910 }
2911
2912 qc_update_reject_policy(ctx.qc);
2913 quic_unlock(ctx.qc);
2914 return ret;
2915 }
2916
2917 /*
2918 * SSL_accept_stream
2919 * -----------------
2920 */
2921 struct wait_for_incoming_stream_args {
2922 QCTX *ctx;
2923 QUIC_STREAM *qs;
2924 };
2925
2926 QUIC_NEEDS_LOCK
2927 static int wait_for_incoming_stream(void *arg)
2928 {
2929 struct wait_for_incoming_stream_args *args = arg;
2930 QUIC_CONNECTION *qc = args->ctx->qc;
2931 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
2932
2933 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2934 /* If connection is torn down due to an error while blocking, stop. */
2935 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2936 return -1;
2937 }
2938
2939 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2940 if (args->qs != NULL)
2941 return 1; /* got a stream */
2942
2943 return 0; /* did not get a stream, keep trying */
2944 }
2945
2946 QUIC_TAKES_LOCK
2947 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
2948 {
2949 QCTX ctx;
2950 int ret;
2951 SSL *new_s = NULL;
2952 QUIC_STREAM_MAP *qsm;
2953 QUIC_STREAM *qs;
2954 QUIC_XSO *xso;
2955 OSSL_RTT_INFO rtt_info;
2956
2957 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
2958 return NULL;
2959
2960 quic_lock(ctx.qc);
2961
2962 if (qc_get_effective_incoming_stream_policy(ctx.qc)
2963 == SSL_INCOMING_STREAM_POLICY_REJECT) {
2964 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
2965 goto out;
2966 }
2967
2968 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
2969
2970 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
2971 if (qs == NULL) {
2972 if (qc_blocking_mode(ctx.qc)
2973 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
2974 struct wait_for_incoming_stream_args args;
2975
2976 args.ctx = &ctx;
2977 args.qs = NULL;
2978
2979 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
2980 if (ret == 0) {
2981 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2982 goto out;
2983 } else if (ret < 0 || args.qs == NULL) {
2984 goto out;
2985 }
2986
2987 qs = args.qs;
2988 } else {
2989 goto out;
2990 }
2991 }
2992
2993 xso = create_xso_from_stream(ctx.qc, qs);
2994 if (xso == NULL)
2995 goto out;
2996
2997 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
2998 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
2999 rtt_info.smoothed_rtt);
3000 new_s = &xso->ssl;
3001
3002 /* Calling this function inhibits default XSO autocreation. */
3003 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3004
3005 out:
3006 quic_unlock(ctx.qc);
3007 return new_s;
3008 }
3009
3010 /*
3011 * SSL_get_accept_stream_queue_len
3012 * -------------------------------
3013 */
3014 QUIC_TAKES_LOCK
3015 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3016 {
3017 QCTX ctx;
3018 size_t v;
3019
3020 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
3021 return 0;
3022
3023 quic_lock(ctx.qc);
3024
3025 v = ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3026
3027 quic_unlock(ctx.qc);
3028 return v;
3029 }
3030
3031 /*
3032 * SSL_stream_reset
3033 * ----------------
3034 */
3035 int ossl_quic_stream_reset(SSL *ssl,
3036 const SSL_STREAM_RESET_ARGS *args,
3037 size_t args_len)
3038 {
3039 QCTX ctx;
3040 QUIC_STREAM_MAP *qsm;
3041 QUIC_STREAM *qs;
3042 uint64_t error_code;
3043 int ok, err;
3044
3045 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3046 return 0;
3047
3048 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3049 qs = ctx.xso->stream;
3050 error_code = (args != NULL ? args->quic_error_code : 0);
3051
3052 if (!quic_validate_for_write(ctx.xso, &err)) {
3053 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3054 goto err;
3055 }
3056
3057 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3058
3059 err:
3060 quic_unlock(ctx.qc);
3061 return ok;
3062 }
3063
3064 /*
3065 * SSL_get_stream_read_state
3066 * -------------------------
3067 */
3068 static void quic_classify_stream(QUIC_CONNECTION *qc,
3069 QUIC_STREAM *qs,
3070 int is_write,
3071 int *state,
3072 uint64_t *app_error_code)
3073 {
3074 int local_init;
3075 uint64_t final_size;
3076
3077 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3078
3079 if (app_error_code != NULL)
3080 *app_error_code = UINT64_MAX;
3081 else
3082 app_error_code = &final_size; /* throw away value */
3083
3084 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3085 /*
3086 * Unidirectional stream and this direction of transmission doesn't
3087 * exist.
