1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
21
22 typedef struct qctx_st QCTX;
23
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43 static void qctx_maybe_autotick(QCTX *ctx);
44 static int qctx_should_autotick(QCTX *ctx);
45
46 /*
47 * QUIC Front-End I/O API: Common Utilities
48 * ========================================
49 */
50
51 /*
52 * Block until a predicate is met.
53 *
54 * Precondition: Must have a channel.
55 * Precondition: Must hold channel lock (unchecked).
56 */
57 QUIC_NEEDS_LOCK
block_until_pred(QUIC_CONNECTION * qc,int (* pred)(void * arg),void * pred_arg,uint32_t flags)58 static int block_until_pred(QUIC_CONNECTION *qc,
59 int (*pred)(void *arg), void *pred_arg,
60 uint32_t flags)
61 {
62 QUIC_REACTOR *rtor;
63
64 assert(qc->ch != NULL);
65
66 /*
67 * Any attempt to block auto-disables tick inhibition as otherwise we will
68 * hang around forever.
69 */
70 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
71
72 rtor = ossl_quic_channel_get_reactor(qc->ch);
73 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
74 qc->mutex);
75 }
76
get_time(QUIC_CONNECTION * qc)77 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
78 {
79 if (qc->override_now_cb != NULL)
80 return qc->override_now_cb(qc->override_now_cb_arg);
81 else
82 return ossl_time_now();
83 }
84
get_time_cb(void * arg)85 static OSSL_TIME get_time_cb(void *arg)
86 {
87 QUIC_CONNECTION *qc = arg;
88
89 return get_time(qc);
90 }
91
92 /*
93 * QCTX is a utility structure which provides information we commonly wish to
94 * unwrap upon an API call being dispatched to us, namely:
95 *
96 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
97 * was passed);
98 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
99 * a QCSO with a default stream was passed);
100 * - whether a QSSO was passed (xso == NULL must not be used to determine this
101 * because it may be non-NULL when a QCSO is passed if that QCSO has a
102 * default stream);
103 * - whether we are in "I/O context", meaning that non-normal errors can
104 * be reported via SSL_get_error() as well as via ERR. Functions such as
105 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
106 * functions which are allowed to change the value returned by
107 * SSL_get_error. However, other functions (including functions which call
108 * SSL_do_handshake() implicitly) are not allowed to change the return value
109 * of SSL_get_error.
110 */
111 struct qctx_st {
112 QUIC_CONNECTION *qc;
113 QUIC_XSO *xso;
114 int is_stream, in_io;
115 };
116
117 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)118 static void quic_set_last_error(QCTX *ctx, int last_error)
119 {
120 if (!ctx->in_io)
121 return;
122
123 if (ctx->is_stream && ctx->xso != NULL)
124 ctx->xso->last_error = last_error;
125 else if (!ctx->is_stream && ctx->qc != NULL)
126 ctx->qc->last_error = last_error;
127 }
128
129 /*
130 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
131 * rather than via ERR. Note that normal errors must always be raised while
132 * holding a lock.
133 */
134 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)135 static int quic_raise_normal_error(QCTX *ctx,
136 int err)
137 {
138 assert(ctx->in_io);
139 quic_set_last_error(ctx, err);
140
141 return 0;
142 }
143
144 /*
145 * Raise a 'non-normal' error, meaning any error that is not reported via
146 * SSL_get_error() and must be reported via ERR.
147 *
148 * qc should be provided if available. In exceptional circumstances when qc is
149 * not known NULL may be passed. This should generally only happen when an
150 * expect_...() function defined below fails, which generally indicates a
151 * dispatch error or caller error.
152 *
153 * ctx should be NULL if the connection lock is not held.
154 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)155 static int quic_raise_non_normal_error(QCTX *ctx,
156 const char *file,
157 int line,
158 const char *func,
159 int reason,
160 const char *fmt,
161 ...)
162 {
163 va_list args;
164
165 if (ctx != NULL) {
166 quic_set_last_error(ctx, SSL_ERROR_SSL);
167
168 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
169 ossl_quic_channel_restore_err_state(ctx->qc->ch);
170 }
171
172 ERR_new();
173 ERR_set_debug(file, line, func);
174
175 va_start(args, fmt);
176 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
177 va_end(args);
178
179 return 0;
180 }
181
182 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
183 quic_raise_normal_error((ctx), (err))
184
185 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
186 quic_raise_non_normal_error((ctx), \
187 OPENSSL_FILE, OPENSSL_LINE, \
188 OPENSSL_FUNC, \
189 (reason), \
190 (msg))
191
192 /*
193 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
194 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
195 *
196 * After this returns 1, all fields of the passed QCTX are initialised.
197 * Returns 0 on failure. This function is intended to be used to provide API
198 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
199 */
expect_quic(const SSL * s,QCTX * ctx)200 static int expect_quic(const SSL *s, QCTX *ctx)
201 {
202 QUIC_CONNECTION *qc;
203 QUIC_XSO *xso;
204
205 ctx->qc = NULL;
206 ctx->xso = NULL;
207 ctx->is_stream = 0;
208
209 if (s == NULL)
210 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
211
212 switch (s->type) {
213 case SSL_TYPE_QUIC_CONNECTION:
214 qc = (QUIC_CONNECTION *)s;
215 ctx->qc = qc;
216 ctx->xso = qc->default_xso;
217 ctx->is_stream = 0;
218 ctx->in_io = 0;
219 return 1;
220
221 case SSL_TYPE_QUIC_XSO:
222 xso = (QUIC_XSO *)s;
223 ctx->qc = xso->conn;
224 ctx->xso = xso;
225 ctx->is_stream = 1;
226 ctx->in_io = 0;
227 return 1;
228
229 default:
230 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
231 }
232 }
233
234 /*
235 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
236 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
237 * stream.
238 *
239 * remote_init determines if we expect the default XSO to be remotely created or
240 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
241 *
242 * Channel mutex is acquired and retained on success.
243 */
244 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)245 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
246 int in_io, QCTX *ctx)
247 {
248 if (!expect_quic(s, ctx))
249 return 0;
250
251 if (in_io)
252 quic_lock_for_io(ctx);
253 else
254 quic_lock(ctx->qc);
255
256 if (ctx->xso == NULL && remote_init >= 0) {
257 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
258 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
259 goto err;
260 }
261
262 /* If we haven't finished the handshake, try to advance it. */
263 if (quic_do_handshake(ctx) < 1)
264 /* ossl_quic_do_handshake raised error here */
265 goto err;
266
267 if (remote_init == 0) {
268 if (!qc_try_create_default_xso_for_write(ctx))
269 goto err;
270 } else {
271 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
272 goto err;
273 }
274
275 ctx->xso = ctx->qc->default_xso;
276 }
277
278 if (ctx->xso == NULL) {
279 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
280 goto err;
281 }
282
283 return 1; /* coverity[missing_unlock]: lock held */
284
285 err:
286 quic_unlock(ctx->qc);
287 return 0;
288 }
289
290 /*
291 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
292 * be non-NULL if the QCSO has a default stream.
293 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)294 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
295 {
296 if (!expect_quic(s, ctx))
297 return 0;
298
299 if (ctx->is_stream)
300 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
301
302 return 1;
303 }
304
305 /*
306 * Ensures that the channel mutex is held for a method which touches channel
307 * state.
308 *
309 * Precondition: Channel mutex is not held (unchecked)
310 */
quic_lock(QUIC_CONNECTION * qc)311 static void quic_lock(QUIC_CONNECTION *qc)
312 {
313 #if defined(OPENSSL_THREADS)
314 ossl_crypto_mutex_lock(qc->mutex);
315 #endif
316 }
317
quic_lock_for_io(QCTX * ctx)318 static void quic_lock_for_io(QCTX *ctx)
319 {
320 quic_lock(ctx->qc);
321 ctx->in_io = 1;
322
323 /*
324 * We are entering an I/O function so we must update the values returned by
325 * SSL_get_error and SSL_want. Set no error. This will be overridden later
326 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
327 * occurs during the API call.
328 */
329 quic_set_last_error(ctx, SSL_ERROR_NONE);
330 }
331
332 /* Precondition: Channel mutex is held (unchecked) */
333 QUIC_NEEDS_LOCK
quic_unlock(QUIC_CONNECTION * qc)334 static void quic_unlock(QUIC_CONNECTION *qc)
335 {
336 #if defined(OPENSSL_THREADS)
337 ossl_crypto_mutex_unlock(qc->mutex);
338 #endif
339 }
340
341 /*
342 * This predicate is the criterion which should determine API call rejection for
343 * *most* mutating API calls, particularly stream-related operations for send
344 * parts.
345 *
346 * A call is rejected (this function returns 0) if shutdown is in progress
347 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
348 * req_active=1, the connection must be active (i.e., the IDLE state is also
349 * rejected).
350 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)351 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
352 {
353 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
354 return 0;
355
356 if (req_active && !ossl_quic_channel_is_active(qc->ch))
357 return 0;
358
359 return 1;
360 }
361
362 /*
363 * QUIC Front-End I/O API: Initialization
364 * ======================================
365 *
366 * SSL_new => ossl_quic_new
367 * ossl_quic_init
368 * SSL_reset => ossl_quic_reset
369 * SSL_clear => ossl_quic_clear
370 * ossl_quic_deinit
371 * SSL_free => ossl_quic_free
372 *
373 * SSL_set_options => ossl_quic_set_options
374 * SSL_get_options => ossl_quic_get_options
375 * SSL_clear_options => ossl_quic_clear_options
376 *
377 */
378
379 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)380 SSL *ossl_quic_new(SSL_CTX *ctx)
381 {
382 QUIC_CONNECTION *qc = NULL;
383 SSL *ssl_base = NULL;
384 SSL_CONNECTION *sc = NULL;
385
386 qc = OPENSSL_zalloc(sizeof(*qc));
387 if (qc == NULL) {
388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
389 return NULL;
390 }
391 #if defined(OPENSSL_THREADS)
392 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
393 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
394 goto err;
395 }
396 #endif
397
398 /* Initialise the QUIC_CONNECTION's stub header. */
399 ssl_base = &qc->ssl;
400 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
401 ssl_base = NULL;
402 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
403 goto err;
404 }
405
406 qc->tls = ossl_ssl_connection_new_int(ctx, ssl_base, TLS_method());
407 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
408 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
409 goto err;
410 }
411
412 /* override the user_ssl of the inner connection */
413 sc->s3.flags |= TLS1_FLAGS_QUIC;
414
415 /* Restrict options derived from the SSL_CTX. */
416 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
417 sc->pha_enabled = 0;
418
419 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
420 qc->is_thread_assisted
421 = (ssl_base->method == OSSL_QUIC_client_thread_method());
422 #endif
423
424 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
425 qc->as_server_state = qc->as_server;
426
427 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
428 qc->default_ssl_mode = qc->ssl.ctx->mode;
429 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
430 qc->desires_blocking = 1;
431 qc->blocking = 0;
432 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
433 qc->last_error = SSL_ERROR_NONE;
434
435 if (!create_channel(qc))
436 goto err;
437
438 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
439 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
440
441 qc_update_reject_policy(qc);
442
443 /*
444 * We do not create the default XSO yet. The reason for this is that the
445 * stream ID of the default XSO will depend on whether the stream is client
446 * or server-initiated, which depends on who transmits first. Since we do
447 * not know whether the application will be using a client-transmits-first
448 * or server-transmits-first protocol, we defer default XSO creation until
449 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
450 * we take that as a cue that the client is expecting a server-initiated
451 * stream, and vice versa if SSL_write() is called first.
452 */
453 return ssl_base;
454
455 err:
456 if (ssl_base == NULL) {
457 #if defined(OPENSSL_THREADS)
458 ossl_crypto_mutex_free(&qc->mutex);
459 #endif
460 OPENSSL_free(qc);
461 } else {
462 SSL_free(ssl_base);
463 }
464 return NULL;
465 }
466
467 /* SSL_free */
468 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)469 void ossl_quic_free(SSL *s)
470 {
471 QCTX ctx;
472 int is_default;
473
474 /* We should never be called on anything but a QSO. */
475 if (!expect_quic(s, &ctx))
476 return;
477
478 quic_lock(ctx.qc);
479
480 if (ctx.is_stream) {
481 /*
482 * When a QSSO is freed, the XSO is freed immediately, because the XSO
483 * itself only contains API personality layer data. However the
484 * underlying QUIC_STREAM is not freed immediately but is instead marked
485 * as deleted for later collection.
486 */
487
488 assert(ctx.qc->num_xso > 0);
489 --ctx.qc->num_xso;
490
491 /* If a stream's send part has not been finished, auto-reset it. */
492 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
493 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
494 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
495 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
496 ctx.xso->stream, 0);
497
498 /* Do STOP_SENDING for the receive part, if applicable. */
499 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
500 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
501 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
502 ctx.xso->stream, 0);
503
504 /* Update stream state. */
505 ctx.xso->stream->deleted = 1;
506 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
507 ctx.xso->stream);
508
509 is_default = (ctx.xso == ctx.qc->default_xso);
510 quic_unlock(ctx.qc);
511
512 /*
513 * Unref the connection in most cases; the XSO has a ref to the QC and
514 * not vice versa. But for a default XSO, to avoid circular references,
515 * the QC refs the XSO but the XSO does not ref the QC. If we are the
516 * default XSO, we only get here when the QC is being torn down anyway,
517 * so don't call SSL_free(qc) as we are already in it.
518 */
519 if (!is_default)
520 SSL_free(&ctx.qc->ssl);
521
522 /* Note: SSL_free calls OPENSSL_free(xso) for us */
523 return;
524 }
525
526 /*
527 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
528 * stage, but is freed during the channel free when the whole QSM is freed.
