1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
21
22 typedef struct qctx_st QCTX;
23
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43 static void qctx_maybe_autotick(QCTX *ctx);
44 static int qctx_should_autotick(QCTX *ctx);
45
46 /*
47 * QUIC Front-End I/O API: Common Utilities
48 * ========================================
49 */
50
51 /*
52 * Block until a predicate is met.
53 *
54 * Precondition: Must have a channel.
55 * Precondition: Must hold channel lock (unchecked).
56 */
57 QUIC_NEEDS_LOCK
block_until_pred(QUIC_CONNECTION * qc,int (* pred)(void * arg),void * pred_arg,uint32_t flags)58 static int block_until_pred(QUIC_CONNECTION *qc,
59 int (*pred)(void *arg), void *pred_arg,
60 uint32_t flags)
61 {
62 QUIC_REACTOR *rtor;
63
64 assert(qc->ch != NULL);
65
66 /*
67 * Any attempt to block auto-disables tick inhibition as otherwise we will
68 * hang around forever.
69 */
70 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
71
72 rtor = ossl_quic_channel_get_reactor(qc->ch);
73 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
74 qc->mutex);
75 }
76
get_time(QUIC_CONNECTION * qc)77 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
78 {
79 if (qc->override_now_cb != NULL)
80 return qc->override_now_cb(qc->override_now_cb_arg);
81 else
82 return ossl_time_now();
83 }
84
get_time_cb(void * arg)85 static OSSL_TIME get_time_cb(void *arg)
86 {
87 QUIC_CONNECTION *qc = arg;
88
89 return get_time(qc);
90 }
91
92 /*
93 * QCTX is a utility structure which provides information we commonly wish to
94 * unwrap upon an API call being dispatched to us, namely:
95 *
96 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
97 * was passed);
98 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
99 * a QCSO with a default stream was passed);
100 * - whether a QSSO was passed (xso == NULL must not be used to determine this
101 * because it may be non-NULL when a QCSO is passed if that QCSO has a
102 * default stream);
103 * - whether we are in "I/O context", meaning that non-normal errors can
104 * be reported via SSL_get_error() as well as via ERR. Functions such as
105 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
106 * functions which are allowed to change the value returned by
107 * SSL_get_error. However, other functions (including functions which call
108 * SSL_do_handshake() implicitly) are not allowed to change the return value
109 * of SSL_get_error.
110 */
111 struct qctx_st {
112 QUIC_CONNECTION *qc;
113 QUIC_XSO *xso;
114 int is_stream, in_io;
115 };
116
117 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)118 static void quic_set_last_error(QCTX *ctx, int last_error)
119 {
120 if (!ctx->in_io)
121 return;
122
123 if (ctx->is_stream && ctx->xso != NULL)
124 ctx->xso->last_error = last_error;
125 else if (!ctx->is_stream && ctx->qc != NULL)
126 ctx->qc->last_error = last_error;
127 }
128
129 /*
130 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
131 * rather than via ERR. Note that normal errors must always be raised while
132 * holding a lock.
133 */
134 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)135 static int quic_raise_normal_error(QCTX *ctx,
136 int err)
137 {
138 assert(ctx->in_io);
139 quic_set_last_error(ctx, err);
140
141 return 0;
142 }
143
144 /*
145 * Raise a 'non-normal' error, meaning any error that is not reported via
146 * SSL_get_error() and must be reported via ERR.
147 *
148 * qc should be provided if available. In exceptional circumstances when qc is
149 * not known NULL may be passed. This should generally only happen when an
150 * expect_...() function defined below fails, which generally indicates a
151 * dispatch error or caller error.
152 *
153 * ctx should be NULL if the connection lock is not held.
154 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)155 static int quic_raise_non_normal_error(QCTX *ctx,
156 const char *file,
157 int line,
158 const char *func,
159 int reason,
160 const char *fmt,
161 ...)
162 {
163 va_list args;
164
165 if (ctx != NULL) {
166 quic_set_last_error(ctx, SSL_ERROR_SSL);
167
168 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
169 ossl_quic_channel_restore_err_state(ctx->qc->ch);
170 }
171
172 ERR_new();
173 ERR_set_debug(file, line, func);
174
175 va_start(args, fmt);
176 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
177 va_end(args);
178
179 return 0;
180 }
181
182 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
183 quic_raise_normal_error((ctx), (err))
184
185 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
186 quic_raise_non_normal_error((ctx), \
187 OPENSSL_FILE, OPENSSL_LINE, \
188 OPENSSL_FUNC, \
189 (reason), \
190 (msg))
191
192 /*
193 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
194 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
195 *
196 * After this returns 1, all fields of the passed QCTX are initialised.
197 * Returns 0 on failure. This function is intended to be used to provide API
198 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
199 */
expect_quic(const SSL * s,QCTX * ctx)200 static int expect_quic(const SSL *s, QCTX *ctx)
201 {
202 QUIC_CONNECTION *qc;
203 QUIC_XSO *xso;
204
205 ctx->qc = NULL;
206 ctx->xso = NULL;
207 ctx->is_stream = 0;
208
209 if (s == NULL)
210 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
211
212 switch (s->type) {
213 case SSL_TYPE_QUIC_CONNECTION:
214 qc = (QUIC_CONNECTION *)s;
215 ctx->qc = qc;
216 ctx->xso = qc->default_xso;
217 ctx->is_stream = 0;
218 ctx->in_io = 0;
219 return 1;
220
221 case SSL_TYPE_QUIC_XSO:
222 xso = (QUIC_XSO *)s;
223 ctx->qc = xso->conn;
224 ctx->xso = xso;
225 ctx->is_stream = 1;
226 ctx->in_io = 0;
227 return 1;
228
229 default:
230 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
231 }
232 }
233
234 /*
235 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
236 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
237 * stream.
238 *
239 * remote_init determines if we expect the default XSO to be remotely created or
240 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
241 *
242 * Channel mutex is acquired and retained on success.
243 */
244 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)245 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
246 int in_io, QCTX *ctx)
247 {
248 if (!expect_quic(s, ctx))
249 return 0;
250
251 if (in_io)
252 quic_lock_for_io(ctx);
253 else
254 quic_lock(ctx->qc);
255
256 if (ctx->xso == NULL && remote_init >= 0) {
257 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
258 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
259 goto err;
260 }
261
262 /* If we haven't finished the handshake, try to advance it. */
263 if (quic_do_handshake(ctx) < 1)
264 /* ossl_quic_do_handshake raised error here */
265 goto err;
266
267 if (remote_init == 0) {
268 if (!qc_try_create_default_xso_for_write(ctx))
269 goto err;
270 } else {
271 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
272 goto err;
273 }
274
275 ctx->xso = ctx->qc->default_xso;
276 }
277
278 if (ctx->xso == NULL) {
279 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
280 goto err;
281 }
282
283 return 1; /* coverity[missing_unlock]: lock held */
284
285 err:
286 quic_unlock(ctx->qc);
287 return 0;
288 }
289
290 /*
291 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
292 * be non-NULL if the QCSO has a default stream.
293 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)294 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
295 {
296 if (!expect_quic(s, ctx))
297 return 0;
298
299 if (ctx->is_stream)
300 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
301
302 return 1;
303 }
304
305 /*
306 * Ensures that the channel mutex is held for a method which touches channel
307 * state.
308 *
309 * Precondition: Channel mutex is not held (unchecked)
310 */
quic_lock(QUIC_CONNECTION * qc)311 static void quic_lock(QUIC_CONNECTION *qc)
312 {
313 #if defined(OPENSSL_THREADS)
314 ossl_crypto_mutex_lock(qc->mutex);
315 #endif
316 }
317
quic_lock_for_io(QCTX * ctx)318 static void quic_lock_for_io(QCTX *ctx)
319 {
320 quic_lock(ctx->qc);
321 ctx->in_io = 1;
322
323 /*
324 * We are entering an I/O function so we must update the values returned by
325 * SSL_get_error and SSL_want. Set no error. This will be overridden later
326 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
327 * occurs during the API call.
328 */
329 quic_set_last_error(ctx, SSL_ERROR_NONE);
330 }
331
332 /* Precondition: Channel mutex is held (unchecked) */
333 QUIC_NEEDS_LOCK
quic_unlock(QUIC_CONNECTION * qc)334 static void quic_unlock(QUIC_CONNECTION *qc)
335 {
336 #if defined(OPENSSL_THREADS)
337 ossl_crypto_mutex_unlock(qc->mutex);
338 #endif
339 }
340
341 /*
342 * This predicate is the criterion which should determine API call rejection for
343 * *most* mutating API calls, particularly stream-related operations for send
344 * parts.
345 *
346 * A call is rejected (this function returns 0) if shutdown is in progress
347 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
348 * req_active=1, the connection must be active (i.e., the IDLE state is also
349 * rejected).
350 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)351 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
352 {
353 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
354 return 0;
355
356 if (req_active && !ossl_quic_channel_is_active(qc->ch))
357 return 0;
358
359 return 1;
360 }
361
362 /*
363 * QUIC Front-End I/O API: Initialization
364 * ======================================
365 *
366 * SSL_new => ossl_quic_new
367 * ossl_quic_init
368 * SSL_reset => ossl_quic_reset
369 * SSL_clear => ossl_quic_clear
370 * ossl_quic_deinit
371 * SSL_free => ossl_quic_free
372 *
373 * SSL_set_options => ossl_quic_set_options
374 * SSL_get_options => ossl_quic_get_options
375 * SSL_clear_options => ossl_quic_clear_options
376 *
377 */
378
379 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)380 SSL *ossl_quic_new(SSL_CTX *ctx)
381 {
382 QUIC_CONNECTION *qc = NULL;
383 SSL *ssl_base = NULL;
384 SSL_CONNECTION *sc = NULL;
385
386 qc = OPENSSL_zalloc(sizeof(*qc));
387 if (qc == NULL) {
388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
389 return NULL;
390 }
391 #if defined(OPENSSL_THREADS)
392 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
393 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
394 goto err;
395 }
396 #endif
397
398 /* Initialise the QUIC_CONNECTION's stub header. */
399 ssl_base = &qc->ssl;
400 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
401 ssl_base = NULL;
402 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
403 goto err;
404 }
405
406 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
407 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
408 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
409 goto err;
410 }
411
412 /* override the user_ssl of the inner connection */
413 sc->s3.flags |= TLS1_FLAGS_QUIC;
414
415 /* Restrict options derived from the SSL_CTX. */
416 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
417 sc->pha_enabled = 0;
418
419 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
420 qc->is_thread_assisted
421 = (ssl_base->method == OSSL_QUIC_client_thread_method());
422 #endif
423
424 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
425 qc->as_server_state = qc->as_server;
426
427 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
428 qc->default_ssl_mode = qc->ssl.ctx->mode;
429 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
430 qc->desires_blocking = 1;
431 qc->blocking = 0;
432 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
433 qc->last_error = SSL_ERROR_NONE;
434
435 if (!create_channel(qc))
436 goto err;
437
438 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
439 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
440
441 qc_update_reject_policy(qc);
442
443 /*
444 * We do not create the default XSO yet. The reason for this is that the
445 * stream ID of the default XSO will depend on whether the stream is client
446 * or server-initiated, which depends on who transmits first. Since we do
447 * not know whether the application will be using a client-transmits-first
448 * or server-transmits-first protocol, we defer default XSO creation until
449 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
450 * we take that as a cue that the client is expecting a server-initiated
451 * stream, and vice versa if SSL_write() is called first.
452 */
453 return ssl_base;
454
455 err:
456 if (ssl_base == NULL) {
457 #if defined(OPENSSL_THREADS)
458 ossl_crypto_mutex_free(&qc->mutex);
459 #endif
460 OPENSSL_free(qc);
461 } else {
462 SSL_free(ssl_base);
463 }
464 return NULL;
465 }
466
467 /* SSL_free */
468 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)469 void ossl_quic_free(SSL *s)
470 {
471 QCTX ctx;
472 int is_default;
473
474 /* We should never be called on anything but a QSO. */
475 if (!expect_quic(s, &ctx))
476 return;
477
478 quic_lock(ctx.qc);
479
480 if (ctx.is_stream) {
481 /*
482 * When a QSSO is freed, the XSO is freed immediately, because the XSO
483 * itself only contains API personality layer data. However the
484 * underlying QUIC_STREAM is not freed immediately but is instead marked
485 * as deleted for later collection.
486 */
487
488 assert(ctx.qc->num_xso > 0);
489 --ctx.qc->num_xso;
490
491 /* If a stream's send part has not been finished, auto-reset it. */
492 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
493 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
494 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
495 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
496 ctx.xso->stream, 0);
497
498 /* Do STOP_SENDING for the receive part, if applicable. */
499 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
500 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
501 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
502 ctx.xso->stream, 0);
503
504 /* Update stream state. */
505 ctx.xso->stream->deleted = 1;
506 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
507 ctx.xso->stream);
508
509 is_default = (ctx.xso == ctx.qc->default_xso);
510 quic_unlock(ctx.qc);
511
512 /*
513 * Unref the connection in most cases; the XSO has a ref to the QC and
514 * not vice versa. But for a default XSO, to avoid circular references,
515 * the QC refs the XSO but the XSO does not ref the QC. If we are the
516 * default XSO, we only get here when the QC is being torn down anyway,
517 * so don't call SSL_free(qc) as we are already in it.
518 */
519 if (!is_default)
520 SSL_free(&ctx.qc->ssl);
521
522 /* Note: SSL_free calls OPENSSL_free(xso) for us */
523 return;
524 }
525
526 /*
527 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
528 * stage, but is freed during the channel free when the whole QSM is freed.
