1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24
25 #include "curl_setup.h"
26
27 #if defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
28
29 #include <openssl/ssl.h>
30 #include <openssl/bio.h>
31 #include <openssl/err.h>
32 #include <nghttp3/nghttp3.h>
33
34 #include "urldata.h"
35 #include "hash.h"
36 #include "sendf.h"
37 #include "strdup.h"
38 #include "rand.h"
39 #include "multiif.h"
40 #include "strcase.h"
41 #include "cfilters.h"
42 #include "cf-socket.h"
43 #include "connect.h"
44 #include "progress.h"
45 #include "strerror.h"
46 #include "dynbuf.h"
47 #include "http1.h"
48 #include "select.h"
49 #include "inet_pton.h"
50 #include "vquic.h"
51 #include "vquic_int.h"
52 #include "vquic-tls.h"
53 #include "vtls/keylog.h"
54 #include "vtls/vtls.h"
55 #include "vtls/openssl.h"
56 #include "curl_osslq.h"
57
58 #include "warnless.h"
59
60 /* The last 3 #include files should be in this order */
61 #include "curl_printf.h"
62 #include "curl_memory.h"
63 #include "memdebug.h"
64
65 /* A stream window is the maximum amount we need to buffer for
66 * each active transfer. We use HTTP/3 flow control and only ACK
67 * when we take things out of the buffer.
68 * Chunk size is large enough to take a full DATA frame */
69 #define H3_STREAM_WINDOW_SIZE (128 * 1024)
70 #define H3_STREAM_CHUNK_SIZE (16 * 1024)
71 /* The pool keeps spares around and half of a full stream window
72 * seems good. More does not seem to improve performance.
73 * The benefit of the pool is that stream buffer to not keep
74 * spares. Memory consumption goes down when streams run empty,
75 * have a large upload done, etc. */
76 #define H3_STREAM_POOL_SPARES \
77 (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2
78 /* Receive and Send max number of chunks just follows from the
79 * chunk size and window size */
80 #define H3_STREAM_RECV_CHUNKS \
81 (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
82 #define H3_STREAM_SEND_CHUNKS \
83 (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
84
85 #ifndef ARRAYSIZE
86 #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
87 #endif
88
89 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
90 typedef uint32_t sslerr_t;
91 #else
92 typedef unsigned long sslerr_t;
93 #endif
94
95
96 /* How to access `call_data` from a cf_osslq filter */
97 #undef CF_CTX_CALL_DATA
98 #define CF_CTX_CALL_DATA(cf) \
99 ((struct cf_osslq_ctx *)(cf)->ctx)->call_data
100
101 static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
102 struct Curl_easy *data);
103
osslq_SSL_ERROR_to_str(int err)104 static const char *osslq_SSL_ERROR_to_str(int err)
105 {
106 switch(err) {
107 case SSL_ERROR_NONE:
108 return "SSL_ERROR_NONE";
109 case SSL_ERROR_SSL:
110 return "SSL_ERROR_SSL";
111 case SSL_ERROR_WANT_READ:
112 return "SSL_ERROR_WANT_READ";
113 case SSL_ERROR_WANT_WRITE:
114 return "SSL_ERROR_WANT_WRITE";
115 case SSL_ERROR_WANT_X509_LOOKUP:
116 return "SSL_ERROR_WANT_X509_LOOKUP";
117 case SSL_ERROR_SYSCALL:
118 return "SSL_ERROR_SYSCALL";
119 case SSL_ERROR_ZERO_RETURN:
120 return "SSL_ERROR_ZERO_RETURN";
121 case SSL_ERROR_WANT_CONNECT:
122 return "SSL_ERROR_WANT_CONNECT";
123 case SSL_ERROR_WANT_ACCEPT:
124 return "SSL_ERROR_WANT_ACCEPT";
125 #if defined(SSL_ERROR_WANT_ASYNC)
126 case SSL_ERROR_WANT_ASYNC:
127 return "SSL_ERROR_WANT_ASYNC";
128 #endif
129 #if defined(SSL_ERROR_WANT_ASYNC_JOB)
130 case SSL_ERROR_WANT_ASYNC_JOB:
131 return "SSL_ERROR_WANT_ASYNC_JOB";
132 #endif
133 #if defined(SSL_ERROR_WANT_EARLY)
134 case SSL_ERROR_WANT_EARLY:
135 return "SSL_ERROR_WANT_EARLY";
136 #endif
137 default:
138 return "SSL_ERROR unknown";
139 }
140 }
141
142 /* Return error string for last OpenSSL error */
osslq_strerror(unsigned long error,char * buf,size_t size)143 static char *osslq_strerror(unsigned long error, char *buf, size_t size)
144 {
145 DEBUGASSERT(size);
146 *buf = '\0';
147
148 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
149 ERR_error_string_n((uint32_t)error, buf, size);
150 #else
151 ERR_error_string_n(error, buf, size);
152 #endif
153
154 if(!*buf) {
155 const char *msg = error ? "Unknown error" : "No error";
156 if(strlen(msg) < size)
157 strcpy(buf, msg);
158 }
159
160 return buf;
161 }
162
make_bio_addr(BIO_ADDR ** pbio_addr,const struct Curl_sockaddr_ex * addr)163 static CURLcode make_bio_addr(BIO_ADDR **pbio_addr,
164 const struct Curl_sockaddr_ex *addr)
165 {
166 BIO_ADDR *ba;
167 CURLcode result = CURLE_FAILED_INIT;
168
169 ba = BIO_ADDR_new();
170 if(!ba) {
171 result = CURLE_OUT_OF_MEMORY;
172 goto out;
173 }
174
175 switch(addr->family) {
176 case AF_INET: {
177 struct sockaddr_in * const sin =
178 (struct sockaddr_in * const)(void *)&addr->curl_sa_addr;
179 if(!BIO_ADDR_rawmake(ba, AF_INET, &sin->sin_addr,
180 sizeof(sin->sin_addr), sin->sin_port)) {
181 goto out;
182 }
183 result = CURLE_OK;
184 break;
185 }
186 #ifdef USE_IPV6
187 case AF_INET6: {
188 struct sockaddr_in6 * const sin =
189 (struct sockaddr_in6 * const)(void *)&addr->curl_sa_addr;
190 if(!BIO_ADDR_rawmake(ba, AF_INET6, &sin->sin6_addr,
191 sizeof(sin->sin6_addr), sin->sin6_port)) {
192 }
193 result = CURLE_OK;
194 break;
195 }
196 #endif /* USE_IPV6 */
197 default:
198 /* sunsupported */
199 DEBUGASSERT(0);
200 break;
201 }
202
203 out:
204 if(result && ba) {
205 BIO_ADDR_free(ba);
206 ba = NULL;
207 }
208 *pbio_addr = ba;
209 return result;
210 }
211
212 /* QUIC stream (not necessarily H3) */
213 struct cf_osslq_stream {
214 curl_int64_t id;
215 SSL *ssl;
216 struct bufq recvbuf; /* QUIC war data recv buffer */
217 BIT(recvd_eos);
218 BIT(closed);
219 BIT(reset);
