2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_port.h"
19 #include "internal/time.h"
21 typedef struct qctx_st QCTX
;
23 static void aon_write_finish(QUIC_XSO
*xso
);
24 static int create_channel(QUIC_CONNECTION
*qc
);
25 static QUIC_XSO
*create_xso_from_stream(QUIC_CONNECTION
*qc
, QUIC_STREAM
*qs
);
26 static int qc_try_create_default_xso_for_write(QCTX
*ctx
);
27 static int qc_wait_for_default_xso_for_read(QCTX
*ctx
);
28 static void quic_lock(QUIC_CONNECTION
*qc
);
29 static void quic_unlock(QUIC_CONNECTION
*qc
);
30 static void quic_lock_for_io(QCTX
*ctx
);
31 static int quic_do_handshake(QCTX
*ctx
);
32 static void qc_update_reject_policy(QUIC_CONNECTION
*qc
);
33 static void qc_touch_default_xso(QUIC_CONNECTION
*qc
);
34 static void qc_set_default_xso(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
, int touch
);
35 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
,
36 int touch
, QUIC_XSO
**old_xso
);
37 static SSL
*quic_conn_stream_new(QCTX
*ctx
, uint64_t flags
, int need_lock
);
38 static int quic_validate_for_write(QUIC_XSO
*xso
, int *err
);
39 static int quic_mutation_allowed(QUIC_CONNECTION
*qc
, int req_active
);
40 static int qc_blocking_mode(const QUIC_CONNECTION
*qc
);
41 static int xso_blocking_mode(const QUIC_XSO
*xso
);
44 * QUIC Front-End I/O API: Common Utilities
45 * ========================================
49 * Block until a predicate is met.
51 * Precondition: Must have a channel.
52 * Precondition: Must hold channel lock (unchecked).
55 static int block_until_pred(QUIC_CONNECTION
*qc
,
56 int (*pred
)(void *arg
), void *pred_arg
,
61 assert(qc
->ch
!= NULL
);
64 * Any attempt to block auto-disables tick inhibition as otherwise we will
65 * hang around forever.
67 ossl_quic_port_set_inhibit_tick(qc
->port
, 0);
69 rtor
= ossl_quic_channel_get_reactor(qc
->ch
);
70 return ossl_quic_reactor_block_until_pred(rtor
, pred
, pred_arg
, flags
,
74 static OSSL_TIME
get_time(QUIC_CONNECTION
*qc
)
76 if (qc
->override_now_cb
!= NULL
)
77 return qc
->override_now_cb(qc
->override_now_cb_arg
);
79 return ossl_time_now();
82 static OSSL_TIME
get_time_cb(void *arg
)
84 QUIC_CONNECTION
*qc
= arg
;
90 * QCTX is a utility structure which provides information we commonly wish to
91 * unwrap upon an API call being dispatched to us, namely:
93 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
95 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
96 * a QCSO with a default stream was passed);
97 * - whether a QSSO was passed (xso == NULL must not be used to determine this
98 * because it may be non-NULL when a QCSO is passed if that QCSO has a
100 * - whether we are in "I/O context", meaning that non-normal errors can
101 * be reported via SSL_get_error() as well as via ERR. Functions such as
102 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
103 * functions which are allowed to change the value returned by
104 * SSL_get_error. However, other functions (including functions which call
105 * SSL_do_handshake() implicitly) are not allowed to change the return value
111 int is_stream
, in_io
;
115 static void quic_set_last_error(QCTX
*ctx
, int last_error
)
120 if (ctx
->is_stream
&& ctx
->xso
!= NULL
)
121 ctx
->xso
->last_error
= last_error
;
122 else if (!ctx
->is_stream
&& ctx
->qc
!= NULL
)
123 ctx
->qc
->last_error
= last_error
;
127 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
128 * rather than via ERR. Note that normal errors must always be raised while
132 static int quic_raise_normal_error(QCTX
*ctx
,
136 quic_set_last_error(ctx
, err
);
142 * Raise a 'non-normal' error, meaning any error that is not reported via
143 * SSL_get_error() and must be reported via ERR.
145 * qc should be provided if available. In exceptional circumstances when qc is
146 * not known NULL may be passed. This should generally only happen when an
147 * expect_...() function defined below fails, which generally indicates a
148 * dispatch error or caller error.
150 * ctx should be NULL if the connection lock is not held.
152 static int quic_raise_non_normal_error(QCTX
*ctx
,
163 quic_set_last_error(ctx
, SSL_ERROR_SSL
);
165 if (reason
== SSL_R_PROTOCOL_IS_SHUTDOWN
&& ctx
->qc
!= NULL
)
166 ossl_quic_channel_restore_err_state(ctx
->qc
->ch
);
170 ERR_set_debug(file
, line
, func
);
173 ERR_vset_error(ERR_LIB_SSL
, reason
, fmt
, args
);
179 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
180 quic_raise_normal_error((ctx), (err))
182 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
183 quic_raise_non_normal_error((ctx), \
184 OPENSSL_FILE, OPENSSL_LINE, \
190 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
191 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
193 * After this returns 1, all fields of the passed QCTX are initialised.
194 * Returns 0 on failure. This function is intended to be used to provide API
195 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
197 static int expect_quic(const SSL
*s
, QCTX
*ctx
)
207 return QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_PASSED_NULL_PARAMETER
, NULL
);
210 case SSL_TYPE_QUIC_CONNECTION
:
211 qc
= (QUIC_CONNECTION
*)s
;
213 ctx
->xso
= qc
->default_xso
;
218 case SSL_TYPE_QUIC_XSO
:
227 return QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
232 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
233 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
236 * remote_init determines if we expect the default XSO to be remotely created or
237 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
239 * Channel mutex is acquired and retained on success.
242 static int ossl_unused
expect_quic_with_stream_lock(const SSL
*s
, int remote_init
,
243 int in_io
, QCTX
*ctx
)
245 if (!expect_quic(s
, ctx
))
249 quic_lock_for_io(ctx
);
253 if (ctx
->xso
== NULL
&& remote_init
>= 0) {
254 if (!quic_mutation_allowed(ctx
->qc
, /*req_active=*/0)) {
255 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
259 /* If we haven't finished the handshake, try to advance it. */
260 if (quic_do_handshake(ctx
) < 1)
261 /* ossl_quic_do_handshake raised error here */
264 if (remote_init
== 0) {
265 if (!qc_try_create_default_xso_for_write(ctx
))
268 if (!qc_wait_for_default_xso_for_read(ctx
))
272 ctx
->xso
= ctx
->qc
->default_xso
;
275 if (ctx
->xso
== NULL
) {
276 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
280 return 1; /* coverity[missing_unlock]: lock held */
283 quic_unlock(ctx
->qc
);
288 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
289 * be non-NULL if the QCSO has a default stream.
291 static int ossl_unused
expect_quic_conn_only(const SSL
*s
, QCTX
*ctx
)
293 if (!expect_quic(s
, ctx
))
297 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_CONN_USE_ONLY
, NULL
);
303 * Ensures that the channel mutex is held for a method which touches channel
306 * Precondition: Channel mutex is not held (unchecked)
308 static void quic_lock(QUIC_CONNECTION
*qc
)
310 #if defined(OPENSSL_THREADS)
311 ossl_crypto_mutex_lock(qc
->mutex
);
315 static void quic_lock_for_io(QCTX
*ctx
)
321 * We are entering an I/O function so we must update the values returned by
322 * SSL_get_error and SSL_want. Set no error. This will be overridden later
323 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
324 * occurs during the API call.
326 quic_set_last_error(ctx
, SSL_ERROR_NONE
);
329 /* Precondition: Channel mutex is held (unchecked) */
331 static void quic_unlock(QUIC_CONNECTION
*qc
)
333 #if defined(OPENSSL_THREADS)
334 ossl_crypto_mutex_unlock(qc
->mutex
);
339 * This predicate is the criterion which should determine API call rejection for
340 * *most* mutating API calls, particularly stream-related operations for send
343 * A call is rejected (this function returns 0) if shutdown is in progress
344 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
345 * req_active=1, the connection must be active (i.e., the IDLE state is also
348 static int quic_mutation_allowed(QUIC_CONNECTION
*qc
, int req_active
)
350 if (qc
->shutting_down
|| ossl_quic_channel_is_term_any(qc
->ch
))
353 if (req_active
&& !ossl_quic_channel_is_active(qc
->ch
))
360 * QUIC Front-End I/O API: Initialization
361 * ======================================
363 * SSL_new => ossl_quic_new
365 * SSL_reset => ossl_quic_reset
366 * SSL_clear => ossl_quic_clear
368 * SSL_free => ossl_quic_free
370 * SSL_set_options => ossl_quic_set_options
371 * SSL_get_options => ossl_quic_get_options
372 * SSL_clear_options => ossl_quic_clear_options
377 SSL
*ossl_quic_new(SSL_CTX
*ctx
)
379 QUIC_CONNECTION
*qc
= NULL
;
380 SSL
*ssl_base
= NULL
;
381 SSL_CONNECTION
*sc
= NULL
;
383 qc
= OPENSSL_zalloc(sizeof(*qc
));
385 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
388 #if defined(OPENSSL_THREADS)
389 if ((qc
->mutex
= ossl_crypto_mutex_new()) == NULL
) {
390 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
395 /* Initialise the QUIC_CONNECTION's stub header. */
397 if (!ossl_ssl_init(ssl_base
, ctx
, ctx
->method
, SSL_TYPE_QUIC_CONNECTION
)) {
399 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
403 qc
->tls
= ossl_ssl_connection_new_int(ctx
, TLS_method());
404 if (qc
->tls
== NULL
|| (sc
= SSL_CONNECTION_FROM_SSL(qc
->tls
)) == NULL
) {
405 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
409 /* override the user_ssl of the inner connection */
410 sc
->s3
.flags
|= TLS1_FLAGS_QUIC
;
412 /* Restrict options derived from the SSL_CTX. */
413 sc
->options
&= OSSL_QUIC_PERMITTED_OPTIONS_CONN
;
416 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
417 qc
->is_thread_assisted
418 = (ssl_base
->method
== OSSL_QUIC_client_thread_method());
421 qc
->as_server
= 0; /* TODO(QUIC SERVER): add server support */
422 qc
->as_server_state
= qc
->as_server
;
424 qc
->default_stream_mode
= SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
;
425 qc
->default_ssl_mode
= qc
->ssl
.ctx
->mode
;
426 qc
->default_ssl_options
= qc
->ssl
.ctx
->options
& OSSL_QUIC_PERMITTED_OPTIONS
;
427 qc
->desires_blocking
= 1;
429 qc
->incoming_stream_policy
= SSL_INCOMING_STREAM_POLICY_AUTO
;
430 qc
->last_error
= SSL_ERROR_NONE
;
432 if (!create_channel(qc
))
435 ossl_quic_channel_set_msg_callback(qc
->ch
, ctx
->msg_callback
, ssl_base
);
436 ossl_quic_channel_set_msg_callback_arg(qc
->ch
, ctx
->msg_callback_arg
);
438 qc_update_reject_policy(qc
);
441 * We do not create the default XSO yet. The reason for this is that the
442 * stream ID of the default XSO will depend on whether the stream is client
443 * or server-initiated, which depends on who transmits first. Since we do
444 * not know whether the application will be using a client-transmits-first
445 * or server-transmits-first protocol, we defer default XSO creation until
446 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
447 * we take that as a cue that the client is expecting a server-initiated
448 * stream, and vice versa if SSL_write() is called first.
453 if (ssl_base
== NULL
) {
454 #if defined(OPENSSL_THREADS)
455 ossl_crypto_mutex_free(qc
->mutex
);
466 void ossl_quic_free(SSL
*s
)
471 /* We should never be called on anything but a QSO. */
472 if (!expect_quic(s
, &ctx
))
479 * When a QSSO is freed, the XSO is freed immediately, because the XSO
480 * itself only contains API personality layer data. However the
481 * underlying QUIC_STREAM is not freed immediately but is instead marked
482 * as deleted for later collection.