529 */
530 if (ctx.qc->default_xso != NULL) {
531 QUIC_XSO *xso = ctx.qc->default_xso;
532
533 quic_unlock(ctx.qc);
534 SSL_free(&xso->ssl);
535 quic_lock(ctx.qc);
536 ctx.qc->default_xso = NULL;
537 }
538
539 /* Ensure we have no remaining XSOs. */
540 assert(ctx.qc->num_xso == 0);
541
542 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
543 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
544 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
545 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
546 }
547 #endif
548
549 SSL_free(ctx.qc->tls);
550
551 ossl_quic_channel_free(ctx.qc->ch);
552 ossl_quic_port_free(ctx.qc->port);
553 ossl_quic_engine_free(ctx.qc->engine);
554
555 BIO_free_all(ctx.qc->net_rbio);
556 BIO_free_all(ctx.qc->net_wbio);
557
558 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
559 #if defined(OPENSSL_THREADS)
560 ossl_crypto_mutex_free(&ctx.qc->mutex);
561 #endif
562
563 /*
564 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
565 * us
566 */
567 }
568
569 /* SSL method init */
ossl_quic_init(SSL * s)570 int ossl_quic_init(SSL *s)
571 {
572 /* Same op as SSL_clear, forward the call. */
573 return ossl_quic_clear(s);
574 }
575
576 /* SSL method deinit */
ossl_quic_deinit(SSL * s)577 void ossl_quic_deinit(SSL *s)
578 {
579 /* No-op. */
580 }
581
582 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)583 int ossl_quic_reset(SSL *s)
584 {
585 QCTX ctx;
586
587 if (!expect_quic(s, &ctx))
588 return 0;
589
590 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
591 return 0;
592 }
593
594 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)595 int ossl_quic_clear(SSL *s)
596 {
597 QCTX ctx;
598
599 if (!expect_quic(s, &ctx))
600 return 0;
601
602 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
603 return 0;
604 }
605
ossl_quic_conn_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)606 int ossl_quic_conn_set_override_now_cb(SSL *s,
607 OSSL_TIME (*now_cb)(void *arg),
608 void *now_cb_arg)
609 {
610 QCTX ctx;
611
612 if (!expect_quic(s, &ctx))
613 return 0;
614
615 quic_lock(ctx.qc);
616
617 ctx.qc->override_now_cb = now_cb;
618 ctx.qc->override_now_cb_arg = now_cb_arg;
619
620 quic_unlock(ctx.qc);
621 return 1;
622 }
623
ossl_quic_conn_force_assist_thread_wake(SSL * s)624 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
625 {
626 QCTX ctx;
627
628 if (!expect_quic(s, &ctx))
629 return;
630
631 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
632 if (ctx.qc->is_thread_assisted && ctx.qc->started)
633 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
634 #endif
635 }
636
637 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)638 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
639 {
640 qc->default_xso_created = 1;
641 qc_update_reject_policy(qc);
642 }
643
644 /*
645 * Changes default XSO. Allows caller to keep reference to the old default XSO
646 * (if any). Reference to new XSO is transferred from caller.
647 */
648 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)649 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
650 int touch,
651 QUIC_XSO **old_xso)
652 {
653 int refs;
654
655 *old_xso = NULL;
656
657 if (qc->default_xso != xso) {
658 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
659
660 qc->default_xso = xso;
661
662 if (xso == NULL) {
663 /*
664 * Changing to not having a default XSO. XSO becomes standalone and
665 * now has a ref to the QC.
666 */
667 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
668 return;
669 } else {
670 /*
671 * Changing from not having a default XSO to having one. The new XSO
672 * will have had a reference to the QC we need to drop to avoid a
673 * circular reference.
674 *
675 * Currently we never change directly from one default XSO to
676 * another, though this function would also still be correct if this
677 * weren't the case.
678 */
679 assert(*old_xso == NULL);
680
681 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
682 assert(refs > 0);
683 }
684 }
685
686 if (touch)
687 qc_touch_default_xso(qc);
688 }
689
690 /*
691 * Changes default XSO, releasing the reference to any previous default XSO.
692 * Reference to new XSO is transferred from caller.
693 */
694 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)695 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
696 {
697 QUIC_XSO *old_xso = NULL;
698
699 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
700
701 if (old_xso != NULL)
702 SSL_free(&old_xso->ssl);
703 }
704
705 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)706 static void xso_update_options(QUIC_XSO *xso)
707 {
708 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
709
710 if (xso->stream->rstream != NULL)
711 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
712
713 if (xso->stream->sstream != NULL)
714 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
715 }
716
717 /*
718 * SSL_set_options
719 * ---------------
720 *
721 * Setting options on a QCSO
722 * - configures the handshake-layer options;
723 * - configures the default data-plane options for new streams;
724 * - configures the data-plane options on the default XSO, if there is one.
725 *
726 * Setting options on a QSSO
727 * - configures data-plane options for that stream only.
728 */
729 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)730 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
731 {
732 QCTX ctx;
733 uint64_t hs_mask_value, hs_or_value, ret;
734
735 if (!expect_quic(ssl, &ctx))
736 return 0;
737
738 quic_lock(ctx.qc);
739
740 if (!ctx.is_stream) {
741 /*
742 * If we were called on the connection, we apply any handshake option
743 * changes.
744 */
745 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
746 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
747
748 SSL_clear_options(ctx.qc->tls, hs_mask_value);
749 SSL_set_options(ctx.qc->tls, hs_or_value);
750
751 /* Update defaults for new streams. */
752 ctx.qc->default_ssl_options
753 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
754 & OSSL_QUIC_PERMITTED_OPTIONS;
755 }
756
757 if (ctx.xso != NULL) {
758 ctx.xso->ssl_options
759 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
760 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
761
762 xso_update_options(ctx.xso);
763 }
764
765 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
766
767 quic_unlock(ctx.qc);
768 return ret;
769 }
770
ossl_quic_set_options(SSL * ssl,uint64_t options)771 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
772 {
773 return quic_mask_or_options(ssl, 0, options);
774 }
775
776 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)777 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
778 {
779 return quic_mask_or_options(ssl, options, 0);
780 }
781
782 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)783 uint64_t ossl_quic_get_options(const SSL *ssl)
784 {
785 return quic_mask_or_options((SSL *)ssl, 0, 0);
786 }
787
788 /*
789 * QUIC Front-End I/O API: Network BIO Configuration
790 * =================================================
791 *
792 * Handling the different BIOs is difficult:
793 *
794 * - It is more or less a requirement that we use non-blocking network I/O;
795 * we need to be able to have timeouts on recv() calls, and make best effort
796 * (non blocking) send() and recv() calls.
797 *
798 * The only sensible way to do this is to configure the socket into
799 * non-blocking mode. We could try to do select() before calling send() or
800 * recv() to get a guarantee that the call will not block, but this will
801 * probably run into issues with buggy OSes which generate spurious socket
802 * readiness events. In any case, relying on this to work reliably does not
803 * seem sane.
804 *
805 * Timeouts could be handled via setsockopt() socket timeout options, but
806 * this depends on OS support and adds another syscall to every network I/O
807 * operation. It also has obvious thread safety concerns if we want to move
808 * to concurrent use of a single socket at some later date.
809 *
810 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
811 * be made non-blocking. However some OSes (e.g. Windows) do not support
812 * this, so we cannot rely on this.
813 *
814 * As such, we need to configure any FD in non-blocking mode. This may
815 * confound users who pass a blocking socket to libssl. However, in practice
816 * it would be extremely strange for a user of QUIC to pass an FD to us,
817 * then also try and send receive traffic on the same socket(!). Thus the
818 * impact of this should be limited, and can be documented.
819 *
820 * - We support both blocking and non-blocking operation in terms of the API
821 * presented to the user. One prospect is to set the blocking mode based on
822 * whether the socket passed to us was already in blocking mode. However,
823 * Windows has no API for determining if a socket is in blocking mode (!),
824 * therefore this cannot be done portably. Currently therefore we expose an
825 * explicit API call to set this, and default to blocking mode.
826 *
827 * - We need to determine our initial destination UDP address. The "natural"
828 * way for a user to do this is to set the peer variable on a BIO_dgram.
829 * However, this has problems because BIO_dgram's peer variable is used for
830 * both transmission and reception. This means it can be constantly being
831 * changed to a malicious value (e.g. if some random unrelated entity on the
832 * network starts sending traffic to us) on every read call. This is not a
833 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
834 * calls only, which do not use this variable. However, we do need to let
835 * the user specify the peer in a 'normal' manner. The compromise here is
836 * that we grab the current peer value set at the time the write BIO is set
837 * and do not read the value again.
838 *
839 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
840 * Currently we do this by only supporting non-blocking mode.
841 *
842 */
843
844 /*
845 * Determines what initial destination UDP address we should use, if possible.
846 * If this fails the client must set the destination address manually, or use a
847 * BIO which does not need a destination address.
848 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)849 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
850 {
851 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
852 return 0;
853
854 return 1;
855 }
856
qc_can_support_blocking_cached(QUIC_CONNECTION * qc)857 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
858 {
859 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
860
861 return ossl_quic_reactor_can_poll_r(rtor)
862 && ossl_quic_reactor_can_poll_w(rtor);
863 }
864
qc_update_can_support_blocking(QUIC_CONNECTION * qc)865 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
866 {
867 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
868 }
869
qc_update_blocking_mode(QUIC_CONNECTION * qc)870 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
871 {
872 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
873 }
874
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)875 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
876 {
877 QCTX ctx;
878
879 if (!expect_quic(s, &ctx))
880 return;
881
882 if (ctx.qc->net_rbio == net_rbio)
883 return;
884
885 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
886 return;
887
888 BIO_free_all(ctx.qc->net_rbio);
889 ctx.qc->net_rbio = net_rbio;
890
891 if (net_rbio != NULL)
892 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
893
894 /*
895 * Determine if the current pair of read/write BIOs now set allows blocking
896 * mode to be supported.
897 */
898 qc_update_can_support_blocking(ctx.qc);
899 qc_update_blocking_mode(ctx.qc);
900 }
901
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)902 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
903 {
904 QCTX ctx;
905
906 if (!expect_quic(s, &ctx))
907 return;
908
909 if (ctx.qc->net_wbio == net_wbio)
910 return;
911
912 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
913 return;
914
915 BIO_free_all(ctx.qc->net_wbio);
916 ctx.qc->net_wbio = net_wbio;
917
918 if (net_wbio != NULL)
919 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
920
921 /*
922 * Determine if the current pair of read/write BIOs now set allows blocking
923 * mode to be supported.
924 */
925 qc_update_can_support_blocking(ctx.qc);
926 qc_update_blocking_mode(ctx.qc);
927 }
928
ossl_quic_conn_get_net_rbio(const SSL * s)929 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
930 {
931 QCTX ctx;
932
933 if (!expect_quic(s, &ctx))
934 return NULL;
935
936 return ctx.qc->net_rbio;
937 }
938
ossl_quic_conn_get_net_wbio(const SSL * s)939 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
940 {
941 QCTX ctx;
942
943 if (!expect_quic(s, &ctx))
944 return NULL;
945
946 return ctx.qc->net_wbio;
947 }
948
ossl_quic_conn_get_blocking_mode(const SSL * s)949 int ossl_quic_conn_get_blocking_mode(const SSL *s)
950 {
951 QCTX ctx;
952
953 if (!expect_quic(s, &ctx))
954 return 0;
955
956 if (ctx.is_stream)
957 return xso_blocking_mode(ctx.xso);
958
959 return qc_blocking_mode(ctx.qc);
960 }
961
962 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)963 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
964 {
965 int ret = 0;
966 QCTX ctx;
967
968 if (!expect_quic(s, &ctx))
969 return 0;
970
971 quic_lock(ctx.qc);
972
973 /* Sanity check - can we support the request given the current network BIO? */
974 if (blocking) {
975 /*
976 * If called directly on a QCSO, update our information on network BIO
977 * capabilities.
978 */
979 if (!ctx.is_stream)
980 qc_update_can_support_blocking(ctx.qc);
981
982 /* Cannot enable blocking mode if we do not have pollable FDs. */
983 if (!qc_can_support_blocking_cached(ctx.qc)) {
984 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
985 goto out;
986 }
987 }
988
989 if (!ctx.is_stream)
990 /*
991 * If called directly on a QCSO, update default and connection-level
992 * blocking modes.
993 */
994 ctx.qc->desires_blocking = (blocking != 0);
995
996 if (ctx.xso != NULL) {
997 /*
998 * If called on a QSSO or a QCSO with a default XSO, update the blocking
999 * mode.
1000 */
1001 ctx.xso->desires_blocking = (blocking != 0);
1002 ctx.xso->desires_blocking_set = 1;
1003 }
1004
1005 ret = 1;
1006 out:
1007 qc_update_blocking_mode(ctx.qc);
1008 quic_unlock(ctx.qc);
1009 return ret;
1010 }
1011
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1012 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1013 const BIO_ADDR *peer_addr)
1014 {
1015 QCTX ctx;
1016
1017 if (!expect_quic(s, &ctx))
1018 return 0;
1019
1020 if (ctx.qc->started)
1021 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1022 NULL);
1023
1024 if (peer_addr == NULL) {
1025 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1026 return 1;
1027 }
1028
1029 ctx.qc->init_peer_addr = *peer_addr;
1030 return 1;
1031 }
1032
1033 /*
1034 * QUIC Front-End I/O API: Asynchronous I/O Management
1035 * ===================================================
1036 *
1037 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1038 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1039 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1040 *
1041 */
1042
1043 /* Returns 1 if the connection is being used in blocking mode. */
qc_blocking_mode(const QUIC_CONNECTION * qc)1044 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1045 {
1046 return qc->blocking;
1047 }
1048
xso_blocking_mode(const QUIC_XSO * xso)1049 static int xso_blocking_mode(const QUIC_XSO *xso)
1050 {
1051 if (xso->desires_blocking_set)
1052 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1053 else
1054 /* Only ever set if we can support blocking. */
1055 return xso->conn->blocking;
1056 }
1057
1058 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1059 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1060 int ossl_quic_handle_events(SSL *s)
1061 {
1062 QCTX ctx;
1063
1064 if (!expect_quic(s, &ctx))
1065 return 0;
1066
1067 quic_lock(ctx.qc);
1068 if (ctx.qc->started)
1069 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1070 quic_unlock(ctx.qc);
1071 return 1;
1072 }
1073
1074 /*
1075 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1076 * should next have events handled by the application by calling
1077 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1078 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1079 * the value of *tv is undefined.