220 BIT(send_blocked);
221 };
222
cf_osslq_stream_open(struct cf_osslq_stream * s,SSL * conn,uint64_t flags,struct bufc_pool * bufcp,void * user_data)223 static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s,
224 SSL *conn,
225 uint64_t flags,
226 struct bufc_pool *bufcp,
227 void *user_data)
228 {
229 DEBUGASSERT(!s->ssl);
230 Curl_bufq_initp(&s->recvbuf, bufcp, 1, BUFQ_OPT_NONE);
231 s->ssl = SSL_new_stream(conn, flags);
232 if(!s->ssl) {
233 return CURLE_FAILED_INIT;
234 }
235 s->id = (curl_int64_t)SSL_get_stream_id(s->ssl);
236 SSL_set_app_data(s->ssl, user_data);
237 return CURLE_OK;
238 }
239
cf_osslq_stream_cleanup(struct cf_osslq_stream * s)240 static void cf_osslq_stream_cleanup(struct cf_osslq_stream *s)
241 {
242 if(s->ssl) {
243 SSL_set_app_data(s->ssl, NULL);
244 SSL_free(s->ssl);
245 }
246 Curl_bufq_free(&s->recvbuf);
247 memset(s, 0, sizeof(*s));
248 }
249
cf_osslq_stream_close(struct cf_osslq_stream * s)250 static void cf_osslq_stream_close(struct cf_osslq_stream *s)
251 {
252 if(s->ssl) {
253 SSL_free(s->ssl);
254 s->ssl = NULL;
255 }
256 }
257
258 struct cf_osslq_h3conn {
259 nghttp3_conn *conn;
260 nghttp3_settings settings;
261 struct cf_osslq_stream s_ctrl;
262 struct cf_osslq_stream s_qpack_enc;
263 struct cf_osslq_stream s_qpack_dec;
264 struct cf_osslq_stream remote_ctrl[3]; /* uni streams opened by the peer */
265 size_t remote_ctrl_n; /* number of peer streams opened */
266 };
267
cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn * h3)268 static void cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn *h3)
269 {
270 size_t i;
271
272 if(h3->conn)
273 nghttp3_conn_del(h3->conn);
274 cf_osslq_stream_cleanup(&h3->s_ctrl);
275 cf_osslq_stream_cleanup(&h3->s_qpack_enc);
276 cf_osslq_stream_cleanup(&h3->s_qpack_dec);
277 for(i = 0; i < h3->remote_ctrl_n; ++i) {
278 cf_osslq_stream_cleanup(&h3->remote_ctrl[i]);
279 }
280 }
281
282 struct cf_osslq_ctx {
283 struct cf_quic_ctx q;
284 struct ssl_peer peer;
285 struct curl_tls_ctx tls;
286 struct cf_call_data call_data;
287 struct cf_osslq_h3conn h3;
288 struct curltime started_at; /* time the current attempt started */
289 struct curltime handshake_at; /* time connect handshake finished */
290 struct curltime first_byte_at; /* when first byte was recvd */
291 struct bufc_pool stream_bufcp; /* chunk pool for streams */
292 struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */
293 size_t max_stream_window; /* max flow window for one stream */
294 uint64_t max_idle_ms; /* max idle time for QUIC connection */
295 BIT(initialized);
296 BIT(got_first_byte); /* if first byte was received */
297 BIT(x509_store_setup); /* if x509 store has been set up */
298 BIT(protocol_shutdown); /* QUIC connection is shut down */
299 BIT(need_recv); /* QUIC connection needs to receive */
300 BIT(need_send); /* QUIC connection needs to send */
301 };
302
303 static void h3_stream_hash_free(void *stream);
304
cf_osslq_ctx_init(struct cf_osslq_ctx * ctx)305 static void cf_osslq_ctx_init(struct cf_osslq_ctx *ctx)
306 {
307 DEBUGASSERT(!ctx->initialized);
308 Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE,
309 H3_STREAM_POOL_SPARES);
310 Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free);
311 ctx->initialized = TRUE;
312 }
313
cf_osslq_ctx_free(struct cf_osslq_ctx * ctx)314 static void cf_osslq_ctx_free(struct cf_osslq_ctx *ctx)
315 {
316 if(ctx && ctx->initialized) {
317 Curl_bufcp_free(&ctx->stream_bufcp);
318 Curl_hash_clean(&ctx->streams);
319 Curl_hash_destroy(&ctx->streams);
320 Curl_ssl_peer_cleanup(&ctx->peer);
321 }
322 free(ctx);
323 }
324
cf_osslq_ctx_close(struct cf_osslq_ctx * ctx)325 static void cf_osslq_ctx_close(struct cf_osslq_ctx *ctx)
326 {
327 struct cf_call_data save = ctx->call_data;
328
329 cf_osslq_h3conn_cleanup(&ctx->h3);
330 Curl_vquic_tls_cleanup(&ctx->tls);
331 vquic_ctx_free(&ctx->q);
332 ctx->call_data = save;
333 }
334
cf_osslq_shutdown(struct Curl_cfilter * cf,struct Curl_easy * data,bool * done)335 static CURLcode cf_osslq_shutdown(struct Curl_cfilter *cf,
336 struct Curl_easy *data, bool *done)
337 {
338 struct cf_osslq_ctx *ctx = cf->ctx;
339 struct cf_call_data save;
340 CURLcode result = CURLE_OK;
341 int rc;
342
343 CF_DATA_SAVE(save, cf, data);
344
345 if(cf->shutdown || ctx->protocol_shutdown) {
346 *done = TRUE;
347 return CURLE_OK;
348 }
349
350 CF_DATA_SAVE(save, cf, data);
351 *done = FALSE;
352 ctx->need_send = FALSE;
353 ctx->need_recv = FALSE;
354
355 rc = SSL_shutdown_ex(ctx->tls.ossl.ssl,
356 SSL_SHUTDOWN_FLAG_NO_BLOCK, NULL, 0);
357 if(rc == 0) { /* ongoing */
358 CURL_TRC_CF(data, cf, "shutdown ongoing");
359 ctx->need_recv = TRUE;
360 goto out;
361 }
362 else if(rc == 1) { /* done */
363 CURL_TRC_CF(data, cf, "shutdown finished");
364 *done = TRUE;
365 goto out;
366 }
367 else {
368 long sslerr;
369 char err_buffer[256];
370 int err = SSL_get_error(ctx->tls.ossl.ssl, rc);
371
372 switch(err) {
373 case SSL_ERROR_NONE:
374 case SSL_ERROR_ZERO_RETURN:
375 CURL_TRC_CF(data, cf, "shutdown not received, but closed");
376 *done = TRUE;
377 goto out;
378 case SSL_ERROR_WANT_READ:
379 /* SSL has send its notify and now wants to read the reply
380 * from the server. We are not really interested in that. */
381 CURL_TRC_CF(data, cf, "shutdown sent, want receive");
382 ctx->need_recv = TRUE;
383 goto out;
384 case SSL_ERROR_WANT_WRITE:
385 CURL_TRC_CF(data, cf, "shutdown send blocked");
386 ctx->need_send = TRUE;
387 goto out;
388 default:
389 /* We give up on this. */
390 sslerr = ERR_get_error();
391 CURL_TRC_CF(data, cf, "shutdown, ignore recv error: '%s', errno %d",
392 (sslerr ?