529 */
530 if (ctx.qc->default_xso != NULL) {
531 QUIC_XSO *xso = ctx.qc->default_xso;
532
533 quic_unlock(ctx.qc);
534 SSL_free(&xso->ssl);
535 quic_lock(ctx.qc);
536 ctx.qc->default_xso = NULL;
537 }
538
539 /* Ensure we have no remaining XSOs. */
540 assert(ctx.qc->num_xso == 0);
541
542 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
543 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
544 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
545 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
546 }
547 #endif
548
549 SSL_free(ctx.qc->tls);
550
551 ossl_quic_channel_free(ctx.qc->ch);
552 ossl_quic_port_free(ctx.qc->port);
553 ossl_quic_engine_free(ctx.qc->engine);
554
555 BIO_free_all(ctx.qc->net_rbio);
556 BIO_free_all(ctx.qc->net_wbio);
557
558 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
559 #if defined(OPENSSL_THREADS)
560 ossl_crypto_mutex_free(&ctx.qc->mutex);
561 #endif
562
563 /*
564 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
565 * us
566 */
567 }
568
569 /* SSL method init */
ossl_quic_init(SSL * s)570 int ossl_quic_init(SSL *s)
571 {
572 /* Same op as SSL_clear, forward the call. */
573 return ossl_quic_clear(s);
574 }
575
576 /* SSL method deinit */
ossl_quic_deinit(SSL * s)577 void ossl_quic_deinit(SSL *s)
578 {
579 /* No-op. */
580 }
581
582 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)583 int ossl_quic_reset(SSL *s)
584 {
585 QCTX ctx;
586
587 if (!expect_quic(s, &ctx))
588 return 0;
589
590 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
591 return 0;
592 }
593
594 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)595 int ossl_quic_clear(SSL *s)
596 {
597 QCTX ctx;
598
599 if (!expect_quic(s, &ctx))
600 return 0;
601
602 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
603 return 0;
604 }
605
ossl_quic_conn_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)606 int ossl_quic_conn_set_override_now_cb(SSL *s,
607 OSSL_TIME (*now_cb)(void *arg),
608 void *now_cb_arg)
609 {
610 QCTX ctx;
611
612 if (!expect_quic(s, &ctx))
613 return 0;
614
615 quic_lock(ctx.qc);
616
617 ctx.qc->override_now_cb = now_cb;
618 ctx.qc->override_now_cb_arg = now_cb_arg;
619
620 quic_unlock(ctx.qc);
621 return 1;
622 }
623
ossl_quic_conn_force_assist_thread_wake(SSL * s)624 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
625 {
626 QCTX ctx;
627
628 if (!expect_quic(s, &ctx))
629 return;
630
631 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
632 if (ctx.qc->is_thread_assisted && ctx.qc->started)
633 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
634 #endif
635 }
636
637 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)638 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
639 {
640 qc->default_xso_created = 1;
641 qc_update_reject_policy(qc);
642 }
643
644 /*
645 * Changes default XSO. Allows caller to keep reference to the old default XSO
646 * (if any). Reference to new XSO is transferred from caller.
647 */
648 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)649 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
650 int touch,
651 QUIC_XSO **old_xso)
652 {
653 int refs;
654
655 *old_xso = NULL;
656
657 if (qc->default_xso != xso) {
658 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
659
660 qc->default_xso = xso;
661
662 if (xso == NULL) {
663 /*
664 * Changing to not having a default XSO. XSO becomes standalone and
665 * now has a ref to the QC.
666 */
667 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
668 return;
669 } else {
670 /*
671 * Changing from not having a default XSO to having one. The new XSO
672 * will have had a reference to the QC we need to drop to avoid a
673 * circular reference.
674 *
675 * Currently we never change directly from one default XSO to
676 * another, though this function would also still be correct if this
677 * weren't the case.
678 */
679 assert(*old_xso == NULL);
680
681 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
682 assert(refs > 0);
683 }
684 }
685
686 if (touch)
687 qc_touch_default_xso(qc);
688 }
689
690 /*
691 * Changes default XSO, releasing the reference to any previous default XSO.
692 * Reference to new XSO is transferred from caller.
693 */
694 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)695 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
696 {
697 QUIC_XSO *old_xso = NULL;
698
699 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
700
701 if (old_xso != NULL)
702 SSL_free(&old_xso->ssl);
703 }
704
705 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)706 static void xso_update_options(QUIC_XSO *xso)
707 {
708 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
709
710 if (xso->stream->rstream != NULL)
711 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
712
713 if (xso->stream->sstream != NULL)
714 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
715 }
716
717 /*
718 * SSL_set_options
719 * ---------------
720 *
721 * Setting options on a QCSO
722 * - configures the handshake-layer options;
723 * - configures the default data-plane options for new streams;
724 * - configures the data-plane options on the default XSO, if there is one.
725 *
726 * Setting options on a QSSO
727 * - configures data-plane options for that stream only.
728 */
729 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)730 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
731 {
732 QCTX ctx;
733 uint64_t hs_mask_value, hs_or_value, ret;
734
735 if (!expect_quic(ssl, &ctx))
736 return 0;
737
738 quic_lock(ctx.qc);
739
740 if (!ctx.is_stream) {
741 /*
742 * If we were called on the connection, we apply any handshake option
743 * changes.
744 */
745 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
746 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
747
748 SSL_clear_options(ctx.qc->tls, hs_mask_value);
749 SSL_set_options(ctx.qc->tls, hs_or_value);
750
751 /* Update defaults for new streams. */
752 ctx.qc->default_ssl_options
753 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
754 & OSSL_QUIC_PERMITTED_OPTIONS;
755 }
756
757 if (ctx.xso != NULL) {
758 ctx.xso->ssl_options
759 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
760 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
761
762 xso_update_options(ctx.xso);
763 }
764
765 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
766
767 quic_unlock(ctx.qc);
768 return ret;
769 }
770
ossl_quic_set_options(SSL * ssl,uint64_t options)771 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
772 {
773 return quic_mask_or_options(ssl, 0, options);
774 }
775
776 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)777 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
778 {
779 return quic_mask_or_options(ssl, options, 0);
780 }
781
782 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)783 uint64_t ossl_quic_get_options(const SSL *ssl)
784 {
785 return quic_mask_or_options((SSL *)ssl, 0, 0);
786 }
787
788 /*
789 * QUIC Front-End I/O API: Network BIO Configuration
790 * =================================================
791 *
792 * Handling the different BIOs is difficult:
793 *
794 * - It is more or less a requirement that we use non-blocking network I/O;
795 * we need to be able to have timeouts on recv() calls, and make best effort
796 * (non blocking) send() and recv() calls.
797 *
798 * The only sensible way to do this is to configure the socket into
799 * non-blocking mode. We could try to do select() before calling send() or
800 * recv() to get a guarantee that the call will not block, but this will
801 * probably run into issues with buggy OSes which generate spurious socket
802 * readiness events. In any case, relying on this to work reliably does not
803 * seem sane.
804 *
805 * Timeouts could be handled via setsockopt() socket timeout options, but
806 * this depends on OS support and adds another syscall to every network I/O
807 * operation. It also has obvious thread safety concerns if we want to move
808 * to concurrent use of a single socket at some later date.
809 *
810 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
811 * be made non-blocking. However some OSes (e.g. Windows) do not support
812 * this, so we cannot rely on this.
813 *
814 * As such, we need to configure any FD in non-blocking mode. This may
815 * confound users who pass a blocking socket to libssl. However, in practice
816 * it would be extremely strange for a user of QUIC to pass an FD to us,
817 * then also try and send receive traffic on the same socket(!). Thus the
818 * impact of this should be limited, and can be documented.
819 *
820 * - We support both blocking and non-blocking operation in terms of the API
821 * presented to the user. One prospect is to set the blocking mode based on
822 * whether the socket passed to us was already in blocking mode. However,
823 * Windows has no API for determining if a socket is in blocking mode (!),
824 * therefore this cannot be done portably. Currently therefore we expose an
825 * explicit API call to set this, and default to blocking mode.
826 *
827 * - We need to determine our initial destination UDP address. The "natural"
828 * way for a user to do this is to set the peer variable on a BIO_dgram.
829 * However, this has problems because BIO_dgram's peer variable is used for
830 * both transmission and reception. This means it can be constantly being
831 * changed to a malicious value (e.g. if some random unrelated entity on the
832 * network starts sending traffic to us) on every read call. This is not a
833 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
834 * calls only, which do not use this variable. However, we do need to let
835 * the user specify the peer in a 'normal' manner. The compromise here is
836 * that we grab the current peer value set at the time the write BIO is set
837 * and do not read the value again.
838 *
839 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
840 * Currently we do this by only supporting non-blocking mode.
841 *
842 */
843
844 /*
845 * Determines what initial destination UDP address we should use, if possible.
846 * If this fails the client must set the destination address manually, or use a
847 * BIO which does not need a destination address.
848 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)849 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
850 {
851 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
852 return 0;
853
854 return 1;
855 }
856
qc_can_support_blocking_cached(QUIC_CONNECTION * qc)857 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
858 {
859 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
860
861 return ossl_quic_reactor_can_poll_r(rtor)
862 && ossl_quic_reactor_can_poll_w(rtor);
863 }
864
qc_update_can_support_blocking(QUIC_CONNECTION * qc)865 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
866 {
867 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
868 }
869
qc_update_blocking_mode(QUIC_CONNECTION * qc)870 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
871 {
872 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
873 }
874
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)875 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
876 {
877 QCTX ctx;
878
879 if (!expect_quic(s, &ctx))
880 return;
881
882 if (ctx.qc->net_rbio == net_rbio)
883 return;
884
885 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
886 return;
887
888 BIO_free_all(ctx.qc->net_rbio);
889 ctx.qc->net_rbio = net_rbio;
890
891 if (net_rbio != NULL)
892 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
893
894 /*
895 * Determine if the current pair of read/write BIOs now set allows blocking
896 * mode to be supported.
897 */
898 qc_update_can_support_blocking(ctx.qc);
899 qc_update_blocking_mode(ctx.qc);
900 }
901
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)902 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
903 {
904 QCTX ctx;
905
906 if (!expect_quic(s, &ctx))
907 return;
908
909 if (ctx.qc->net_wbio == net_wbio)
910 return;
911
912 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
913 return;
914
915 BIO_free_all(ctx.qc->net_wbio);
916 ctx.qc->net_wbio = net_wbio;
917
918 if (net_wbio != NULL)
919 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
920
921 /*
922 * Determine if the current pair of read/write BIOs now set allows blocking
923 * mode to be supported.
924 */
925 qc_update_can_support_blocking(ctx.qc);
926 qc_update_blocking_mode(ctx.qc);
927 }
928
ossl_quic_conn_get_net_rbio(const SSL * s)929 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
930 {
931 QCTX ctx;
932
933 if (!expect_quic(s, &ctx))
934 return NULL;
935
936 return ctx.qc->net_rbio;
937 }
938
ossl_quic_conn_get_net_wbio(const SSL * s)939 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
940 {
941 QCTX ctx;
942
943 if (!expect_quic(s, &ctx))
944 return NULL;
945
946 return ctx.qc->net_wbio;
947 }
948
ossl_quic_conn_get_blocking_mode(const SSL * s)949 int ossl_quic_conn_get_blocking_mode(const SSL *s)
950 {
951 QCTX ctx;
952
953 if (!expect_quic(s, &ctx))
954 return 0;
955
956 if (ctx.is_stream)
957 return xso_blocking_mode(ctx.xso);
958
959 return qc_blocking_mode(ctx.qc);
960 }
961
962 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)963 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
964 {
965 int ret = 0;
966 QCTX ctx;
967
968 if (!expect_quic(s, &ctx))
969 return 0;
970
971 quic_lock(ctx.qc);
972
973 /* Sanity check - can we support the request given the current network BIO? */
974 if (blocking) {
975 /*
976 * If called directly on a QCSO, update our information on network BIO
977 * capabilities.
978 */
979 if (!ctx.is_stream)
980 qc_update_can_support_blocking(ctx.qc);
981
982 /* Cannot enable blocking mode if we do not have pollable FDs. */
983 if (!qc_can_support_blocking_cached(ctx.qc)) {
984 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
985 goto out;
986 }
987 }
988
989 if (!ctx.is_stream)
990 /*
991 * If called directly on a QCSO, update default and connection-level
992 * blocking modes.
993 */
994 ctx.qc->desires_blocking = (blocking != 0);
995
996 if (ctx.xso != NULL) {
997 /*
998 * If called on a QSSO or a QCSO with a default XSO, update the blocking
999 * mode.
1000 */
1001 ctx.xso->desires_blocking = (blocking != 0);
1002 ctx.xso->desires_blocking_set = 1;
1003 }
1004
1005 ret = 1;
1006 out:
1007 qc_update_blocking_mode(ctx.qc);
1008 quic_unlock(ctx.qc);
1009 return ret;
1010 }
1011
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1012 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1013 const BIO_ADDR *peer_addr)
1014 {
1015 QCTX ctx;
1016
1017 if (!expect_quic(s, &ctx))
1018 return 0;
1019
1020 if (ctx.qc->started)
1021 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1022 NULL);
1023
1024 if (peer_addr == NULL) {
1025 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1026 return 1;
1027 }
1028
1029 ctx.qc->init_peer_addr = *peer_addr;
1030 return 1;
1031 }
1032
1033 /*
1034 * QUIC Front-End I/O API: Asynchronous I/O Management
1035 * ===================================================
1036 *
1037 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1038 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1039 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1040 *
1041 */
1042
1043 /* Returns 1 if the connection is being used in blocking mode. */
qc_blocking_mode(const QUIC_CONNECTION * qc)1044 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1045 {
1046 return qc->blocking;
1047 }
1048
xso_blocking_mode(const QUIC_XSO * xso)1049 static int xso_blocking_mode(const QUIC_XSO *xso)
1050 {
1051 if (xso->desires_blocking_set)
1052 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1053 else
1054 /* Only ever set if we can support blocking. */
1055 return xso->conn->blocking;
1056 }
1057
1058 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1059 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1060 int ossl_quic_handle_events(SSL *s)
1061 {
1062 QCTX ctx;
1063
1064 if (!expect_quic(s, &ctx))
1065 return 0;
1066
1067 quic_lock(ctx.qc);
1068 if (ctx.qc->started)
1069 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1070 quic_unlock(ctx.qc);
1071 return 1;
1072 }
1073
1074 /*
1075 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1076 * should next have events handled by the application by calling
1077 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1078 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1079 * the value of *tv is undefined.