1080 */
1081 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1082 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1083 {
1084 QCTX ctx;
1085 OSSL_TIME deadline = ossl_time_infinite();
1086
1087 if (!expect_quic(s, &ctx))
1088 return 0;
1089
1090 quic_lock(ctx.qc);
1091
1092 if (ctx.qc->started)
1093 deadline
1094 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1095
1096 if (ossl_time_is_infinite(deadline)) {
1097 *is_infinite = 1;
1098
1099 /*
1100 * Robustness against faulty applications that don't check *is_infinite;
1101 * harmless long timeout.
1102 */
1103 tv->tv_sec = 1000000;
1104 tv->tv_usec = 0;
1105
1106 quic_unlock(ctx.qc);
1107 return 1;
1108 }
1109
1110 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1111 *is_infinite = 0;
1112 quic_unlock(ctx.qc);
1113 return 1;
1114 }
1115
1116 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1117 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1118 {
1119 QCTX ctx;
1120
1121 if (!expect_quic(s, &ctx))
1122 return 0;
1123
1124 if (desc == NULL || ctx.qc->net_rbio == NULL)
1125 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1126 NULL);
1127
1128 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1129 }
1130
1131 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1132 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1133 {
1134 QCTX ctx;
1135
1136 if (!expect_quic(s, &ctx))
1137 return 0;
1138
1139 if (desc == NULL || ctx.qc->net_wbio == NULL)
1140 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1141 NULL);
1142
1143 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1144 }
1145
1146 /* SSL_net_read_desired */
1147 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1148 int ossl_quic_get_net_read_desired(SSL *s)
1149 {
1150 QCTX ctx;
1151 int ret;
1152
1153 if (!expect_quic(s, &ctx))
1154 return 0;
1155
1156 quic_lock(ctx.qc);
1157 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1158 quic_unlock(ctx.qc);
1159 return ret;
1160 }
1161
1162 /* SSL_net_write_desired */
1163 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1164 int ossl_quic_get_net_write_desired(SSL *s)
1165 {
1166 int ret;
1167 QCTX ctx;
1168
1169 if (!expect_quic(s, &ctx))
1170 return 0;
1171
1172 quic_lock(ctx.qc);
1173 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1174 quic_unlock(ctx.qc);
1175 return ret;
1176 }
1177
1178 /*
1179 * QUIC Front-End I/O API: Connection Lifecycle Operations
1180 * =======================================================
1181 *
1182 * SSL_do_handshake => ossl_quic_do_handshake
1183 * SSL_set_connect_state => ossl_quic_set_connect_state
1184 * SSL_set_accept_state => ossl_quic_set_accept_state
1185 * SSL_shutdown => ossl_quic_shutdown
1186 * SSL_ctrl => ossl_quic_ctrl
1187 * (BIO/)SSL_connect => ossl_quic_connect
1188 * (BIO/)SSL_accept => ossl_quic_accept
1189 *
1190 */
1191
1192 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1193 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1194 {
1195 QUIC_STREAM_MAP *qsm;
1196
1197 if (qc->shutting_down)
1198 return;
1199
1200 qsm = ossl_quic_channel_get_qsm(qc->ch);
1201
1202 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1203 qc->shutting_down = 1;
1204 }
1205
1206 /* Returns 1 if all shutdown-flush streams have been done with. */
1207 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1208 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1209 {
1210 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1211
1212 return qc->shutting_down
1213 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1214 }
1215
1216 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1217 static int quic_shutdown_wait(void *arg)
1218 {
1219 QUIC_CONNECTION *qc = arg;
1220
1221 return ossl_quic_channel_is_terminated(qc->ch);
1222 }
1223
1224 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1225 static int quic_shutdown_flush_wait(void *arg)
1226 {
1227 QUIC_CONNECTION *qc = arg;
1228
1229 return ossl_quic_channel_is_term_any(qc->ch)
1230 || qc_shutdown_flush_finished(qc);
1231 }
1232
quic_shutdown_peer_wait(void * arg)1233 static int quic_shutdown_peer_wait(void *arg)
1234 {
1235 QUIC_CONNECTION *qc = arg;
1236 return ossl_quic_channel_is_term_any(qc->ch);
1237 }
1238
1239 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1240 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1241 const SSL_SHUTDOWN_EX_ARGS *args,
1242 size_t args_len)
1243 {
1244 int ret;
1245 QCTX ctx;
1246 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1247 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1248 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1249
1250 if (!expect_quic(s, &ctx))
1251 return -1;
1252
1253 if (ctx.is_stream) {
1254 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1255 return -1;
1256 }
1257
1258 quic_lock(ctx.qc);
1259
1260 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1261 quic_unlock(ctx.qc);
1262 return 1;
1263 }
1264
1265 /* Phase 1: Stream Flushing */
1266 if (!wait_peer && stream_flush) {
1267 qc_shutdown_flush_init(ctx.qc);
1268
1269 if (!qc_shutdown_flush_finished(ctx.qc)) {
1270 if (!no_block && qc_blocking_mode(ctx.qc)) {
1271 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1272 if (ret < 1) {
1273 ret = 0;
1274 goto err;
1275 }
1276 } else {
1277 qctx_maybe_autotick(&ctx);
1278 }
1279 }
1280
1281 if (!qc_shutdown_flush_finished(ctx.qc)) {
1282 quic_unlock(ctx.qc);
1283 return 0; /* ongoing */
1284 }
1285 }
1286
1287 /* Phase 2: Connection Closure */
1288 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1289 if (!no_block && qc_blocking_mode(ctx.qc)) {
1290 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1291 if (ret < 1) {
1292 ret = 0;
1293 goto err;
1294 }
1295 } else {
1296 qctx_maybe_autotick(&ctx);
1297 }
1298
1299 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1300 ret = 0; /* peer hasn't closed yet - still not done */
1301 goto err;
1302 }
1303
1304 /*
1305 * We are at least terminating - go through the normal process of
1306 * waiting until we are in the TERMINATED state.
1307 */
1308 }
1309
1310 /* Block mutation ops regardless of if we did stream flush. */
1311 ctx.qc->shutting_down = 1;
1312
1313 /*
1314 * This call is a no-op if we are already terminating, so it doesn't
1315 * affect the wait_peer case.
1316 */
1317 ossl_quic_channel_local_close(ctx.qc->ch,
1318 args != NULL ? args->quic_error_code : 0,
1319 args != NULL ? args->quic_reason : NULL);
1320
1321 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1322
1323 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1324 quic_unlock(ctx.qc);
1325 return 1;
1326 }
1327
1328 /* Phase 3: Terminating Wait Time */
1329 if (!no_block && qc_blocking_mode(ctx.qc)
1330 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1331 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1332 if (ret < 1) {
1333 ret = 0;
1334 goto err;
1335 }
1336 } else {
1337 qctx_maybe_autotick(&ctx);
1338 }
1339
1340 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1341 err:
1342 quic_unlock(ctx.qc);
1343 return ret;
1344 }
1345
1346 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1347 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1348 {
1349 QCTX ctx;
1350
1351 if (!expect_quic(s, &ctx))
1352 return 0;
1353
1354 switch (cmd) {
1355 case SSL_CTRL_MODE:
1356 /* If called on a QCSO, update the default mode. */
1357 if (!ctx.is_stream)
1358 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1359
1360 /*
1361 * If we were called on a QSSO or have a default stream, we also update
1362 * that.
1363 */
1364 if (ctx.xso != NULL) {
1365 /* Cannot enable EPW while AON write in progress. */
1366 if (ctx.xso->aon_write_in_progress)
1367 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1368
1369 ctx.xso->ssl_mode |= (uint32_t)larg;
1370 return ctx.xso->ssl_mode;
1371 }
1372
1373 return ctx.qc->default_ssl_mode;
1374 case SSL_CTRL_CLEAR_MODE:
1375 if (!ctx.is_stream)
1376 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1377
1378 if (ctx.xso != NULL) {
1379 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1380 return ctx.xso->ssl_mode;
1381 }
1382
1383 return ctx.qc->default_ssl_mode;
1384
1385 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1386 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1387 /* This ctrl also needs to be passed to the internal SSL object */
1388 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1389
1390 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1391 {
1392 int is_infinite;
1393
1394 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1395 return 0;
1396
1397 return !is_infinite;
1398 }
1399 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1400 /* For legacy compatibility with DTLS calls. */
1401 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1402
1403 /* Mask ctrls we shouldn't support for QUIC. */
1404 case SSL_CTRL_GET_READ_AHEAD:
1405 case SSL_CTRL_SET_READ_AHEAD:
1406 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1407 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1408 case SSL_CTRL_SET_MAX_PIPELINES:
1409 return 0;
1410
1411 default:
1412 /*
1413 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1414 * implementation. Either SSL_ctrl will handle it itself by direct
1415 * access into handshake layer state, or failing that, it will be passed
1416 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1417 * supported by anything, the handshake layer's ctrl method will finally
1418 * return 0.
1419 */
1420 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1421 }
1422 }
1423
1424 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s)1425 void ossl_quic_set_connect_state(SSL *s)
1426 {
1427 QCTX ctx;
1428
1429 if (!expect_quic(s, &ctx))
1430 return;
1431
1432 /* Cannot be changed after handshake started */
1433 if (ctx.qc->started || ctx.is_stream)
1434 return;
1435
1436 ctx.qc->as_server_state = 0;
1437 }
1438
1439 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s)1440 void ossl_quic_set_accept_state(SSL *s)
1441 {
1442 QCTX ctx;
1443
1444 if (!expect_quic(s, &ctx))
1445 return;
1446
1447 /* Cannot be changed after handshake started */
1448 if (ctx.qc->started || ctx.is_stream)
1449 return;
1450
1451 ctx.qc->as_server_state = 1;
1452 }
1453
1454 /* SSL_do_handshake */
1455 struct quic_handshake_wait_args {
1456 QUIC_CONNECTION *qc;
1457 };
1458
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1459 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1460 {
1461 int want = SSL_want(qc->tls);
1462
1463 if (want == SSL_X509_LOOKUP
1464 || want == SSL_CLIENT_HELLO_CB
1465 || want == SSL_RETRY_VERIFY)
1466 return 1;
1467
1468 return 0;
1469 }
1470
quic_handshake_wait(void * arg)1471 static int quic_handshake_wait(void *arg)
1472 {
1473 struct quic_handshake_wait_args *args = arg;
1474
1475 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1476 return -1;
1477
1478 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1479 return 1;
1480
1481 if (tls_wants_non_io_retry(args->qc))
1482 return 1;
1483
1484 return 0;
1485 }
1486
configure_channel(QUIC_CONNECTION * qc)1487 static int configure_channel(QUIC_CONNECTION *qc)
1488 {
1489 assert(qc->ch != NULL);
1490
1491 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1492 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1493 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1494 return 0;
1495
1496 return 1;
1497 }
1498
1499 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc)1500 static int create_channel(QUIC_CONNECTION *qc)
1501 {
1502 QUIC_ENGINE_ARGS engine_args = {0};
1503 QUIC_PORT_ARGS port_args = {0};
1504
1505 engine_args.libctx = qc->ssl.ctx->libctx;
1506 engine_args.propq = qc->ssl.ctx->propq;
1507 engine_args.mutex = qc->mutex;
1508 engine_args.now_cb = get_time_cb;
1509 engine_args.now_cb_arg = qc;
1510 qc->engine = ossl_quic_engine_new(&engine_args);
1511 if (qc->engine == NULL) {
1512 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1513 return 0;
1514 }
1515
1516 port_args.channel_ctx = qc->ssl.ctx;
1517 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1518 if (qc->port == NULL) {
1519 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1520 ossl_quic_engine_free(qc->engine);
1521 return 0;
1522 }
1523
1524 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1525 if (qc->ch == NULL) {
1526 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1527 ossl_quic_port_free(qc->port);
1528 ossl_quic_engine_free(qc->engine);
1529 return 0;
1530 }
1531
1532 return 1;
1533 }
1534
1535 /*
1536 * Configures a channel with the information we have accumulated via calls made
1537 * to us from the application prior to starting a handshake attempt.