393 osslq_strerror(sslerr, err_buffer, sizeof(err_buffer)) :
394 osslq_SSL_ERROR_to_str(err)),
395 SOCKERRNO);
396 *done = TRUE;
397 result = CURLE_OK;
398 goto out;
399 }
400 }
401 out:
402 CF_DATA_RESTORE(cf, save);
403 return result;
404 }
405
cf_osslq_close(struct Curl_cfilter * cf,struct Curl_easy * data)406 static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data)
407 {
408 struct cf_osslq_ctx *ctx = cf->ctx;
409 struct cf_call_data save;
410
411 CF_DATA_SAVE(save, cf, data);
412 if(ctx && ctx->tls.ossl.ssl) {
413 CURL_TRC_CF(data, cf, "cf_osslq_close()");
414 if(!cf->shutdown && !ctx->protocol_shutdown) {
415 /* last best effort, which OpenSSL calls a "rapid" shutdown. */
416 SSL_shutdown_ex(ctx->tls.ossl.ssl,
417 (SSL_SHUTDOWN_FLAG_NO_BLOCK | SSL_SHUTDOWN_FLAG_RAPID),
418 NULL, 0);
419 }
420 cf_osslq_ctx_close(ctx);
421 }
422
423 cf->connected = FALSE;
424 CF_DATA_RESTORE(cf, save);
425 }
426
cf_osslq_destroy(struct Curl_cfilter * cf,struct Curl_easy * data)427 static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
428 {
429 struct cf_osslq_ctx *ctx = cf->ctx;
430 struct cf_call_data save;
431
432 CF_DATA_SAVE(save, cf, data);
433 CURL_TRC_CF(data, cf, "destroy");
434 if(ctx) {
435 CURL_TRC_CF(data, cf, "cf_osslq_destroy()");
436 if(ctx->tls.ossl.ssl)
437 cf_osslq_ctx_close(ctx);
438 cf_osslq_ctx_free(ctx);
439 }
440 cf->ctx = NULL;
441 /* No CF_DATA_RESTORE(cf, save) possible */
442 (void)save;
443 }
444
cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn * h3,SSL * stream_ssl,struct Curl_cfilter * cf,struct Curl_easy * data)445 static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
446 SSL *stream_ssl,
447 struct Curl_cfilter *cf,
448 struct Curl_easy *data)
449 {
450 struct cf_osslq_ctx *ctx = cf->ctx;
451 curl_int64_t stream_id = (curl_int64_t)SSL_get_stream_id(stream_ssl);
452
453 if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) {
454 /* rejected, we are full */
455 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] rejecting remote stream",
456 stream_id);
457 SSL_free(stream_ssl);
458 return CURLE_FAILED_INIT;
459 }
460 switch(SSL_get_stream_type(stream_ssl)) {
461 case SSL_STREAM_TYPE_READ: {
462 struct cf_osslq_stream *nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
463 nstream->id = stream_id;
464 nstream->ssl = stream_ssl;
465 Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
466 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] accepted remote uni stream",
467 stream_id);
468 break;
469 }
470 default:
471 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reject remote non-uni-read"
472 " stream", stream_id);
473 SSL_free(stream_ssl);
474 return CURLE_FAILED_INIT;
475 }
476 return CURLE_OK;
477
478 }
479
cf_osslq_ssl_err(struct Curl_cfilter * cf,struct Curl_easy * data,int detail,CURLcode def_result)480 static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf,
481 struct Curl_easy *data,
482 int detail, CURLcode def_result)
483 {
484 struct cf_osslq_ctx *ctx = cf->ctx;
485 CURLcode result = def_result;
486 sslerr_t errdetail;
487 char ebuf[256] = "unknown";
488 const char *err_descr = ebuf;
489 long lerr;
490 int lib;
491 int reason;
492 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
493
494 errdetail = ERR_get_error();
495 lib = ERR_GET_LIB(errdetail);
496 reason = ERR_GET_REASON(errdetail);
497
498 if((lib == ERR_LIB_SSL) &&
499 ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
500 (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
501 result = CURLE_PEER_FAILED_VERIFICATION;
502
503 lerr = SSL_get_verify_result(ctx->tls.ossl.ssl);
504 if(lerr != X509_V_OK) {
505 ssl_config->certverifyresult = lerr;
506 msnprintf(ebuf, sizeof(ebuf),
507 "SSL certificate problem: %s",
508 X509_verify_cert_error_string(lerr));
509 }
510 else
511 err_descr = "SSL certificate verification failed";
512 }
513 #if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)
514 /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
515 OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
516 else if((lib == ERR_LIB_SSL) &&
517 (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
518 /* If client certificate is required, communicate the
519 error to client */
520 result = CURLE_SSL_CLIENTCERT;
521 osslq_strerror(errdetail, ebuf, sizeof(ebuf));
522 }
523 #endif
524 else if((lib == ERR_LIB_SSL) && (reason == SSL_R_PROTOCOL_IS_SHUTDOWN)) {
525 ctx->protocol_shutdown = TRUE;
526 err_descr = "QUIC connection has been shut down";
527 result = def_result;
528 }
529 else {
530 result = def_result;
531 osslq_strerror(errdetail, ebuf, sizeof(ebuf));
532 }
533
534 /* detail is already set to the SSL error above */
535
536 /* If we e.g. use SSLv2 request-method and the server does not like us
537 * (RST connection, etc.), OpenSSL gives no explanation whatsoever and
538 * the SO_ERROR is also lost.