1080 */
1081 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1082 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1083 {
1084 QCTX ctx;
1085 OSSL_TIME deadline = ossl_time_infinite();
1086
1087 if (!expect_quic(s, &ctx))
1088 return 0;
1089
1090 quic_lock(ctx.qc);
1091
1092 if (ctx.qc->started)
1093 deadline
1094 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1095
1096 if (ossl_time_is_infinite(deadline)) {
1097 *is_infinite = 1;
1098
1099 /*
1100 * Robustness against faulty applications that don't check *is_infinite;
1101 * harmless long timeout.
1102 */
1103 tv->tv_sec = 1000000;
1104 tv->tv_usec = 0;
1105
1106 quic_unlock(ctx.qc);
1107 return 1;
1108 }
1109
1110 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1111 *is_infinite = 0;
1112 quic_unlock(ctx.qc);
1113 return 1;
1114 }
1115
1116 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1117 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1118 {
1119 QCTX ctx;
1120
1121 if (!expect_quic(s, &ctx))
1122 return 0;
1123
1124 if (desc == NULL || ctx.qc->net_rbio == NULL)
1125 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1126 NULL);
1127
1128 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1129 }
1130
1131 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1132 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1133 {
1134 QCTX ctx;
1135
1136 if (!expect_quic(s, &ctx))
1137 return 0;
1138
1139 if (desc == NULL || ctx.qc->net_wbio == NULL)
1140 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1141 NULL);
1142
1143 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1144 }
1145
1146 /* SSL_net_read_desired */
1147 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1148 int ossl_quic_get_net_read_desired(SSL *s)
1149 {
1150 QCTX ctx;
1151 int ret;
1152
1153 if (!expect_quic(s, &ctx))
1154 return 0;
1155
1156 quic_lock(ctx.qc);
1157 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1158 quic_unlock(ctx.qc);
1159 return ret;
1160 }
1161
1162 /* SSL_net_write_desired */
1163 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1164 int ossl_quic_get_net_write_desired(SSL *s)
1165 {
1166 int ret;
1167 QCTX ctx;
1168
1169 if (!expect_quic(s, &ctx))
1170 return 0;
1171
1172 quic_lock(ctx.qc);
1173 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1174 quic_unlock(ctx.qc);
1175 return ret;
1176 }
1177
1178 /*
1179 * QUIC Front-End I/O API: Connection Lifecycle Operations
1180 * =======================================================
1181 *
1182 * SSL_do_handshake => ossl_quic_do_handshake
1183 * SSL_set_connect_state => ossl_quic_set_connect_state
1184 * SSL_set_accept_state => ossl_quic_set_accept_state
1185 * SSL_shutdown => ossl_quic_shutdown
1186 * SSL_ctrl => ossl_quic_ctrl
1187 * (BIO/)SSL_connect => ossl_quic_connect
1188 * (BIO/)SSL_accept => ossl_quic_accept
1189 *
1190 */
1191
1192 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1193 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1194 {
1195 QUIC_STREAM_MAP *qsm;
1196
1197 if (qc->shutting_down)
1198 return;
1199
1200 qsm = ossl_quic_channel_get_qsm(qc->ch);
1201
1202 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1203 qc->shutting_down = 1;
1204 }
1205
1206 /* Returns 1 if all shutdown-flush streams have been done with. */
1207 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1208 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1209 {
1210 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1211
1212 return qc->shutting_down
1213 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1214 }
1215
1216 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1217 static int quic_shutdown_wait(void *arg)
1218 {
1219 QUIC_CONNECTION *qc = arg;
1220
1221 return ossl_quic_channel_is_terminated(qc->ch);
1222 }
1223
1224 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1225 static int quic_shutdown_flush_wait(void *arg)
1226 {
1227 QUIC_CONNECTION *qc = arg;
1228
1229 return ossl_quic_channel_is_term_any(qc->ch)
1230 || qc_shutdown_flush_finished(qc);
1231 }
1232
quic_shutdown_peer_wait(void * arg)1233 static int quic_shutdown_peer_wait(void *arg)
1234 {
1235 QUIC_CONNECTION *qc = arg;
1236 return ossl_quic_channel_is_term_any(qc->ch);
1237 }
1238
1239 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1240 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1241 const SSL_SHUTDOWN_EX_ARGS *args,
1242 size_t args_len)
1243 {
1244 int ret;
1245 QCTX ctx;
1246 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1247 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1248 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1249
1250 if (!expect_quic(s, &ctx))
1251 return -1;
1252
1253 if (ctx.is_stream) {
1254 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1255 return -1;
1256 }
1257
1258 quic_lock(ctx.qc);
1259
1260 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1261 quic_unlock(ctx.qc);
1262 return 1;
1263 }
1264
1265 /* Phase 1: Stream Flushing */
1266 if (!wait_peer && stream_flush) {
1267 qc_shutdown_flush_init(ctx.qc);
1268
1269 if (!qc_shutdown_flush_finished(ctx.qc)) {
1270 if (!no_block && qc_blocking_mode(ctx.qc)) {
1271 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1272 if (ret < 1) {
1273 ret = 0;
1274 goto err;
1275 }
1276 } else {
1277 qctx_maybe_autotick(&ctx);
1278 }
1279 }
1280
1281 if (!qc_shutdown_flush_finished(ctx.qc)) {
1282 quic_unlock(ctx.qc);
1283 return 0; /* ongoing */
1284 }
1285 }
1286
1287 /* Phase 2: Connection Closure */
1288 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1289 if (!no_block && qc_blocking_mode(ctx.qc)) {
1290 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1291 if (ret < 1) {
1292 ret = 0;
1293 goto err;
1294 }
1295 } else {
1296 qctx_maybe_autotick(&ctx);
1297 }
1298
1299 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1300 ret = 0; /* peer hasn't closed yet - still not done */
1301 goto err;
1302 }
1303
1304 /*
1305 * We are at least terminating - go through the normal process of
1306 * waiting until we are in the TERMINATED state.
1307 */
1308 }
1309
1310 /* Block mutation ops regardless of if we did stream flush. */
1311 ctx.qc->shutting_down = 1;
1312
1313 /*
1314 * This call is a no-op if we are already terminating, so it doesn't
1315 * affect the wait_peer case.
1316 */
1317 ossl_quic_channel_local_close(ctx.qc->ch,
1318 args != NULL ? args->quic_error_code : 0,
1319 args != NULL ? args->quic_reason : NULL);
1320
1321 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1322
1323 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1324 quic_unlock(ctx.qc);
1325 return 1;
1326 }
1327
1328 /* Phase 3: Terminating Wait Time */
1329 if (!no_block && qc_blocking_mode(ctx.qc)
1330 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1331 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1332 if (ret < 1) {
1333 ret = 0;
1334 goto err;
1335 }
1336 } else {
1337 qctx_maybe_autotick(&ctx);
1338 }
1339
1340 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1341 err:
1342 quic_unlock(ctx.qc);
1343 return ret;
1344 }
1345
1346 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1347 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1348 {
1349 QCTX ctx;
1350
1351 if (!expect_quic(s, &ctx))
1352 return 0;
1353
1354 switch (cmd) {
1355 case SSL_CTRL_MODE:
1356 /* If called on a QCSO, update the default mode. */
1357 if (!ctx.is_stream)
1358 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1359
1360 /*
1361 * If we were called on a QSSO or have a default stream, we also update
1362 * that.
1363 */
1364 if (ctx.xso != NULL) {
1365 /* Cannot enable EPW while AON write in progress. */
1366 if (ctx.xso->aon_write_in_progress)
1367 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1368
1369 ctx.xso->ssl_mode |= (uint32_t)larg;
1370 return ctx.xso->ssl_mode;
1371 }
1372
1373 return ctx.qc->default_ssl_mode;
1374 case SSL_CTRL_CLEAR_MODE:
1375 if (!ctx.is_stream)
1376 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1377
1378 if (ctx.xso != NULL) {
1379 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1380 return ctx.xso->ssl_mode;
1381 }
1382
1383 return ctx.qc->default_ssl_mode;
1384
1385 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1386 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1387 /* This ctrl also needs to be passed to the internal SSL object */
1388 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1389
1390 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1391 {
1392 int is_infinite;
1393
1394 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1395 return 0;
1396
1397 return !is_infinite;
1398 }
1399 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1400 /* For legacy compatibility with DTLS calls. */
1401 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1402
1403 /* Mask ctrls we shouldn't support for QUIC. */
1404 case SSL_CTRL_GET_READ_AHEAD:
1405 case SSL_CTRL_SET_READ_AHEAD:
1406 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1407 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1408 case SSL_CTRL_SET_MAX_PIPELINES:
1409 return 0;
1410
1411 default:
1412 /*
1413 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1414 * implementation. Either SSL_ctrl will handle it itself by direct
1415 * access into handshake layer state, or failing that, it will be passed
1416 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1417 * supported by anything, the handshake layer's ctrl method will finally
1418 * return 0.
1419 */
1420 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1421 }
1422 }
1423
1424 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s)1425 void ossl_quic_set_connect_state(SSL *s)
1426 {
1427 QCTX ctx;
1428
1429 if (!expect_quic(s, &ctx))
1430 return;
1431
1432 /* Cannot be changed after handshake started */
1433 if (ctx.qc->started || ctx.is_stream)
1434 return;
1435
1436 ctx.qc->as_server_state = 0;
1437 }
1438
1439 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s)1440 void ossl_quic_set_accept_state(SSL *s)
1441 {
1442 QCTX ctx;
1443
1444 if (!expect_quic(s, &ctx))
1445 return;
1446
1447 /* Cannot be changed after handshake started */
1448 if (ctx.qc->started || ctx.is_stream)
1449 return;
1450
1451 ctx.qc->as_server_state = 1;
1452 }
1453
1454 /* SSL_do_handshake */
1455 struct quic_handshake_wait_args {
1456 QUIC_CONNECTION *qc;
1457 };
1458
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1459 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1460 {
1461 int want = SSL_want(qc->tls);
1462
1463 if (want == SSL_X509_LOOKUP
1464 || want == SSL_CLIENT_HELLO_CB
1465 || want == SSL_RETRY_VERIFY)
1466 return 1;
1467
1468 return 0;
1469 }
1470
quic_handshake_wait(void * arg)1471 static int quic_handshake_wait(void *arg)
1472 {
1473 struct quic_handshake_wait_args *args = arg;
1474
1475 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1476 return -1;
1477
1478 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1479 return 1;
1480
1481 if (tls_wants_non_io_retry(args->qc))
1482 return 1;
1483
1484 return 0;
1485 }
1486
configure_channel(QUIC_CONNECTION * qc)1487 static int configure_channel(QUIC_CONNECTION *qc)
1488 {
1489 assert(qc->ch != NULL);
1490
1491 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1492 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1493 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1494 return 0;
1495
1496 return 1;
1497 }
1498
1499 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc)1500 static int create_channel(QUIC_CONNECTION *qc)
1501 {
1502 QUIC_ENGINE_ARGS engine_args = {0};
1503 QUIC_PORT_ARGS port_args = {0};
1504
1505 engine_args.libctx = qc->ssl.ctx->libctx;
1506 engine_args.propq = qc->ssl.ctx->propq;
1507 engine_args.mutex = qc->mutex;
1508 engine_args.now_cb = get_time_cb;
1509 engine_args.now_cb_arg = qc;
1510 qc->engine = ossl_quic_engine_new(&engine_args);
1511 if (qc->engine == NULL) {
1512 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1513 return 0;
1514 }
1515
1516 port_args.channel_ctx = qc->ssl.ctx;
1517 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1518 if (qc->port == NULL) {
1519 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1520 ossl_quic_engine_free(qc->engine);
1521 return 0;
1522 }
1523
1524 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1525 if (qc->ch == NULL) {
1526 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1527 ossl_quic_port_free(qc->port);
1528 ossl_quic_engine_free(qc->engine);
1529 return 0;
1530 }
1531
1532 return 1;
1533 }
1534
1535 /*
1536 * Configures a channel with the information we have accumulated via calls made
1537 * to us from the application prior to starting a handshake attempt.