3088 */
3089 *state = SSL_STREAM_STATE_WRONG_DIR;
3090 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3091 /* Connection already closed. */
3092 *state = SSL_STREAM_STATE_CONN_CLOSED;
3093 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3094 /* Application has read a FIN. */
3095 *state = SSL_STREAM_STATE_FINISHED;
3096 } else if ((!is_write && qs->stop_sending)
3097 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3098 /*
3099 * Stream has been reset locally. FIN takes precedence over this for the
3100 * read case as the application need not care if the stream is reset
3101 * after a FIN has been successfully processed.
3102 */
3103 *state = SSL_STREAM_STATE_RESET_LOCAL;
3104 *app_error_code = !is_write
3105 ? qs->stop_sending_aec
3106 : qs->reset_stream_aec;
3107 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3108 || (is_write && qs->peer_stop_sending)) {
3109 /*
3110 * Stream has been reset remotely. */
3111 *state = SSL_STREAM_STATE_RESET_REMOTE;
3112 *app_error_code = !is_write
3113 ? qs->peer_reset_stream_aec
3114 : qs->peer_stop_sending_aec;
3115 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3116 &final_size)) {
3117 /*
3118 * Stream has been finished. Stream reset takes precedence over this for
3119 * the write case as peer may not have received all data.
3120 */
3121 *state = SSL_STREAM_STATE_FINISHED;
3122 } else {
3123 /* Stream still healthy. */
3124 *state = SSL_STREAM_STATE_OK;
3125 }
3126 }
3127
3128 static int quic_get_stream_state(SSL *ssl, int is_write)
3129 {
3130 QCTX ctx;
3131 int state;
3132
3133 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3134 return SSL_STREAM_STATE_NONE;
3135
3136 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3137 quic_unlock(ctx.qc);
3138 return state;
3139 }
3140
3141 int ossl_quic_get_stream_read_state(SSL *ssl)
3142 {
3143 return quic_get_stream_state(ssl, /*is_write=*/0);
3144 }
3145
3146 /*
3147 * SSL_get_stream_write_state
3148 * --------------------------
3149 */
3150 int ossl_quic_get_stream_write_state(SSL *ssl)
3151 {
3152 return quic_get_stream_state(ssl, /*is_write=*/1);
3153 }
3154
3155 /*
3156 * SSL_get_stream_read_error_code
3157 * ------------------------------
3158 */
3159 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3160 uint64_t *app_error_code)
3161 {
3162 QCTX ctx;
3163 int state;
3164
3165 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3166 return -1;
3167
3168 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3169 &state, app_error_code);
3170
3171 quic_unlock(ctx.qc);
3172 switch (state) {
3173 case SSL_STREAM_STATE_FINISHED:
3174 return 0;
3175 case SSL_STREAM_STATE_RESET_LOCAL:
3176 case SSL_STREAM_STATE_RESET_REMOTE:
3177 return 1;
3178 default:
3179 return -1;
3180 }
3181 }
3182
3183 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3184 {
3185 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3186 }
3187
3188 /*
3189 * SSL_get_stream_write_error_code
3190 * -------------------------------
3191 */
3192 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3193 {
3194 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3195 }
3196
3197 /*
3198 * Write buffer size mutation
3199 * --------------------------
3200 */
3201 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3202 {
3203 int ret = 0;
3204 QCTX ctx;
3205
3206 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3207 return 0;
3208
3209 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3210 /* Called on a unidirectional receive-only stream - error. */
3211 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3212 goto out;
3213 }
3214
3215 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3216 /*
3217 * If the stream has a send part but we have disposed of it because we
3218 * no longer need it, this is a no-op.