539 */
540 if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
541 char extramsg[80]="";
542 int sockerr = SOCKERRNO;
543 struct ip_quadruple ip;
544
545 Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
546 if(sockerr && detail == SSL_ERROR_SYSCALL)
547 Curl_strerror(sockerr, extramsg, sizeof(extramsg));
548 failf(data, "QUIC connect: %s in connection to %s:%d (%s)",
549 extramsg[0] ? extramsg : osslq_SSL_ERROR_to_str(detail),
550 ctx->peer.dispname, ip.remote_port, ip.remote_ip);
551 }
552 else {
553 /* Could be a CERT problem */
554 failf(data, "%s", err_descr);
555 }
556 return result;
557 }
558
cf_osslq_verify_peer(struct Curl_cfilter * cf,struct Curl_easy * data)559 static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf,
560 struct Curl_easy *data)
561 {
562 struct cf_osslq_ctx *ctx = cf->ctx;
563
564 cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
565 cf->conn->httpversion = 30;
566
567 return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer);
568 }
569
570 /**
571 * All about the H3 internals of a stream
572 */
573 struct h3_stream_ctx {
574 struct cf_osslq_stream s;
575 struct bufq sendbuf; /* h3 request body */
576 struct bufq recvbuf; /* h3 response body */
577 struct h1_req_parser h1; /* h1 request parsing */
578 size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
579 size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
580 curl_uint64_t error3; /* HTTP/3 stream error code */
581 curl_off_t upload_left; /* number of request bytes left to upload */
582 curl_off_t download_recvd; /* number of response DATA bytes received */
583 int status_code; /* HTTP status code */
584 bool resp_hds_complete; /* we have a complete, final response */
585 bool closed; /* TRUE on stream close */
586 bool reset; /* TRUE on stream reset */
587 bool send_closed; /* stream is local closed */
588 BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
589 };
590
591 #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\
592 data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL))
593
h3_stream_ctx_free(struct h3_stream_ctx * stream)594 static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
595 {
596 cf_osslq_stream_cleanup(&stream->s);
597 Curl_bufq_free(&stream->sendbuf);
598 Curl_bufq_free(&stream->recvbuf);
599 Curl_h1_req_parse_free(&stream->h1);
600 free(stream);
601 }
602
h3_stream_hash_free(void * stream)603 static void h3_stream_hash_free(void *stream)
604 {
605 DEBUGASSERT(stream);
606 h3_stream_ctx_free((struct h3_stream_ctx *)stream);
607 }
608
h3_data_setup(struct Curl_cfilter * cf,struct Curl_easy * data)609 static CURLcode h3_data_setup(struct Curl_cfilter *cf,
610 struct Curl_easy *data)
611 {
612 struct cf_osslq_ctx *ctx = cf->ctx;
613 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
614
615 if(!data)
616 return CURLE_FAILED_INIT;
617
618 if(stream)
619 return CURLE_OK;
620
621 stream = calloc(1, sizeof(*stream));
622 if(!stream)
623 return CURLE_OUT_OF_MEMORY;
624
625 stream->s.id = -1;
626 /* on send, we control how much we put into the buffer */
627 Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp,
628 H3_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE);
629 stream->sendbuf_len_in_flight = 0;
630 /* on recv, we need a flexible buffer limit since we also write
631 * headers to it that are not counted against the nghttp3 flow limits. */
632 Curl_bufq_initp(&stream->recvbuf, &ctx->stream_bufcp,
633 H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT);
634 stream->recv_buf_nonflow = 0;
635 Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
636
637 if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) {
638 h3_stream_ctx_free(stream);
639 return CURLE_OUT_OF_MEMORY;
640 }
641
642 return CURLE_OK;
643 }
644
h3_data_done(struct Curl_cfilter * cf,struct Curl_easy * data)645 static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
646 {
647 struct cf_osslq_ctx *ctx = cf->ctx;
648 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
649
650 (void)cf;
651 if(stream) {
652 CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done",
653 stream->s.id);
654 if(ctx->h3.conn && !stream->closed) {
655 nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
656 nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
657 NGHTTP3_H3_REQUEST_CANCELLED);
658 nghttp3_conn_set_stream_user_data(ctx->h3.conn, stream->s.id, NULL);
659 stream->closed = TRUE;
660 }
661
662 Curl_hash_offt_remove(&ctx->streams, data->mid);
663 }
664 }
665
cf_osslq_get_qstream(struct Curl_cfilter * cf,struct Curl_easy * data,int64_t stream_id)666 static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf,
667 struct Curl_easy *data,
668 int64_t stream_id)
669 {
670 struct cf_osslq_ctx *ctx = cf->ctx;
671 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
672
673 if(stream && stream->s.id == stream_id) {
674 return &stream->s;
675 }
676 else if(ctx->h3.s_ctrl.id == stream_id) {
677 return &ctx->h3.s_ctrl;
678 }
679 else if(ctx->h3.s_qpack_enc.id == stream_id) {
680 return &ctx->h3.s_qpack_enc;
681 }
682 else if(ctx->h3.s_qpack_dec.id == stream_id) {
683 return &ctx->h3.s_qpack_dec;
684 }
685 else {
686 struct Curl_llist_node *e;
687 DEBUGASSERT(data->multi);
688 for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
689 struct Curl_easy *sdata = Curl_node_elem(e);
690 if(sdata->conn != data->conn)
691 continue;
692 stream = H3_STREAM_CTX(ctx, sdata);
693 if(stream && stream->s.id == stream_id) {
694 return &stream->s;
695 }
696 }
697 }
698 return NULL;
699 }
700
h3_drain_stream(struct Curl_cfilter * cf,struct Curl_easy * data)701 static void h3_drain_stream(struct Curl_cfilter *cf,
702 struct Curl_easy *data)
703 {
704 struct cf_osslq_ctx *ctx = cf->ctx;
705 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
706 unsigned char bits;
707
708 (void)cf;
709 bits = CURL_CSELECT_IN;
710 if(stream && stream->upload_left && !stream->send_closed)
711 bits |= CURL_CSELECT_OUT;
712 if(data->state.select_bits != bits) {