1538 */
1539 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1540 static int ensure_channel_started(QCTX *ctx)
1541 {
1542 QUIC_CONNECTION *qc = ctx->qc;
1543
1544 if (!qc->started) {
1545 if (!configure_channel(qc)) {
1546 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1547 "failed to configure channel");
1548 return 0;
1549 }
1550
1551 if (!ossl_quic_channel_start(qc->ch)) {
1552 ossl_quic_channel_restore_err_state(qc->ch);
1553 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1554 "failed to start channel");
1555 return 0;
1556 }
1557
1558 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1559 if (qc->is_thread_assisted)
1560 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1561 qc->override_now_cb,
1562 qc->override_now_cb_arg)) {
1563 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1564 "failed to start assist thread");
1565 return 0;
1566 }
1567 #endif
1568 }
1569
1570 qc->started = 1;
1571 return 1;
1572 }
1573
1574 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1575 static int quic_do_handshake(QCTX *ctx)
1576 {
1577 int ret;
1578 QUIC_CONNECTION *qc = ctx->qc;
1579
1580 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1581 /* Handshake already completed. */
1582 return 1;
1583
1584 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1585 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1586
1587 if (qc->as_server != qc->as_server_state) {
1588 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1589 return -1; /* Non-protocol error */
1590 }
1591
1592 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1593 /* Need read and write BIOs. */
1594 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1595 return -1; /* Non-protocol error */
1596 }
1597
1598 /*
1599 * We need to determine our addressing mode. There are basically two
1600 * ways we can use L4 addresses:
1601 *
1602 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1603 * addresses attached to them which we expect the underlying network BIO
1604 * to handle;
1605 *
1606 * - Unaddressed mode, in which the BIO provided to us on the
1607 * network side neither provides us with L4 addresses nor is capable of
1608 * honouring ones we provide. We don't know where the QUIC traffic we
1609 * send ends up exactly and trust the application to know what it is
1610 * doing.
1611 *
1612 * Addressed mode is preferred because it enables support for connection
1613 * migration, multipath, etc. in the future. Addressed mode is automatically
1614 * enabled if we are using e.g. BIO_s_datagram, with or without
1615 * BIO_s_connect.
1616 *
1617 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1618 * use unaddressed mode unless that BIO supports capability flags indicating
1619 * it can provide and honour L4 addresses.
1620 *
1621 * Our strategy for determining address mode is simple: we probe the
1622 * underlying network BIOs for their capabilities. If the network BIOs
1623 * support what we need, we use addressed mode. Otherwise, we use
1624 * unaddressed mode.
1625 *
1626 * If addressed mode is chosen, we require an initial peer address to be
1627 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1628 * require this, as such an address is superfluous, though it can be set if
1629 * desired.
1630 */
1631 if (!qc->started && !qc->addressing_probe_done) {
1632 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1633 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1634
1635 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1636 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1637 qc->addressing_probe_done = 1;
1638 }
1639
1640 if (!qc->started && qc->addressed_mode_w
1641 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1642 /*
1643 * We are trying to connect and are using addressed mode, which means we
1644 * need an initial peer address; if we do not have a peer address yet,
1645 * we should try to autodetect one.
1646 *
1647 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1648 * may not be able to provide us with a peer address until they have
1649 * finished their own processing. They may not be able to perform this
1650 * processing until an application has finished configuring that BIO
1651 * (e.g. with setter calls), which might happen after SSL_set_bio is
1652 * called.
1653 */
1654 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1655 /* best effort */
1656 BIO_ADDR_clear(&qc->init_peer_addr);
1657 else
1658 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1659 }
1660
1661 if (!qc->started
1662 && qc->addressed_mode_w
1663 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1664 /*
1665 * If we still don't have a peer address in addressed mode, we can't do
1666 * anything.
1667 */
1668 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1669 return -1; /* Non-protocol error */
1670 }
1671
1672 /*
1673 * Start connection process. Note we may come here multiple times in
1674 * non-blocking mode, which is fine.
1675 */
1676 if (!ensure_channel_started(ctx)) /* raises on failure */
1677 return -1; /* Non-protocol error */
1678
1679 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1680 /* The handshake is now done. */
1681 return 1;
1682
1683 if (!qc_blocking_mode(qc)) {
1684 /* Try to advance the reactor. */
1685 qctx_maybe_autotick(ctx);
1686
1687 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1688 /* The handshake is now done. */
1689 return 1;
1690
1691 if (ossl_quic_channel_is_term_any(qc->ch)) {
1692 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1693 return 0;
1694 } else if (qc->desires_blocking) {
1695 /*
1696 * As a special case when doing a handshake when blocking mode is
1697 * desired yet not available, see if the network BIOs have become
1698 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1699 * which do late creation of socket FDs and therefore cannot expose
1700 * a poll descriptor until after a network BIO is set on the QCSO.
1701 */
1702 assert(!qc->blocking);
1703 qc_update_can_support_blocking(qc);
1704 qc_update_blocking_mode(qc);
1705 }
1706 }
1707
1708 /*
1709 * We are either in blocking mode or just entered it due to the code above.
1710 */
1711 if (qc_blocking_mode(qc)) {
1712 /* In blocking mode, wait for the handshake to complete. */
1713 struct quic_handshake_wait_args args;
1714
1715 args.qc = qc;
1716
1717 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1718 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1719 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1720 return 0; /* Shutdown before completion */
1721 } else if (ret <= 0) {
1722 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1723 return -1; /* Non-protocol error */
1724 }
1725
1726 if (tls_wants_non_io_retry(qc)) {
1727 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1728 return -1;
1729 }
1730
1731 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1732 return 1;
1733 }
1734
1735 if (tls_wants_non_io_retry(qc)) {
1736 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1737 return -1;
1738 }
1739
1740 /*
1741 * Otherwise, indicate that the handshake isn't done yet.
1742 * We can only get here in non-blocking mode.
1743 */
1744 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1745 return -1; /* Non-protocol error */
1746 }
1747
1748 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)1749 int ossl_quic_do_handshake(SSL *s)
1750 {
1751 int ret;
1752 QCTX ctx;
1753
1754 if (!expect_quic(s, &ctx))
1755 return 0;
1756
1757 quic_lock_for_io(&ctx);
1758
1759 ret = quic_do_handshake(&ctx);
1760 quic_unlock(ctx.qc);
1761 return ret;
1762 }
1763
1764 /* SSL_connect */
ossl_quic_connect(SSL * s)1765 int ossl_quic_connect(SSL *s)
1766 {
1767 /* Ensure we are in connect state (no-op if non-idle). */
1768 ossl_quic_set_connect_state(s);
1769
1770 /* Begin or continue the handshake */
1771 return ossl_quic_do_handshake(s);
1772 }
1773
1774 /* SSL_accept */
ossl_quic_accept(SSL * s)1775 int ossl_quic_accept(SSL *s)
1776 {
1777 /* Ensure we are in accept state (no-op if non-idle). */
1778 ossl_quic_set_accept_state(s);
1779
1780 /* Begin or continue the handshake */
1781 return ossl_quic_do_handshake(s);
1782 }
1783
1784 /*
1785 * QUIC Front-End I/O API: Stream Lifecycle Operations
1786 * ===================================================
1787 *
1788 * SSL_stream_new => ossl_quic_conn_stream_new
1789 *
1790 */
1791
1792 /*
1793 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1794 * default XSO was created. Returns 0 if it was not (e.g. because it already
1795 * exists). Note that this is NOT an error condition.
1796 */
1797 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)1798 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1799 {
1800 uint64_t flags = 0;
1801 QUIC_CONNECTION *qc = ctx->qc;
1802
1803 if (qc->default_xso_created
1804 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1805 /*
1806 * We only do this once. If the user detaches a previously created
1807 * default XSO we don't auto-create another one.
1808 */
1809 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1810
1811 /* Create a locally-initiated stream. */
1812 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1813 flags |= SSL_STREAM_FLAG_UNI;
1814
1815 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1816 /*needs_lock=*/0),
1817 /*touch=*/0);
1818 if (qc->default_xso == NULL)
1819 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1820
1821 qc_touch_default_xso(qc);
1822 return 1;
1823 }
1824
1825 struct quic_wait_for_stream_args {
1826 QUIC_CONNECTION *qc;
1827 QUIC_STREAM *qs;
1828 QCTX *ctx;
1829 uint64_t expect_id;
1830 };
1831
1832 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)1833 static int quic_wait_for_stream(void *arg)
1834 {
1835 struct quic_wait_for_stream_args *args = arg;
1836
1837 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1838 /* If connection is torn down due to an error while blocking, stop. */
1839 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1840 return -1;
1841 }
1842
1843 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1844 args->expect_id | QUIC_STREAM_DIR_BIDI);
1845 if (args->qs == NULL)
1846 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1847 args->expect_id | QUIC_STREAM_DIR_UNI);
1848
1849 if (args->qs != NULL)
1850 return 1; /* stream now exists */
1851
1852 return 0; /* did not get a stream, keep trying */
1853 }
1854
1855 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)1856 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
1857 {
1858 /* Called on a QCSO and we don't currently have a default stream. */
1859 uint64_t expect_id;
1860 QUIC_CONNECTION *qc = ctx->qc;
1861 QUIC_STREAM *qs;
1862 int res;
1863 struct quic_wait_for_stream_args wargs;
1864 OSSL_RTT_INFO rtt_info;
1865
1866 /*
1867 * If default stream functionality is disabled or we already detached
1868 * one, don't make another default stream and just fail.
1869 */
1870 if (qc->default_xso_created
1871 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1872 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1873
1874 /*
1875 * The peer may have opened a stream since we last ticked. So tick and
1876 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1877 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1878 * first stream created by a peer must have an ordinal of 0.
1879 */
1880 expect_id = qc->as_server
1881 ? QUIC_STREAM_INITIATOR_CLIENT
1882 : QUIC_STREAM_INITIATOR_SERVER;
1883
1884 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1885 expect_id | QUIC_STREAM_DIR_BIDI);
1886 if (qs == NULL)
1887 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1888 expect_id | QUIC_STREAM_DIR_UNI);
1889
1890 if (qs == NULL) {
1891 qctx_maybe_autotick(ctx);
1892
1893 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1894 expect_id);
1895 }
1896
1897 if (qs == NULL) {
1898 if (peek)
1899 return 0;
1900
1901 if (!qc_blocking_mode(qc))
1902 /* Non-blocking mode, so just bail immediately. */
1903 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1904
1905 /* Block until we have a stream. */
1906 wargs.qc = qc;
1907 wargs.qs = NULL;
1908 wargs.ctx = ctx;
1909 wargs.expect_id = expect_id;
1910
1911 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1912 if (res == 0)
1913 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1914 else if (res < 0 || wargs.qs == NULL)
1915 /* quic_wait_for_stream raised error here */
1916 return 0;
1917
1918 qs = wargs.qs;
1919 }
1920
1921 /*
1922 * We now have qs != NULL. Remove it from the incoming stream queue so that
1923 * it isn't also returned by any future SSL_accept_stream calls.
1924 */
1925 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1926 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1927 qs, rtt_info.smoothed_rtt);
1928
1929 /*
1930 * Now make qs the default stream, creating the necessary XSO.
1931 */
1932 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1933 if (qc->default_xso == NULL)
1934 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1935
1936 qc_touch_default_xso(qc); /* inhibits default XSO */
1937 return 1;
1938 }
1939
1940 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)1941 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1942 {
1943 QUIC_XSO *xso = NULL;
1944
1945 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1946 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1947 goto err;
1948 }
1949
1950 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1951 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1952 goto err;
1953 }
1954
1955 /* XSO refs QC */
1956 if (!SSL_up_ref(&qc->ssl)) {
1957 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1958 goto err;
1959 }
1960
1961 xso->conn = qc;
1962 xso->ssl_mode = qc->default_ssl_mode;
1963 xso->ssl_options
1964 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1965 xso->last_error = SSL_ERROR_NONE;
1966
1967 xso->stream = qs;
1968
1969 ++qc->num_xso;
1970 xso_update_options(xso);
1971 return xso;
1972
1973 err:
1974 OPENSSL_free(xso);
1975 return NULL;
1976 }
1977
1978 struct quic_new_stream_wait_args {
1979 QUIC_CONNECTION *qc;
1980 int is_uni;
1981 };
1982
quic_new_stream_wait(void * arg)1983 static int quic_new_stream_wait(void *arg)
1984 {
1985 struct quic_new_stream_wait_args *args = arg;
1986 QUIC_CONNECTION *qc = args->qc;
1987
1988 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1989 return -1;
1990
1991 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1992 return 1;
1993
1994 return 0;
1995 }
1996
1997 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)1998 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1999 {
2000 int ret;
2001 QUIC_CONNECTION *qc = ctx->qc;
2002 QUIC_XSO *xso = NULL;
2003 QUIC_STREAM *qs = NULL;
2004 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2005 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2006 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2007
2008 if (need_lock)
2009 quic_lock(qc);
2010
2011 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2012 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2013 goto err;
2014 }
2015
2016 if (!advance
2017 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2018 struct quic_new_stream_wait_args args;
2019
2020 /*
2021 * Stream count flow control currently doesn't permit this stream to be
2022 * opened.
2023 */
2024 if (no_blocking || !qc_blocking_mode(qc)) {
2025 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2026 goto err;
2027 }
2028
2029 args.qc = qc;
2030 args.is_uni = is_uni;
2031
2032 /* Blocking mode - wait until we can get a stream. */
2033 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2034 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2035 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2036 goto err; /* Shutdown before completion */
2037 } else if (ret <= 0) {
2038 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2039 goto err; /* Non-protocol error */
2040 }
2041 }
2042
2043 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2044 if (qs == NULL) {
2045 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2046 goto err;
2047 }
2048
2049 xso = create_xso_from_stream(qc, qs);
2050 if (xso == NULL)
2051 goto err;
2052
2053 qc_touch_default_xso(qc); /* inhibits default XSO */
2054 if (need_lock)
2055 quic_unlock(qc);
2056
2057 return &xso->ssl;
2058
2059 err:
2060 OPENSSL_free(xso);
2061 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2062 if (need_lock)
2063 quic_unlock(qc);
2064
2065 return NULL;
2066
2067 }
2068
2069 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2070 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2071 {
2072 QCTX ctx;
2073
2074 if (!expect_quic_conn_only(s, &ctx))
2075 return NULL;
2076
2077 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2078 }
2079
2080 /*
2081 * QUIC Front-End I/O API: Steady-State Operations
2082 * ===============================================
2083 *
2084 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2085 * is, the functions used during the established phase of a QUIC connection
2086 * (e.g. SSL_read, SSL_write).