485 assert(ctx
.qc
->num_xso
> 0);
488 /* If a stream's send part has not been finished, auto-reset it. */
489 if (( ctx
.xso
->stream
->send_state
== QUIC_SSTREAM_STATE_READY
490 || ctx
.xso
->stream
->send_state
== QUIC_SSTREAM_STATE_SEND
)
491 && !ossl_quic_sstream_get_final_size(ctx
.xso
->stream
->sstream
, NULL
))
492 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
495 /* Do STOP_SENDING for the receive part, if applicable. */
496 if ( ctx
.xso
->stream
->recv_state
== QUIC_RSTREAM_STATE_RECV
497 || ctx
.xso
->stream
->recv_state
== QUIC_RSTREAM_STATE_SIZE_KNOWN
)
498 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
501 /* Update stream state. */
502 ctx
.xso
->stream
->deleted
= 1;
503 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx
.qc
->ch
),
506 is_default
= (ctx
.xso
== ctx
.qc
->default_xso
);
510 * Unref the connection in most cases; the XSO has a ref to the QC and
511 * not vice versa. But for a default XSO, to avoid circular references,
512 * the QC refs the XSO but the XSO does not ref the QC. If we are the
513 * default XSO, we only get here when the QC is being torn down anyway,
514 * so don't call SSL_free(qc) as we are already in it.
517 SSL_free(&ctx
.qc
->ssl
);
519 /* Note: SSL_free calls OPENSSL_free(xso) for us */
524 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
525 * stage, but is freed during the channel free when the whole QSM is freed.
527 if (ctx
.qc
->default_xso
!= NULL
) {
528 QUIC_XSO
*xso
= ctx
.qc
->default_xso
;
533 ctx
.qc
->default_xso
= NULL
;
536 /* Ensure we have no remaining XSOs. */
537 assert(ctx
.qc
->num_xso
== 0);
539 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
540 if (ctx
.qc
->is_thread_assisted
&& ctx
.qc
->started
) {
541 ossl_quic_thread_assist_wait_stopped(&ctx
.qc
->thread_assist
);
542 ossl_quic_thread_assist_cleanup(&ctx
.qc
->thread_assist
);
546 ossl_quic_channel_free(ctx
.qc
->ch
);
547 ossl_quic_port_free(ctx
.qc
->port
);
549 BIO_free_all(ctx
.qc
->net_rbio
);
550 BIO_free_all(ctx
.qc
->net_wbio
);
552 /* Note: SSL_free calls OPENSSL_free(qc) for us */
554 SSL_free(ctx
.qc
->tls
);
555 quic_unlock(ctx
.qc
); /* tsan doesn't like freeing locked mutexes */
556 #if defined(OPENSSL_THREADS)
557 ossl_crypto_mutex_free(&ctx
.qc
->mutex
);
561 /* SSL method init */
562 int ossl_quic_init(SSL
*s
)
564 /* Same op as SSL_clear, forward the call. */
565 return ossl_quic_clear(s
);
568 /* SSL method deinit */
569 void ossl_quic_deinit(SSL
*s
)
574 /* SSL_clear (ssl_reset method) */
575 int ossl_quic_reset(SSL
*s
)
579 if (!expect_quic(s
, &ctx
))
582 ERR_raise(ERR_LIB_SSL
, ERR_R_UNSUPPORTED
);
586 /* ssl_clear method (unused) */
587 int ossl_quic_clear(SSL
*s
)
591 if (!expect_quic(s
, &ctx
))
594 ERR_raise(ERR_LIB_SSL
, ERR_R_UNSUPPORTED
);
598 int ossl_quic_conn_set_override_now_cb(SSL
*s
,
599 OSSL_TIME (*now_cb
)(void *arg
),
604 if (!expect_quic(s
, &ctx
))
609 ctx
.qc
->override_now_cb
= now_cb
;
610 ctx
.qc
->override_now_cb_arg
= now_cb_arg
;
616 void ossl_quic_conn_force_assist_thread_wake(SSL
*s
)
620 if (!expect_quic(s
, &ctx
))
623 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
624 if (ctx
.qc
->is_thread_assisted
&& ctx
.qc
->started
)
625 ossl_quic_thread_assist_notify_deadline_changed(&ctx
.qc
->thread_assist
);
630 static void qc_touch_default_xso(QUIC_CONNECTION
*qc
)
632 qc
->default_xso_created
= 1;
633 qc_update_reject_policy(qc
);
637 * Changes default XSO. Allows caller to keep reference to the old default XSO
638 * (if any). Reference to new XSO is transferred from caller.
641 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
,
649 if (qc
->default_xso
!= xso
) {
650 *old_xso
= qc
->default_xso
; /* transfer old XSO ref to caller */
652 qc
->default_xso
= xso
;
656 * Changing to not having a default XSO. XSO becomes standalone and
657 * now has a ref to the QC.
659 if (!ossl_assert(SSL_up_ref(&qc
->ssl
)))
663 * Changing from not having a default XSO to having one. The new XSO
664 * will have had a reference to the QC we need to drop to avoid a
665 * circular reference.
667 * Currently we never change directly from one default XSO to
668 * another, though this function would also still be correct if this
671 assert(*old_xso
== NULL
);
673 CRYPTO_DOWN_REF(&qc
->ssl
.references
, &refs
);
679 qc_touch_default_xso(qc
);
683 * Changes default XSO, releasing the reference to any previous default XSO.
684 * Reference to new XSO is transferred from caller.
687 static void qc_set_default_xso(QUIC_CONNECTION
*qc
, QUIC_XSO
*xso
, int touch
)
689 QUIC_XSO
*old_xso
= NULL
;
691 qc_set_default_xso_keep_ref(qc
, xso
, touch
, &old_xso
);
694 SSL_free(&old_xso
->ssl
);
698 static void xso_update_options(QUIC_XSO
*xso
)
700 int cleanse
= ((xso
->ssl_options
& SSL_OP_CLEANSE_PLAINTEXT
) != 0);
702 if (xso
->stream
->rstream
!= NULL
)
703 ossl_quic_rstream_set_cleanse(xso
->stream
->rstream
, cleanse
);
705 if (xso
->stream
->sstream
!= NULL
)
706 ossl_quic_sstream_set_cleanse(xso
->stream
->sstream
, cleanse
);
713 * Setting options on a QCSO
714 * - configures the handshake-layer options;
715 * - configures the default data-plane options for new streams;
716 * - configures the data-plane options on the default XSO, if there is one.
718 * Setting options on a QSSO
719 * - configures data-plane options for that stream only.
722 static uint64_t quic_mask_or_options(SSL
*ssl
, uint64_t mask_value
, uint64_t or_value
)
725 uint64_t hs_mask_value
, hs_or_value
, ret
;
727 if (!expect_quic(ssl
, &ctx
))
732 if (!ctx
.is_stream
) {
734 * If we were called on the connection, we apply any handshake option
737 hs_mask_value
= (mask_value
& OSSL_QUIC_PERMITTED_OPTIONS_CONN
);
738 hs_or_value
= (or_value
& OSSL_QUIC_PERMITTED_OPTIONS_CONN
);
740 SSL_clear_options(ctx
.qc
->tls
, hs_mask_value
);
741 SSL_set_options(ctx
.qc
->tls
, hs_or_value
);
743 /* Update defaults for new streams. */
744 ctx
.qc
->default_ssl_options
745 = ((ctx
.qc
->default_ssl_options
& ~mask_value
) | or_value
)
746 & OSSL_QUIC_PERMITTED_OPTIONS
;
749 if (ctx
.xso
!= NULL
) {
751 = ((ctx
.xso
->ssl_options
& ~mask_value
) | or_value
)
752 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM
;
754 xso_update_options(ctx
.xso
);
757 ret
= ctx
.is_stream
? ctx
.xso
->ssl_options
: ctx
.qc
->default_ssl_options
;
763 uint64_t ossl_quic_set_options(SSL
*ssl
, uint64_t options
)
765 return quic_mask_or_options(ssl
, 0, options
);
768 /* SSL_clear_options */
769 uint64_t ossl_quic_clear_options(SSL
*ssl
, uint64_t options
)
771 return quic_mask_or_options(ssl
, options
, 0);
774 /* SSL_get_options */
775 uint64_t ossl_quic_get_options(const SSL
*ssl
)
777 return quic_mask_or_options((SSL
*)ssl
, 0, 0);
781 * QUIC Front-End I/O API: Network BIO Configuration
782 * =================================================
784 * Handling the different BIOs is difficult:
786 * - It is more or less a requirement that we use non-blocking network I/O;
787 * we need to be able to have timeouts on recv() calls, and make best effort
788 * (non blocking) send() and recv() calls.
790 * The only sensible way to do this is to configure the socket into
791 * non-blocking mode. We could try to do select() before calling send() or
792 * recv() to get a guarantee that the call will not block, but this will
793 * probably run into issues with buggy OSes which generate spurious socket
794 * readiness events. In any case, relying on this to work reliably does not
797 * Timeouts could be handled via setsockopt() socket timeout options, but
798 * this depends on OS support and adds another syscall to every network I/O
799 * operation. It also has obvious thread safety concerns if we want to move
800 * to concurrent use of a single socket at some later date.
802 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
803 * be made non-blocking. However some OSes (e.g. Windows) do not support
804 * this, so we cannot rely on this.
806 * As such, we need to configure any FD in non-blocking mode. This may
807 * confound users who pass a blocking socket to libssl. However, in practice
808 * it would be extremely strange for a user of QUIC to pass an FD to us,
809 * then also try and send receive traffic on the same socket(!). Thus the
810 * impact of this should be limited, and can be documented.
812 * - We support both blocking and non-blocking operation in terms of the API
813 * presented to the user. One prospect is to set the blocking mode based on
814 * whether the socket passed to us was already in blocking mode. However,
815 * Windows has no API for determining if a socket is in blocking mode (!),
816 * therefore this cannot be done portably. Currently therefore we expose an
817 * explicit API call to set this, and default to blocking mode.
819 * - We need to determine our initial destination UDP address. The "natural"
820 * way for a user to do this is to set the peer variable on a BIO_dgram.
821 * However, this has problems because BIO_dgram's peer variable is used for
822 * both transmission and reception. This means it can be constantly being
823 * changed to a malicious value (e.g. if some random unrelated entity on the
824 * network starts sending traffic to us) on every read call. This is not a
825 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
826 * calls only, which do not use this variable. However, we do need to let
827 * the user specify the peer in a 'normal' manner. The compromise here is
828 * that we grab the current peer value set at the time the write BIO is set
829 * and do not read the value again.
831 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
832 * Currently we do this by only supporting non-blocking mode.
837 * Determines what initial destination UDP address we should use, if possible.
838 * If this fails the client must set the destination address manually, or use a
839 * BIO which does not need a destination address.
841 static int csm_analyse_init_peer_addr(BIO
*net_wbio
, BIO_ADDR
*peer
)
843 if (BIO_dgram_detect_peer_addr(net_wbio
, peer
) <= 0)
849 static int qc_can_support_blocking_cached(QUIC_CONNECTION
*qc
)
851 QUIC_REACTOR
*rtor
= ossl_quic_channel_get_reactor(qc
->ch
);
853 return ossl_quic_reactor_can_poll_r(rtor
)
854 && ossl_quic_reactor_can_poll_w(rtor
);
857 static void qc_update_can_support_blocking(QUIC_CONNECTION
*qc
)
859 ossl_quic_port_update_poll_descriptors(qc
->port
); /* best effort */
862 static void qc_update_blocking_mode(QUIC_CONNECTION
*qc
)
864 qc
->blocking
= qc
->desires_blocking
&& qc_can_support_blocking_cached(qc
);
867 void ossl_quic_conn_set0_net_rbio(SSL
*s
, BIO
*net_rbio
)
871 if (!expect_quic(s
, &ctx
))
874 if (ctx
.qc
->net_rbio
== net_rbio
)
877 if (!ossl_quic_port_set_net_rbio(ctx
.qc
->port
, net_rbio
))
880 BIO_free_all(ctx
.qc
->net_rbio
);
881 ctx
.qc
->net_rbio
= net_rbio
;
883 if (net_rbio
!= NULL
)
884 BIO_set_nbio(net_rbio
, 1); /* best effort autoconfig */
887 * Determine if the current pair of read/write BIOs now set allows blocking
888 * mode to be supported.