1538 */
1539 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1540 static int ensure_channel_started(QCTX *ctx)
1541 {
1542 QUIC_CONNECTION *qc = ctx->qc;
1543
1544 if (!qc->started) {
1545 if (!configure_channel(qc)) {
1546 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1547 "failed to configure channel");
1548 return 0;
1549 }
1550
1551 if (!ossl_quic_channel_start(qc->ch)) {
1552 ossl_quic_channel_restore_err_state(qc->ch);
1553 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1554 "failed to start channel");
1555 return 0;
1556 }
1557
1558 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1559 if (qc->is_thread_assisted)
1560 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1561 qc->override_now_cb,
1562 qc->override_now_cb_arg)) {
1563 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1564 "failed to start assist thread");
1565 return 0;
1566 }
1567 #endif
1568 }
1569
1570 qc->started = 1;
1571 return 1;
1572 }
1573
1574 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1575 static int quic_do_handshake(QCTX *ctx)
1576 {
1577 int ret;
1578 QUIC_CONNECTION *qc = ctx->qc;
1579
1580 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1581 /* Handshake already completed. */
1582 return 1;
1583
1584 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1585 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1586
1587 if (qc->as_server != qc->as_server_state) {
1588 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1589 return -1; /* Non-protocol error */
1590 }
1591
1592 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1593 /* Need read and write BIOs. */
1594 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1595 return -1; /* Non-protocol error */
1596 }
1597
1598 /*
1599 * We need to determine our addressing mode. There are basically two
1600 * ways we can use L4 addresses:
1601 *
1602 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1603 * addresses attached to them which we expect the underlying network BIO
1604 * to handle;
1605 *
1606 * - Unaddressed mode, in which the BIO provided to us on the
1607 * network side neither provides us with L4 addresses nor is capable of
1608 * honouring ones we provide. We don't know where the QUIC traffic we
1609 * send ends up exactly and trust the application to know what it is
1610 * doing.
1611 *
1612 * Addressed mode is preferred because it enables support for connection
1613 * migration, multipath, etc. in the future. Addressed mode is automatically
1614 * enabled if we are using e.g. BIO_s_datagram, with or without
1615 * BIO_s_connect.
1616 *
1617 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1618 * use unaddressed mode unless that BIO supports capability flags indicating
1619 * it can provide and honour L4 addresses.
1620 *
1621 * Our strategy for determining address mode is simple: we probe the
1622 * underlying network BIOs for their capabilities. If the network BIOs
1623 * support what we need, we use addressed mode. Otherwise, we use
1624 * unaddressed mode.
1625 *
1626 * If addressed mode is chosen, we require an initial peer address to be
1627 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1628 * require this, as such an address is superfluous, though it can be set if
1629 * desired.
1630 */
1631 if (!qc->started && !qc->addressing_probe_done) {
1632 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1633 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1634
1635 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1636 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1637 qc->addressing_probe_done = 1;
1638 }
1639
1640 if (!qc->started && qc->addressed_mode_w
1641 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1642 /*
1643 * We are trying to connect and are using addressed mode, which means we
1644 * need an initial peer address; if we do not have a peer address yet,
1645 * we should try to autodetect one.
1646 *
1647 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1648 * may not be able to provide us with a peer address until they have
1649 * finished their own processing. They may not be able to perform this
1650 * processing until an application has finished configuring that BIO
1651 * (e.g. with setter calls), which might happen after SSL_set_bio is
1652 * called.
1653 */
1654 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1655 /* best effort */
1656 BIO_ADDR_clear(&qc->init_peer_addr);
1657 else
1658 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1659 }
1660
1661 if (!qc->started
1662 && qc->addressed_mode_w
1663 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1664 /*
1665 * If we still don't have a peer address in addressed mode, we can't do
1666 * anything.
1667 */
1668 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1669 return -1; /* Non-protocol error */
1670 }
1671
1672 /*
1673 * Start connection process. Note we may come here multiple times in
1674 * non-blocking mode, which is fine.
1675 */
1676 if (!ensure_channel_started(ctx)) /* raises on failure */
1677 return -1; /* Non-protocol error */
1678
1679 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1680 /* The handshake is now done. */
1681 return 1;
1682
1683 if (!qc_blocking_mode(qc)) {
1684 /* Try to advance the reactor. */
1685 qctx_maybe_autotick(ctx);
1686
1687 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1688 /* The handshake is now done. */
1689 return 1;
1690
1691 if (ossl_quic_channel_is_term_any(qc->ch)) {
1692 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1693 return 0;
1694 } else if (qc->desires_blocking) {
1695 /*
1696 * As a special case when doing a handshake when blocking mode is
1697 * desired yet not available, see if the network BIOs have become
1698 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1699 * which do late creation of socket FDs and therefore cannot expose
1700 * a poll descriptor until after a network BIO is set on the QCSO.
1701 */
1702 assert(!qc->blocking);
1703 qc_update_can_support_blocking(qc);
1704 qc_update_blocking_mode(qc);
1705 }
1706 }
1707
1708 /*
1709 * We are either in blocking mode or just entered it due to the code above.
1710 */
1711 if (qc_blocking_mode(qc)) {
1712 /* In blocking mode, wait for the handshake to complete. */
1713 struct quic_handshake_wait_args args;
1714
1715 args.qc = qc;
1716
1717 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1718 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1719 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1720 return 0; /* Shutdown before completion */
1721 } else if (ret <= 0) {
1722 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1723 return -1; /* Non-protocol error */
1724 }
1725
1726 if (tls_wants_non_io_retry(qc)) {
1727 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1728 return -1;
1729 }
1730
1731 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1732 return 1;
1733 }
1734
1735 if (tls_wants_non_io_retry(qc)) {
1736 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1737 return -1;
1738 }
1739
1740 /*
1741 * Otherwise, indicate that the handshake isn't done yet.
1742 * We can only get here in non-blocking mode.
1743 */
1744 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1745 return -1; /* Non-protocol error */
1746 }
1747
1748 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)1749 int ossl_quic_do_handshake(SSL *s)
1750 {
1751 int ret;
1752 QCTX ctx;
1753
1754 if (!expect_quic(s, &ctx))
1755 return 0;
1756
1757 quic_lock_for_io(&ctx);
1758
1759 ret = quic_do_handshake(&ctx);
1760 quic_unlock(ctx.qc);
1761 return ret;
1762 }
1763
1764 /* SSL_connect */
ossl_quic_connect(SSL * s)1765 int ossl_quic_connect(SSL *s)
1766 {
1767 /* Ensure we are in connect state (no-op if non-idle). */
1768 ossl_quic_set_connect_state(s);
1769
1770 /* Begin or continue the handshake */
1771 return ossl_quic_do_handshake(s);
1772 }
1773
1774 /* SSL_accept */
ossl_quic_accept(SSL * s)1775 int ossl_quic_accept(SSL *s)
1776 {
1777 /* Ensure we are in accept state (no-op if non-idle). */
1778 ossl_quic_set_accept_state(s);
1779
1780 /* Begin or continue the handshake */
1781 return ossl_quic_do_handshake(s);
1782 }
1783
1784 /*
1785 * QUIC Front-End I/O API: Stream Lifecycle Operations
1786 * ===================================================
1787 *
1788 * SSL_stream_new => ossl_quic_conn_stream_new
1789 *
1790 */
1791
1792 /*
1793 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1794 * default XSO was created. Returns 0 if it was not (e.g. because it already
1795 * exists). Note that this is NOT an error condition.
1796 */
1797 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)1798 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1799 {
1800 uint64_t flags = 0;
1801 QUIC_CONNECTION *qc = ctx->qc;
1802
1803 if (qc->default_xso_created
1804 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1805 /*
1806 * We only do this once. If the user detaches a previously created
1807 * default XSO we don't auto-create another one.
1808 */
1809 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1810
1811 /* Create a locally-initiated stream. */
1812 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1813 flags |= SSL_STREAM_FLAG_UNI;
1814
1815 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1816 /*needs_lock=*/0),
1817 /*touch=*/0);
1818 if (qc->default_xso == NULL)
1819 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1820
1821 qc_touch_default_xso(qc);
1822 return 1;
1823 }
1824
1825 struct quic_wait_for_stream_args {
1826 QUIC_CONNECTION *qc;
1827 QUIC_STREAM *qs;
1828 QCTX *ctx;
1829 uint64_t expect_id;
1830 };
1831
1832 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)1833 static int quic_wait_for_stream(void *arg)
1834 {
1835 struct quic_wait_for_stream_args *args = arg;
1836
1837 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1838 /* If connection is torn down due to an error while blocking, stop. */
1839 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1840 return -1;
1841 }
1842
1843 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1844 args->expect_id | QUIC_STREAM_DIR_BIDI);
1845 if (args->qs == NULL)
1846 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1847 args->expect_id | QUIC_STREAM_DIR_UNI);
1848
1849 if (args->qs != NULL)
1850 return 1; /* stream now exists */
1851
1852 return 0; /* did not get a stream, keep trying */
1853 }
1854
1855 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)1856 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
1857 {
1858 /* Called on a QCSO and we don't currently have a default stream. */
1859 uint64_t expect_id;
1860 QUIC_CONNECTION *qc = ctx->qc;
1861 QUIC_STREAM *qs;
1862 int res;
1863 struct quic_wait_for_stream_args wargs;
1864 OSSL_RTT_INFO rtt_info;
1865
1866 /*
1867 * If default stream functionality is disabled or we already detached
1868 * one, don't make another default stream and just fail.
1869 */
1870 if (qc->default_xso_created
1871 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1872 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1873
1874 /*
1875 * The peer may have opened a stream since we last ticked. So tick and
1876 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1877 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1878 * first stream created by a peer must have an ordinal of 0.
1879 */
1880 expect_id = qc->as_server
1881 ? QUIC_STREAM_INITIATOR_CLIENT
1882 : QUIC_STREAM_INITIATOR_SERVER;
1883
1884 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1885 expect_id | QUIC_STREAM_DIR_BIDI);
1886 if (qs == NULL)
1887 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1888 expect_id | QUIC_STREAM_DIR_UNI);
1889
1890 if (qs == NULL) {
1891 qctx_maybe_autotick(ctx);
1892
1893 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1894 expect_id);
1895 }
1896
1897 if (qs == NULL) {
1898 if (peek)
1899 return 0;
1900
1901 if (!qc_blocking_mode(qc))
1902 /* Non-blocking mode, so just bail immediately. */
1903 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1904
1905 /* Block until we have a stream. */
1906 wargs.qc = qc;
1907 wargs.qs = NULL;
1908 wargs.ctx = ctx;
1909 wargs.expect_id = expect_id;
1910
1911 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1912 if (res == 0)
1913 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1914 else if (res < 0 || wargs.qs == NULL)
1915 /* quic_wait_for_stream raised error here */
1916 return 0;
1917
1918 qs = wargs.qs;
1919 }
1920
1921 /*
1922 * We now have qs != NULL. Remove it from the incoming stream queue so that
1923 * it isn't also returned by any future SSL_accept_stream calls.
1924 */
1925 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1926 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1927 qs, rtt_info.smoothed_rtt);
1928
1929 /*
1930 * Now make qs the default stream, creating the necessary XSO.
1931 */
1932 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1933 if (qc->default_xso == NULL)
1934 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1935
1936 qc_touch_default_xso(qc); /* inhibits default XSO */
1937 return 1;
1938 }
1939
1940 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)1941 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1942 {
1943 QUIC_XSO *xso = NULL;
1944
1945 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1946 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1947 goto err;
1948 }
1949
1950 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1951 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1952 goto err;
1953 }
1954
1955 /* XSO refs QC */
1956 if (!SSL_up_ref(&qc->ssl)) {
1957 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1958 goto err;
1959 }
1960
1961 xso->conn = qc;
1962 xso->ssl_mode = qc->default_ssl_mode;
1963 xso->ssl_options
1964 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1965 xso->last_error = SSL_ERROR_NONE;
1966
1967 xso->stream = qs;
1968
1969 ++qc->num_xso;
1970 xso_update_options(xso);
1971 return xso;
1972
1973 err:
1974 OPENSSL_free(xso);
1975 return NULL;
1976 }
1977
1978 struct quic_new_stream_wait_args {
1979 QUIC_CONNECTION *qc;
1980 int is_uni;
1981 };
1982
quic_new_stream_wait(void * arg)1983 static int quic_new_stream_wait(void *arg)
1984 {
1985 struct quic_new_stream_wait_args *args = arg;
1986 QUIC_CONNECTION *qc = args->qc;
1987
1988 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1989 return -1;
1990
1991 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1992 return 1;
1993
1994 return 0;
1995 }
1996
1997 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)1998 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1999 {
2000 int ret;
2001 QUIC_CONNECTION *qc = ctx->qc;
2002 QUIC_XSO *xso = NULL;
2003 QUIC_STREAM *qs = NULL;
2004 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2005 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2006 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2007
2008 if (need_lock)
2009 quic_lock(qc);
2010
2011 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2012 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2013 goto err;
2014 }
2015
2016 if (!advance
2017 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2018 struct quic_new_stream_wait_args args;
2019
2020 /*
2021 * Stream count flow control currently doesn't permit this stream to be
2022 * opened.
2023 */
2024 if (no_blocking || !qc_blocking_mode(qc)) {
2025 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2026 goto err;
2027 }
2028
2029 args.qc = qc;
2030 args.is_uni = is_uni;
2031
2032 /* Blocking mode - wait until we can get a stream. */
2033 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2034 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2035 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2036 goto err; /* Shutdown before completion */
2037 } else if (ret <= 0) {
2038 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2039 goto err; /* Non-protocol error */
2040 }
2041 }
2042
2043 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2044 if (qs == NULL) {
2045 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2046 goto err;
2047 }
2048
2049 xso = create_xso_from_stream(qc, qs);
2050 if (xso == NULL)
2051 goto err;
2052
2053 qc_touch_default_xso(qc); /* inhibits default XSO */
2054 if (need_lock)
2055 quic_unlock(qc);
2056
2057 return &xso->ssl;
2058
2059 err:
2060 OPENSSL_free(xso);
2061 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2062 if (need_lock)
2063 quic_unlock(qc);
2064
2065 return NULL;
2066
2067 }
2068
2069 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2070 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2071 {
2072 QCTX ctx;
2073
2074 if (!expect_quic_conn_only(s, &ctx))
2075 return NULL;
2076
2077 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2078 }
2079
2080 /*
2081 * QUIC Front-End I/O API: Steady-State Operations
2082 * ===============================================
2083 *
2084 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2085 * is, the functions used during the established phase of a QUIC connection
2086 * (e.g. SSL_read, SSL_write).