3219 */
3220 ret = 1;
3221 goto out;
3222 }
3223
3224 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3225 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3226 goto out;
3227 }
3228
3229 ret = 1;
3230
3231 out:
3232 quic_unlock(ctx.qc);
3233 return ret;
3234 }
3235
3236 /*
3237 * SSL_get_conn_close_info
3238 * -----------------------
3239 */
3240 int ossl_quic_get_conn_close_info(SSL *ssl,
3241 SSL_CONN_CLOSE_INFO *info,
3242 size_t info_len)
3243 {
3244 QCTX ctx;
3245 const QUIC_TERMINATE_CAUSE *tc;
3246
3247 if (!expect_quic_conn_only(ssl, /*io=*/0, &ctx))
3248 return -1;
3249
3250 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3251 if (tc == NULL)
3252 return 0;
3253
3254 info->error_code = tc->error_code;
3255 info->reason = tc->reason;
3256 info->reason_len = tc->reason_len;
3257 info->is_local = !tc->remote;
3258 info->is_transport = !tc->app;
3259 return 1;
3260 }
3261
3262 /*
3263 * SSL_key_update
3264 * --------------
3265 */
3266 int ossl_quic_key_update(SSL *ssl, int update_type)
3267 {
3268 QCTX ctx;
3269
3270 if (!expect_quic_conn_only(ssl, /*io=*/0, &ctx))
3271 return 0;
3272
3273 switch (update_type) {
3274 case SSL_KEY_UPDATE_NOT_REQUESTED:
3275 /*
3276 * QUIC signals peer key update implicily by triggering a local
3277 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3278 */
3279 case SSL_KEY_UPDATE_REQUESTED:
3280 break;
3281
3282 default:
3283 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3284 return 0;
3285 }
3286
3287 quic_lock(ctx.qc);
3288
3289 /* Attempt to perform a TXKU. */
3290 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3291 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3292 quic_unlock(ctx.qc);
3293 return 0;
3294 }
3295
3296 quic_unlock(ctx.qc);
3297 return 1;
3298 }
3299
3300 /*
3301 * SSL_get_key_update_type
3302 * -----------------------
3303 */
3304 int ossl_quic_get_key_update_type(const SSL *s)
3305 {
3306 /*
3307 * We always handle key updates immediately so a key update is never
3308 * pending.
3309 */
3310 return SSL_KEY_UPDATE_NONE;
3311 }
3312
3313 /*
3314 * QUIC Front-End I/O API: SSL_CTX Management
3315 * ==========================================
3316 */
3317
3318 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3319 {
3320 switch (cmd) {
3321 default:
3322 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3323 }
3324 }
3325
3326 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3327 {
3328 QCTX ctx;
3329
3330 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
3331 return 0;
3332
3333 switch (cmd) {
3334 case SSL_CTRL_SET_MSG_CALLBACK:
3335 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3336 &ctx.qc->ssl);
3337 /* This callback also needs to be set on the internal SSL object */
3338 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3339
3340 default:
3341 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3342 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3343 }
3344 }
3345
3346 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3347 {
3348 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3349 }
3350
3351 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3352 {
3353 /* We never do renegotiation. */
3354 return 0;
3355 }
3356
3357 /*
3358 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3359 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3360 */
3361
3362 int ossl_quic_num_ciphers(void)
3363 {
3364 return 0;
3365 }
3366
3367 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3368 {
3369 return NULL;
3370 }
3371
3372 /*
3373 * Internal Testing APIs
3374 * =====================
3375 */
3376
3377 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
3378 {
3379 QCTX ctx;
3380
3381 if (!expect_quic_conn_only(s, /*io=*/0, &ctx))
3382 return NULL;
3383
3384 return ctx.qc->ch;
3385 }
A mirror of the official openssl repository