890 qc_update_can_support_blocking(ctx
.qc
);
891 qc_update_blocking_mode(ctx
.qc
);
894 void ossl_quic_conn_set0_net_wbio(SSL
*s
, BIO
*net_wbio
)
898 if (!expect_quic(s
, &ctx
))
901 if (ctx
.qc
->net_wbio
== net_wbio
)
904 if (!ossl_quic_port_set_net_wbio(ctx
.qc
->port
, net_wbio
))
907 BIO_free_all(ctx
.qc
->net_wbio
);
908 ctx
.qc
->net_wbio
= net_wbio
;
910 if (net_wbio
!= NULL
)
911 BIO_set_nbio(net_wbio
, 1); /* best effort autoconfig */
914 * Determine if the current pair of read/write BIOs now set allows blocking
915 * mode to be supported.
917 qc_update_can_support_blocking(ctx
.qc
);
918 qc_update_blocking_mode(ctx
.qc
);
921 BIO
*ossl_quic_conn_get_net_rbio(const SSL
*s
)
925 if (!expect_quic(s
, &ctx
))
928 return ctx
.qc
->net_rbio
;
931 BIO
*ossl_quic_conn_get_net_wbio(const SSL
*s
)
935 if (!expect_quic(s
, &ctx
))
938 return ctx
.qc
->net_wbio
;
941 int ossl_quic_conn_get_blocking_mode(const SSL
*s
)
945 if (!expect_quic(s
, &ctx
))
949 return xso_blocking_mode(ctx
.xso
);
951 return qc_blocking_mode(ctx
.qc
);
955 int ossl_quic_conn_set_blocking_mode(SSL
*s
, int blocking
)
960 if (!expect_quic(s
, &ctx
))
965 /* Sanity check - can we support the request given the current network BIO? */
968 * If called directly on a QCSO, update our information on network BIO
972 qc_update_can_support_blocking(ctx
.qc
);
974 /* Cannot enable blocking mode if we do not have pollable FDs. */
975 if (!qc_can_support_blocking_cached(ctx
.qc
)) {
976 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_UNSUPPORTED
, NULL
);
983 * If called directly on a QCSO, update default and connection-level
986 ctx
.qc
->desires_blocking
= (blocking
!= 0);
988 if (ctx
.xso
!= NULL
) {
990 * If called on a QSSO or a QCSO with a default XSO, update the blocking
993 ctx
.xso
->desires_blocking
= (blocking
!= 0);
994 ctx
.xso
->desires_blocking_set
= 1;
999 qc_update_blocking_mode(ctx
.qc
);
1000 quic_unlock(ctx
.qc
);
1004 int ossl_quic_conn_set_initial_peer_addr(SSL
*s
,
1005 const BIO_ADDR
*peer_addr
)
1009 if (!expect_quic(s
, &ctx
))
1012 if (ctx
.qc
->started
)
1013 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
1016 if (peer_addr
== NULL
) {
1017 BIO_ADDR_clear(&ctx
.qc
->init_peer_addr
);
1021 ctx
.qc
->init_peer_addr
= *peer_addr
;
1026 * QUIC Front-End I/O API: Asynchronous I/O Management
1027 * ===================================================
1029 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1030 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1031 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1035 /* Returns 1 if the connection is being used in blocking mode. */
1036 static int qc_blocking_mode(const QUIC_CONNECTION
*qc
)
1038 return qc
->blocking
;
1041 static int xso_blocking_mode(const QUIC_XSO
*xso
)
1043 if (xso
->desires_blocking_set
)
1044 return xso
->desires_blocking
&& qc_can_support_blocking_cached(xso
->conn
);
1046 /* Only ever set if we can support blocking. */
1047 return xso
->conn
->blocking
;
1050 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1052 int ossl_quic_handle_events(SSL
*s
)
1056 if (!expect_quic(s
, &ctx
))
1060 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1061 quic_unlock(ctx
.qc
);
1066 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1067 * should next have events handled by the application by calling
1068 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1069 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1070 * the value of *tv is undefined.
1073 int ossl_quic_get_event_timeout(SSL
*s
, struct timeval
*tv
, int *is_infinite
)
1076 OSSL_TIME deadline
= ossl_time_infinite();
1078 if (!expect_quic(s
, &ctx
))
1084 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1086 if (ossl_time_is_infinite(deadline
)) {
1090 * Robustness against faulty applications that don't check *is_infinite;
1091 * harmless long timeout.
1093 tv
->tv_sec
= 1000000;
1096 quic_unlock(ctx
.qc
);
1100 *tv
= ossl_time_to_timeval(ossl_time_subtract(deadline
, get_time(ctx
.qc
)));
1102 quic_unlock(ctx
.qc
);
1106 /* SSL_get_rpoll_descriptor */
1107 int ossl_quic_get_rpoll_descriptor(SSL
*s
, BIO_POLL_DESCRIPTOR
*desc
)
1111 if (!expect_quic(s
, &ctx
))
1114 if (desc
== NULL
|| ctx
.qc
->net_rbio
== NULL
)
1115 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
1118 return BIO_get_rpoll_descriptor(ctx
.qc
->net_rbio
, desc
);
1121 /* SSL_get_wpoll_descriptor */
1122 int ossl_quic_get_wpoll_descriptor(SSL
*s
, BIO_POLL_DESCRIPTOR
*desc
)
1126 if (!expect_quic(s
, &ctx
))
1129 if (desc
== NULL
|| ctx
.qc
->net_wbio
== NULL
)
1130 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
1133 return BIO_get_wpoll_descriptor(ctx
.qc
->net_wbio
, desc
);
1136 /* SSL_net_read_desired */
1138 int ossl_quic_get_net_read_desired(SSL
*s
)
1143 if (!expect_quic(s
, &ctx
))
1147 ret
= ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1148 quic_unlock(ctx
.qc
);
1152 /* SSL_net_write_desired */
1154 int ossl_quic_get_net_write_desired(SSL
*s
)
1159 if (!expect_quic(s
, &ctx
))
1163 ret
= ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx
.qc
->ch
));
1164 quic_unlock(ctx
.qc
);
1169 * QUIC Front-End I/O API: Connection Lifecycle Operations
1170 * =======================================================
1172 * SSL_do_handshake => ossl_quic_do_handshake
1173 * SSL_set_connect_state => ossl_quic_set_connect_state
1174 * SSL_set_accept_state => ossl_quic_set_accept_state
1175 * SSL_shutdown => ossl_quic_shutdown
1176 * SSL_ctrl => ossl_quic_ctrl
1177 * (BIO/)SSL_connect => ossl_quic_connect
1178 * (BIO/)SSL_accept => ossl_quic_accept
1183 static void qc_shutdown_flush_init(QUIC_CONNECTION
*qc
)
1185 QUIC_STREAM_MAP
*qsm
;
1187 if (qc
->shutting_down
)
1190 qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
1192 ossl_quic_stream_map_begin_shutdown_flush(qsm
);
1193 qc
->shutting_down
= 1;
1196 /* Returns 1 if all shutdown-flush streams have been done with. */
1198 static int qc_shutdown_flush_finished(QUIC_CONNECTION
*qc
)
1200 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
1202 return qc
->shutting_down
1203 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm
);
1207 static int quic_shutdown_wait(void *arg
)
1209 QUIC_CONNECTION
*qc
= arg
;
1211 return ossl_quic_channel_is_terminated(qc
->ch
);
1214 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1215 static int quic_shutdown_flush_wait(void *arg
)
1217 QUIC_CONNECTION
*qc
= arg
;
1219 return ossl_quic_channel_is_term_any(qc
->ch
)
1220 || qc_shutdown_flush_finished(qc
);
1223 static int quic_shutdown_peer_wait(void *arg
)
1225 QUIC_CONNECTION
*qc
= arg
;
1226 return ossl_quic_channel_is_term_any(qc
->ch
);
1230 int ossl_quic_conn_shutdown(SSL
*s
, uint64_t flags
,
1231 const SSL_SHUTDOWN_EX_ARGS
*args
,
1236 int stream_flush
= ((flags
& SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH
) == 0);
1237 int no_block
= ((flags
& SSL_SHUTDOWN_FLAG_NO_BLOCK
) != 0);
1238 int wait_peer
= ((flags
& SSL_SHUTDOWN_FLAG_WAIT_PEER
) != 0);
1240 if (!expect_quic(s
, &ctx
))
1243 if (ctx
.is_stream
) {
1244 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_CONN_USE_ONLY
, NULL
);
1250 if (ossl_quic_channel_is_terminated(ctx
.qc
->ch
)) {
1251 quic_unlock(ctx
.qc
);
1255 /* Phase 1: Stream Flushing */
1256 if (!wait_peer
&& stream_flush
) {
1257 qc_shutdown_flush_init(ctx
.qc
);
1259 if (!qc_shutdown_flush_finished(ctx
.qc
)) {
1260 if (!no_block
&& qc_blocking_mode(ctx
.qc
)) {
1261 ret
= block_until_pred(ctx
.qc
, quic_shutdown_flush_wait
, ctx
.qc
, 0);
1267 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1271 if (!qc_shutdown_flush_finished(ctx
.qc
)) {
1272 quic_unlock(ctx
.qc
);
1273 return 0; /* ongoing */
1277 /* Phase 2: Connection Closure */
1278 if (wait_peer
&& !ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
1279 if (!no_block
&& qc_blocking_mode(ctx
.qc
)) {
1280 ret
= block_until_pred(ctx
.qc
, quic_shutdown_peer_wait
, ctx
.qc
, 0);
1286 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1289 if (!ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
1290 ret
= 0; /* peer hasn't closed yet - still not done */
1295 * We are at least terminating - go through the normal process of
1296 * waiting until we are in the TERMINATED state.
1300 /* Block mutation ops regardless of if we did stream flush. */
1301 ctx
.qc
->shutting_down
= 1;
1304 * This call is a no-op if we are already terminating, so it doesn't
1305 * affect the wait_peer case.