2087 *
2088 * Each function must handle both blocking and non-blocking modes. As discussed
2089 * above, all QUIC I/O is implemented using non-blocking mode internally.
2090 *
2091 * SSL_get_error => partially implemented by ossl_quic_get_error
2092 * SSL_want => ossl_quic_want
2093 * (BIO/)SSL_read => ossl_quic_read
2094 * (BIO/)SSL_write => ossl_quic_write
2095 * SSL_pending => ossl_quic_pending
2096 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2097 * SSL_key_update => ossl_quic_key_update
2098 */
2099
2100 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2101 int ossl_quic_get_error(const SSL *s, int i)
2102 {
2103 QCTX ctx;
2104 int net_error, last_error;
2105
2106 if (!expect_quic(s, &ctx))
2107 return 0;
2108
2109 quic_lock(ctx.qc);
2110 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2111 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2112 quic_unlock(ctx.qc);
2113
2114 if (net_error)
2115 return SSL_ERROR_SYSCALL;
2116
2117 return last_error;
2118 }
2119
2120 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2121 static int error_to_want(int error)
2122 {
2123 switch (error) {
2124 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2125 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2126 case SSL_ERROR_ZERO_RETURN:
2127 default:
2128 return SSL_NOTHING;
2129
2130 case SSL_ERROR_WANT_READ:
2131 return SSL_READING;
2132
2133 case SSL_ERROR_WANT_WRITE:
2134 return SSL_WRITING;
2135
2136 case SSL_ERROR_WANT_RETRY_VERIFY:
2137 return SSL_RETRY_VERIFY;
2138
2139 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2140 return SSL_CLIENT_HELLO_CB;
2141
2142 case SSL_ERROR_WANT_X509_LOOKUP:
2143 return SSL_X509_LOOKUP;
2144 }
2145 }
2146
2147 /* SSL_want */
ossl_quic_want(const SSL * s)2148 int ossl_quic_want(const SSL *s)
2149 {
2150 QCTX ctx;
2151 int w;
2152
2153 if (!expect_quic(s, &ctx))
2154 return SSL_NOTHING;
2155
2156 quic_lock(ctx.qc);
2157
2158 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2159
2160 quic_unlock(ctx.qc);
2161 return w;
2162 }
2163
2164 /*
2165 * SSL_write
2166 * ---------
2167 *
2168 * The set of functions below provide the implementation of the public SSL_write
2169 * function. We must handle:
2170 *
2171 * - both blocking and non-blocking operation at the application level,
2172 * depending on how we are configured;
2173 *
2174 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2175 *
2176 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2177 *
2178 */
2179 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2180 static void quic_post_write(QUIC_XSO *xso, int did_append,
2181 int did_append_all, uint64_t flags,
2182 int do_tick)
2183 {
2184 /*
2185 * We have appended at least one byte to the stream.
2186 * Potentially mark stream as active, depending on FC.
2187 */
2188 if (did_append)
2189 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2190 xso->stream);
2191
2192 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2193 ossl_quic_sstream_fin(xso->stream->sstream);
2194
2195 /*
2196 * Try and send.
2197 *
2198 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2199 * immediately, plus we should eventually consider Nagle's algorithm.
2200 */
2201 if (do_tick)
2202 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2203 }
2204
2205 struct quic_write_again_args {
2206 QUIC_XSO *xso;
2207 const unsigned char *buf;
2208 size_t len;
2209 size_t total_written;
2210 int err;
2211 uint64_t flags;
2212 };
2213
2214 /*
2215 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2216 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2217 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2218 */
2219 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2220
2221 /*
2222 * Ensure spare buffer space available (up until a limit, at least).
2223 */
2224 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2225 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2226 {
2227 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2228 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2229 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2230 size_t new_sz, growth;
2231
2232 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2233 return 1;
2234
2235 growth = spare_ - avail;
2236 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2237 new_sz = MAX_WRITE_BUF_SIZE;
2238 else
2239 new_sz = cur_sz + growth;
2240
2241 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2242 }
2243
2244 /*
2245 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2246 * as needed according to flow control.
2247 */
2248 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2249 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2250 size_t len, size_t *actual_written)
2251 {
2252 QUIC_SSTREAM *sstream = xso->stream->sstream;
2253 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2254 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2255 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2256
2257 if (len > permitted)
2258 len = (size_t)permitted;
2259
2260 if (!sstream_ensure_spare(sstream, len))
2261 return 0;
2262
2263 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2264 }
2265
2266 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2267 static int quic_write_again(void *arg)
2268 {
2269 struct quic_write_again_args *args = arg;
2270 size_t actual_written = 0;
2271
2272 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2273 /* If connection is torn down due to an error while blocking, stop. */
2274 return -2;
2275
2276 if (!quic_validate_for_write(args->xso, &args->err))
2277 /*
2278 * Stream may have become invalid for write due to connection events
2279 * while we blocked.
2280 */
2281 return -2;
2282
2283 args->err = ERR_R_INTERNAL_ERROR;
2284 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2285 return -2;
2286
2287 quic_post_write(args->xso, actual_written > 0,
2288 args->len == actual_written, args->flags, 0);
2289
2290 args->buf += actual_written;
2291 args->len -= actual_written;
2292 args->total_written += actual_written;
2293
2294 if (args->len == 0)
2295 /* Written everything, done. */
2296 return 1;
2297
2298 /* Not written everything yet, keep trying. */
2299 return 0;
2300 }
2301
2302 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2303 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2304 uint64_t flags, size_t *written)
2305 {
2306 int res;
2307 QUIC_XSO *xso = ctx->xso;
2308 struct quic_write_again_args args;
2309 size_t actual_written = 0;
2310
2311 /* First make a best effort to append as much of the data as possible. */
2312 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2313 /* Stream already finished or allocation error. */
2314 *written = 0;
2315 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2316 }
2317
2318 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2319
2320 /*
2321 * Record however much data we wrote
2322 */
2323 *written = actual_written;
2324
2325 if (actual_written == len) {
2326 /* Managed to append everything on the first try. */
2327 return 1;
2328 }
2329
2330 /*
2331 * We did not manage to append all of the data immediately, so the stream
2332 * buffer has probably filled up. This means we need to block until some of
2333 * it is freed up.
2334 */
2335 args.xso = xso;
2336 args.buf = (const unsigned char *)buf + actual_written;
2337 args.len = len - actual_written;
2338 args.total_written = 0;
2339 args.err = ERR_R_INTERNAL_ERROR;
2340 args.flags = flags;
2341
2342 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2343 if (res <= 0) {
2344 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2345 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2346 else
2347 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2348 }
2349
2350 /*
2351 * When waiting on extra buffer space to be available, args.total_written
2352 * holds the amount of remaining data we requested to write, which will be
2353 * something less than the len parameter passed in, however much we wrote
2354 * here, add it to the value that we wrote when we initially called
2355 * xso_sstream_append
2356 */
2357 *written += args.total_written;
2358 return 1;
2359 }
2360
2361 /*
2362 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2363 * write semantics.
2364 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2365 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2366 size_t buf_len, size_t already_sent)
2367 {
2368 assert(!xso->aon_write_in_progress);
2369
2370 xso->aon_write_in_progress = 1;
2371 xso->aon_buf_base = buf;
2372 xso->aon_buf_pos = already_sent;
2373 xso->aon_buf_len = buf_len;
2374 }
2375
aon_write_finish(QUIC_XSO * xso)2376 static void aon_write_finish(QUIC_XSO *xso)
2377 {
2378 xso->aon_write_in_progress = 0;
2379 xso->aon_buf_base = NULL;
2380 xso->aon_buf_pos = 0;
2381 xso->aon_buf_len = 0;
2382 }
2383
2384 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2385 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2386 size_t len, uint64_t flags,
2387 size_t *written)
2388 {
2389 QUIC_XSO *xso = ctx->xso;
2390 const void *actual_buf;
2391 size_t actual_len, actual_written = 0;
2392 int accept_moving_buffer
2393 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2394
2395 if (xso->aon_write_in_progress) {
2396 /*
2397 * We are in the middle of an AON write (i.e., a previous write did not
2398 * manage to append all data to the SSTREAM and we have Enable Partial
2399 * Write (EPW) mode disabled.)
2400 */
2401 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2402 || len != xso->aon_buf_len)
2403 /*
2404 * Pointer must not have changed if we are not in accept moving
2405 * buffer mode. Length must never change.
2406 */
2407 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2408
2409 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2410 actual_len = len - xso->aon_buf_pos;
2411 assert(actual_len > 0);
2412 } else {
2413 actual_buf = buf;
2414 actual_len = len;
2415 }
2416
2417 /* First make a best effort to append as much of the data as possible. */
2418 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2419 /* Stream already finished or allocation error. */
2420 *written = 0;
2421 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2422 }
2423
2424 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2425 flags, qctx_should_autotick(ctx));
2426
2427 if (actual_written == actual_len) {
2428 /* We have sent everything. */
2429 if (xso->aon_write_in_progress) {
2430 /*
2431 * We have sent everything, and we were in the middle of an AON
2432 * write. The output write length is the total length of the AON
2433 * buffer, not however many bytes we managed to write to the stream
2434 * in this call.
2435 */
2436 *written = xso->aon_buf_len;
2437 aon_write_finish(xso);
2438 } else {
2439 *written = actual_written;
2440 }
2441
2442 return 1;
2443 }
2444
2445 if (xso->aon_write_in_progress) {
2446 /*
2447 * AON write is in progress but we have not written everything yet. We
2448 * may have managed to send zero bytes, or some number of bytes less
2449 * than the total remaining which need to be appended during this
2450 * AON operation.
2451 */
2452 xso->aon_buf_pos += actual_written;
2453 assert(xso->aon_buf_pos < xso->aon_buf_len);
2454 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2455 }
2456
2457 /*
2458 * Not in an existing AON operation but partial write is not enabled, so we
2459 * need to begin a new AON operation. However we needn't bother if we didn't
2460 * actually append anything.
2461 */
2462 if (actual_written > 0)
2463 aon_write_begin(xso, buf, len, actual_written);
2464
2465 /*
2466 * AON - We do not publicly admit to having appended anything until AON
2467 * completes.
2468 */
2469 *written = 0;
2470 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2471 }
2472
2473 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2474 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2475 uint64_t flags, size_t *written)
2476 {
2477 QUIC_XSO *xso = ctx->xso;
2478
2479 /* Simple best effort operation. */
2480 if (!xso_sstream_append(xso, buf, len, written)) {
2481 /* Stream already finished or allocation error. */
2482 *written = 0;
2483 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2484 }
2485
2486 quic_post_write(xso, *written > 0, *written == len, flags,
2487 qctx_should_autotick(ctx));
2488
2489 if (*written == 0)
2490 /* SSL_write_ex returns 0 if it didn't read anything. */
2491 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2492
2493 return 1;
2494 }
2495
2496 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2497 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2498 {
2499 QUIC_STREAM_MAP *qsm;
2500
2501 if (xso == NULL || xso->stream == NULL) {
2502 *err = ERR_R_INTERNAL_ERROR;
2503 return 0;
2504 }
2505
2506 switch (xso->stream->send_state) {
2507 default:
2508 case QUIC_SSTREAM_STATE_NONE:
2509 *err = SSL_R_STREAM_RECV_ONLY;
2510 return 0;
2511
2512 case QUIC_SSTREAM_STATE_READY:
2513 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2514
2515 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2516 *err = ERR_R_INTERNAL_ERROR;
2517 return 0;
2518 }
2519
2520 /* FALLTHROUGH */
2521 case QUIC_SSTREAM_STATE_SEND:
2522 case QUIC_SSTREAM_STATE_DATA_SENT:
2523 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2524 *err = SSL_R_STREAM_FINISHED;
2525 return 0;
2526 }
2527 return 1;
2528
2529 case QUIC_SSTREAM_STATE_DATA_RECVD:
2530 *err = SSL_R_STREAM_FINISHED;
2531 return 0;
2532
2533 case QUIC_SSTREAM_STATE_RESET_SENT:
2534 case QUIC_SSTREAM_STATE_RESET_RECVD:
2535 *err = SSL_R_STREAM_RESET;
2536 return 0;
2537 }
2538 }
2539
2540 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2541 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2542 uint64_t flags, size_t *written)
2543 {
2544 int ret;
2545 QCTX ctx;
2546 int partial_write, err;
2547
2548 *written = 0;
2549
2550 if (len == 0) {
2551 /* Do not autocreate default XSO for zero-length writes. */
2552 if (!expect_quic(s, &ctx))
2553 return 0;
2554
2555 quic_lock_for_io(&ctx);
2556 } else {
2557 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2558 return 0;
2559 }
2560
2561 partial_write = ((ctx.xso != NULL)
2562 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0);
2563
2564 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2565 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2566 goto out;
2567 }
2568
2569 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2570 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2571 goto out;
2572 }
2573
2574 /*
2575 * If we haven't finished the handshake, try to advance it.
2576 * We don't accept writes until the handshake is completed.