2087 *
2088 * Each function must handle both blocking and non-blocking modes. As discussed
2089 * above, all QUIC I/O is implemented using non-blocking mode internally.
2090 *
2091 * SSL_get_error => partially implemented by ossl_quic_get_error
2092 * SSL_want => ossl_quic_want
2093 * (BIO/)SSL_read => ossl_quic_read
2094 * (BIO/)SSL_write => ossl_quic_write
2095 * SSL_pending => ossl_quic_pending
2096 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2097 * SSL_key_update => ossl_quic_key_update
2098 */
2099
2100 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2101 int ossl_quic_get_error(const SSL *s, int i)
2102 {
2103 QCTX ctx;
2104 int net_error, last_error;
2105
2106 if (!expect_quic(s, &ctx))
2107 return 0;
2108
2109 quic_lock(ctx.qc);
2110 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2111 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2112 quic_unlock(ctx.qc);
2113
2114 if (net_error)
2115 return SSL_ERROR_SYSCALL;
2116
2117 return last_error;
2118 }
2119
2120 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2121 static int error_to_want(int error)
2122 {
2123 switch (error) {
2124 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2125 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2126 case SSL_ERROR_ZERO_RETURN:
2127 default:
2128 return SSL_NOTHING;
2129
2130 case SSL_ERROR_WANT_READ:
2131 return SSL_READING;
2132
2133 case SSL_ERROR_WANT_WRITE:
2134 return SSL_WRITING;
2135
2136 case SSL_ERROR_WANT_RETRY_VERIFY:
2137 return SSL_RETRY_VERIFY;
2138
2139 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2140 return SSL_CLIENT_HELLO_CB;
2141
2142 case SSL_ERROR_WANT_X509_LOOKUP:
2143 return SSL_X509_LOOKUP;
2144 }
2145 }
2146
2147 /* SSL_want */
ossl_quic_want(const SSL * s)2148 int ossl_quic_want(const SSL *s)
2149 {
2150 QCTX ctx;
2151 int w;
2152
2153 if (!expect_quic(s, &ctx))
2154 return SSL_NOTHING;
2155
2156 quic_lock(ctx.qc);
2157
2158 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2159
2160 quic_unlock(ctx.qc);
2161 return w;
2162 }
2163
2164 /*
2165 * SSL_write
2166 * ---------
2167 *
2168 * The set of functions below provide the implementation of the public SSL_write
2169 * function. We must handle:
2170 *
2171 * - both blocking and non-blocking operation at the application level,
2172 * depending on how we are configured;
2173 *
2174 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2175 *
2176 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2177 *
2178 */
2179 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2180 static void quic_post_write(QUIC_XSO *xso, int did_append,
2181 int did_append_all, uint64_t flags,
2182 int do_tick)
2183 {
2184 /*
2185 * We have appended at least one byte to the stream.
2186 * Potentially mark stream as active, depending on FC.
2187 */
2188 if (did_append)
2189 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2190 xso->stream);
2191
2192 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2193 ossl_quic_sstream_fin(xso->stream->sstream);
2194
2195 /*
2196 * Try and send.
2197 *
2198 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2199 * immediately, plus we should eventually consider Nagle's algorithm.
2200 */
2201 if (do_tick)
2202 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2203 }
2204
2205 struct quic_write_again_args {
2206 QUIC_XSO *xso;
2207 const unsigned char *buf;
2208 size_t len;
2209 size_t total_written;
2210 int err;
2211 uint64_t flags;
2212 };
2213
2214 /*
2215 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2216 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2217 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2218 */
2219 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2220
2221 /*
2222 * Ensure spare buffer space available (up until a limit, at least).
2223 */
2224 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2225 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2226 {
2227 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2228 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2229 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2230 size_t new_sz, growth;
2231
2232 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2233 return 1;
2234
2235 growth = spare_ - avail;
2236 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2237 new_sz = MAX_WRITE_BUF_SIZE;
2238 else
2239 new_sz = cur_sz + growth;
2240
2241 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2242 }
2243
2244 /*
2245 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2246 * as needed according to flow control.
2247 */
2248 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2249 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2250 size_t len, size_t *actual_written)
2251 {
2252 QUIC_SSTREAM *sstream = xso->stream->sstream;
2253 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2254 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2255 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2256
2257 if (len > permitted)
2258 len = (size_t)permitted;
2259
2260 if (!sstream_ensure_spare(sstream, len))
2261 return 0;
2262
2263 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2264 }
2265
2266 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2267 static int quic_write_again(void *arg)
2268 {
2269 struct quic_write_again_args *args = arg;
2270 size_t actual_written = 0;
2271
2272 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2273 /* If connection is torn down due to an error while blocking, stop. */
2274 return -2;
2275
2276 if (!quic_validate_for_write(args->xso, &args->err))
2277 /*
2278 * Stream may have become invalid for write due to connection events
2279 * while we blocked.
2280 */
2281 return -2;
2282
2283 args->err = ERR_R_INTERNAL_ERROR;
2284 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2285 return -2;
2286
2287 quic_post_write(args->xso, actual_written > 0,
2288 args->len == actual_written, args->flags, 0);
2289
2290 args->buf += actual_written;
2291 args->len -= actual_written;
2292 args->total_written += actual_written;
2293
2294 if (args->len == 0)
2295 /* Written everything, done. */
2296 return 1;
2297
2298 /* Not written everything yet, keep trying. */
2299 return 0;
2300 }
2301
2302 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2303 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2304 uint64_t flags, size_t *written)
2305 {
2306 int res;
2307 QUIC_XSO *xso = ctx->xso;
2308 struct quic_write_again_args args;
2309 size_t actual_written = 0;
2310
2311 /* First make a best effort to append as much of the data as possible. */
2312 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2313 /* Stream already finished or allocation error. */
2314 *written = 0;
2315 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2316 }
2317
2318 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2319
2320 if (actual_written == len) {
2321 /* Managed to append everything on the first try. */
2322 *written = actual_written;
2323 return 1;
2324 }
2325
2326 /*
2327 * We did not manage to append all of the data immediately, so the stream
2328 * buffer has probably filled up. This means we need to block until some of
2329 * it is freed up.
2330 */
2331 args.xso = xso;
2332 args.buf = (const unsigned char *)buf + actual_written;
2333 args.len = len - actual_written;
2334 args.total_written = 0;
2335 args.err = ERR_R_INTERNAL_ERROR;
2336 args.flags = flags;
2337
2338 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2339 if (res <= 0) {
2340 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2341 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2342 else
2343 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2344 }
2345
2346 *written = args.total_written;
2347 return 1;
2348 }
2349
2350 /*
2351 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2352 * write semantics.
2353 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2354 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2355 size_t buf_len, size_t already_sent)
2356 {
2357 assert(!xso->aon_write_in_progress);
2358
2359 xso->aon_write_in_progress = 1;
2360 xso->aon_buf_base = buf;
2361 xso->aon_buf_pos = already_sent;
2362 xso->aon_buf_len = buf_len;
2363 }
2364
aon_write_finish(QUIC_XSO * xso)2365 static void aon_write_finish(QUIC_XSO *xso)
2366 {
2367 xso->aon_write_in_progress = 0;
2368 xso->aon_buf_base = NULL;
2369 xso->aon_buf_pos = 0;
2370 xso->aon_buf_len = 0;
2371 }
2372
2373 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2374 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2375 size_t len, uint64_t flags,
2376 size_t *written)
2377 {
2378 QUIC_XSO *xso = ctx->xso;
2379 const void *actual_buf;
2380 size_t actual_len, actual_written = 0;
2381 int accept_moving_buffer
2382 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2383
2384 if (xso->aon_write_in_progress) {
2385 /*
2386 * We are in the middle of an AON write (i.e., a previous write did not
2387 * manage to append all data to the SSTREAM and we have Enable Partial
2388 * Write (EPW) mode disabled.)
2389 */
2390 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2391 || len != xso->aon_buf_len)
2392 /*
2393 * Pointer must not have changed if we are not in accept moving
2394 * buffer mode. Length must never change.
2395 */
2396 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2397
2398 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2399 actual_len = len - xso->aon_buf_pos;
2400 assert(actual_len > 0);
2401 } else {
2402 actual_buf = buf;
2403 actual_len = len;
2404 }
2405
2406 /* First make a best effort to append as much of the data as possible. */
2407 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2408 /* Stream already finished or allocation error. */
2409 *written = 0;
2410 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2411 }
2412
2413 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2414 flags, qctx_should_autotick(ctx));
2415
2416 if (actual_written == actual_len) {
2417 /* We have sent everything. */
2418 if (xso->aon_write_in_progress) {
2419 /*
2420 * We have sent everything, and we were in the middle of an AON
2421 * write. The output write length is the total length of the AON
2422 * buffer, not however many bytes we managed to write to the stream
2423 * in this call.
2424 */
2425 *written = xso->aon_buf_len;
2426 aon_write_finish(xso);
2427 } else {
2428 *written = actual_written;
2429 }
2430
2431 return 1;
2432 }
2433
2434 if (xso->aon_write_in_progress) {
2435 /*
2436 * AON write is in progress but we have not written everything yet. We
2437 * may have managed to send zero bytes, or some number of bytes less
2438 * than the total remaining which need to be appended during this
2439 * AON operation.
2440 */
2441 xso->aon_buf_pos += actual_written;
2442 assert(xso->aon_buf_pos < xso->aon_buf_len);
2443 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2444 }
2445
2446 /*
2447 * Not in an existing AON operation but partial write is not enabled, so we
2448 * need to begin a new AON operation. However we needn't bother if we didn't
2449 * actually append anything.
2450 */
2451 if (actual_written > 0)
2452 aon_write_begin(xso, buf, len, actual_written);
2453
2454 /*
2455 * AON - We do not publicly admit to having appended anything until AON
2456 * completes.
2457 */
2458 *written = 0;
2459 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2460 }
2461
2462 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2463 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2464 uint64_t flags, size_t *written)
2465 {
2466 QUIC_XSO *xso = ctx->xso;
2467
2468 /* Simple best effort operation. */
2469 if (!xso_sstream_append(xso, buf, len, written)) {
2470 /* Stream already finished or allocation error. */
2471 *written = 0;
2472 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2473 }
2474
2475 quic_post_write(xso, *written > 0, *written == len, flags,
2476 qctx_should_autotick(ctx));
2477
2478 if (*written == 0)
2479 /* SSL_write_ex returns 0 if it didn't read anything. */
2480 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2481
2482 return 1;
2483 }
2484
2485 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2486 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2487 {
2488 QUIC_STREAM_MAP *qsm;
2489
2490 if (xso == NULL || xso->stream == NULL) {
2491 *err = ERR_R_INTERNAL_ERROR;
2492 return 0;
2493 }
2494
2495 switch (xso->stream->send_state) {
2496 default:
2497 case QUIC_SSTREAM_STATE_NONE:
2498 *err = SSL_R_STREAM_RECV_ONLY;
2499 return 0;
2500
2501 case QUIC_SSTREAM_STATE_READY:
2502 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2503
2504 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2505 *err = ERR_R_INTERNAL_ERROR;
2506 return 0;
2507 }
2508
2509 /* FALLTHROUGH */
2510 case QUIC_SSTREAM_STATE_SEND:
2511 case QUIC_SSTREAM_STATE_DATA_SENT:
2512 case QUIC_SSTREAM_STATE_DATA_RECVD:
2513 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2514 *err = SSL_R_STREAM_FINISHED;
2515 return 0;
2516 }
2517
2518 return 1;
2519
2520 case QUIC_SSTREAM_STATE_RESET_SENT:
2521 case QUIC_SSTREAM_STATE_RESET_RECVD:
2522 *err = SSL_R_STREAM_RESET;
2523 return 0;
2524 }
2525 }
2526
2527 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2528 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2529 uint64_t flags, size_t *written)
2530 {
2531 int ret;
2532 QCTX ctx;
2533 int partial_write, err;
2534
2535 *written = 0;
2536
2537 if (len == 0) {
2538 /* Do not autocreate default XSO for zero-length writes. */
2539 if (!expect_quic(s, &ctx))
2540 return 0;
2541
2542 quic_lock_for_io(&ctx);
2543 } else {
2544 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2545 return 0;
2546 }
2547
2548 partial_write = ((ctx.xso != NULL)
2549 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0);
2550
2551 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2552 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2553 goto out;
2554 }
2555
2556 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2557 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2558 goto out;
2559 }
2560
2561 /*
2562 * If we haven't finished the handshake, try to advance it.
2563 * We don't accept writes until the handshake is completed.