1307 ossl_quic_channel_local_close(ctx
.qc
->ch
,
1308 args
!= NULL
? args
->quic_error_code
: 0,
1309 args
!= NULL
? args
->quic_reason
: NULL
);
1311 SSL_set_shutdown(ctx
.qc
->tls
, SSL_SENT_SHUTDOWN
);
1313 if (ossl_quic_channel_is_terminated(ctx
.qc
->ch
)) {
1314 quic_unlock(ctx
.qc
);
1318 /* Phase 3: Terminating Wait Time */
1319 if (!no_block
&& qc_blocking_mode(ctx
.qc
)
1320 && (flags
& SSL_SHUTDOWN_FLAG_RAPID
) == 0) {
1321 ret
= block_until_pred(ctx
.qc
, quic_shutdown_wait
, ctx
.qc
, 0);
1327 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
1330 ret
= ossl_quic_channel_is_terminated(ctx
.qc
->ch
);
1332 quic_unlock(ctx
.qc
);
1337 long ossl_quic_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
1341 if (!expect_quic(s
, &ctx
))
1346 /* If called on a QCSO, update the default mode. */
1348 ctx
.qc
->default_ssl_mode
|= (uint32_t)larg
;
1351 * If we were called on a QSSO or have a default stream, we also update
1354 if (ctx
.xso
!= NULL
) {
1355 /* Cannot enable EPW while AON write in progress. */
1356 if (ctx
.xso
->aon_write_in_progress
)
1357 larg
&= ~SSL_MODE_ENABLE_PARTIAL_WRITE
;
1359 ctx
.xso
->ssl_mode
|= (uint32_t)larg
;
1360 return ctx
.xso
->ssl_mode
;
1363 return ctx
.qc
->default_ssl_mode
;
1364 case SSL_CTRL_CLEAR_MODE
:
1366 ctx
.qc
->default_ssl_mode
&= ~(uint32_t)larg
;
1368 if (ctx
.xso
!= NULL
) {
1369 ctx
.xso
->ssl_mode
&= ~(uint32_t)larg
;
1370 return ctx
.xso
->ssl_mode
;
1373 return ctx
.qc
->default_ssl_mode
;
1375 case SSL_CTRL_SET_MSG_CALLBACK_ARG
:
1376 ossl_quic_channel_set_msg_callback_arg(ctx
.qc
->ch
, parg
);
1377 /* This ctrl also needs to be passed to the internal SSL object */
1378 return SSL_ctrl(ctx
.qc
->tls
, cmd
, larg
, parg
);
1380 case DTLS_CTRL_GET_TIMEOUT
: /* DTLSv1_get_timeout */
1384 if (!ossl_quic_get_event_timeout(s
, parg
, &is_infinite
))
1387 return !is_infinite
;
1389 case DTLS_CTRL_HANDLE_TIMEOUT
: /* DTLSv1_handle_timeout */
1390 /* For legacy compatibility with DTLS calls. */
1391 return ossl_quic_handle_events(s
) == 1 ? 1 : -1;
1393 /* Mask ctrls we shouldn't support for QUIC. */
1394 case SSL_CTRL_GET_READ_AHEAD
:
1395 case SSL_CTRL_SET_READ_AHEAD
:
1396 case SSL_CTRL_SET_MAX_SEND_FRAGMENT
:
1397 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT
:
1398 case SSL_CTRL_SET_MAX_PIPELINES
:
1403 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1404 * implementation. Either SSL_ctrl will handle it itself by direct
1405 * access into handshake layer state, or failing that, it will be passed
1406 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1407 * supported by anything, the handshake layer's ctrl method will finally
1410 return ossl_ctrl_internal(&ctx
.qc
->ssl
, cmd
, larg
, parg
, /*no_quic=*/1);
1414 /* SSL_set_connect_state */
1415 void ossl_quic_set_connect_state(SSL
*s
)
1419 if (!expect_quic(s
, &ctx
))
1422 /* Cannot be changed after handshake started */
1423 if (ctx
.qc
->started
|| ctx
.is_stream
)
1426 ctx
.qc
->as_server_state
= 0;
1429 /* SSL_set_accept_state */
1430 void ossl_quic_set_accept_state(SSL
*s
)
1434 if (!expect_quic(s
, &ctx
))
1437 /* Cannot be changed after handshake started */
1438 if (ctx
.qc
->started
|| ctx
.is_stream
)
1441 ctx
.qc
->as_server_state
= 1;
1444 /* SSL_do_handshake */
1445 struct quic_handshake_wait_args
{
1446 QUIC_CONNECTION
*qc
;
1449 static int tls_wants_non_io_retry(QUIC_CONNECTION
*qc
)
1451 int want
= SSL_want(qc
->tls
);
1453 if (want
== SSL_X509_LOOKUP
1454 || want
== SSL_CLIENT_HELLO_CB
1455 || want
== SSL_RETRY_VERIFY
)
1461 static int quic_handshake_wait(void *arg
)
1463 struct quic_handshake_wait_args
*args
= arg
;
1465 if (!quic_mutation_allowed(args
->qc
, /*req_active=*/1))
1468 if (ossl_quic_channel_is_handshake_complete(args
->qc
->ch
))
1471 if (tls_wants_non_io_retry(args
->qc
))
1477 static int configure_channel(QUIC_CONNECTION
*qc
)
1479 assert(qc
->ch
!= NULL
);
1481 if (!ossl_quic_port_set_net_rbio(qc
->port
, qc
->net_rbio
)
1482 || !ossl_quic_port_set_net_wbio(qc
->port
, qc
->net_wbio
)
1483 || !ossl_quic_channel_set_peer_addr(qc
->ch
, &qc
->init_peer_addr
))
1490 static int create_channel(QUIC_CONNECTION
*qc
)
1492 QUIC_PORT_ARGS port_args
= {0};
1494 port_args
.libctx
= qc
->ssl
.ctx
->libctx
;
1495 port_args
.propq
= qc
->ssl
.ctx
->propq
;
1496 port_args
.mutex
= qc
->mutex
;
1497 port_args
.channel_ctx
= qc
->ssl
.ctx
;
1498 port_args
.now_cb
= get_time_cb
;
1499 port_args
.now_cb_arg
= qc
;
1501 qc
->port
= ossl_quic_port_new(&port_args
);
1502 if (qc
->port
== NULL
) {
1503 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1507 qc
->ch
= ossl_quic_port_create_outgoing(qc
->port
, qc
->tls
);
1508 if (qc
->ch
== NULL
) {
1509 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1510 ossl_quic_port_free(qc
->port
);
1518 * Configures a channel with the information we have accumulated via calls made
1519 * to us from the application prior to starting a handshake attempt.
1522 static int ensure_channel_started(QCTX
*ctx
)
1524 QUIC_CONNECTION
*qc
= ctx
->qc
;
1527 if (!configure_channel(qc
)) {
1528 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1529 "failed to configure channel");
1533 if (!ossl_quic_channel_start(qc
->ch
)) {
1534 ossl_quic_channel_restore_err_state(qc
->ch
);
1535 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1536 "failed to start channel");
1540 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1541 if (qc
->is_thread_assisted
)
1542 if (!ossl_quic_thread_assist_init_start(&qc
->thread_assist
, qc
->ch
,
1543 qc
->override_now_cb
,
1544 qc
->override_now_cb_arg
)) {
1545 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
,
1546 "failed to start assist thread");
1557 static int quic_do_handshake(QCTX
*ctx
)
1560 QUIC_CONNECTION
*qc
= ctx
->qc
;
1562 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1563 /* Handshake already completed. */
1566 if (!quic_mutation_allowed(qc
, /*req_active=*/0))
1567 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1569 if (qc
->as_server
!= qc
->as_server_state
) {
1570 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
1571 return -1; /* Non-protocol error */
1574 if (qc
->net_rbio
== NULL
|| qc
->net_wbio
== NULL
) {
1575 /* Need read and write BIOs. */
1576 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_BIO_NOT_SET
, NULL
);
1577 return -1; /* Non-protocol error */
1581 * We need to determine our addressing mode. There are basically two
1582 * ways we can use L4 addresses:
1584 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1585 * addresses attached to them which we expect the underlying network BIO
1588 * - Unaddressed mode, in which the BIO provided to us on the
1589 * network side neither provides us with L4 addresses nor is capable of
1590 * honouring ones we provide. We don't know where the QUIC traffic we
1591 * send ends up exactly and trust the application to know what it is
1594 * Addressed mode is preferred because it enables support for connection
1595 * migration, multipath, etc. in the future. Addressed mode is automatically
1596 * enabled if we are using e.g. BIO_s_datagram, with or without
1599 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1600 * use unaddressed mode unless that BIO supports capability flags indicating
1601 * it can provide and honour L4 addresses.
1603 * Our strategy for determining address mode is simple: we probe the
1604 * underlying network BIOs for their capabilities. If the network BIOs
1605 * support what we need, we use addressed mode. Otherwise, we use
1608 * If addressed mode is chosen, we require an initial peer address to be
1609 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1610 * require this, as such an address is superfluous, though it can be set if
1613 if (!qc
->started
&& !qc
->addressing_probe_done
) {
1614 long rcaps
= BIO_dgram_get_effective_caps(qc
->net_rbio
);
1615 long wcaps
= BIO_dgram_get_effective_caps(qc
->net_wbio
);
1617 qc
->addressed_mode_r
= ((rcaps
& BIO_DGRAM_CAP_PROVIDES_SRC_ADDR
) != 0);
1618 qc
->addressed_mode_w
= ((wcaps
& BIO_DGRAM_CAP_HANDLES_DST_ADDR
) != 0);
1619 qc
->addressing_probe_done
= 1;
1622 if (!qc
->started
&& qc
->addressed_mode_w
1623 && BIO_ADDR_family(&qc
->init_peer_addr
) == AF_UNSPEC
) {
1625 * We are trying to connect and are using addressed mode, which means we
1626 * need an initial peer address; if we do not have a peer address yet,
1627 * we should try to autodetect one.
1629 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1630 * may not be able to provide us with a peer address until they have
1631 * finished their own processing. They may not be able to perform this
1632 * processing until an application has finished configuring that BIO
1633 * (e.g. with setter calls), which might happen after SSL_set_bio is
1636 if (!csm_analyse_init_peer_addr(qc
->net_wbio
, &qc
->init_peer_addr
))
1638 BIO_ADDR_clear(&qc
->init_peer_addr
);
1640 ossl_quic_channel_set_peer_addr(qc
->ch
, &qc
->init_peer_addr
);
1644 && qc
->addressed_mode_w
1645 && BIO_ADDR_family(&qc
->init_peer_addr
) == AF_UNSPEC
) {
1647 * If we still don't have a peer address in addressed mode, we can't do
1650 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET
, NULL
);
1651 return -1; /* Non-protocol error */
1655 * Start connection process. Note we may come here multiple times in
1656 * non-blocking mode, which is fine.
1658 if (!ensure_channel_started(ctx
)) /* raises on failure */
1659 return -1; /* Non-protocol error */
1661 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1662 /* The handshake is now done. */
1665 if (!qc_blocking_mode(qc
)) {
1666 /* Try to advance the reactor. */
1667 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc
->ch
), 0);
1669 if (ossl_quic_channel_is_handshake_complete(qc
->ch
))
1670 /* The handshake is now done. */
1673 if (ossl_quic_channel_is_term_any(qc
->ch
)) {
1674 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1676 } else if (qc
->desires_blocking
) {
1678 * As a special case when doing a handshake when blocking mode is
1679 * desired yet not available, see if the network BIOs have become
1680 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1681 * which do late creation of socket FDs and therefore cannot expose
1682 * a poll descriptor until after a network BIO is set on the QCSO.
1684 assert(!qc
->blocking
);
1685 qc_update_can_support_blocking(qc
);
1686 qc_update_blocking_mode(qc
);
1691 * We are either in blocking mode or just entered it due to the code above.
1693 if (qc_blocking_mode(qc
)) {
1694 /* In blocking mode, wait for the handshake to complete. */
1695 struct quic_handshake_wait_args args
;
1699 ret
= block_until_pred(qc
, quic_handshake_wait
, &args
, 0);
1700 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
1701 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1702 return 0; /* Shutdown before completion */
1703 } else if (ret
<= 0) {
1704 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1705 return -1; /* Non-protocol error */
1708 if (tls_wants_non_io_retry(qc
)) {
1709 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_get_error(qc
->tls
, 0));
1713 assert(ossl_quic_channel_is_handshake_complete(qc
->ch
));
1717 if (tls_wants_non_io_retry(qc
)) {
1718 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_get_error(qc
->tls
, 0));
1723 * Otherwise, indicate that the handshake isn't done yet.
1724 * We can only get here in non-blocking mode.
1726 QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_READ
);
1727 return -1; /* Non-protocol error */
1731 int ossl_quic_do_handshake(SSL
*s
)
1736 if (!expect_quic(s
, &ctx
))
1739 quic_lock_for_io(&ctx
);
1741 ret
= quic_do_handshake(&ctx
);
1742 quic_unlock(ctx
.qc
);
1747 int ossl_quic_connect(SSL
*s
)
1749 /* Ensure we are in connect state (no-op if non-idle). */
1750 ossl_quic_set_connect_state(s
);
1752 /* Begin or continue the handshake */
1753 return ossl_quic_do_handshake(s
);
1757 int ossl_quic_accept(SSL
*s
)
1759 /* Ensure we are in accept state (no-op if non-idle). */
1760 ossl_quic_set_accept_state(s
);
1762 /* Begin or continue the handshake */
1763 return ossl_quic_do_handshake(s
);
1767 * QUIC Front-End I/O API: Stream Lifecycle Operations
1768 * ===================================================
1770 * SSL_stream_new => ossl_quic_conn_stream_new
1775 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1776 * default XSO was created. Returns 0 if it was not (e.g. because it already
1777 * exists). Note that this is NOT an error condition.