2577 */
2578 if (quic_do_handshake(&ctx) < 1) {
2579 ret = 0;
2580 goto out;
2581 }
2582
2583 /* Ensure correct stream state, stream send part not concluded, etc. */
2584 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2585 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2586 goto out;
2587 }
2588
2589 if (len == 0) {
2590 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2591 quic_post_write(ctx.xso, 0, 1, flags,
2592 qctx_should_autotick(&ctx));
2593
2594 ret = 1;
2595 goto out;
2596 }
2597
2598 if (xso_blocking_mode(ctx.xso))
2599 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2600 else if (partial_write)
2601 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2602 else
2603 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2604
2605 out:
2606 quic_unlock(ctx.qc);
2607 return ret;
2608 }
2609
2610 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2611 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2612 {
2613 return ossl_quic_write_flags(s, buf, len, 0, written);
2614 }
2615
2616 /*
2617 * SSL_read
2618 * --------
2619 */
2620 struct quic_read_again_args {
2621 QCTX *ctx;
2622 QUIC_STREAM *stream;
2623 void *buf;
2624 size_t len;
2625 size_t *bytes_read;
2626 int peek;
2627 };
2628
2629 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2630 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2631 {
2632 QUIC_STREAM_MAP *qsm;
2633
2634 *eos = 0;
2635
2636 if (xso == NULL || xso->stream == NULL) {
2637 *err = ERR_R_INTERNAL_ERROR;
2638 return 0;
2639 }
2640
2641 switch (xso->stream->recv_state) {
2642 default:
2643 case QUIC_RSTREAM_STATE_NONE:
2644 *err = SSL_R_STREAM_SEND_ONLY;
2645 return 0;
2646
2647 case QUIC_RSTREAM_STATE_RECV:
2648 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2649 case QUIC_RSTREAM_STATE_DATA_RECVD:
2650 return 1;
2651
2652 case QUIC_RSTREAM_STATE_DATA_READ:
2653 *eos = 1;
2654 return 0;
2655
2656 case QUIC_RSTREAM_STATE_RESET_RECVD:
2657 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2658 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2659
2660 /* FALLTHROUGH */
2661 case QUIC_RSTREAM_STATE_RESET_READ:
2662 *err = SSL_R_STREAM_RESET;
2663 return 0;
2664 }
2665 }
2666
2667 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2668 static int quic_read_actual(QCTX *ctx,
2669 QUIC_STREAM *stream,
2670 void *buf, size_t buf_len,
2671 size_t *bytes_read,
2672 int peek)
2673 {
2674 int is_fin = 0, err, eos;
2675 QUIC_CONNECTION *qc = ctx->qc;
2676
2677 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2678 if (eos) {
2679 ctx->xso->retired_fin = 1;
2680 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2681 } else {
2682 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2683 }
2684 }
2685
2686 if (peek) {
2687 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2688 bytes_read, &is_fin))
2689 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2690
2691 } else {
2692 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2693 bytes_read, &is_fin))
2694 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2695 }
2696
2697 if (!peek) {
2698 if (*bytes_read > 0) {
2699 /*
2700 * We have read at least one byte from the stream. Inform stream-level
2701 * RXFC of the retirement of controlled bytes. Update the active stream
2702 * status (the RXFC may now want to emit a frame granting more credit to
2703 * the peer).
2704 */
2705 OSSL_RTT_INFO rtt_info;
2706
2707 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2708
2709 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2710 rtt_info.smoothed_rtt))
2711 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2712 }
2713
2714 if (is_fin && !peek) {
2715 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2716
2717 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2718 }
2719
2720 if (*bytes_read > 0)
2721 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2722 stream);
2723 }
2724
2725 if (*bytes_read == 0 && is_fin) {
2726 ctx->xso->retired_fin = 1;
2727 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2728 }
2729
2730 return 1;
2731 }
2732
2733 QUIC_NEEDS_LOCK
quic_read_again(void * arg)2734 static int quic_read_again(void *arg)
2735 {
2736 struct quic_read_again_args *args = arg;
2737
2738 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2739 /* If connection is torn down due to an error while blocking, stop. */
2740 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2741 return -1;
2742 }
2743
2744 if (!quic_read_actual(args->ctx, args->stream,
2745 args->buf, args->len, args->bytes_read,
2746 args->peek))
2747 return -1;
2748
2749 if (*args->bytes_read > 0)
2750 /* got at least one byte, the SSL_read op can finish now */
2751 return 1;
2752
2753 return 0; /* did not read anything, keep trying */
2754 }
2755
2756 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)2757 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2758 {
2759 int ret, res;
2760 QCTX ctx;
2761 struct quic_read_again_args args;
2762
2763 *bytes_read = 0;
2764
2765 if (!expect_quic(s, &ctx))
2766 return 0;
2767
2768 quic_lock_for_io(&ctx);
2769
2770 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2771 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2772 goto out;
2773 }
2774
2775 /* If we haven't finished the handshake, try to advance it. */
2776 if (quic_do_handshake(&ctx) < 1) {
2777 ret = 0; /* ossl_quic_do_handshake raised error here */
2778 goto out;
2779 }
2780
2781 if (ctx.xso == NULL) {
2782 /*
2783 * Called on a QCSO and we don't currently have a default stream.
2784 *
2785 * Wait until we get a stream initiated by the peer (blocking mode) or
2786 * fail if we don't have one yet (non-blocking mode).
2787 */
2788 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
2789 ret = 0; /* error already raised here */
2790 goto out;
2791 }
2792
2793 ctx.xso = ctx.qc->default_xso;
2794 }
2795
2796 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2797 ret = 0; /* quic_read_actual raised error here */
2798 goto out;
2799 }
2800
2801 if (*bytes_read > 0) {
2802 /*
2803 * Even though we succeeded, tick the reactor here to ensure we are
2804 * handling other aspects of the QUIC connection.
2805 */
2806 qctx_maybe_autotick(&ctx);
2807 ret = 1;
2808 } else if (xso_blocking_mode(ctx.xso)) {
2809 /*
2810 * We were not able to read anything immediately, so our stream
2811 * buffer is empty. This means we need to block until we get
2812 * at least one byte.
2813 */
2814 args.ctx = &ctx;
2815 args.stream = ctx.xso->stream;
2816 args.buf = buf;
2817 args.len = len;
2818 args.bytes_read = bytes_read;
2819 args.peek = peek;
2820
2821 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2822 if (res == 0) {
2823 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2824 goto out;
2825 } else if (res < 0) {
2826 ret = 0; /* quic_read_again raised error here */
2827 goto out;
2828 }
2829
2830 ret = 1;
2831 } else {
2832 /*
2833 * We did not get any bytes and are not in blocking mode.
2834 * Tick to see if this delivers any more.
2835 */
2836 qctx_maybe_autotick(&ctx);
2837
2838 /* Try the read again. */
2839 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2840 ret = 0; /* quic_read_actual raised error here */
2841 goto out;
2842 }
2843
2844 if (*bytes_read > 0)
2845 ret = 1; /* Succeeded this time. */
2846 else
2847 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2848 }
2849
2850 out:
2851 quic_unlock(ctx.qc);
2852 return ret;
2853 }
2854
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)2855 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2856 {
2857 return quic_read(s, buf, len, bytes_read, 0);
2858 }
2859
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)2860 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2861 {
2862 return quic_read(s, buf, len, bytes_read, 1);
2863 }
2864
2865 /*
2866 * SSL_pending
2867 * -----------
2868 */
2869
2870 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)2871 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2872 {
2873 QCTX ctx;
2874 size_t avail = 0;
2875
2876 if (!expect_quic(s, &ctx))
2877 return 0;
2878
2879 quic_lock(ctx.qc);
2880
2881 if (!ctx.qc->started)
2882 goto out;
2883
2884 if (ctx.xso == NULL) {
2885 /* No XSO yet, but there might be a default XSO eligible to be created. */
2886 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
2887 ctx.xso = ctx.qc->default_xso;
2888 } else {
2889 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2890 goto out;
2891 }
2892 }
2893
2894 if (ctx.xso->stream == NULL) {
2895 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2896 goto out;
2897 }
2898
2899 if (check_channel)
2900 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2901 /*include_fin=*/1)
2902 || ossl_quic_channel_has_pending(ctx.qc->ch)
2903 || ossl_quic_channel_is_term_any(ctx.qc->ch);
2904 else
2905 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2906 /*include_fin=*/0);
2907
2908 out:
2909 quic_unlock(ctx.qc);
2910 return avail;
2911 }
2912
ossl_quic_pending(const SSL * s)2913 size_t ossl_quic_pending(const SSL *s)
2914 {
2915 return ossl_quic_pending_int(s, /*check_channel=*/0);
2916 }
2917
ossl_quic_has_pending(const SSL * s)2918 int ossl_quic_has_pending(const SSL *s)
2919 {
2920 /* Do we have app-side pending data or pending URXEs or RXEs? */
2921 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2922 }
2923
2924 /*
2925 * SSL_stream_conclude
2926 * -------------------
2927 */
2928 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)2929 int ossl_quic_conn_stream_conclude(SSL *s)
2930 {
2931 QCTX ctx;
2932 QUIC_STREAM *qs;
2933 int err;
2934
2935 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2936 return 0;
2937
2938 qs = ctx.xso->stream;
2939
2940 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2941 quic_unlock(ctx.qc);
2942 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2943 }
2944
2945 if (!quic_validate_for_write(ctx.xso, &err)) {
2946 quic_unlock(ctx.qc);
2947 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2948 }
2949
2950 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2951 quic_unlock(ctx.qc);
2952 return 1;
2953 }
2954
2955 ossl_quic_sstream_fin(qs->sstream);
2956 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
2957 quic_unlock(ctx.qc);
2958 return 1;
2959 }
2960
2961 /*
2962 * SSL_inject_net_dgram
2963 * --------------------
2964 */
2965 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)2966 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2967 size_t buf_len,
2968 const BIO_ADDR *peer,
2969 const BIO_ADDR *local)
2970 {
2971 int ret;
2972 QCTX ctx;
2973 QUIC_DEMUX *demux;
2974
2975 if (!expect_quic(s, &ctx))
2976 return 0;
2977
2978 quic_lock(ctx.qc);
2979
2980 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2981 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2982
2983 quic_unlock(ctx.qc);
2984 return ret;
2985 }
2986
2987 /*
2988 * SSL_get0_connection
2989 * -------------------
2990 */
ossl_quic_get0_connection(SSL * s)2991 SSL *ossl_quic_get0_connection(SSL *s)
2992 {
2993 QCTX ctx;
2994
2995 if (!expect_quic(s, &ctx))
2996 return NULL;
2997
2998 return &ctx.qc->ssl;
2999 }
3000
3001 /*
3002 * SSL_get_stream_type
3003 * -------------------
3004 */
ossl_quic_get_stream_type(SSL * s)3005 int ossl_quic_get_stream_type(SSL *s)
3006 {
3007 QCTX ctx;
3008
3009 if (!expect_quic(s, &ctx))
3010 return SSL_STREAM_TYPE_BIDI;
3011
3012 if (ctx.xso == NULL) {
3013 /*
3014 * If deferred XSO creation has yet to occur, proceed according to the
3015 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
3016 * what kind of stream will be created yet, so return BIDI on the basis
3017 * that at this time, the client still has the option of calling
3018 * SSL_read() or SSL_write() first.
3019 */
3020 if (ctx.qc->default_xso_created
3021 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3022 return SSL_STREAM_TYPE_NONE;
3023 else
3024 return SSL_STREAM_TYPE_BIDI;
3025 }
3026
3027 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3028 return SSL_STREAM_TYPE_BIDI;
3029
3030 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3031 return SSL_STREAM_TYPE_READ;
3032 else
3033 return SSL_STREAM_TYPE_WRITE;
3034 }
3035
3036 /*
3037 * SSL_get_stream_id
3038 * -----------------
3039 */
3040 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3041 uint64_t ossl_quic_get_stream_id(SSL *s)
3042 {
3043 QCTX ctx;
3044 uint64_t id;
3045
3046 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3047 return UINT64_MAX;
3048
3049 id = ctx.xso->stream->id;
3050 quic_unlock(ctx.qc);
3051
3052 return id;
3053 }
3054
3055 /*
3056 * SSL_is_stream_local
3057 * -------------------
3058 */
3059 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3060 int ossl_quic_is_stream_local(SSL *s)
3061 {
3062 QCTX ctx;
3063 int is_local;
3064
3065 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3066 return -1;
3067
3068 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3069 quic_unlock(ctx.qc);
3070
3071 return is_local;
3072 }
3073
3074 /*
3075 * SSL_set_default_stream_mode
3076 * ---------------------------
3077 */
3078 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3079 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3080 {
3081 QCTX ctx;
3082
3083 if (!expect_quic_conn_only(s, &ctx))
3084 return 0;
3085
3086 quic_lock(ctx.qc);
3087
3088 if (ctx.qc->default_xso_created) {
3089 quic_unlock(ctx.qc);
3090 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3091 "too late to change default stream mode");
3092 }
3093
3094 switch (mode) {
3095 case SSL_DEFAULT_STREAM_MODE_NONE:
3096 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3097 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3098 ctx.qc->default_stream_mode = mode;
3099 break;
3100 default:
3101 quic_unlock(ctx.qc);
3102 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3103 "bad default stream type");
3104 }
3105
3106 quic_unlock(ctx.qc);
3107 return 1;
3108 }
3109
3110 /*
3111 * SSL_detach_stream
3112 * -----------------
3113 */
3114 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3115 SSL *ossl_quic_detach_stream(SSL *s)
3116 {
3117 QCTX ctx;
3118 QUIC_XSO *xso = NULL;
3119
3120 if (!expect_quic_conn_only(s, &ctx))
3121 return NULL;
3122
3123 quic_lock(ctx.qc);
3124
3125 /* Calling this function inhibits default XSO autocreation. */
3126 /* QC ref to any default XSO is transferred to us and to caller. */
3127 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3128
3129 quic_unlock(ctx.qc);
3130
3131 return xso != NULL ? &xso->ssl : NULL;
3132 }
3133
3134 /*
3135 * SSL_attach_stream
3136 * -----------------
3137 */
3138 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3139 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3140 {
3141 QCTX ctx;
3142 QUIC_XSO *xso;
3143 int nref;
3144
3145 if (!expect_quic_conn_only(conn, &ctx))
3146 return 0;
3147
3148 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3149 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3150 "stream to attach must be a valid QUIC stream");
3151
3152 xso = (QUIC_XSO *)stream;
3153
3154 quic_lock(ctx.qc);
3155
3156 if (ctx.qc->default_xso != NULL) {
3157 quic_unlock(ctx.qc);
3158 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3159 "connection already has a default stream");
3160 }
3161
3162 /*
3163 * It is a caller error for the XSO being attached as a default XSO to have
3164 * more than one ref.