2564 */
2565 if (quic_do_handshake(&ctx) < 1) {
2566 ret = 0;
2567 goto out;
2568 }
2569
2570 /* Ensure correct stream state, stream send part not concluded, etc. */
2571 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2572 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2573 goto out;
2574 }
2575
2576 if (len == 0) {
2577 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2578 quic_post_write(ctx.xso, 0, 1, flags,
2579 qctx_should_autotick(&ctx));
2580
2581 ret = 1;
2582 goto out;
2583 }
2584
2585 if (xso_blocking_mode(ctx.xso))
2586 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2587 else if (partial_write)
2588 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2589 else
2590 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2591
2592 out:
2593 quic_unlock(ctx.qc);
2594 return ret;
2595 }
2596
2597 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2598 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2599 {
2600 return ossl_quic_write_flags(s, buf, len, 0, written);
2601 }
2602
2603 /*
2604 * SSL_read
2605 * --------
2606 */
2607 struct quic_read_again_args {
2608 QCTX *ctx;
2609 QUIC_STREAM *stream;
2610 void *buf;
2611 size_t len;
2612 size_t *bytes_read;
2613 int peek;
2614 };
2615
2616 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2617 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2618 {
2619 QUIC_STREAM_MAP *qsm;
2620
2621 *eos = 0;
2622
2623 if (xso == NULL || xso->stream == NULL) {
2624 *err = ERR_R_INTERNAL_ERROR;
2625 return 0;
2626 }
2627
2628 switch (xso->stream->recv_state) {
2629 default:
2630 case QUIC_RSTREAM_STATE_NONE:
2631 *err = SSL_R_STREAM_SEND_ONLY;
2632 return 0;
2633
2634 case QUIC_RSTREAM_STATE_RECV:
2635 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2636 case QUIC_RSTREAM_STATE_DATA_RECVD:
2637 return 1;
2638
2639 case QUIC_RSTREAM_STATE_DATA_READ:
2640 *eos = 1;
2641 return 0;
2642
2643 case QUIC_RSTREAM_STATE_RESET_RECVD:
2644 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2645 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2646
2647 /* FALLTHROUGH */
2648 case QUIC_RSTREAM_STATE_RESET_READ:
2649 *err = SSL_R_STREAM_RESET;
2650 return 0;
2651 }
2652 }
2653
2654 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2655 static int quic_read_actual(QCTX *ctx,
2656 QUIC_STREAM *stream,
2657 void *buf, size_t buf_len,
2658 size_t *bytes_read,
2659 int peek)
2660 {
2661 int is_fin = 0, err, eos;
2662 QUIC_CONNECTION *qc = ctx->qc;
2663
2664 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2665 if (eos) {
2666 ctx->xso->retired_fin = 1;
2667 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2668 } else {
2669 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2670 }
2671 }
2672
2673 if (peek) {
2674 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2675 bytes_read, &is_fin))
2676 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2677
2678 } else {
2679 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2680 bytes_read, &is_fin))
2681 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2682 }
2683
2684 if (!peek) {
2685 if (*bytes_read > 0) {
2686 /*
2687 * We have read at least one byte from the stream. Inform stream-level
2688 * RXFC of the retirement of controlled bytes. Update the active stream
2689 * status (the RXFC may now want to emit a frame granting more credit to
2690 * the peer).
2691 */
2692 OSSL_RTT_INFO rtt_info;
2693
2694 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2695
2696 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2697 rtt_info.smoothed_rtt))
2698 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2699 }
2700
2701 if (is_fin && !peek) {
2702 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2703
2704 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2705 }
2706
2707 if (*bytes_read > 0)
2708 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2709 stream);
2710 }
2711
2712 if (*bytes_read == 0 && is_fin) {
2713 ctx->xso->retired_fin = 1;
2714 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2715 }
2716
2717 return 1;
2718 }
2719
2720 QUIC_NEEDS_LOCK
quic_read_again(void * arg)2721 static int quic_read_again(void *arg)
2722 {
2723 struct quic_read_again_args *args = arg;
2724
2725 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2726 /* If connection is torn down due to an error while blocking, stop. */
2727 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2728 return -1;
2729 }
2730
2731 if (!quic_read_actual(args->ctx, args->stream,
2732 args->buf, args->len, args->bytes_read,
2733 args->peek))
2734 return -1;
2735
2736 if (*args->bytes_read > 0)
2737 /* got at least one byte, the SSL_read op can finish now */
2738 return 1;
2739
2740 return 0; /* did not read anything, keep trying */
2741 }
2742
2743 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)2744 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2745 {
2746 int ret, res;
2747 QCTX ctx;
2748 struct quic_read_again_args args;
2749
2750 *bytes_read = 0;
2751
2752 if (!expect_quic(s, &ctx))
2753 return 0;
2754
2755 quic_lock_for_io(&ctx);
2756
2757 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2758 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2759 goto out;
2760 }
2761
2762 /* If we haven't finished the handshake, try to advance it. */
2763 if (quic_do_handshake(&ctx) < 1) {
2764 ret = 0; /* ossl_quic_do_handshake raised error here */
2765 goto out;
2766 }
2767
2768 if (ctx.xso == NULL) {
2769 /*
2770 * Called on a QCSO and we don't currently have a default stream.
2771 *
2772 * Wait until we get a stream initiated by the peer (blocking mode) or
2773 * fail if we don't have one yet (non-blocking mode).
2774 */
2775 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
2776 ret = 0; /* error already raised here */
2777 goto out;
2778 }
2779
2780 ctx.xso = ctx.qc->default_xso;
2781 }
2782
2783 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2784 ret = 0; /* quic_read_actual raised error here */
2785 goto out;
2786 }
2787
2788 if (*bytes_read > 0) {
2789 /*
2790 * Even though we succeeded, tick the reactor here to ensure we are
2791 * handling other aspects of the QUIC connection.
2792 */
2793 qctx_maybe_autotick(&ctx);
2794 ret = 1;
2795 } else if (xso_blocking_mode(ctx.xso)) {
2796 /*
2797 * We were not able to read anything immediately, so our stream
2798 * buffer is empty. This means we need to block until we get
2799 * at least one byte.
2800 */
2801 args.ctx = &ctx;
2802 args.stream = ctx.xso->stream;
2803 args.buf = buf;
2804 args.len = len;
2805 args.bytes_read = bytes_read;
2806 args.peek = peek;
2807
2808 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2809 if (res == 0) {
2810 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2811 goto out;
2812 } else if (res < 0) {
2813 ret = 0; /* quic_read_again raised error here */
2814 goto out;
2815 }
2816
2817 ret = 1;
2818 } else {
2819 /*
2820 * We did not get any bytes and are not in blocking mode.
2821 * Tick to see if this delivers any more.
2822 */
2823 qctx_maybe_autotick(&ctx);
2824
2825 /* Try the read again. */
2826 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2827 ret = 0; /* quic_read_actual raised error here */
2828 goto out;
2829 }
2830
2831 if (*bytes_read > 0)
2832 ret = 1; /* Succeeded this time. */
2833 else
2834 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2835 }
2836
2837 out:
2838 quic_unlock(ctx.qc);
2839 return ret;
2840 }
2841
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)2842 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2843 {
2844 return quic_read(s, buf, len, bytes_read, 0);
2845 }
2846
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)2847 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2848 {
2849 return quic_read(s, buf, len, bytes_read, 1);
2850 }
2851
2852 /*
2853 * SSL_pending
2854 * -----------
2855 */
2856
2857 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)2858 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2859 {
2860 QCTX ctx;
2861 size_t avail = 0;
2862
2863 if (!expect_quic(s, &ctx))
2864 return 0;
2865
2866 quic_lock(ctx.qc);
2867
2868 if (!ctx.qc->started)
2869 goto out;
2870
2871 if (ctx.xso == NULL) {
2872 /* No XSO yet, but there might be a default XSO eligible to be created. */
2873 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
2874 ctx.xso = ctx.qc->default_xso;
2875 } else {
2876 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2877 goto out;
2878 }
2879 }
2880
2881 if (ctx.xso->stream == NULL) {
2882 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2883 goto out;
2884 }
2885
2886 if (check_channel)
2887 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2888 /*include_fin=*/1)
2889 || ossl_quic_channel_has_pending(ctx.qc->ch)
2890 || ossl_quic_channel_is_term_any(ctx.qc->ch);
2891 else
2892 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2893 /*include_fin=*/0);
2894
2895 out:
2896 quic_unlock(ctx.qc);
2897 return avail;
2898 }
2899
ossl_quic_pending(const SSL * s)2900 size_t ossl_quic_pending(const SSL *s)
2901 {
2902 return ossl_quic_pending_int(s, /*check_channel=*/0);
2903 }
2904
ossl_quic_has_pending(const SSL * s)2905 int ossl_quic_has_pending(const SSL *s)
2906 {
2907 /* Do we have app-side pending data or pending URXEs or RXEs? */
2908 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2909 }
2910
2911 /*
2912 * SSL_stream_conclude
2913 * -------------------
2914 */
2915 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)2916 int ossl_quic_conn_stream_conclude(SSL *s)
2917 {
2918 QCTX ctx;
2919 QUIC_STREAM *qs;
2920 int err;
2921
2922 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2923 return 0;
2924
2925 qs = ctx.xso->stream;
2926
2927 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2928 quic_unlock(ctx.qc);
2929 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2930 }
2931
2932 if (!quic_validate_for_write(ctx.xso, &err)) {
2933 quic_unlock(ctx.qc);
2934 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2935 }
2936
2937 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2938 quic_unlock(ctx.qc);
2939 return 1;
2940 }
2941
2942 ossl_quic_sstream_fin(qs->sstream);
2943 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
2944 quic_unlock(ctx.qc);
2945 return 1;
2946 }
2947
2948 /*
2949 * SSL_inject_net_dgram
2950 * --------------------
2951 */
2952 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)2953 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2954 size_t buf_len,
2955 const BIO_ADDR *peer,
2956 const BIO_ADDR *local)
2957 {
2958 int ret;
2959 QCTX ctx;
2960 QUIC_DEMUX *demux;
2961
2962 if (!expect_quic(s, &ctx))
2963 return 0;
2964
2965 quic_lock(ctx.qc);
2966
2967 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2968 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2969
2970 quic_unlock(ctx.qc);
2971 return ret;
2972 }
2973
2974 /*
2975 * SSL_get0_connection
2976 * -------------------
2977 */
ossl_quic_get0_connection(SSL * s)2978 SSL *ossl_quic_get0_connection(SSL *s)
2979 {
2980 QCTX ctx;
2981
2982 if (!expect_quic(s, &ctx))
2983 return NULL;
2984
2985 return &ctx.qc->ssl;
2986 }
2987
2988 /*
2989 * SSL_get_stream_type
2990 * -------------------
2991 */
ossl_quic_get_stream_type(SSL * s)2992 int ossl_quic_get_stream_type(SSL *s)
2993 {
2994 QCTX ctx;
2995
2996 if (!expect_quic(s, &ctx))
2997 return SSL_STREAM_TYPE_BIDI;
2998
2999 if (ctx.xso == NULL) {
3000 /*
3001 * If deferred XSO creation has yet to occur, proceed according to the
3002 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
3003 * what kind of stream will be created yet, so return BIDI on the basis
3004 * that at this time, the client still has the option of calling
3005 * SSL_read() or SSL_write() first.
3006 */
3007 if (ctx.qc->default_xso_created
3008 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3009 return SSL_STREAM_TYPE_NONE;
3010 else
3011 return SSL_STREAM_TYPE_BIDI;
3012 }
3013
3014 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3015 return SSL_STREAM_TYPE_BIDI;
3016
3017 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3018 return SSL_STREAM_TYPE_READ;
3019 else
3020 return SSL_STREAM_TYPE_WRITE;
3021 }
3022
3023 /*
3024 * SSL_get_stream_id
3025 * -----------------
3026 */
3027 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3028 uint64_t ossl_quic_get_stream_id(SSL *s)
3029 {
3030 QCTX ctx;
3031 uint64_t id;
3032
3033 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3034 return UINT64_MAX;
3035
3036 id = ctx.xso->stream->id;
3037 quic_unlock(ctx.qc);
3038
3039 return id;
3040 }
3041
3042 /*
3043 * SSL_is_stream_local
3044 * -------------------
3045 */
3046 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3047 int ossl_quic_is_stream_local(SSL *s)
3048 {
3049 QCTX ctx;
3050 int is_local;
3051
3052 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3053 return -1;
3054
3055 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3056 quic_unlock(ctx.qc);
3057
3058 return is_local;
3059 }
3060
3061 /*
3062 * SSL_set_default_stream_mode
3063 * ---------------------------
3064 */
3065 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3066 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3067 {
3068 QCTX ctx;
3069
3070 if (!expect_quic_conn_only(s, &ctx))
3071 return 0;
3072
3073 quic_lock(ctx.qc);
3074
3075 if (ctx.qc->default_xso_created) {
3076 quic_unlock(ctx.qc);
3077 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3078 "too late to change default stream mode");
3079 }
3080
3081 switch (mode) {
3082 case SSL_DEFAULT_STREAM_MODE_NONE:
3083 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3084 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3085 ctx.qc->default_stream_mode = mode;
3086 break;
3087 default:
3088 quic_unlock(ctx.qc);
3089 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3090 "bad default stream type");
3091 }
3092
3093 quic_unlock(ctx.qc);
3094 return 1;
3095 }
3096
3097 /*
3098 * SSL_detach_stream
3099 * -----------------
3100 */
3101 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3102 SSL *ossl_quic_detach_stream(SSL *s)
3103 {
3104 QCTX ctx;
3105 QUIC_XSO *xso = NULL;
3106
3107 if (!expect_quic_conn_only(s, &ctx))
3108 return NULL;
3109
3110 quic_lock(ctx.qc);
3111
3112 /* Calling this function inhibits default XSO autocreation. */
3113 /* QC ref to any default XSO is transferred to us and to caller. */
3114 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3115
3116 quic_unlock(ctx.qc);
3117
3118 return xso != NULL ? &xso->ssl : NULL;
3119 }
3120
3121 /*
3122 * SSL_attach_stream
3123 * -----------------
3124 */
3125 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3126 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3127 {
3128 QCTX ctx;
3129 QUIC_XSO *xso;
3130 int nref;
3131
3132 if (!expect_quic_conn_only(conn, &ctx))
3133 return 0;
3134
3135 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3136 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3137 "stream to attach must be a valid QUIC stream");
3138
3139 xso = (QUIC_XSO *)stream;
3140
3141 quic_lock(ctx.qc);
3142
3143 if (ctx.qc->default_xso != NULL) {
3144 quic_unlock(ctx.qc);
3145 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3146 "connection already has a default stream");
3147 }
3148
3149 /*
3150 * It is a caller error for the XSO being attached as a default XSO to have
3151 * more than one ref.