713 data->state.select_bits = bits;
714 Curl_expire(data, 0, EXPIRE_RUN_NOW);
715 }
716 }
717
h3_data_pause(struct Curl_cfilter * cf,struct Curl_easy * data,bool pause)718 static CURLcode h3_data_pause(struct Curl_cfilter *cf,
719 struct Curl_easy *data,
720 bool pause)
721 {
722 if(!pause) {
723 /* unpaused. make it run again right away */
724 h3_drain_stream(cf, data);
725 Curl_expire(data, 0, EXPIRE_RUN_NOW);
726 }
727 return CURLE_OK;
728 }
729
cb_h3_stream_close(nghttp3_conn * conn,int64_t stream_id,uint64_t app_error_code,void * user_data,void * stream_user_data)730 static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
731 uint64_t app_error_code, void *user_data,
732 void *stream_user_data)
733 {
734 struct Curl_cfilter *cf = user_data;
735 struct cf_osslq_ctx *ctx = cf->ctx;
736 struct Curl_easy *data = stream_user_data;
737 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
738 (void)conn;
739 (void)stream_id;
740
741 /* we might be called by nghttp3 after we already cleaned up */
742 if(!stream)
743 return 0;
744
745 stream->closed = TRUE;
746 stream->error3 = app_error_code;
747 if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
748 stream->reset = TRUE;
749 stream->send_closed = TRUE;
750 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64,
751 stream->s.id, stream->error3);
752 }
753 else {
754 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->s.id);
755 }
756 h3_drain_stream(cf, data);
757 return 0;
758 }
759
760 /*
761 * write_resp_raw() copies response data in raw format to the `data`'s
762 * receive buffer. If not enough space is available, it appends to the
763 * `data`'s overflow buffer.
764 */
write_resp_raw(struct Curl_cfilter * cf,struct Curl_easy * data,const void * mem,size_t memlen,bool flow)765 static CURLcode write_resp_raw(struct Curl_cfilter *cf,
766 struct Curl_easy *data,
767 const void *mem, size_t memlen,
768 bool flow)
769 {
770 struct cf_osslq_ctx *ctx = cf->ctx;
771 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
772 CURLcode result = CURLE_OK;
773 ssize_t nwritten;
774
775 (void)cf;
776 if(!stream) {
777 return CURLE_RECV_ERROR;
778 }
779 nwritten = Curl_bufq_write(&stream->recvbuf, mem, memlen, &result);
780 if(nwritten < 0) {
781 return result;
782 }
783
784 if(!flow)
785 stream->recv_buf_nonflow += (size_t)nwritten;
786
787 if((size_t)nwritten < memlen) {
788 /* This MUST not happen. Our recbuf is dimensioned to hold the
789 * full max_stream_window and then some for this very reason. */
790 DEBUGASSERT(0);
791 return CURLE_RECV_ERROR;
792 }
793 return result;
794 }
795
cb_h3_recv_data(nghttp3_conn * conn,int64_t stream3_id,const uint8_t * buf,size_t buflen,void * user_data,void * stream_user_data)796 static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
797 const uint8_t *buf, size_t buflen,
798 void *user_data, void *stream_user_data)
799 {
800 struct Curl_cfilter *cf = user_data;
801 struct cf_osslq_ctx *ctx = cf->ctx;
802 struct Curl_easy *data = stream_user_data;
803 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
804 CURLcode result;
805
806 (void)conn;
807 (void)stream3_id;
808
809 if(!stream)
810 return NGHTTP3_ERR_CALLBACK_FAILURE;
811
812 result = write_resp_raw(cf, data, buf, buflen, TRUE);
813 if(result) {
814 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, ERROR %d",
815 stream->s.id, buflen, result);
816 return NGHTTP3_ERR_CALLBACK_FAILURE;
817 }
818 stream->download_recvd += (curl_off_t)buflen;
819 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, total=%zd",
820 stream->s.id, buflen, stream->download_recvd);
821 h3_drain_stream(cf, data);
822 return 0;
823 }
824
cb_h3_deferred_consume(nghttp3_conn * conn,int64_t stream_id,size_t consumed,void * user_data,void * stream_user_data)825 static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id,
826 size_t consumed, void *user_data,
827 void *stream_user_data)
828 {
829 struct Curl_cfilter *cf = user_data;
830 struct cf_osslq_ctx *ctx = cf->ctx;
831 struct Curl_easy *data = stream_user_data;
832 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
833
834 (void)conn;
835 (void)stream_id;
836 if(stream)
837 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] deferred consume %zu bytes",
838 stream->s.id, consumed);
839 return 0;
840 }
841
cb_h3_recv_header(nghttp3_conn * conn,int64_t sid,int32_t token,nghttp3_rcbuf * name,nghttp3_rcbuf * value,uint8_t flags,void * user_data,void * stream_user_data)842 static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid,
843 int32_t token, nghttp3_rcbuf *name,
844 nghttp3_rcbuf *value, uint8_t flags,
845 void *user_data, void *stream_user_data)
846 {
847 struct Curl_cfilter *cf = user_data;
848 curl_int64_t stream_id = sid;
849 struct cf_osslq_ctx *ctx = cf->ctx;
850 nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
851 nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
852 struct Curl_easy *data = stream_user_data;
853 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
854 CURLcode result = CURLE_OK;
855 (void)conn;
856 (void)stream_id;
857 (void)token;
858 (void)flags;
859 (void)cf;
860
861 /* we might have cleaned up this transfer already */
862 if(!stream)
863 return 0;
864
865 if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
866 char line[14]; /* status line is always 13 characters long */
867 size_t ncopy;
868
869 result = Curl_http_decode_status(&stream->status_code,
870 (const char *)h3val.base, h3val.len);
871 if(result)
872 return -1;
873 ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
874 stream->status_code);
875 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, line);
876 result = write_resp_raw(cf, data, line, ncopy, FALSE);
877 if(result) {
878 return -1;
879 }
880 }
881 else {
882 /* store as an HTTP1-style header */
883 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s",
884 stream_id, (int)h3name.len, h3name.base,
885 (int)h3val.len, h3val.base);
886 result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE);
887 if(result) {