3165 */
3166 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3167 quic_unlock(ctx.qc);
3168 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3169 "ref");
3170 }
3171
3172 if (nref != 1) {
3173 quic_unlock(ctx.qc);
3174 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3175 "stream being attached must have "
3176 "only 1 reference");
3177 }
3178
3179 /* Caller's reference to the XSO is transferred to us. */
3180 /* Calling this function inhibits default XSO autocreation. */
3181 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3182
3183 quic_unlock(ctx.qc);
3184 return 1;
3185 }
3186
3187 /*
3188 * SSL_set_incoming_stream_policy
3189 * ------------------------------
3190 */
3191 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3192 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3193 {
3194 switch (qc->incoming_stream_policy) {
3195 case SSL_INCOMING_STREAM_POLICY_AUTO:
3196 if ((qc->default_xso == NULL && !qc->default_xso_created)
3197 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3198 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3199 else
3200 return SSL_INCOMING_STREAM_POLICY_REJECT;
3201
3202 default:
3203 return qc->incoming_stream_policy;
3204 }
3205 }
3206
3207 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3208 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3209 {
3210 int policy = qc_get_effective_incoming_stream_policy(qc);
3211 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3212
3213 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3214 enable_reject,
3215 qc->incoming_stream_aec);
3216 }
3217
3218 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3219 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3220 uint64_t aec)
3221 {
3222 int ret = 1;
3223 QCTX ctx;
3224
3225 if (!expect_quic_conn_only(s, &ctx))
3226 return 0;
3227
3228 quic_lock(ctx.qc);
3229
3230 switch (policy) {
3231 case SSL_INCOMING_STREAM_POLICY_AUTO:
3232 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3233 case SSL_INCOMING_STREAM_POLICY_REJECT:
3234 ctx.qc->incoming_stream_policy = policy;
3235 ctx.qc->incoming_stream_aec = aec;
3236 break;
3237
3238 default:
3239 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3240 ret = 0;
3241 break;
3242 }
3243
3244 qc_update_reject_policy(ctx.qc);
3245 quic_unlock(ctx.qc);
3246 return ret;
3247 }
3248
3249 /*
3250 * SSL_get_value, SSL_set_value
3251 * ----------------------------
3252 */
3253 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3254 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3255 uint64_t *p_value_out, uint64_t *p_value_in)
3256 {
3257 int ret = 0;
3258 uint64_t value_out = 0, value_in;
3259
3260 quic_lock(ctx->qc);
3261
3262 switch (class_) {
3263 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3264 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3265
3266 if (p_value_in != NULL) {
3267 value_in = *p_value_in;
3268 if (value_in > OSSL_QUIC_VLINT_MAX) {
3269 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3270 NULL);
3271 goto err;
3272 }
3273
3274 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3275 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3276 NULL);
3277 goto err;
3278 }
3279
3280 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3281 }
3282 break;
3283
3284 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3285 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3286 if (p_value_in != NULL) {
3287 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3288 NULL);
3289 goto err;
3290 }
3291
3292 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3293 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3294 NULL);
3295 goto err;
3296 }
3297
3298 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3299 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3300 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3301 break;
3302
3303 default:
3304 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3305 NULL);
3306 goto err;
3307 }
3308
3309 ret = 1;
3310 err:
3311 quic_unlock(ctx->qc);
3312 if (ret && p_value_out != NULL)
3313 *p_value_out = value_out;
3314
3315 return ret;
3316 }
3317
3318 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3319 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3320 int is_uni, int is_remote,
3321 uint64_t *value)
3322 {
3323 int ret = 0;
3324
3325 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3326 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3327 NULL);
3328 return 0;
3329 }
3330
3331 quic_lock(ctx->qc);
3332
3333 *value = is_remote
3334 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3335 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3336
3337 ret = 1;
3338 quic_unlock(ctx->qc);
3339 return ret;
3340 }
3341
3342 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3343 static int qctx_should_autotick(QCTX *ctx)
3344 {
3345 int event_handling_mode;
3346
3347 if (ctx->is_stream) {
3348 event_handling_mode = ctx->xso->event_handling_mode;
3349 if (event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_INHERIT)
3350 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3351 }
3352
3353 event_handling_mode = ctx->qc->event_handling_mode;
3354 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3355 }
3356
3357 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3358 static void qctx_maybe_autotick(QCTX *ctx)
3359 {
3360 if (!qctx_should_autotick(ctx))
3361 return;
3362
3363 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx->qc->ch), 0);
3364 }
3365
3366 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3367 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3368 uint64_t *p_value_out,
3369 uint64_t *p_value_in)
3370 {
3371 int ret = 0;
3372 uint64_t value_out = 0;
3373
3374 quic_lock(ctx->qc);
3375
3376 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3377 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3378 NULL);
3379 goto err;
3380 }
3381
3382 if (p_value_in != NULL) {
3383 switch (*p_value_in) {
3384 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3385 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3386 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3387 break;
3388 default:
3389 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3390 NULL);
3391 goto err;
3392 }
3393
3394 value_out = *p_value_in;
3395 if (ctx->is_stream)
3396 ctx->xso->event_handling_mode = (int)value_out;
3397 else
3398 ctx->qc->event_handling_mode = (int)value_out;
3399 } else {
3400 value_out = ctx->is_stream
3401 ? ctx->xso->event_handling_mode
3402 : ctx->qc->event_handling_mode;
3403 }
3404
3405 ret = 1;
3406 err:
3407 quic_unlock(ctx->qc);
3408 if (ret && p_value_out != NULL)
3409 *p_value_out = value_out;
3410
3411 return ret;
3412 }
3413
3414 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3415 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3416 uint64_t *p_value_out,
3417 size_t (*getter)(QUIC_SSTREAM *sstream))
3418 {
3419 int ret = 0;
3420 size_t value = 0;
3421
3422 quic_lock(ctx->qc);
3423
3424 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3425 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3426 NULL);
3427 goto err;
3428 }
3429
3430 if (ctx->xso == NULL) {
3431 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3432 goto err;
3433 }
3434
3435 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3436 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3437 goto err;
3438 }
3439
3440 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3441 value = getter(ctx->xso->stream->sstream);
3442
3443 ret = 1;
3444 err:
3445 quic_unlock(ctx->qc);
3446 *p_value_out = (uint64_t)value;
3447 return ret;
3448 }
3449
3450 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3451 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3452 {
3453 switch (id) {
3454 case SSL_VALUE_EVENT_HANDLING_MODE:
3455 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3456 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3457 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3458 return expect_quic(s, ctx);
3459 default:
3460 return expect_quic_conn_only(s, ctx);
3461 }
3462 }
3463
3464 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3465 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3466 uint64_t *value)
3467 {
3468 QCTX ctx;
3469
3470 if (!expect_quic_for_value(s, &ctx, id))
3471 return 0;
3472
3473 if (value == NULL)
3474 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3475 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3476
3477 switch (id) {
3478 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3479 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3480
3481 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3482 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3483 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3484 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3485 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3486 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3487 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3488 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3489
3490 case SSL_VALUE_EVENT_HANDLING_MODE:
3491 return qc_getset_event_handling(&ctx, class_, value, NULL);
3492
3493 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3494 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3495 ossl_quic_sstream_get_buffer_size);
3496 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3497 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3498 ossl_quic_sstream_get_buffer_used);
3499 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3500 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3501 ossl_quic_sstream_get_buffer_avail);
3502
3503 default:
3504 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3505 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3506 }
3507
3508 return 1;
3509 }
3510
3511 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3512 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3513 uint64_t value)
3514 {
3515 QCTX ctx;
3516
3517 if (!expect_quic_for_value(s, &ctx, id))
3518 return 0;
3519
3520 switch (id) {
3521 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3522 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3523
3524 case SSL_VALUE_EVENT_HANDLING_MODE:
3525 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3526
3527 default:
3528 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3529 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3530 }
3531
3532 return 1;
3533 }
3534
3535 /*
3536 * SSL_accept_stream
3537 * -----------------
3538 */
3539 struct wait_for_incoming_stream_args {
3540 QCTX *ctx;
3541 QUIC_STREAM *qs;
3542 };
3543
3544 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3545 static int wait_for_incoming_stream(void *arg)
3546 {
3547 struct wait_for_incoming_stream_args *args = arg;
3548 QUIC_CONNECTION *qc = args->ctx->qc;
3549 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3550
3551 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3552 /* If connection is torn down due to an error while blocking, stop. */
3553 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3554 return -1;
3555 }
3556
3557 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3558 if (args->qs != NULL)
3559 return 1; /* got a stream */
3560
3561 return 0; /* did not get a stream, keep trying */
3562 }
3563
3564 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3565 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3566 {
3567 QCTX ctx;
3568 int ret;
3569 SSL *new_s = NULL;
3570 QUIC_STREAM_MAP *qsm;
3571 QUIC_STREAM *qs;
3572 QUIC_XSO *xso;
3573 OSSL_RTT_INFO rtt_info;
3574
3575 if (!expect_quic_conn_only(s, &ctx))
3576 return NULL;
3577
3578 quic_lock(ctx.qc);
3579
3580 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3581 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3582 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3583 goto out;
3584 }
3585
3586 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3587
3588 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3589 if (qs == NULL) {
3590 if (qc_blocking_mode(ctx.qc)
3591 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3592 struct wait_for_incoming_stream_args args;
3593
3594 args.ctx = &ctx;
3595 args.qs = NULL;
3596
3597 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3598 if (ret == 0) {
3599 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3600 goto out;
3601 } else if (ret < 0 || args.qs == NULL) {
3602 goto out;
3603 }
3604
3605 qs = args.qs;
3606 } else {
3607 goto out;
3608 }
3609 }
3610
3611 xso = create_xso_from_stream(ctx.qc, qs);
3612 if (xso == NULL)
3613 goto out;
3614
3615 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3616 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3617 rtt_info.smoothed_rtt);
3618 new_s = &xso->ssl;
3619
3620 /* Calling this function inhibits default XSO autocreation. */
3621 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3622
3623 out:
3624 quic_unlock(ctx.qc);
3625 return new_s;
3626 }
3627
3628 /*
3629 * SSL_get_accept_stream_queue_len
3630 * -------------------------------
3631 */
3632 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3633 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3634 {
3635 QCTX ctx;
3636 size_t v;
3637
3638 if (!expect_quic_conn_only(s, &ctx))
3639 return 0;
3640
3641 quic_lock(ctx.qc);
3642
3643 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3644
3645 quic_unlock(ctx.qc);
3646 return v;
3647 }
3648
3649 /*
3650 * SSL_stream_reset
3651 * ----------------
3652 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3653 int ossl_quic_stream_reset(SSL *ssl,
3654 const SSL_STREAM_RESET_ARGS *args,
3655 size_t args_len)
3656 {
3657 QCTX ctx;
3658 QUIC_STREAM_MAP *qsm;
3659 QUIC_STREAM *qs;
3660 uint64_t error_code;
3661 int ok, err;
3662
3663 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3664 return 0;
3665
3666 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3667 qs = ctx.xso->stream;
3668 error_code = (args != NULL ? args->quic_error_code : 0);
3669
3670 if (!quic_validate_for_write(ctx.xso, &err)) {
3671 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3672 goto err;
3673 }
3674
3675 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3676 if (ok)
3677 ctx.xso->requested_reset = 1;
3678
3679 err:
3680 quic_unlock(ctx.qc);
3681 return ok;
3682 }
3683
3684 /*
3685 * SSL_get_stream_read_state
3686 * -------------------------
3687 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)3688 static void quic_classify_stream(QUIC_CONNECTION *qc,
3689 QUIC_STREAM *qs,
3690 int is_write,
3691 int *state,
3692 uint64_t *app_error_code)
3693 {
3694 int local_init;
3695 uint64_t final_size;
3696
3697 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3698
3699 if (app_error_code != NULL)
3700 *app_error_code = UINT64_MAX;
3701 else
3702 app_error_code = &final_size; /* throw away value */
3703
3704 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3705 /*
3706 * Unidirectional stream and this direction of transmission doesn't
3707 * exist.
3708 */
3709 *state = SSL_STREAM_STATE_WRONG_DIR;
3710 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3711 /* Connection already closed. */
3712 *state = SSL_STREAM_STATE_CONN_CLOSED;
3713 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3714 /* Application has read a FIN. */
3715 *state = SSL_STREAM_STATE_FINISHED;
3716 } else if ((!is_write && qs->stop_sending)
3717 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3718 /*
3719 * Stream has been reset locally. FIN takes precedence over this for the
3720 * read case as the application need not care if the stream is reset
3721 * after a FIN has been successfully processed.
3722 */
3723 *state = SSL_STREAM_STATE_RESET_LOCAL;
3724 *app_error_code = !is_write
3725 ? qs->stop_sending_aec
3726 : qs->reset_stream_aec;
3727 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3728 || (is_write && qs->peer_stop_sending)) {
3729 /*
3730 * Stream has been reset remotely. */
3731 *state = SSL_STREAM_STATE_RESET_REMOTE;
3732 *app_error_code = !is_write
3733 ? qs->peer_reset_stream_aec
3734 : qs->peer_stop_sending_aec;
3735 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3736 &final_size)) {
3737 /*
3738 * Stream has been finished. Stream reset takes precedence over this for
3739 * the write case as peer may not have received all data.