3152 */
3153 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3154 quic_unlock(ctx.qc);
3155 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3156 "ref");
3157 }
3158
3159 if (nref != 1) {
3160 quic_unlock(ctx.qc);
3161 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3162 "stream being attached must have "
3163 "only 1 reference");
3164 }
3165
3166 /* Caller's reference to the XSO is transferred to us. */
3167 /* Calling this function inhibits default XSO autocreation. */
3168 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3169
3170 quic_unlock(ctx.qc);
3171 return 1;
3172 }
3173
3174 /*
3175 * SSL_set_incoming_stream_policy
3176 * ------------------------------
3177 */
3178 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3179 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3180 {
3181 switch (qc->incoming_stream_policy) {
3182 case SSL_INCOMING_STREAM_POLICY_AUTO:
3183 if ((qc->default_xso == NULL && !qc->default_xso_created)
3184 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3185 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3186 else
3187 return SSL_INCOMING_STREAM_POLICY_REJECT;
3188
3189 default:
3190 return qc->incoming_stream_policy;
3191 }
3192 }
3193
3194 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3195 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3196 {
3197 int policy = qc_get_effective_incoming_stream_policy(qc);
3198 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3199
3200 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3201 enable_reject,
3202 qc->incoming_stream_aec);
3203 }
3204
3205 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3206 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3207 uint64_t aec)
3208 {
3209 int ret = 1;
3210 QCTX ctx;
3211
3212 if (!expect_quic_conn_only(s, &ctx))
3213 return 0;
3214
3215 quic_lock(ctx.qc);
3216
3217 switch (policy) {
3218 case SSL_INCOMING_STREAM_POLICY_AUTO:
3219 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3220 case SSL_INCOMING_STREAM_POLICY_REJECT:
3221 ctx.qc->incoming_stream_policy = policy;
3222 ctx.qc->incoming_stream_aec = aec;
3223 break;
3224
3225 default:
3226 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3227 ret = 0;
3228 break;
3229 }
3230
3231 qc_update_reject_policy(ctx.qc);
3232 quic_unlock(ctx.qc);
3233 return ret;
3234 }
3235
3236 /*
3237 * SSL_get_value, SSL_set_value
3238 * ----------------------------
3239 */
3240 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3241 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3242 uint64_t *p_value_out, uint64_t *p_value_in)
3243 {
3244 int ret = 0;
3245 uint64_t value_out = 0, value_in;
3246
3247 quic_lock(ctx->qc);
3248
3249 switch (class_) {
3250 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3251 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3252
3253 if (p_value_in != NULL) {
3254 value_in = *p_value_in;
3255 if (value_in > OSSL_QUIC_VLINT_MAX) {
3256 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3257 NULL);
3258 goto err;
3259 }
3260
3261 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3262 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3263 NULL);
3264 goto err;
3265 }
3266
3267 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3268 }
3269 break;
3270
3271 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3272 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3273 if (p_value_in != NULL) {
3274 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3275 NULL);
3276 goto err;
3277 }
3278
3279 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3280 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3281 NULL);
3282 goto err;
3283 }
3284
3285 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3286 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3287 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3288 break;
3289
3290 default:
3291 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3292 NULL);
3293 goto err;
3294 }
3295
3296 ret = 1;
3297 err:
3298 quic_unlock(ctx->qc);
3299 if (ret && p_value_out != NULL)
3300 *p_value_out = value_out;
3301
3302 return ret;
3303 }
3304
3305 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3306 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3307 int is_uni, int is_remote,
3308 uint64_t *value)
3309 {
3310 int ret = 0;
3311
3312 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3313 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3314 NULL);
3315 return 0;
3316 }
3317
3318 quic_lock(ctx->qc);
3319
3320 *value = is_remote
3321 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3322 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3323
3324 ret = 1;
3325 quic_unlock(ctx->qc);
3326 return ret;
3327 }
3328
3329 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3330 static int qctx_should_autotick(QCTX *ctx)
3331 {
3332 int event_handling_mode;
3333
3334 if (ctx->is_stream) {
3335 event_handling_mode = ctx->xso->event_handling_mode;
3336 if (event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_INHERIT)
3337 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3338 }
3339
3340 event_handling_mode = ctx->qc->event_handling_mode;
3341 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3342 }
3343
3344 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3345 static void qctx_maybe_autotick(QCTX *ctx)
3346 {
3347 if (!qctx_should_autotick(ctx))
3348 return;
3349
3350 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx->qc->ch), 0);
3351 }
3352
3353 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3354 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3355 uint64_t *p_value_out,
3356 uint64_t *p_value_in)
3357 {
3358 int ret = 0;
3359 uint64_t value_out = 0;
3360
3361 quic_lock(ctx->qc);
3362
3363 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3364 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3365 NULL);
3366 goto err;
3367 }
3368
3369 if (p_value_in != NULL) {
3370 switch (*p_value_in) {
3371 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3372 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3373 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3374 break;
3375 default:
3376 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3377 NULL);
3378 goto err;
3379 }
3380
3381 value_out = *p_value_in;
3382 if (ctx->is_stream)
3383 ctx->xso->event_handling_mode = (int)value_out;
3384 else
3385 ctx->qc->event_handling_mode = (int)value_out;
3386 } else {
3387 value_out = ctx->is_stream
3388 ? ctx->xso->event_handling_mode
3389 : ctx->qc->event_handling_mode;
3390 }
3391
3392 ret = 1;
3393 err:
3394 quic_unlock(ctx->qc);
3395 if (ret && p_value_out != NULL)
3396 *p_value_out = value_out;
3397
3398 return ret;
3399 }
3400
3401 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3402 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3403 uint64_t *p_value_out,
3404 size_t (*getter)(QUIC_SSTREAM *sstream))
3405 {
3406 int ret = 0;
3407 size_t value = 0;
3408
3409 quic_lock(ctx->qc);
3410
3411 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3412 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3413 NULL);
3414 goto err;
3415 }
3416
3417 if (ctx->xso == NULL) {
3418 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3419 goto err;
3420 }
3421
3422 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3423 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3424 goto err;
3425 }
3426
3427 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3428 value = getter(ctx->xso->stream->sstream);
3429
3430 ret = 1;
3431 err:
3432 quic_unlock(ctx->qc);
3433 *p_value_out = (uint64_t)value;
3434 return ret;
3435 }
3436
3437 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3438 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3439 {
3440 switch (id) {
3441 case SSL_VALUE_EVENT_HANDLING_MODE:
3442 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3443 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3444 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3445 return expect_quic(s, ctx);
3446 default:
3447 return expect_quic_conn_only(s, ctx);
3448 }
3449 }
3450
3451 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3452 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3453 uint64_t *value)
3454 {
3455 QCTX ctx;
3456
3457 if (!expect_quic_for_value(s, &ctx, id))
3458 return 0;
3459
3460 if (value == NULL)
3461 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3462 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3463
3464 switch (id) {
3465 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3466 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3467
3468 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3469 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3470 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3471 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3472 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3473 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3474 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3475 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3476
3477 case SSL_VALUE_EVENT_HANDLING_MODE:
3478 return qc_getset_event_handling(&ctx, class_, value, NULL);
3479
3480 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3481 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3482 ossl_quic_sstream_get_buffer_size);
3483 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3484 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3485 ossl_quic_sstream_get_buffer_used);
3486 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3487 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3488 ossl_quic_sstream_get_buffer_avail);
3489
3490 default:
3491 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3492 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3493 }
3494
3495 return 1;
3496 }
3497
3498 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3499 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3500 uint64_t value)
3501 {
3502 QCTX ctx;
3503
3504 if (!expect_quic_for_value(s, &ctx, id))
3505 return 0;
3506
3507 switch (id) {
3508 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3509 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3510
3511 case SSL_VALUE_EVENT_HANDLING_MODE:
3512 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3513
3514 default:
3515 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3516 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3517 }
3518
3519 return 1;
3520 }
3521
3522 /*
3523 * SSL_accept_stream
3524 * -----------------
3525 */
3526 struct wait_for_incoming_stream_args {
3527 QCTX *ctx;
3528 QUIC_STREAM *qs;
3529 };
3530
3531 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3532 static int wait_for_incoming_stream(void *arg)
3533 {
3534 struct wait_for_incoming_stream_args *args = arg;
3535 QUIC_CONNECTION *qc = args->ctx->qc;
3536 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3537
3538 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3539 /* If connection is torn down due to an error while blocking, stop. */
3540 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3541 return -1;
3542 }
3543
3544 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3545 if (args->qs != NULL)
3546 return 1; /* got a stream */
3547
3548 return 0; /* did not get a stream, keep trying */
3549 }
3550
3551 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3552 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3553 {
3554 QCTX ctx;
3555 int ret;
3556 SSL *new_s = NULL;
3557 QUIC_STREAM_MAP *qsm;
3558 QUIC_STREAM *qs;
3559 QUIC_XSO *xso;
3560 OSSL_RTT_INFO rtt_info;
3561
3562 if (!expect_quic_conn_only(s, &ctx))
3563 return NULL;
3564
3565 quic_lock(ctx.qc);
3566
3567 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3568 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3569 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3570 goto out;
3571 }
3572
3573 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3574
3575 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3576 if (qs == NULL) {
3577 if (qc_blocking_mode(ctx.qc)
3578 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3579 struct wait_for_incoming_stream_args args;
3580
3581 args.ctx = &ctx;
3582 args.qs = NULL;
3583
3584 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3585 if (ret == 0) {
3586 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3587 goto out;
3588 } else if (ret < 0 || args.qs == NULL) {
3589 goto out;
3590 }
3591
3592 qs = args.qs;
3593 } else {
3594 goto out;
3595 }
3596 }
3597
3598 xso = create_xso_from_stream(ctx.qc, qs);
3599 if (xso == NULL)
3600 goto out;
3601
3602 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3603 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3604 rtt_info.smoothed_rtt);
3605 new_s = &xso->ssl;
3606
3607 /* Calling this function inhibits default XSO autocreation. */
3608 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3609
3610 out:
3611 quic_unlock(ctx.qc);
3612 return new_s;
3613 }
3614
3615 /*
3616 * SSL_get_accept_stream_queue_len
3617 * -------------------------------
3618 */
3619 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3620 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3621 {
3622 QCTX ctx;
3623 size_t v;
3624
3625 if (!expect_quic_conn_only(s, &ctx))
3626 return 0;
3627
3628 quic_lock(ctx.qc);
3629
3630 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3631
3632 quic_unlock(ctx.qc);
3633 return v;
3634 }
3635
3636 /*
3637 * SSL_stream_reset
3638 * ----------------
3639 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3640 int ossl_quic_stream_reset(SSL *ssl,
3641 const SSL_STREAM_RESET_ARGS *args,
3642 size_t args_len)
3643 {
3644 QCTX ctx;
3645 QUIC_STREAM_MAP *qsm;
3646 QUIC_STREAM *qs;
3647 uint64_t error_code;
3648 int ok, err;
3649
3650 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3651 return 0;
3652
3653 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3654 qs = ctx.xso->stream;
3655 error_code = (args != NULL ? args->quic_error_code : 0);
3656
3657 if (!quic_validate_for_write(ctx.xso, &err)) {
3658 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3659 goto err;
3660 }
3661
3662 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3663 if (ok)
3664 ctx.xso->requested_reset = 1;
3665
3666 err:
3667 quic_unlock(ctx.qc);
3668 return ok;
3669 }
3670
3671 /*
3672 * SSL_get_stream_read_state
3673 * -------------------------
3674 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)3675 static void quic_classify_stream(QUIC_CONNECTION *qc,
3676 QUIC_STREAM *qs,
3677 int is_write,
3678 int *state,
3679 uint64_t *app_error_code)
3680 {
3681 int local_init;
3682 uint64_t final_size;
3683
3684 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3685
3686 if (app_error_code != NULL)
3687 *app_error_code = UINT64_MAX;
3688 else
3689 app_error_code = &final_size; /* throw away value */
3690
3691 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3692 /*
3693 * Unidirectional stream and this direction of transmission doesn't
3694 * exist.
3695 */
3696 *state = SSL_STREAM_STATE_WRONG_DIR;
3697 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3698 /* Connection already closed. */
3699 *state = SSL_STREAM_STATE_CONN_CLOSED;
3700 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3701 /* Application has read a FIN. */
3702 *state = SSL_STREAM_STATE_FINISHED;
3703 } else if ((!is_write && qs->stop_sending)
3704 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3705 /*
3706 * Stream has been reset locally. FIN takes precedence over this for the
3707 * read case as the application need not care if the stream is reset
3708 * after a FIN has been successfully processed.
3709 */
3710 *state = SSL_STREAM_STATE_RESET_LOCAL;
3711 *app_error_code = !is_write
3712 ? qs->stop_sending_aec
3713 : qs->reset_stream_aec;
3714 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3715 || (is_write && qs->peer_stop_sending)) {
3716 /*
3717 * Stream has been reset remotely. */
3718 *state = SSL_STREAM_STATE_RESET_REMOTE;
3719 *app_error_code = !is_write
3720 ? qs->peer_reset_stream_aec
3721 : qs->peer_stop_sending_aec;
3722 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3723 &final_size)) {
3724 /*
3725 * Stream has been finished. Stream reset takes precedence over this for
3726 * the write case as peer may not have received all data.