1780 static int qc_try_create_default_xso_for_write(QCTX
*ctx
)
1783 QUIC_CONNECTION
*qc
= ctx
->qc
;
1785 if (qc
->default_xso_created
1786 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
1788 * We only do this once. If the user detaches a previously created
1789 * default XSO we don't auto-create another one.
1791 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
1793 /* Create a locally-initiated stream. */
1794 if (qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_AUTO_UNI
)
1795 flags
|= SSL_STREAM_FLAG_UNI
;
1797 qc_set_default_xso(qc
, (QUIC_XSO
*)quic_conn_stream_new(ctx
, flags
,
1800 if (qc
->default_xso
== NULL
)
1801 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1803 qc_touch_default_xso(qc
);
1807 struct quic_wait_for_stream_args
{
1808 QUIC_CONNECTION
*qc
;
1815 static int quic_wait_for_stream(void *arg
)
1817 struct quic_wait_for_stream_args
*args
= arg
;
1819 if (!quic_mutation_allowed(args
->qc
, /*req_active=*/1)) {
1820 /* If connection is torn down due to an error while blocking, stop. */
1821 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1825 args
->qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args
->qc
->ch
),
1826 args
->expect_id
| QUIC_STREAM_DIR_BIDI
);
1827 if (args
->qs
== NULL
)
1828 args
->qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args
->qc
->ch
),
1829 args
->expect_id
| QUIC_STREAM_DIR_UNI
);
1831 if (args
->qs
!= NULL
)
1832 return 1; /* stream now exists */
1834 return 0; /* did not get a stream, keep trying */
1838 static int qc_wait_for_default_xso_for_read(QCTX
*ctx
)
1840 /* Called on a QCSO and we don't currently have a default stream. */
1842 QUIC_CONNECTION
*qc
= ctx
->qc
;
1845 struct quic_wait_for_stream_args wargs
;
1846 OSSL_RTT_INFO rtt_info
;
1849 * If default stream functionality is disabled or we already detached
1850 * one, don't make another default stream and just fail.
1852 if (qc
->default_xso_created
1853 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
1854 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_NO_STREAM
, NULL
);
1857 * The peer may have opened a stream since we last ticked. So tick and
1858 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1859 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1860 * first stream created by a peer must have an ordinal of 0.
1862 expect_id
= qc
->as_server
1863 ? QUIC_STREAM_INITIATOR_CLIENT
1864 : QUIC_STREAM_INITIATOR_SERVER
;
1866 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1867 expect_id
| QUIC_STREAM_DIR_BIDI
);
1869 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1870 expect_id
| QUIC_STREAM_DIR_UNI
);
1873 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(qc
->ch
), 0);
1875 qs
= ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc
->ch
),
1880 if (!qc_blocking_mode(qc
))
1881 /* Non-blocking mode, so just bail immediately. */
1882 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_READ
);
1884 /* Block until we have a stream. */
1888 wargs
.expect_id
= expect_id
;
1890 res
= block_until_pred(qc
, quic_wait_for_stream
, &wargs
, 0);
1892 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1893 else if (res
< 0 || wargs
.qs
== NULL
)
1894 /* quic_wait_for_stream raised error here */
1901 * We now have qs != NULL. Remove it from the incoming stream queue so that
1902 * it isn't also returned by any future SSL_accept_stream calls.
1904 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc
->ch
), &rtt_info
);
1905 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc
->ch
),
1906 qs
, rtt_info
.smoothed_rtt
);
1909 * Now make qs the default stream, creating the necessary XSO.
1911 qc_set_default_xso(qc
, create_xso_from_stream(qc
, qs
), /*touch=*/0);
1912 if (qc
->default_xso
== NULL
)
1913 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
1915 qc_touch_default_xso(qc
); /* inhibits default XSO */
1920 static QUIC_XSO
*create_xso_from_stream(QUIC_CONNECTION
*qc
, QUIC_STREAM
*qs
)
1922 QUIC_XSO
*xso
= NULL
;
1924 if ((xso
= OPENSSL_zalloc(sizeof(*xso
))) == NULL
) {
1925 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_CRYPTO_LIB
, NULL
);
1929 if (!ossl_ssl_init(&xso
->ssl
, qc
->ssl
.ctx
, qc
->ssl
.method
, SSL_TYPE_QUIC_XSO
)) {
1930 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_INTERNAL_ERROR
, NULL
);
1935 if (!SSL_up_ref(&qc
->ssl
)) {
1936 QUIC_RAISE_NON_NORMAL_ERROR(NULL
, ERR_R_SSL_LIB
, NULL
);
1941 xso
->ssl_mode
= qc
->default_ssl_mode
;
1943 = qc
->default_ssl_options
& OSSL_QUIC_PERMITTED_OPTIONS_STREAM
;
1944 xso
->last_error
= SSL_ERROR_NONE
;
1949 xso_update_options(xso
);
1957 struct quic_new_stream_wait_args
{
1958 QUIC_CONNECTION
*qc
;
1962 static int quic_new_stream_wait(void *arg
)
1964 struct quic_new_stream_wait_args
*args
= arg
;
1965 QUIC_CONNECTION
*qc
= args
->qc
;
1967 if (!quic_mutation_allowed(qc
, /*req_active=*/1))
1970 if (ossl_quic_channel_is_new_local_stream_admissible(qc
->ch
, args
->is_uni
))
1976 /* locking depends on need_lock */
1977 static SSL
*quic_conn_stream_new(QCTX
*ctx
, uint64_t flags
, int need_lock
)
1980 QUIC_CONNECTION
*qc
= ctx
->qc
;
1981 QUIC_XSO
*xso
= NULL
;
1982 QUIC_STREAM
*qs
= NULL
;
1983 int is_uni
= ((flags
& SSL_STREAM_FLAG_UNI
) != 0);
1984 int no_blocking
= ((flags
& SSL_STREAM_FLAG_NO_BLOCK
) != 0);
1985 int advance
= ((flags
& SSL_STREAM_FLAG_ADVANCE
) != 0);
1990 if (!quic_mutation_allowed(qc
, /*req_active=*/0)) {
1991 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
1996 && !ossl_quic_channel_is_new_local_stream_admissible(qc
->ch
, is_uni
)) {
1997 struct quic_new_stream_wait_args args
;
2000 * Stream count flow control currently doesn't permit this stream to be
2003 if (no_blocking
|| !qc_blocking_mode(qc
)) {
2004 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_STREAM_COUNT_LIMITED
, NULL
);
2009 args
.is_uni
= is_uni
;
2011 /* Blocking mode - wait until we can get a stream. */
2012 ret
= block_until_pred(ctx
->qc
, quic_new_stream_wait
, &args
, 0);
2013 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
2014 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2015 goto err
; /* Shutdown before completion */
2016 } else if (ret
<= 0) {
2017 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2018 goto err
; /* Non-protocol error */
2022 qs
= ossl_quic_channel_new_stream_local(qc
->ch
, is_uni
);
2024 QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2028 xso
= create_xso_from_stream(qc
, qs
);
2032 qc_touch_default_xso(qc
); /* inhibits default XSO */
2040 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc
->ch
), qs
);
2049 SSL
*ossl_quic_conn_stream_new(SSL
*s
, uint64_t flags
)
2053 if (!expect_quic_conn_only(s
, &ctx
))
2056 return quic_conn_stream_new(&ctx
, flags
, /*need_lock=*/1);
2060 * QUIC Front-End I/O API: Steady-State Operations
2061 * ===============================================
2063 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2064 * is, the functions used during the established phase of a QUIC connection
2065 * (e.g. SSL_read, SSL_write).
2067 * Each function must handle both blocking and non-blocking modes. As discussed
2068 * above, all QUIC I/O is implemented using non-blocking mode internally.
2070 * SSL_get_error => partially implemented by ossl_quic_get_error
2071 * SSL_want => ossl_quic_want
2072 * (BIO/)SSL_read => ossl_quic_read
2073 * (BIO/)SSL_write => ossl_quic_write
2074 * SSL_pending => ossl_quic_pending
2075 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2076 * SSL_key_update => ossl_quic_key_update
2080 int ossl_quic_get_error(const SSL
*s
, int i
)
2083 int net_error
, last_error
;
2085 if (!expect_quic(s
, &ctx
))
2089 net_error
= ossl_quic_channel_net_error(ctx
.qc
->ch
);
2090 last_error
= ctx
.is_stream
? ctx
.xso
->last_error
: ctx
.qc
->last_error
;
2091 quic_unlock(ctx
.qc
);
2094 return SSL_ERROR_SYSCALL
;
2099 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2100 static int error_to_want(int error
)
2103 case SSL_ERROR_WANT_CONNECT
: /* never used - UDP is connectionless */
2104 case SSL_ERROR_WANT_ACCEPT
: /* never used - UDP is connectionless */
2105 case SSL_ERROR_ZERO_RETURN
:
2109 case SSL_ERROR_WANT_READ
:
2112 case SSL_ERROR_WANT_WRITE
:
2115 case SSL_ERROR_WANT_RETRY_VERIFY
:
2116 return SSL_RETRY_VERIFY
;
2118 case SSL_ERROR_WANT_CLIENT_HELLO_CB
:
2119 return SSL_CLIENT_HELLO_CB
;
2121 case SSL_ERROR_WANT_X509_LOOKUP
:
2122 return SSL_X509_LOOKUP
;
2127 int ossl_quic_want(const SSL
*s
)
2132 if (!expect_quic(s
, &ctx
))
2137 w
= error_to_want(ctx
.is_stream
? ctx
.xso
->last_error
: ctx
.qc
->last_error
);
2139 quic_unlock(ctx
.qc
);
2147 * The set of functions below provide the implementation of the public SSL_write
2148 * function. We must handle:
2150 * - both blocking and non-blocking operation at the application level,
2151 * depending on how we are configured;
2153 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2155 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2159 static void quic_post_write(QUIC_XSO
*xso
, int did_append
, int do_tick
)
2162 * We have appended at least one byte to the stream.
2163 * Potentially mark stream as active, depending on FC.
2166 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso
->conn
->ch
),
2172 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2173 * immediately, plus we should eventually consider Nagle's algorithm.
2176 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso
->conn
->ch
), 0);
2179 struct quic_write_again_args
{
2181 const unsigned char *buf
;
2183 size_t total_written
;
2188 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2189 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2190 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2192 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2195 * Ensure spare buffer space available (up until a limit, at least).
2198 static int sstream_ensure_spare(QUIC_SSTREAM
*sstream
, uint64_t spare
)
2200 size_t cur_sz
= ossl_quic_sstream_get_buffer_size(sstream
);
2201 size_t avail
= ossl_quic_sstream_get_buffer_avail(sstream
);
2202 size_t spare_
= (spare
> SIZE_MAX
) ? SIZE_MAX
: (size_t)spare
;
2203 size_t new_sz
, growth
;
2205 if (spare_
<= avail
|| cur_sz
== MAX_WRITE_BUF_SIZE
)
2208 growth
= spare_
- avail
;
2209 if (cur_sz
+ growth
> MAX_WRITE_BUF_SIZE
)
2210 new_sz
= MAX_WRITE_BUF_SIZE
;
2212 new_sz
= cur_sz
+ growth
;
2214 return ossl_quic_sstream_set_buffer_size(sstream
, new_sz
);
2218 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2219 * as needed according to flow control.