888 return -1;
889 }
890 result = write_resp_raw(cf, data, ": ", 2, FALSE);
891 if(result) {
892 return -1;
893 }
894 result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE);
895 if(result) {
896 return -1;
897 }
898 result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
899 if(result) {
900 return -1;
901 }
902 }
903 return 0;
904 }
905
cb_h3_end_headers(nghttp3_conn * conn,int64_t sid,int fin,void * user_data,void * stream_user_data)906 static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid,
907 int fin, void *user_data, void *stream_user_data)
908 {
909 struct Curl_cfilter *cf = user_data;
910 struct cf_osslq_ctx *ctx = cf->ctx;
911 struct Curl_easy *data = stream_user_data;
912 curl_int64_t stream_id = sid;
913 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
914 CURLcode result = CURLE_OK;
915 (void)conn;
916 (void)stream_id;
917 (void)fin;
918 (void)cf;
919
920 if(!stream)
921 return 0;
922 /* add a CRLF only if we have received some headers */
923 result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
924 if(result) {
925 return -1;
926 }
927
928 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d",
929 stream_id, stream->status_code);
930 if(stream->status_code / 100 != 1) {
931 stream->resp_hds_complete = TRUE;
932 }
933 h3_drain_stream(cf, data);
934 return 0;
935 }
936
cb_h3_stop_sending(nghttp3_conn * conn,int64_t sid,uint64_t app_error_code,void * user_data,void * stream_user_data)937 static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t sid,
938 uint64_t app_error_code, void *user_data,
939 void *stream_user_data)
940 {
941 struct Curl_cfilter *cf = user_data;
942 struct cf_osslq_ctx *ctx = cf->ctx;
943 struct Curl_easy *data = stream_user_data;
944 curl_int64_t stream_id = sid;
945 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
946 (void)conn;
947 (void)app_error_code;
948
949 if(!stream || !stream->s.ssl)
950 return 0;
951
952 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] stop_sending", stream_id);
953 cf_osslq_stream_close(&stream->s);
954 return 0;
955 }
956
cb_h3_reset_stream(nghttp3_conn * conn,int64_t sid,uint64_t app_error_code,void * user_data,void * stream_user_data)957 static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid,
958 uint64_t app_error_code, void *user_data,
959 void *stream_user_data) {
960 struct Curl_cfilter *cf = user_data;
961 struct cf_osslq_ctx *ctx = cf->ctx;
962 struct Curl_easy *data = stream_user_data;
963 curl_int64_t stream_id = sid;
964 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
965 int rv;
966 (void)conn;
967
968 if(stream && stream->s.ssl) {
969 SSL_STREAM_RESET_ARGS args = {0};
970 args.quic_error_code = app_error_code;
971 rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args));
972 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv);
973 if(!rv) {
974 return NGHTTP3_ERR_CALLBACK_FAILURE;
975 }
976 }
977 return 0;
978 }
979
980 static nghttp3_ssize
cb_h3_read_req_body(nghttp3_conn * conn,int64_t stream_id,nghttp3_vec * vec,size_t veccnt,uint32_t * pflags,void * user_data,void * stream_user_data)981 cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
982 nghttp3_vec *vec, size_t veccnt,
983 uint32_t *pflags, void *user_data,
984 void *stream_user_data)
985 {
986 struct Curl_cfilter *cf = user_data;
987 struct cf_osslq_ctx *ctx = cf->ctx;
988 struct Curl_easy *data = stream_user_data;
989 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
990 ssize_t nwritten = 0;
991 size_t nvecs = 0;
992 (void)cf;
993 (void)conn;
994 (void)stream_id;
995 (void)user_data;
996 (void)veccnt;
997
998 if(!stream)
999 return NGHTTP3_ERR_CALLBACK_FAILURE;
1000 /* nghttp3 keeps references to the sendbuf data until it is ACKed
1001 * by the server (see `cb_h3_acked_req_body()` for updates).
1002 * `sendbuf_len_in_flight` is the amount of bytes in `sendbuf`
1003 * that we have already passed to nghttp3, but which have not been
1004 * ACKed yet.
1005 * Any amount beyond `sendbuf_len_in_flight` we need still to pass
1006 * to nghttp3. Do that now, if we can. */
1007 if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
1008 nvecs = 0;
1009 while(nvecs < veccnt &&
1010 Curl_bufq_peek_at(&stream->sendbuf,
1011 stream->sendbuf_len_in_flight,
1012 (const unsigned char **)&vec[nvecs].base,
1013 &vec[nvecs].len)) {
1014 stream->sendbuf_len_in_flight += vec[nvecs].len;
1015 nwritten += vec[nvecs].len;
1016 ++nvecs;
1017 }
1018 DEBUGASSERT(nvecs > 0); /* we SHOULD have been be able to peek */
1019 }
1020
1021 if(nwritten > 0 && stream->upload_left != -1)
1022 stream->upload_left -= nwritten;
1023
1024 /* When we stopped sending and everything in `sendbuf` is "in flight",
1025 * we are at the end of the request body. */
1026 if(stream->upload_left == 0) {
1027 *pflags = NGHTTP3_DATA_FLAG_EOF;
1028 stream->send_closed = TRUE;
1029 }
1030 else if(!nwritten) {
1031 /* Not EOF, and nothing to give, we signal WOULDBLOCK. */
1032 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN",
1033 stream->s.id);
1034 return NGHTTP3_ERR_WOULDBLOCK;
1035 }
1036
1037 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> "
1038 "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")",
1039 stream->s.id, (int)nvecs,
1040 *pflags == NGHTTP3_DATA_FLAG_EOF ? " EOF" : "",
1041 nwritten, Curl_bufq_len(&stream->sendbuf),
1042 stream->upload_left);
1043 return (nghttp3_ssize)nvecs;
1044 }
1045
cb_h3_acked_stream_data(nghttp3_conn * conn,int64_t stream_id,uint64_t datalen,void * user_data,void * stream_user_data)1046 static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
1047 uint64_t datalen, void *user_data,
1048 void *stream_user_data)
1049 {
1050 struct Curl_cfilter *cf = user_data;
1051 struct cf_osslq_ctx *ctx = cf->ctx;
1052 struct Curl_easy *data = stream_user_data;
1053 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
1054 size_t skiplen;
1055
1056 (void)cf;
1057 if(!stream)
1058 return 0;
1059 /* The server acknowledged `datalen` of bytes from our request body.