3727 */
3728 *state = SSL_STREAM_STATE_FINISHED;
3729 } else {
3730 /* Stream still healthy. */
3731 *state = SSL_STREAM_STATE_OK;
3732 }
3733 }
3734
quic_get_stream_state(SSL * ssl,int is_write)3735 static int quic_get_stream_state(SSL *ssl, int is_write)
3736 {
3737 QCTX ctx;
3738 int state;
3739
3740 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3741 return SSL_STREAM_STATE_NONE;
3742
3743 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3744 quic_unlock(ctx.qc);
3745 return state;
3746 }
3747
ossl_quic_get_stream_read_state(SSL * ssl)3748 int ossl_quic_get_stream_read_state(SSL *ssl)
3749 {
3750 return quic_get_stream_state(ssl, /*is_write=*/0);
3751 }
3752
3753 /*
3754 * SSL_get_stream_write_state
3755 * --------------------------
3756 */
ossl_quic_get_stream_write_state(SSL * ssl)3757 int ossl_quic_get_stream_write_state(SSL *ssl)
3758 {
3759 return quic_get_stream_state(ssl, /*is_write=*/1);
3760 }
3761
3762 /*
3763 * SSL_get_stream_read_error_code
3764 * ------------------------------
3765 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)3766 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3767 uint64_t *app_error_code)
3768 {
3769 QCTX ctx;
3770 int state;
3771
3772 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3773 return -1;
3774
3775 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3776 &state, app_error_code);
3777
3778 quic_unlock(ctx.qc);
3779 switch (state) {
3780 case SSL_STREAM_STATE_FINISHED:
3781 return 0;
3782 case SSL_STREAM_STATE_RESET_LOCAL:
3783 case SSL_STREAM_STATE_RESET_REMOTE:
3784 return 1;
3785 default:
3786 return -1;
3787 }
3788 }
3789
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)3790 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3791 {
3792 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3793 }
3794
3795 /*
3796 * SSL_get_stream_write_error_code
3797 * -------------------------------
3798 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)3799 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3800 {
3801 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3802 }
3803
3804 /*
3805 * Write buffer size mutation
3806 * --------------------------
3807 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)3808 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3809 {
3810 int ret = 0;
3811 QCTX ctx;
3812
3813 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3814 return 0;
3815
3816 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3817 /* Called on a unidirectional receive-only stream - error. */
3818 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3819 goto out;
3820 }
3821
3822 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3823 /*
3824 * If the stream has a send part but we have disposed of it because we
3825 * no longer need it, this is a no-op.
3826 */
3827 ret = 1;
3828 goto out;
3829 }
3830
3831 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3832 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3833 goto out;
3834 }
3835
3836 ret = 1;
3837
3838 out:
3839 quic_unlock(ctx.qc);
3840 return ret;
3841 }
3842
3843 /*
3844 * SSL_get_conn_close_info
3845 * -----------------------
3846 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)3847 int ossl_quic_get_conn_close_info(SSL *ssl,
3848 SSL_CONN_CLOSE_INFO *info,
3849 size_t info_len)
3850 {
3851 QCTX ctx;
3852 const QUIC_TERMINATE_CAUSE *tc;
3853
3854 if (!expect_quic_conn_only(ssl, &ctx))
3855 return -1;
3856
3857 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3858 if (tc == NULL)
3859 return 0;
3860
3861 info->error_code = tc->error_code;
3862 info->frame_type = tc->frame_type;
3863 info->reason = tc->reason;
3864 info->reason_len = tc->reason_len;
3865 info->flags = 0;
3866 if (!tc->remote)
3867 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3868 if (!tc->app)
3869 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3870 return 1;
3871 }
3872
3873 /*
3874 * SSL_key_update
3875 * --------------
3876 */
ossl_quic_key_update(SSL * ssl,int update_type)3877 int ossl_quic_key_update(SSL *ssl, int update_type)
3878 {
3879 QCTX ctx;
3880
3881 if (!expect_quic_conn_only(ssl, &ctx))
3882 return 0;
3883
3884 switch (update_type) {
3885 case SSL_KEY_UPDATE_NOT_REQUESTED:
3886 /*
3887 * QUIC signals peer key update implicily by triggering a local
3888 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3889 */
3890 case SSL_KEY_UPDATE_REQUESTED:
3891 break;
3892
3893 default:
3894 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3895 return 0;
3896 }
3897
3898 quic_lock(ctx.qc);
3899
3900 /* Attempt to perform a TXKU. */
3901 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3902 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3903 quic_unlock(ctx.qc);
3904 return 0;
3905 }
3906
3907 quic_unlock(ctx.qc);
3908 return 1;
3909 }
3910
3911 /*
3912 * SSL_get_key_update_type
3913 * -----------------------
3914 */
ossl_quic_get_key_update_type(const SSL * s)3915 int ossl_quic_get_key_update_type(const SSL *s)
3916 {
3917 /*
3918 * We always handle key updates immediately so a key update is never
3919 * pending.
3920 */
3921 return SSL_KEY_UPDATE_NONE;
3922 }
3923
3924 /*
3925 * QUIC Front-End I/O API: SSL_CTX Management
3926 * ==========================================
3927 */
3928
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3929 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3930 {
3931 switch (cmd) {
3932 default:
3933 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3934 }
3935 }
3936
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3937 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3938 {
3939 QCTX ctx;
3940
3941 if (!expect_quic_conn_only(s, &ctx))
3942 return 0;
3943
3944 switch (cmd) {
3945 case SSL_CTRL_SET_MSG_CALLBACK:
3946 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3947 &ctx.qc->ssl);
3948 /* This callback also needs to be set on the internal SSL object */
3949 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3950
3951 default:
3952 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3953 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3954 }
3955 }
3956
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))3957 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3958 {
3959 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3960 }
3961
ossl_quic_renegotiate_check(SSL * ssl,int initok)3962 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3963 {
3964 /* We never do renegotiation. */
3965 return 0;
3966 }
3967
ossl_quic_get_cipher_by_char(const unsigned char * p)3968 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3969 {
3970 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3971
3972 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3973 return NULL;
3974
3975 return ciph;
3976 }
3977
3978 /*
3979 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3980 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3981 */
3982
ossl_quic_num_ciphers(void)3983 int ossl_quic_num_ciphers(void)
3984 {
3985 return 0;
3986 }
3987
ossl_quic_get_cipher(unsigned int u)3988 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3989 {
3990 return NULL;
3991 }
3992
3993 /*
3994 * SSL_get_shutdown()
3995 * ------------------
3996 */
ossl_quic_get_shutdown(const SSL * s)3997 int ossl_quic_get_shutdown(const SSL *s)
3998 {
3999 QCTX ctx;
4000 int shut = 0;
4001
4002 if (!expect_quic_conn_only(s, &ctx))
4003 return 0;
4004
4005 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
4006 shut |= SSL_SENT_SHUTDOWN;
4007 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
4008 shut |= SSL_RECEIVED_SHUTDOWN;
4009 }
4010
4011 return shut;
4012 }
4013
4014 /*
4015 * QUIC Polling Support APIs
4016 * =========================
4017 */
4018
4019 /* Do we have the R (read) condition? */
4020 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)4021 static int test_poll_event_r(QUIC_XSO *xso)
4022 {
4023 int fin = 0;
4024 size_t avail = 0;
4025
4026 /*
4027 * If a stream has had the fin bit set on the last packet
4028 * received, then we need to return a 1 here to raise
4029 * SSL_POLL_EVENT_R, so that the stream can have its completion
4030 * detected and closed gracefully by an application.
4031 * However, if the client reads the data via SSL_read[_ex], that api
4032 * provides no stream status, and as a result the stream state moves to
4033 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which
4034 * stored the fin state, so its not directly know-able here. Instead
4035 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which
4036 * is only set if the last stream frame received had the fin bit set, and
4037 * the client read the data. This catches our poll/read/poll case
4038 */
4039 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ)
4040 return 1;
4041
4042 return ossl_quic_stream_has_recv_buffer(xso->stream)
4043 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
4044 && (avail > 0 || (fin && !xso->retired_fin));
4045 }
4046
4047 /* Do we have the ER (exception: read) condition? */
4048 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)4049 static int test_poll_event_er(QUIC_XSO *xso)
4050 {
4051 return ossl_quic_stream_has_recv(xso->stream)
4052 && ossl_quic_stream_recv_is_reset(xso->stream)
4053 && !xso->retired_fin;
4054 }
4055
4056 /* Do we have the W (write) condition? */
4057 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)4058 static int test_poll_event_w(QUIC_XSO *xso)
4059 {
4060 return !xso->conn->shutting_down
4061 && ossl_quic_stream_has_send_buffer(xso->stream)
4062 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
4063 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
4064 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
4065 }
4066
4067 /* Do we have the EW (exception: write) condition? */
4068 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)4069 static int test_poll_event_ew(QUIC_XSO *xso)
4070 {
4071 return ossl_quic_stream_has_send(xso->stream)
4072 && xso->stream->peer_stop_sending
4073 && !xso->requested_reset
4074 && !xso->conn->shutting_down;
4075 }
4076
4077 /* Do we have the EC (exception: connection) condition? */
4078 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)4079 static int test_poll_event_ec(QUIC_CONNECTION *qc)
4080 {
4081 return ossl_quic_channel_is_term_any(qc->ch);
4082 }
4083
4084 /* Do we have the ECD (exception: connection drained) condition? */
4085 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)4086 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
4087 {
4088 return ossl_quic_channel_is_terminated(qc->ch);
4089 }
4090
4091 /* Do we have the IS (incoming: stream) condition? */
4092 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)4093 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
4094 {
4095 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
4096 is_uni);
4097 }
4098
4099 /* Do we have the OS (outgoing: stream) condition? */
4100 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)4101 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
4102 {
4103 /* Is it currently possible for us to make an outgoing stream? */
4104 return quic_mutation_allowed(qc, /*req_active=*/1)
4105 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
4106 }
4107
4108 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)4109 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
4110 uint64_t *p_revents)
4111 {
4112 QCTX ctx;
4113 uint64_t revents = 0;
4114
4115 if (!expect_quic(ssl, &ctx))
4116 return 0;
4117
4118 quic_lock(ctx.qc);
4119
4120 if (!ctx.qc->started) {
4121 /* We can only try to write on non-started connection. */
4122 if ((events & SSL_POLL_EVENT_W) != 0)
4123 revents |= SSL_POLL_EVENT_W;
4124 goto end;
4125 }
4126
4127 if (do_tick)
4128 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
4129
4130 if (ctx.xso != NULL) {
4131 /* SSL object has a stream component. */
4132
4133 if ((events & SSL_POLL_EVENT_R) != 0
4134 && test_poll_event_r(ctx.xso))
4135 revents |= SSL_POLL_EVENT_R;
4136
4137 if ((events & SSL_POLL_EVENT_ER) != 0
4138 && test_poll_event_er(ctx.xso))
4139 revents |= SSL_POLL_EVENT_ER;
4140
4141 if ((events & SSL_POLL_EVENT_W) != 0
4142 && test_poll_event_w(ctx.xso))
4143 revents |= SSL_POLL_EVENT_W;
4144
4145 if ((events & SSL_POLL_EVENT_EW) != 0
4146 && test_poll_event_ew(ctx.xso))
4147 revents |= SSL_POLL_EVENT_EW;
4148 }
4149
4150 if (!ctx.is_stream) {
4151 if ((events & SSL_POLL_EVENT_EC) != 0
4152 && test_poll_event_ec(ctx.qc))
4153 revents |= SSL_POLL_EVENT_EC;
4154
4155 if ((events & SSL_POLL_EVENT_ECD) != 0
4156 && test_poll_event_ecd(ctx.qc))
4157 revents |= SSL_POLL_EVENT_ECD;
4158
4159 if ((events & SSL_POLL_EVENT_ISB) != 0
4160 && test_poll_event_is(ctx.qc, /*uni=*/0))
4161 revents |= SSL_POLL_EVENT_ISB;
4162
4163 if ((events & SSL_POLL_EVENT_ISU) != 0
4164 && test_poll_event_is(ctx.qc, /*uni=*/1))
4165 revents |= SSL_POLL_EVENT_ISU;
4166
4167 if ((events & SSL_POLL_EVENT_OSB) != 0
4168 && test_poll_event_os(ctx.qc, /*uni=*/0))
4169 revents |= SSL_POLL_EVENT_OSB;
4170
4171 if ((events & SSL_POLL_EVENT_OSU) != 0
4172 && test_poll_event_os(ctx.qc, /*uni=*/1))
4173 revents |= SSL_POLL_EVENT_OSU;
4174 }
4175
4176 end:
4177 quic_unlock(ctx.qc);
4178 *p_revents = revents;
4179 return 1;
4180 }
4181
4182 /*
4183 * Internal Testing APIs
4184 * =====================
4185 */
4186
ossl_quic_conn_get_channel(SSL * s)4187 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
4188 {
4189 QCTX ctx;
4190
4191 if (!expect_quic_conn_only(s, &ctx))
4192 return NULL;
4193
4194 return ctx.qc->ch;
4195 }
4196
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)4197 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
4198 {
4199 #ifndef OPENSSL_NO_QLOG
4200 OPENSSL_free(ctx->qlog_title);
4201 ctx->qlog_title = NULL;
4202
4203 if (title == NULL)
4204 return 1;
4205
4206 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
4207 return 0;
4208 #endif
4209
4210 return 1;
4211 }
4212