2222 static int xso_sstream_append(QUIC_XSO
*xso
, const unsigned char *buf
,
2223 size_t len
, size_t *actual_written
)
2225 QUIC_SSTREAM
*sstream
= xso
->stream
->sstream
;
2226 uint64_t cur
= ossl_quic_sstream_get_cur_size(sstream
);
2227 uint64_t cwm
= ossl_quic_txfc_get_cwm(&xso
->stream
->txfc
);
2228 uint64_t permitted
= (cwm
>= cur
? cwm
- cur
: 0);
2230 if (len
> permitted
)
2231 len
= (size_t)permitted
;
2233 if (!sstream_ensure_spare(sstream
, len
))
2236 return ossl_quic_sstream_append(sstream
, buf
, len
, actual_written
);
2240 static int quic_write_again(void *arg
)
2242 struct quic_write_again_args
*args
= arg
;
2243 size_t actual_written
= 0;
2245 if (!quic_mutation_allowed(args
->xso
->conn
, /*req_active=*/1))
2246 /* If connection is torn down due to an error while blocking, stop. */
2249 if (!quic_validate_for_write(args
->xso
, &args
->err
))
2251 * Stream may have become invalid for write due to connection events
2256 args
->err
= ERR_R_INTERNAL_ERROR
;
2257 if (!xso_sstream_append(args
->xso
, args
->buf
, args
->len
, &actual_written
))
2260 quic_post_write(args
->xso
, actual_written
> 0, 0);
2262 args
->buf
+= actual_written
;
2263 args
->len
-= actual_written
;
2264 args
->total_written
+= actual_written
;
2267 /* Written everything, done. */
2270 /* Not written everything yet, keep trying. */
2275 static int quic_write_blocking(QCTX
*ctx
, const void *buf
, size_t len
,
2279 QUIC_XSO
*xso
= ctx
->xso
;
2280 struct quic_write_again_args args
;
2281 size_t actual_written
= 0;
2283 /* First make a best effort to append as much of the data as possible. */
2284 if (!xso_sstream_append(xso
, buf
, len
, &actual_written
)) {
2285 /* Stream already finished or allocation error. */
2287 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2290 quic_post_write(xso
, actual_written
> 0, 1);
2292 if (actual_written
== len
) {
2293 /* Managed to append everything on the first try. */
2294 *written
= actual_written
;
2299 * We did not manage to append all of the data immediately, so the stream
2300 * buffer has probably filled up. This means we need to block until some of
2304 args
.buf
= (const unsigned char *)buf
+ actual_written
;
2305 args
.len
= len
- actual_written
;
2306 args
.total_written
= 0;
2307 args
.err
= ERR_R_INTERNAL_ERROR
;
2309 res
= block_until_pred(xso
->conn
, quic_write_again
, &args
, 0);
2311 if (!quic_mutation_allowed(xso
->conn
, /*req_active=*/1))
2312 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2314 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, args
.err
, NULL
);
2317 *written
= args
.total_written
;
2322 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2325 static void aon_write_begin(QUIC_XSO
*xso
, const unsigned char *buf
,
2326 size_t buf_len
, size_t already_sent
)
2328 assert(!xso
->aon_write_in_progress
);
2330 xso
->aon_write_in_progress
= 1;
2331 xso
->aon_buf_base
= buf
;
2332 xso
->aon_buf_pos
= already_sent
;
2333 xso
->aon_buf_len
= buf_len
;
2336 static void aon_write_finish(QUIC_XSO
*xso
)
2338 xso
->aon_write_in_progress
= 0;
2339 xso
->aon_buf_base
= NULL
;
2340 xso
->aon_buf_pos
= 0;
2341 xso
->aon_buf_len
= 0;
2345 static int quic_write_nonblocking_aon(QCTX
*ctx
, const void *buf
,
2346 size_t len
, size_t *written
)
2348 QUIC_XSO
*xso
= ctx
->xso
;
2349 const void *actual_buf
;
2350 size_t actual_len
, actual_written
= 0;
2351 int accept_moving_buffer
2352 = ((xso
->ssl_mode
& SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
) != 0);
2354 if (xso
->aon_write_in_progress
) {
2356 * We are in the middle of an AON write (i.e., a previous write did not
2357 * manage to append all data to the SSTREAM and we have Enable Partial
2358 * Write (EPW) mode disabled.)
2360 if ((!accept_moving_buffer
&& xso
->aon_buf_base
!= buf
)
2361 || len
!= xso
->aon_buf_len
)
2363 * Pointer must not have changed if we are not in accept moving
2364 * buffer mode. Length must never change.
2366 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, SSL_R_BAD_WRITE_RETRY
, NULL
);
2368 actual_buf
= (unsigned char *)buf
+ xso
->aon_buf_pos
;
2369 actual_len
= len
- xso
->aon_buf_pos
;
2370 assert(actual_len
> 0);
2376 /* First make a best effort to append as much of the data as possible. */
2377 if (!xso_sstream_append(xso
, actual_buf
, actual_len
, &actual_written
)) {
2378 /* Stream already finished or allocation error. */
2380 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2383 quic_post_write(xso
, actual_written
> 0, 1);
2385 if (actual_written
== actual_len
) {
2386 /* We have sent everything. */
2387 if (xso
->aon_write_in_progress
) {
2389 * We have sent everything, and we were in the middle of an AON
2390 * write. The output write length is the total length of the AON
2391 * buffer, not however many bytes we managed to write to the stream
2394 *written
= xso
->aon_buf_len
;
2395 aon_write_finish(xso
);
2397 *written
= actual_written
;
2403 if (xso
->aon_write_in_progress
) {
2405 * AON write is in progress but we have not written everything yet. We
2406 * may have managed to send zero bytes, or some number of bytes less
2407 * than the total remaining which need to be appended during this
2410 xso
->aon_buf_pos
+= actual_written
;
2411 assert(xso
->aon_buf_pos
< xso
->aon_buf_len
);
2412 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_WRITE
);
2416 * Not in an existing AON operation but partial write is not enabled, so we
2417 * need to begin a new AON operation. However we needn't bother if we didn't
2418 * actually append anything.
2420 if (actual_written
> 0)
2421 aon_write_begin(xso
, buf
, len
, actual_written
);
2424 * AON - We do not publicly admit to having appended anything until AON
2428 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_WANT_WRITE
);
2432 static int quic_write_nonblocking_epw(QCTX
*ctx
, const void *buf
, size_t len
,
2435 QUIC_XSO
*xso
= ctx
->xso
;
2437 /* Simple best effort operation. */
2438 if (!xso_sstream_append(xso
, buf
, len
, written
)) {
2439 /* Stream already finished or allocation error. */
2441 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2444 quic_post_write(xso
, *written
> 0, 1);
2449 static int quic_validate_for_write(QUIC_XSO
*xso
, int *err
)
2451 QUIC_STREAM_MAP
*qsm
;
2453 if (xso
== NULL
|| xso
->stream
== NULL
) {
2454 *err
= ERR_R_INTERNAL_ERROR
;
2458 switch (xso
->stream
->send_state
) {
2460 case QUIC_SSTREAM_STATE_NONE
:
2461 *err
= SSL_R_STREAM_RECV_ONLY
;
2464 case QUIC_SSTREAM_STATE_READY
:
2465 qsm
= ossl_quic_channel_get_qsm(xso
->conn
->ch
);
2467 if (!ossl_quic_stream_map_ensure_send_part_id(qsm
, xso
->stream
)) {
2468 *err
= ERR_R_INTERNAL_ERROR
;
2473 case QUIC_SSTREAM_STATE_SEND
:
2474 case QUIC_SSTREAM_STATE_DATA_SENT
:
2475 case QUIC_SSTREAM_STATE_DATA_RECVD
:
2476 if (ossl_quic_sstream_get_final_size(xso
->stream
->sstream
, NULL
)) {
2477 *err
= SSL_R_STREAM_FINISHED
;
2483 case QUIC_SSTREAM_STATE_RESET_SENT
:
2484 case QUIC_SSTREAM_STATE_RESET_RECVD
:
2485 *err
= SSL_R_STREAM_RESET
;
2491 int ossl_quic_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
2495 int partial_write
, err
;
2499 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/0, /*io=*/1, &ctx
))
2502 partial_write
= ((ctx
.xso
->ssl_mode
& SSL_MODE_ENABLE_PARTIAL_WRITE
) != 0);
2504 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/0)) {
2505 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2510 * If we haven't finished the handshake, try to advance it.
2511 * We don't accept writes until the handshake is completed.
2513 if (quic_do_handshake(&ctx
) < 1) {
2518 /* Ensure correct stream state, stream send part not concluded, etc. */
2519 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
2520 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
2529 if (xso_blocking_mode(ctx
.xso
))
2530 ret
= quic_write_blocking(&ctx
, buf
, len
, written
);
2531 else if (partial_write
)
2532 ret
= quic_write_nonblocking_epw(&ctx
, buf
, len
, written
);
2534 ret
= quic_write_nonblocking_aon(&ctx
, buf
, len
, written
);
2537 quic_unlock(ctx
.qc
);
2545 struct quic_read_again_args
{
2547 QUIC_STREAM
*stream
;
2555 static int quic_validate_for_read(QUIC_XSO
*xso
, int *err
, int *eos
)
2557 QUIC_STREAM_MAP
*qsm
;
2561 if (xso
== NULL
|| xso
->stream
== NULL
) {
2562 *err
= ERR_R_INTERNAL_ERROR
;
2566 switch (xso
->stream
->recv_state
) {
2568 case QUIC_RSTREAM_STATE_NONE
:
2569 *err
= SSL_R_STREAM_SEND_ONLY
;
2572 case QUIC_RSTREAM_STATE_RECV
:
2573 case QUIC_RSTREAM_STATE_SIZE_KNOWN
:
2574 case QUIC_RSTREAM_STATE_DATA_RECVD
:
2577 case QUIC_RSTREAM_STATE_DATA_READ
:
2581 case QUIC_RSTREAM_STATE_RESET_RECVD
:
2582 qsm
= ossl_quic_channel_get_qsm(xso
->conn
->ch
);
2583 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm
, xso
->stream
);
2586 case QUIC_RSTREAM_STATE_RESET_READ
:
2587 *err
= SSL_R_STREAM_RESET
;
2593 static int quic_read_actual(QCTX
*ctx
,
2594 QUIC_STREAM
*stream
,
2595 void *buf
, size_t buf_len
,
2599 int is_fin
= 0, err
, eos
;
2600 QUIC_CONNECTION
*qc
= ctx
->qc
;
2602 if (!quic_validate_for_read(ctx
->xso
, &err
, &eos
)) {
2604 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_ZERO_RETURN
);
2606 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, err
, NULL
);
2610 if (!ossl_quic_rstream_peek(stream
->rstream
, buf
, buf_len
,
2611 bytes_read
, &is_fin
))
2612 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2615 if (!ossl_quic_rstream_read(stream
->rstream
, buf
, buf_len
,
2616 bytes_read
, &is_fin
))
2617 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2621 if (*bytes_read
> 0) {
2623 * We have read at least one byte from the stream. Inform stream-level
2624 * RXFC of the retirement of controlled bytes. Update the active stream
2625 * status (the RXFC may now want to emit a frame granting more credit to
2628 OSSL_RTT_INFO rtt_info
;
2630 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc
->ch
), &rtt_info
);
2632 if (!ossl_quic_rxfc_on_retire(&stream
->rxfc
, *bytes_read
,
2633 rtt_info
.smoothed_rtt
))
2634 return QUIC_RAISE_NON_NORMAL_ERROR(ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2637 if (is_fin
&& !peek
) {
2638 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(ctx
->qc
->ch
);
2640 ossl_quic_stream_map_notify_totally_read(qsm
, ctx
->xso
->stream
);
2643 if (*bytes_read
> 0)
2644 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc
->ch
),
2648 if (*bytes_read
== 0 && is_fin
)
2649 return QUIC_RAISE_NORMAL_ERROR(ctx
, SSL_ERROR_ZERO_RETURN
);
2655 static int quic_read_again(void *arg
)
2657 struct quic_read_again_args
*args
= arg
;
2659 if (!quic_mutation_allowed(args
->ctx
->qc
, /*req_active=*/1)) {
2660 /* If connection is torn down due to an error while blocking, stop. */
2661 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2665 if (!quic_read_actual(args
->ctx
, args
->stream
,
2666 args
->buf
, args
->len
, args
->bytes_read
,
2670 if (*args
->bytes_read
> 0)
2671 /* got at least one byte, the SSL_read op can finish now */
2674 return 0; /* did not read anything, keep trying */
2678 static int quic_read(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
, int peek
)
2682 struct quic_read_again_args args
;
2686 if (!expect_quic(s
, &ctx
))
2689 quic_lock_for_io(&ctx
);
2691 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/0)) {
2692 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2696 /* If we haven't finished the handshake, try to advance it. */
2697 if (quic_do_handshake(&ctx
) < 1) {
2698 ret
= 0; /* ossl_quic_do_handshake raised error here */
2702 if (ctx
.xso
== NULL
) {
2704 * Called on a QCSO and we don't currently have a default stream.