1060 * This is a delta. We have kept this data in `sendbuf` for
1061 * re-transmissions and can free it now. */
1062 if(datalen >= (uint64_t)stream->sendbuf_len_in_flight)
1063 skiplen = stream->sendbuf_len_in_flight;
1064 else
1065 skiplen = (size_t)datalen;
1066 Curl_bufq_skip(&stream->sendbuf, skiplen);
1067 stream->sendbuf_len_in_flight -= skiplen;
1068
1069 /* Resume upload processing if we have more data to send */
1070 if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
1071 int rv = nghttp3_conn_resume_stream(conn, stream_id);
1072 if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1073 return NGHTTP3_ERR_CALLBACK_FAILURE;
1074 }
1075 }
1076 return 0;
1077 }
1078
1079 static nghttp3_callbacks ngh3_callbacks = {
1080 cb_h3_acked_stream_data,
1081 cb_h3_stream_close,
1082 cb_h3_recv_data,
1083 cb_h3_deferred_consume,
1084 NULL, /* begin_headers */
1085 cb_h3_recv_header,
1086 cb_h3_end_headers,
1087 NULL, /* begin_trailers */
1088 cb_h3_recv_header,
1089 NULL, /* end_trailers */
1090 cb_h3_stop_sending,
1091 NULL, /* end_stream */
1092 cb_h3_reset_stream,
1093 NULL, /* shutdown */
1094 NULL /* recv_settings */
1095 };
1096
cf_osslq_h3conn_init(struct cf_osslq_ctx * ctx,SSL * conn,void * user_data)1097 static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn,
1098 void *user_data)
1099 {
1100 struct cf_osslq_h3conn *h3 = &ctx->h3;
1101 CURLcode result;
1102 int rc;
1103
1104 nghttp3_settings_default(&h3->settings);
1105 rc = nghttp3_conn_client_new(&h3->conn,
1106 &ngh3_callbacks,
1107 &h3->settings,
1108 nghttp3_mem_default(),
1109 user_data);
1110 if(rc) {
1111 result = CURLE_OUT_OF_MEMORY;
1112 goto out;
1113 }
1114
1115 result = cf_osslq_stream_open(&h3->s_ctrl, conn,
1116 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1117 &ctx->stream_bufcp, NULL);
1118 if(result) {
1119 result = CURLE_QUIC_CONNECT_ERROR;
1120 goto out;
1121 }
1122 result = cf_osslq_stream_open(&h3->s_qpack_enc, conn,
1123 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1124 &ctx->stream_bufcp, NULL);
1125 if(result) {
1126 result = CURLE_QUIC_CONNECT_ERROR;
1127 goto out;
1128 }
1129 result = cf_osslq_stream_open(&h3->s_qpack_dec, conn,
1130 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1131 &ctx->stream_bufcp, NULL);
1132 if(result) {
1133 result = CURLE_QUIC_CONNECT_ERROR;
1134 goto out;
1135 }
1136
1137 rc = nghttp3_conn_bind_control_stream(h3->conn, h3->s_ctrl.id);
1138 if(rc) {
1139 result = CURLE_QUIC_CONNECT_ERROR;
1140 goto out;
1141 }
1142 rc = nghttp3_conn_bind_qpack_streams(h3->conn, h3->s_qpack_enc.id,
1143 h3->s_qpack_dec.id);
1144 if(rc) {
1145 result = CURLE_QUIC_CONNECT_ERROR;
1146 goto out;
1147 }
1148
1149 result = CURLE_OK;
1150 out:
1151 return result;
1152 }
1153
cf_osslq_ctx_start(struct Curl_cfilter * cf,struct Curl_easy * data)1154 static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf,
1155 struct Curl_easy *data)
1156 {
1157 struct cf_osslq_ctx *ctx = cf->ctx;
1158 CURLcode result;
1159 int rv;
1160 const struct Curl_sockaddr_ex *peer_addr = NULL;
1161 BIO *bio = NULL;
1162 BIO_ADDR *baddr = NULL;
1163
1164 DEBUGASSERT(ctx->initialized);
1165 result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC);
1166 if(result)
1167 goto out;
1168
1169 #define H3_ALPN "\x2h3"
1170 result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer,
1171 H3_ALPN, sizeof(H3_ALPN) - 1,
1172 NULL, NULL, NULL);
1173 if(result)
1174 goto out;
1175
1176 result = vquic_ctx_init(&ctx->q);
1177 if(result)
1178 goto out;
1179
1180 result = CURLE_QUIC_CONNECT_ERROR;
1181 Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd, &peer_addr, NULL);
1182 if(!peer_addr)
1183 goto out;
1184
1185 ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
1186 rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
1187 &ctx->q.local_addrlen);
1188 if(rv == -1)
1189 goto out;
1190
1191 result = make_bio_addr(&baddr, peer_addr);
1192 if(result) {
1193 failf(data, "error creating BIO_ADDR from sockaddr");
1194 goto out;
1195 }
1196
1197 /* Type conversions, see #12861: OpenSSL wants an `int`, but on 64-bit
1198 * Win32 systems, Microsoft defines SOCKET as `unsigned long long`.