3740 */
3741 *state = SSL_STREAM_STATE_FINISHED;
3742 } else {
3743 /* Stream still healthy. */
3744 *state = SSL_STREAM_STATE_OK;
3745 }
3746 }
3747
quic_get_stream_state(SSL * ssl,int is_write)3748 static int quic_get_stream_state(SSL *ssl, int is_write)
3749 {
3750 QCTX ctx;
3751 int state;
3752
3753 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3754 return SSL_STREAM_STATE_NONE;
3755
3756 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3757 quic_unlock(ctx.qc);
3758 return state;
3759 }
3760
ossl_quic_get_stream_read_state(SSL * ssl)3761 int ossl_quic_get_stream_read_state(SSL *ssl)
3762 {
3763 return quic_get_stream_state(ssl, /*is_write=*/0);
3764 }
3765
3766 /*
3767 * SSL_get_stream_write_state
3768 * --------------------------
3769 */
ossl_quic_get_stream_write_state(SSL * ssl)3770 int ossl_quic_get_stream_write_state(SSL *ssl)
3771 {
3772 return quic_get_stream_state(ssl, /*is_write=*/1);
3773 }
3774
3775 /*
3776 * SSL_get_stream_read_error_code
3777 * ------------------------------
3778 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)3779 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3780 uint64_t *app_error_code)
3781 {
3782 QCTX ctx;
3783 int state;
3784
3785 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3786 return -1;
3787
3788 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3789 &state, app_error_code);
3790
3791 quic_unlock(ctx.qc);
3792 switch (state) {
3793 case SSL_STREAM_STATE_FINISHED:
3794 return 0;
3795 case SSL_STREAM_STATE_RESET_LOCAL:
3796 case SSL_STREAM_STATE_RESET_REMOTE:
3797 return 1;
3798 default:
3799 return -1;
3800 }
3801 }
3802
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)3803 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3804 {
3805 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3806 }
3807
3808 /*
3809 * SSL_get_stream_write_error_code
3810 * -------------------------------
3811 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)3812 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3813 {
3814 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3815 }
3816
3817 /*
3818 * Write buffer size mutation
3819 * --------------------------
3820 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)3821 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3822 {
3823 int ret = 0;
3824 QCTX ctx;
3825
3826 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3827 return 0;
3828
3829 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3830 /* Called on a unidirectional receive-only stream - error. */
3831 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3832 goto out;
3833 }
3834
3835 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3836 /*
3837 * If the stream has a send part but we have disposed of it because we
3838 * no longer need it, this is a no-op.
3839 */
3840 ret = 1;
3841 goto out;
3842 }
3843
3844 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3845 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3846 goto out;
3847 }
3848
3849 ret = 1;
3850
3851 out:
3852 quic_unlock(ctx.qc);
3853 return ret;
3854 }
3855
3856 /*
3857 * SSL_get_conn_close_info
3858 * -----------------------
3859 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)3860 int ossl_quic_get_conn_close_info(SSL *ssl,
3861 SSL_CONN_CLOSE_INFO *info,
3862 size_t info_len)
3863 {
3864 QCTX ctx;
3865 const QUIC_TERMINATE_CAUSE *tc;
3866
3867 if (!expect_quic_conn_only(ssl, &ctx))
3868 return -1;
3869
3870 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3871 if (tc == NULL)
3872 return 0;
3873
3874 info->error_code = tc->error_code;
3875 info->frame_type = tc->frame_type;
3876 info->reason = tc->reason;
3877 info->reason_len = tc->reason_len;
3878 info->flags = 0;
3879 if (!tc->remote)
3880 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3881 if (!tc->app)
3882 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3883 return 1;
3884 }
3885
3886 /*
3887 * SSL_key_update
3888 * --------------
3889 */
ossl_quic_key_update(SSL * ssl,int update_type)3890 int ossl_quic_key_update(SSL *ssl, int update_type)
3891 {
3892 QCTX ctx;
3893
3894 if (!expect_quic_conn_only(ssl, &ctx))
3895 return 0;
3896
3897 switch (update_type) {
3898 case SSL_KEY_UPDATE_NOT_REQUESTED:
3899 /*
3900 * QUIC signals peer key update implicily by triggering a local
3901 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3902 */
3903 case SSL_KEY_UPDATE_REQUESTED:
3904 break;
3905
3906 default:
3907 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3908 return 0;
3909 }
3910
3911 quic_lock(ctx.qc);
3912
3913 /* Attempt to perform a TXKU. */
3914 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3915 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3916 quic_unlock(ctx.qc);
3917 return 0;
3918 }
3919
3920 quic_unlock(ctx.qc);
3921 return 1;
3922 }
3923
3924 /*
3925 * SSL_get_key_update_type
3926 * -----------------------
3927 */
ossl_quic_get_key_update_type(const SSL * s)3928 int ossl_quic_get_key_update_type(const SSL *s)
3929 {
3930 /*
3931 * We always handle key updates immediately so a key update is never
3932 * pending.
3933 */
3934 return SSL_KEY_UPDATE_NONE;
3935 }
3936
3937 /*
3938 * QUIC Front-End I/O API: SSL_CTX Management
3939 * ==========================================
3940 */
3941
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3942 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3943 {
3944 switch (cmd) {
3945 default:
3946 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3947 }
3948 }
3949
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3950 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3951 {
3952 QCTX ctx;
3953
3954 if (!expect_quic_conn_only(s, &ctx))
3955 return 0;
3956
3957 switch (cmd) {
3958 case SSL_CTRL_SET_MSG_CALLBACK:
3959 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3960 &ctx.qc->ssl);
3961 /* This callback also needs to be set on the internal SSL object */
3962 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3963
3964 default:
3965 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3966 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3967 }
3968 }
3969
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))3970 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3971 {
3972 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3973 }
3974
ossl_quic_renegotiate_check(SSL * ssl,int initok)3975 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3976 {
3977 /* We never do renegotiation. */
3978 return 0;
3979 }
3980
ossl_quic_get_cipher_by_char(const unsigned char * p)3981 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3982 {
3983 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3984
3985 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3986 return NULL;
3987
3988 return ciph;
3989 }
3990
3991 /*
3992 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3993 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3994 */
3995
ossl_quic_num_ciphers(void)3996 int ossl_quic_num_ciphers(void)
3997 {
3998 return 0;
3999 }
4000
ossl_quic_get_cipher(unsigned int u)4001 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
4002 {
4003 return NULL;
4004 }
4005
4006 /*
4007 * SSL_get_shutdown()
4008 * ------------------
4009 */
ossl_quic_get_shutdown(const SSL * s)4010 int ossl_quic_get_shutdown(const SSL *s)
4011 {
4012 QCTX ctx;
4013 int shut = 0;
4014
4015 if (!expect_quic_conn_only(s, &ctx))
4016 return 0;
4017
4018 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
4019 shut |= SSL_SENT_SHUTDOWN;
4020 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
4021 shut |= SSL_RECEIVED_SHUTDOWN;
4022 }
4023
4024 return shut;
4025 }
4026
4027 /*
4028 * QUIC Polling Support APIs
4029 * =========================
4030 */
4031
4032 /* Do we have the R (read) condition? */
4033 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)4034 static int test_poll_event_r(QUIC_XSO *xso)
4035 {
4036 int fin = 0;
4037 size_t avail = 0;
4038
4039 /*
4040 * If a stream has had the fin bit set on the last packet
4041 * received, then we need to return a 1 here to raise
4042 * SSL_POLL_EVENT_R, so that the stream can have its completion
4043 * detected and closed gracefully by an application.
4044 * However, if the client reads the data via SSL_read[_ex], that api
4045 * provides no stream status, and as a result the stream state moves to
4046 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which
4047 * stored the fin state, so its not directly know-able here. Instead
4048 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which
4049 * is only set if the last stream frame received had the fin bit set, and
4050 * the client read the data. This catches our poll/read/poll case
4051 */
4052 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ)
4053 return 1;
4054
4055 return ossl_quic_stream_has_recv_buffer(xso->stream)
4056 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
4057 && (avail > 0 || (fin && !xso->retired_fin));
4058 }
4059
4060 /* Do we have the ER (exception: read) condition? */
4061 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)4062 static int test_poll_event_er(QUIC_XSO *xso)
4063 {
4064 return ossl_quic_stream_has_recv(xso->stream)
4065 && ossl_quic_stream_recv_is_reset(xso->stream)
4066 && !xso->retired_fin;
4067 }
4068
4069 /* Do we have the W (write) condition? */
4070 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)4071 static int test_poll_event_w(QUIC_XSO *xso)
4072 {
4073 return !xso->conn->shutting_down
4074 && ossl_quic_stream_has_send_buffer(xso->stream)
4075 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
4076 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
4077 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
4078 }
4079
4080 /* Do we have the EW (exception: write) condition? */
4081 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)4082 static int test_poll_event_ew(QUIC_XSO *xso)
4083 {
4084 return ossl_quic_stream_has_send(xso->stream)
4085 && xso->stream->peer_stop_sending
4086 && !xso->requested_reset
4087 && !xso->conn->shutting_down;
4088 }
4089
4090 /* Do we have the EC (exception: connection) condition? */
4091 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)4092 static int test_poll_event_ec(QUIC_CONNECTION *qc)
4093 {
4094 return ossl_quic_channel_is_term_any(qc->ch);
4095 }
4096
4097 /* Do we have the ECD (exception: connection drained) condition? */
4098 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)4099 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
4100 {
4101 return ossl_quic_channel_is_terminated(qc->ch);
4102 }
4103
4104 /* Do we have the IS (incoming: stream) condition? */
4105 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)4106 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
4107 {
4108 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
4109 is_uni);
4110 }
4111
4112 /* Do we have the OS (outgoing: stream) condition? */
4113 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)4114 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
4115 {
4116 /* Is it currently possible for us to make an outgoing stream? */
4117 return quic_mutation_allowed(qc, /*req_active=*/1)
4118 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
4119 }
4120
4121 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)4122 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
4123 uint64_t *p_revents)
4124 {
4125 QCTX ctx;
4126 uint64_t revents = 0;
4127
4128 if (!expect_quic(ssl, &ctx))
4129 return 0;
4130
4131 quic_lock(ctx.qc);
4132
4133 if (!ctx.qc->started) {
4134 /* We can only try to write on non-started connection. */
4135 if ((events & SSL_POLL_EVENT_W) != 0)
4136 revents |= SSL_POLL_EVENT_W;
4137 goto end;
4138 }
4139
4140 if (do_tick)
4141 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
4142
4143 if (ctx.xso != NULL) {
4144 /* SSL object has a stream component. */
4145
4146 if ((events & SSL_POLL_EVENT_R) != 0
4147 && test_poll_event_r(ctx.xso))
4148 revents |= SSL_POLL_EVENT_R;
4149
4150 if ((events & SSL_POLL_EVENT_ER) != 0
4151 && test_poll_event_er(ctx.xso))
4152 revents |= SSL_POLL_EVENT_ER;
4153
4154 if ((events & SSL_POLL_EVENT_W) != 0
4155 && test_poll_event_w(ctx.xso))
4156 revents |= SSL_POLL_EVENT_W;
4157
4158 if ((events & SSL_POLL_EVENT_EW) != 0
4159 && test_poll_event_ew(ctx.xso))
4160 revents |= SSL_POLL_EVENT_EW;
4161 }
4162
4163 if (!ctx.is_stream) {
4164 if ((events & SSL_POLL_EVENT_EC) != 0
4165 && test_poll_event_ec(ctx.qc))
4166 revents |= SSL_POLL_EVENT_EC;
4167
4168 if ((events & SSL_POLL_EVENT_ECD) != 0
4169 && test_poll_event_ecd(ctx.qc))
4170 revents |= SSL_POLL_EVENT_ECD;
4171
4172 if ((events & SSL_POLL_EVENT_ISB) != 0
4173 && test_poll_event_is(ctx.qc, /*uni=*/0))
4174 revents |= SSL_POLL_EVENT_ISB;
4175
4176 if ((events & SSL_POLL_EVENT_ISU) != 0
4177 && test_poll_event_is(ctx.qc, /*uni=*/1))
4178 revents |= SSL_POLL_EVENT_ISU;
4179
4180 if ((events & SSL_POLL_EVENT_OSB) != 0
4181 && test_poll_event_os(ctx.qc, /*uni=*/0))
4182 revents |= SSL_POLL_EVENT_OSB;
4183
4184 if ((events & SSL_POLL_EVENT_OSU) != 0
4185 && test_poll_event_os(ctx.qc, /*uni=*/1))
4186 revents |= SSL_POLL_EVENT_OSU;
4187 }
4188
4189 end:
4190 quic_unlock(ctx.qc);
4191 *p_revents = revents;
4192 return 1;
4193 }
4194
4195 /*
4196 * Internal Testing APIs
4197 * =====================
4198 */
4199
ossl_quic_conn_get_channel(SSL * s)4200 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
4201 {
4202 QCTX ctx;
4203
4204 if (!expect_quic_conn_only(s, &ctx))
4205 return NULL;
4206
4207 return ctx.qc->ch;
4208 }
4209
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)4210 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
4211 {
4212 #ifndef OPENSSL_NO_QLOG
4213 OPENSSL_free(ctx->qlog_title);
4214 ctx->qlog_title = NULL;
4215
4216 if (title == NULL)
4217 return 1;
4218
4219 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
4220 return 0;
4221 #endif
4222
4223 return 1;
4224 }
4225