2706 * Wait until we get a stream initiated by the peer (blocking mode) or
2707 * fail if we don't have one yet (non-blocking mode).
2709 if (!qc_wait_for_default_xso_for_read(&ctx
)) {
2710 ret
= 0; /* error already raised here */
2714 ctx
.xso
= ctx
.qc
->default_xso
;
2717 if (!quic_read_actual(&ctx
, ctx
.xso
->stream
, buf
, len
, bytes_read
, peek
)) {
2718 ret
= 0; /* quic_read_actual raised error here */
2722 if (*bytes_read
> 0) {
2724 * Even though we succeeded, tick the reactor here to ensure we are
2725 * handling other aspects of the QUIC connection.
2727 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
2729 } else if (xso_blocking_mode(ctx
.xso
)) {
2731 * We were not able to read anything immediately, so our stream
2732 * buffer is empty. This means we need to block until we get
2733 * at least one byte.
2736 args
.stream
= ctx
.xso
->stream
;
2739 args
.bytes_read
= bytes_read
;
2742 res
= block_until_pred(ctx
.qc
, quic_read_again
, &args
, 0);
2744 ret
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2746 } else if (res
< 0) {
2747 ret
= 0; /* quic_read_again raised error here */
2754 * We did not get any bytes and are not in blocking mode.
2755 * Tick to see if this delivers any more.
2757 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx
.qc
->ch
), 0);
2759 /* Try the read again. */
2760 if (!quic_read_actual(&ctx
, ctx
.xso
->stream
, buf
, len
, bytes_read
, peek
)) {
2761 ret
= 0; /* quic_read_actual raised error here */
2765 if (*bytes_read
> 0)
2766 ret
= 1; /* Succeeded this time. */
2768 ret
= QUIC_RAISE_NORMAL_ERROR(&ctx
, SSL_ERROR_WANT_READ
);
2772 quic_unlock(ctx
.qc
);
2776 int ossl_quic_read(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
)
2778 return quic_read(s
, buf
, len
, bytes_read
, 0);
2781 int ossl_quic_peek(SSL
*s
, void *buf
, size_t len
, size_t *bytes_read
)
2783 return quic_read(s
, buf
, len
, bytes_read
, 1);
2792 static size_t ossl_quic_pending_int(const SSL
*s
, int check_channel
)
2799 if (!expect_quic(s
, &ctx
))
2804 if (ctx
.xso
== NULL
) {
2805 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_NO_STREAM
, NULL
);
2809 if (ctx
.xso
->stream
== NULL
2810 || !ossl_quic_stream_has_recv_buffer(ctx
.xso
->stream
)) {
2811 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
2815 if (!ossl_quic_rstream_available(ctx
.xso
->stream
->rstream
, &avail
, &fin
))
2818 if (avail
== 0 && check_channel
&& ossl_quic_channel_has_pending(ctx
.qc
->ch
))
2822 quic_unlock(ctx
.qc
);
2826 size_t ossl_quic_pending(const SSL
*s
)
2828 return ossl_quic_pending_int(s
, /*check_channel=*/0);
2831 int ossl_quic_has_pending(const SSL
*s
)
2833 /* Do we have app-side pending data or pending URXEs or RXEs? */
2834 return ossl_quic_pending_int(s
, /*check_channel=*/1) > 0;
2838 * SSL_stream_conclude
2839 * -------------------
2842 int ossl_quic_conn_stream_conclude(SSL
*s
)
2848 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/0, /*io=*/0, &ctx
))
2851 qs
= ctx
.xso
->stream
;
2853 if (!quic_mutation_allowed(ctx
.qc
, /*req_active=*/1)) {
2854 quic_unlock(ctx
.qc
);
2855 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
2858 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
2859 quic_unlock(ctx
.qc
);
2860 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
2863 if (ossl_quic_sstream_get_final_size(qs
->sstream
, NULL
)) {
2864 quic_unlock(ctx
.qc
);
2868 ossl_quic_sstream_fin(qs
->sstream
);
2869 quic_post_write(ctx
.xso
, 1, 1);
2870 quic_unlock(ctx
.qc
);
2875 * SSL_inject_net_dgram
2876 * --------------------
2879 int SSL_inject_net_dgram(SSL
*s
, const unsigned char *buf
,
2881 const BIO_ADDR
*peer
,
2882 const BIO_ADDR
*local
)
2888 if (!expect_quic(s
, &ctx
))
2893 demux
= ossl_quic_channel_get0_demux(ctx
.qc
->ch
);
2894 ret
= ossl_quic_demux_inject(demux
, buf
, buf_len
, peer
, local
);
2896 quic_unlock(ctx
.qc
);
2901 * SSL_get0_connection
2902 * -------------------
2904 SSL
*ossl_quic_get0_connection(SSL
*s
)
2908 if (!expect_quic(s
, &ctx
))
2911 return &ctx
.qc
->ssl
;
2915 * SSL_get_stream_type
2916 * -------------------
2918 int ossl_quic_get_stream_type(SSL
*s
)
2922 if (!expect_quic(s
, &ctx
))
2923 return SSL_STREAM_TYPE_BIDI
;
2925 if (ctx
.xso
== NULL
) {
2927 * If deferred XSO creation has yet to occur, proceed according to the
2928 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2929 * what kind of stream will be created yet, so return BIDI on the basis
2930 * that at this time, the client still has the option of calling
2931 * SSL_read() or SSL_write() first.
2933 if (ctx
.qc
->default_xso_created
2934 || ctx
.qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
2935 return SSL_STREAM_TYPE_NONE
;
2937 return SSL_STREAM_TYPE_BIDI
;
2940 if (ossl_quic_stream_is_bidi(ctx
.xso
->stream
))
2941 return SSL_STREAM_TYPE_BIDI
;
2943 if (ossl_quic_stream_is_server_init(ctx
.xso
->stream
) != ctx
.qc
->as_server
)
2944 return SSL_STREAM_TYPE_READ
;
2946 return SSL_STREAM_TYPE_WRITE
;
2954 uint64_t ossl_quic_get_stream_id(SSL
*s
)
2959 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/-1, /*io=*/0, &ctx
))
2962 id
= ctx
.xso
->stream
->id
;
2963 quic_unlock(ctx
.qc
);
2969 * SSL_is_stream_local
2970 * -------------------
2973 int ossl_quic_is_stream_local(SSL
*s
)
2978 if (!expect_quic_with_stream_lock(s
, /*remote_init=*/-1, /*io=*/0, &ctx
))
2981 is_local
= ossl_quic_stream_is_local_init(ctx
.xso
->stream
);
2982 quic_unlock(ctx
.qc
);
2988 * SSL_set_default_stream_mode
2989 * ---------------------------
2992 int ossl_quic_set_default_stream_mode(SSL
*s
, uint32_t mode
)
2996 if (!expect_quic_conn_only(s
, &ctx
))
3001 if (ctx
.qc
->default_xso_created
) {
3002 quic_unlock(ctx
.qc
);
3003 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
3004 "too late to change default stream mode");
3008 case SSL_DEFAULT_STREAM_MODE_NONE
:
3009 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI
:
3010 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI
:
3011 ctx
.qc
->default_stream_mode
= mode
;
3014 quic_unlock(ctx
.qc
);
3015 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
3016 "bad default stream type");
3019 quic_unlock(ctx
.qc
);
3028 SSL
*ossl_quic_detach_stream(SSL
*s
)
3031 QUIC_XSO
*xso
= NULL
;
3033 if (!expect_quic_conn_only(s
, &ctx
))
3038 /* Calling this function inhibits default XSO autocreation. */
3039 /* QC ref to any default XSO is transferred to us and to caller. */
3040 qc_set_default_xso_keep_ref(ctx
.qc
, NULL
, /*touch=*/1, &xso
);
3042 quic_unlock(ctx
.qc
);
3044 return xso
!= NULL
? &xso
->ssl
: NULL
;
3052 int ossl_quic_attach_stream(SSL
*conn
, SSL
*stream
)
3058 if (!expect_quic_conn_only(conn
, &ctx
))
3061 if (stream
== NULL
|| stream
->type
!= SSL_TYPE_QUIC_XSO
)
3062 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_NULL_PARAMETER
,
3063 "stream to attach must be a valid QUIC stream");
3065 xso
= (QUIC_XSO
*)stream
;
3069 if (ctx
.qc
->default_xso
!= NULL
) {
3070 quic_unlock(ctx
.qc
);
3071 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
,
3072 "connection already has a default stream");
3076 * It is a caller error for the XSO being attached as a default XSO to have
3077 * more than one ref.
3079 if (!CRYPTO_GET_REF(&xso
->ssl
.references
, &nref
)) {
3080 quic_unlock(ctx
.qc
);
3081 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
,
3086 quic_unlock(ctx
.qc
);
3087 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
,
3088 "stream being attached must have "
3089 "only 1 reference");
3092 /* Caller's reference to the XSO is transferred to us. */
3093 /* Calling this function inhibits default XSO autocreation. */
3094 qc_set_default_xso(ctx
.qc
, xso
, /*touch=*/1);
3096 quic_unlock(ctx
.qc
);
3101 * SSL_set_incoming_stream_policy
3102 * ------------------------------
3105 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION
*qc
)
3107 switch (qc
->incoming_stream_policy
) {
3108 case SSL_INCOMING_STREAM_POLICY_AUTO
:
3109 if ((qc
->default_xso
== NULL
&& !qc
->default_xso_created
)
3110 || qc
->default_stream_mode
== SSL_DEFAULT_STREAM_MODE_NONE
)
3111 return SSL_INCOMING_STREAM_POLICY_ACCEPT
;
3113 return SSL_INCOMING_STREAM_POLICY_REJECT
;
3116 return qc
->incoming_stream_policy
;
3121 static void qc_update_reject_policy(QUIC_CONNECTION
*qc
)
3123 int policy
= qc_get_effective_incoming_stream_policy(qc
);
3124 int enable_reject
= (policy
== SSL_INCOMING_STREAM_POLICY_REJECT
);
3126 ossl_quic_channel_set_incoming_stream_auto_reject(qc
->ch
,
3128 qc
->incoming_stream_aec
);
3132 int ossl_quic_set_incoming_stream_policy(SSL
*s
, int policy
,
3138 if (!expect_quic_conn_only(s
, &ctx
))
3144 case SSL_INCOMING_STREAM_POLICY_AUTO
:
3145 case SSL_INCOMING_STREAM_POLICY_ACCEPT
:
3146 case SSL_INCOMING_STREAM_POLICY_REJECT
:
3147 ctx
.qc
->incoming_stream_policy
= policy
;
3148 ctx
.qc
->incoming_stream_aec
= aec
;
3152 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
3157 qc_update_reject_policy(ctx
.qc
);
3158 quic_unlock(ctx
.qc
);
3166 struct wait_for_incoming_stream_args
{
3172 static int wait_for_incoming_stream(void *arg
)
3174 struct wait_for_incoming_stream_args
*args
= arg
;
3175 QUIC_CONNECTION
*qc
= args
->ctx
->qc
;
3176 QUIC_STREAM_MAP
*qsm
= ossl_quic_channel_get_qsm(qc
->ch
);
3178 if (!quic_mutation_allowed(qc
, /*req_active=*/1)) {
3179 /* If connection is torn down due to an error while blocking, stop. */
3180 QUIC_RAISE_NON_NORMAL_ERROR(args
->ctx
, SSL_R_PROTOCOL_IS_SHUTDOWN
, NULL
);
3184 args
->qs
= ossl_quic_stream_map_peek_accept_queue(qsm
);
3185 if (args
->qs
!= NULL
)
3186 return 1; /* got a stream */
3188 return 0; /* did not get a stream, keep trying */
3192 SSL
*ossl_quic_accept_stream(SSL
*s
, uint64_t flags
)
3197 QUIC_STREAM_MAP
*qsm
;
3200 OSSL_RTT_INFO rtt_info
;
3202 if (!expect_quic_conn_only(s
, &ctx
))
3207 if (qc_get_effective_incoming_stream_policy(ctx
.qc
)
3208 == SSL_INCOMING_STREAM_POLICY_REJECT
) {
3209 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
, NULL
);
3213 qsm
= ossl_quic_channel_get_qsm(ctx
.qc
->ch
);
3215 qs
= ossl_quic_stream_map_peek_accept_queue(qsm
);
3217 if (qc_blocking_mode(ctx
.qc
)
3218 && (flags
& SSL_ACCEPT_STREAM_NO_BLOCK
) == 0) {
3219 struct wait_for_incoming_stream_args args
;
3224 ret
= block_until_pred(ctx
.qc
, wait_for_incoming_stream
, &args
, 0);
3226 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
3228 } else if (ret
< 0 || args
.qs
== NULL
) {
3238 xso
= create_xso_from_stream(ctx
.qc
, qs
);
3242 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx
.qc
->ch
), &rtt_info
);
3243 ossl_quic_stream_map_remove_from_accept_queue(qsm
, qs
,
3244 rtt_info
.smoothed_rtt
);
3247 /* Calling this function inhibits default XSO autocreation. */
3248 qc_touch_default_xso(ctx
.qc
); /* inhibits default XSO */
3251 quic_unlock(ctx
.qc
);
3256 * SSL_get_accept_stream_queue_len
3257 * -------------------------------
3260 size_t ossl_quic_get_accept_stream_queue_len(SSL
*s
)
3265 if (!expect_quic_conn_only(s
, &ctx
))
3270 v
= ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(ctx
.qc
->ch
));
3272 quic_unlock(ctx
.qc
);
3280 int ossl_quic_stream_reset(SSL
*ssl
,
3281 const SSL_STREAM_RESET_ARGS
*args
,
3285 QUIC_STREAM_MAP
*qsm
;
3287 uint64_t error_code
;
3290 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/0, /*io=*/0, &ctx
))
3293 qsm
= ossl_quic_channel_get_qsm(ctx
.qc
->ch
);
3294 qs
= ctx
.xso
->stream
;
3295 error_code
= (args
!= NULL
? args
->quic_error_code
: 0);
3297 if (!quic_validate_for_write(ctx
.xso
, &err
)) {
3298 ok
= QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, err
, NULL
);
3302 ok
= ossl_quic_stream_map_reset_stream_send_part(qsm
, qs
, error_code
);
3305 quic_unlock(ctx
.qc
);
3310 * SSL_get_stream_read_state
3311 * -------------------------
3313 static void quic_classify_stream(QUIC_CONNECTION
*qc
,
3317 uint64_t *app_error_code
)
3320 uint64_t final_size
;
3322 local_init
= (ossl_quic_stream_is_server_init(qs
) == qc
->as_server
);
3324 if (app_error_code
!= NULL
)
3325 *app_error_code
= UINT64_MAX
;
3327 app_error_code
= &final_size
; /* throw away value */
3329 if (!ossl_quic_stream_is_bidi(qs
) && local_init
!= is_write
) {
3331 * Unidirectional stream and this direction of transmission doesn't
3334 *state
= SSL_STREAM_STATE_WRONG_DIR
;
3335 } else if (ossl_quic_channel_is_term_any(qc
->ch
)) {
3336 /* Connection already closed. */
3337 *state
= SSL_STREAM_STATE_CONN_CLOSED
;
3338 } else if (!is_write
&& qs
->recv_state
== QUIC_RSTREAM_STATE_DATA_READ
) {
3339 /* Application has read a FIN. */
3340 *state
= SSL_STREAM_STATE_FINISHED
;
3341 } else if ((!is_write
&& qs
->stop_sending
)
3342 || (is_write
&& ossl_quic_stream_send_is_reset(qs
))) {
3344 * Stream has been reset locally. FIN takes precedence over this for the
3345 * read case as the application need not care if the stream is reset
3346 * after a FIN has been successfully processed.
3348 *state
= SSL_STREAM_STATE_RESET_LOCAL
;
3349 *app_error_code
= !is_write
3350 ? qs
->stop_sending_aec
3351 : qs
->reset_stream_aec
;
3352 } else if ((!is_write
&& ossl_quic_stream_recv_is_reset(qs
))
3353 || (is_write
&& qs
->peer_stop_sending
)) {
3355 * Stream has been reset remotely. */
3356 *state
= SSL_STREAM_STATE_RESET_REMOTE
;
3357 *app_error_code
= !is_write
3358 ? qs
->peer_reset_stream_aec
3359 : qs
->peer_stop_sending_aec
;
3360 } else if (is_write
&& ossl_quic_sstream_get_final_size(qs
->sstream
,
3363 * Stream has been finished. Stream reset takes precedence over this for
3364 * the write case as peer may not have received all data.
3366 *state
= SSL_STREAM_STATE_FINISHED
;
3368 /* Stream still healthy. */
3369 *state
= SSL_STREAM_STATE_OK
;
3373 static int quic_get_stream_state(SSL
*ssl
, int is_write
)
3378 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3379 return SSL_STREAM_STATE_NONE
;
3381 quic_classify_stream(ctx
.qc
, ctx
.xso
->stream
, is_write
, &state
, NULL
);
3382 quic_unlock(ctx
.qc
);
3386 int ossl_quic_get_stream_read_state(SSL
*ssl
)
3388 return quic_get_stream_state(ssl
, /*is_write=*/0);
3392 * SSL_get_stream_write_state
3393 * --------------------------
3395 int ossl_quic_get_stream_write_state(SSL
*ssl
)
3397 return quic_get_stream_state(ssl
, /*is_write=*/1);
3401 * SSL_get_stream_read_error_code
3402 * ------------------------------
3404 static int quic_get_stream_error_code(SSL
*ssl
, int is_write
,
3405 uint64_t *app_error_code
)
3410 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3413 quic_classify_stream(ctx
.qc
, ctx
.xso
->stream
, /*is_write=*/0,
3414 &state
, app_error_code
);
3416 quic_unlock(ctx
.qc
);
3418 case SSL_STREAM_STATE_FINISHED
:
3420 case SSL_STREAM_STATE_RESET_LOCAL
:
3421 case SSL_STREAM_STATE_RESET_REMOTE
:
3428 int ossl_quic_get_stream_read_error_code(SSL
*ssl
, uint64_t *app_error_code
)
3430 return quic_get_stream_error_code(ssl
, /*is_write=*/0, app_error_code
);
3434 * SSL_get_stream_write_error_code
3435 * -------------------------------
3437 int ossl_quic_get_stream_write_error_code(SSL
*ssl
, uint64_t *app_error_code
)
3439 return quic_get_stream_error_code(ssl
, /*is_write=*/1, app_error_code
);
3443 * Write buffer size mutation
3444 * --------------------------
3446 int ossl_quic_set_write_buffer_size(SSL
*ssl
, size_t size
)
3451 if (!expect_quic_with_stream_lock(ssl
, /*remote_init=*/-1, /*io=*/0, &ctx
))
3454 if (!ossl_quic_stream_has_send(ctx
.xso
->stream
)) {
3455 /* Called on a unidirectional receive-only stream - error. */
3456 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
, NULL
);
3460 if (!ossl_quic_stream_has_send_buffer(ctx
.xso
->stream
)) {
3462 * If the stream has a send part but we have disposed of it because we
3463 * no longer need it, this is a no-op.
3469 if (!ossl_quic_sstream_set_buffer_size(ctx
.xso
->stream
->sstream
, size
)) {
3470 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_INTERNAL_ERROR
, NULL
);
3477 quic_unlock(ctx
.qc
);
3482 * SSL_get_conn_close_info
3483 * -----------------------
3485 int ossl_quic_get_conn_close_info(SSL
*ssl
,
3486 SSL_CONN_CLOSE_INFO
*info
,
3490 const QUIC_TERMINATE_CAUSE
*tc
;
3492 if (!expect_quic_conn_only(ssl
, &ctx
))
3495 tc
= ossl_quic_channel_get_terminate_cause(ctx
.qc
->ch
);
3499 info
->error_code
= tc
->error_code
;
3500 info
->frame_type
= tc
->frame_type
;
3501 info
->reason
= tc
->reason
;
3502 info
->reason_len
= tc
->reason_len
;
3505 info
->flags
|= SSL_CONN_CLOSE_FLAG_LOCAL
;
3507 info
->flags
|= SSL_CONN_CLOSE_FLAG_TRANSPORT
;
3515 int ossl_quic_key_update(SSL
*ssl
, int update_type
)
3519 if (!expect_quic_conn_only(ssl
, &ctx
))
3522 switch (update_type
) {
3523 case SSL_KEY_UPDATE_NOT_REQUESTED
:
3525 * QUIC signals peer key update implicily by triggering a local
3526 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3528 case SSL_KEY_UPDATE_REQUESTED
:
3532 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, ERR_R_PASSED_INVALID_ARGUMENT
, NULL
);
3538 /* Attempt to perform a TXKU. */
3539 if (!ossl_quic_channel_trigger_txku(ctx
.qc
->ch
)) {
3540 QUIC_RAISE_NON_NORMAL_ERROR(&ctx
, SSL_R_TOO_MANY_KEY_UPDATES
, NULL
);
3541 quic_unlock(ctx
.qc
);
3545 quic_unlock(ctx
.qc
);
3550 * SSL_get_key_update_type
3551 * -----------------------
3553 int ossl_quic_get_key_update_type(const SSL
*s
)
3556 * We always handle key updates immediately so a key update is never
3559 return SSL_KEY_UPDATE_NONE
;
3563 * QUIC Front-End I/O API: SSL_CTX Management
3564 * ==========================================
3567 long ossl_quic_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3571 return ssl3_ctx_ctrl(ctx
, cmd
, larg
, parg
);
3575 long ossl_quic_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3579 if (!expect_quic_conn_only(s
, &ctx
))
3583 case SSL_CTRL_SET_MSG_CALLBACK
:
3584 ossl_quic_channel_set_msg_callback(ctx
.qc
->ch
, (ossl_msg_cb
)fp
,
3586 /* This callback also needs to be set on the internal SSL object */
3587 return ssl3_callback_ctrl(ctx
.qc
->tls
, cmd
, fp
);;
3590 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3591 return ssl3_callback_ctrl(ctx
.qc
->tls
, cmd
, fp
);
3595 long ossl_quic_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
3597 return ssl3_ctx_callback_ctrl(ctx
, cmd
, fp
);
3600 int ossl_quic_renegotiate_check(SSL
*ssl
, int initok
)
3602 /* We never do renegotiation. */
3606 const SSL_CIPHER
*ossl_quic_get_cipher_by_char(const unsigned char *p
)
3608 const SSL_CIPHER
*ciph
= ssl3_get_cipher_by_char(p
);
3610 if ((ciph
->algorithm2
& SSL_QUIC
) == 0)
3617 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3618 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3621 int ossl_quic_num_ciphers(void)
3626 const SSL_CIPHER
*ossl_quic_get_cipher(unsigned int u
)
3632 * SSL_get_shutdown()
3633 * ------------------
3635 int ossl_quic_get_shutdown(const SSL
*s
)
3640 if (!expect_quic_conn_only(s
, &ctx
))
3643 if (ossl_quic_channel_is_term_any(ctx
.qc
->ch
)) {
3644 shut
|= SSL_SENT_SHUTDOWN
;
3645 if (!ossl_quic_channel_is_closing(ctx
.qc
->ch
))
3646 shut
|= SSL_RECEIVED_SHUTDOWN
;
3653 * Internal Testing APIs
3654 * =====================
3657 QUIC_CHANNEL
*ossl_quic_conn_get_channel(SSL
*s
)
3661 if (!expect_quic_conn_only(s
, &ctx
))