1199 */
1200 #if defined(_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H)
1201 if(ctx->q.sockfd > INT_MAX) {
1202 failf(data, "Windows socket identifier larger than MAX_INT, "
1203 "unable to set in OpenSSL dgram API.");
1204 result = CURLE_QUIC_CONNECT_ERROR;
1205 goto out;
1206 }
1207 bio = BIO_new_dgram((int)ctx->q.sockfd, BIO_NOCLOSE);
1208 #else
1209 bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE);
1210 #endif
1211 if(!bio) {
1212 result = CURLE_OUT_OF_MEMORY;
1213 goto out;
1214 }
1215
1216 if(!SSL_set1_initial_peer_addr(ctx->tls.ossl.ssl, baddr)) {
1217 failf(data, "failed to set the initial peer address");
1218 result = CURLE_FAILED_INIT;
1219 goto out;
1220 }
1221 if(!SSL_set_blocking_mode(ctx->tls.ossl.ssl, 0)) {
1222 failf(data, "failed to turn off blocking mode");
1223 result = CURLE_FAILED_INIT;
1224 goto out;
1225 }
1226
1227 #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
1228 /* Added in OpenSSL v3.3.x */
1229 if(!SSL_set_feature_request_uint(ctx->tls.ossl.ssl,
1230 SSL_VALUE_QUIC_IDLE_TIMEOUT,
1231 CURL_QUIC_MAX_IDLE_MS)) {
1232 CURL_TRC_CF(data, cf, "error setting idle timeout, ");
1233 result = CURLE_FAILED_INIT;
1234 goto out;
1235 }
1236 #endif
1237
1238 SSL_set_bio(ctx->tls.ossl.ssl, bio, bio);
1239 bio = NULL;
1240 SSL_set_connect_state(ctx->tls.ossl.ssl);
1241 SSL_set_incoming_stream_policy(ctx->tls.ossl.ssl,
1242 SSL_INCOMING_STREAM_POLICY_ACCEPT, 0);
1243 /* setup the H3 things on top of the QUIC connection */
1244 result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf);
1245
1246 out:
1247 if(bio)
1248 BIO_free(bio);
1249 if(baddr)
1250 BIO_ADDR_free(baddr);
1251 CURL_TRC_CF(data, cf, "QUIC tls init -> %d", result);
1252 return result;
1253 }
1254
1255 struct h3_quic_recv_ctx {
1256 struct Curl_cfilter *cf;
1257 struct Curl_easy *data;
1258 struct cf_osslq_stream *s;
1259 };
1260
h3_quic_recv(void * reader_ctx,unsigned char * buf,size_t len,CURLcode * err)1261 static ssize_t h3_quic_recv(void *reader_ctx,
1262 unsigned char *buf, size_t len,
1263 CURLcode *err)
1264 {
1265 struct h3_quic_recv_ctx *x = reader_ctx;
1266 size_t nread;
1267 int rv;
1268
1269 *err = CURLE_OK;
1270 rv = SSL_read_ex(x->s->ssl, buf, len, &nread);
1271 if(rv <= 0) {
1272 int detail = SSL_get_error(x->s->ssl, rv);
1273 if(detail == SSL_ERROR_WANT_READ || detail == SSL_ERROR_WANT_WRITE) {
1274 *err = CURLE_AGAIN;
1275 return -1;
1276 }
1277 else if(detail == SSL_ERROR_ZERO_RETURN) {
1278 CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> EOS",
1279 x->s->id);
1280 x->s->recvd_eos = TRUE;
1281 return 0;
1282 }
1283 else if(SSL_get_stream_read_state(x->s->ssl) ==
1284 SSL_STREAM_STATE_RESET_REMOTE) {
1285 uint64_t app_error_code = NGHTTP3_H3_NO_ERROR;
1286 SSL_get_stream_read_error_code(x->s->ssl, &app_error_code);
1287 CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, "
1288 "rv=%d, app_err=%" FMT_PRIu64,
1289 x->s->id, rv, (curl_uint64_t)app_error_code);
1290 if(app_error_code != NGHTTP3_H3_NO_ERROR) {
1291 x->s->reset = TRUE;
1292 }
1293 x->s->recvd_eos = TRUE;
1294 return 0;
1295 }
1296 else {
1297 *err = cf_osslq_ssl_err(x->cf, x->data, detail, CURLE_RECV_ERROR);
1298 return -1;
1299 }
1300 }
1301 return (ssize_t)nread;
1302 }
1303
cf_osslq_stream_recv(struct cf_osslq_stream * s,struct Curl_cfilter * cf,struct Curl_easy * data)1304 static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s,
1305 struct Curl_cfilter *cf,
1306 struct Curl_easy *data)
1307 {
1308 struct cf_osslq_ctx *ctx = cf->ctx;
1309 CURLcode result = CURLE_OK;
1310 ssize_t nread;
1311 struct h3_quic_recv_ctx x;
1312 int rv, eagain = FALSE;
1313 size_t total_recv_len = 0;
1314
1315 DEBUGASSERT(s);
1316 if(s->closed)
1317 return CURLE_OK;
1318
1319 x.cf = cf;
1320 x.data = data;
1321 x.s = s;
1322 while(s->ssl && !s->closed && !eagain &&
1323 (total_recv_len < H3_STREAM_CHUNK_SIZE)) {
1324 if(Curl_bufq_is_empty(&s->recvbuf) && !s->recvd_eos) {
1325 while(!eagain && !s->recvd_eos && !Curl_bufq_is_full(&s->recvbuf)) {
1326 nread = Curl_bufq_sipn(&s->recvbuf, 0, h3_quic_recv, &x, &result);
1327 if(nread < 0) {
1328 if(result != CURLE_AGAIN)
1329 goto out;
1330 result = CURLE_OK;
1331 eagain = TRUE;
1332 }
1333 }
1334 }
1335
1336 /* Forward what we have to nghttp3 */
1337 if(!Curl_bufq_is_empty(&s->recvbuf)) {
1338 const unsigned char *buf;
1339 size_t blen;
1340
1341 while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) {
1342 nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id,
1343 buf, blen, 0);
1344 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forward %zu bytes "
1345 "to nghttp3 -> %zd", s->id, blen, nread);
1346 if(nread < 0) {
1347 failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s",
1348 blen, nghttp3_strerror((int)nread));
1349 result = CURLE_RECV_ERROR;
1350 goto out;
1351 }
1352 /* success, `nread` is the flow for QUIC to count as "consumed",
1353 * not sure how that will work with OpenSSL. Anyways, without error,
1354 * all data that we passed is not owned by nghttp3. */
1355 Curl_bufq_skip(&s->recvbuf, blen);
1356 total_recv_len += blen;
1357 }
1358 }
1359
1360 /* When we forwarded everything, handle RESET/EOS */
1361 if(Curl_bufq_is_empty(&s->recvbuf) && !s->closed) {
1362 result = CURLE_OK;
1363 if(s->reset) {
1364 uint64_t app_error;
1365 if(!SSL_get_stream_read_error_code(s->ssl, &app_error)) {
1366 failf(data, "SSL_get_stream_read_error_code returned error");
1367 result = CURLE_RECV_ERROR;
1368 goto out;
1369 }
1370 rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, app_error);
1371 s->closed = TRUE;
1372 if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1373 failf(data, "nghttp3_conn_close_stream returned error: %s",
1374 nghttp3_strerror(rv));
1375 result = CURLE_RECV_ERROR;
1376 goto out;
1377 }
1378 }
1379 else if(s->recvd_eos) {
1380 rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id,
1381 NGHTTP3_H3_NO_ERROR);
1382 s->closed = TRUE;
1383 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] close nghttp3 stream -> %d",
1384 s->id, rv);
1385 if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1386 failf(data, "nghttp3_conn_close_stream returned error: %s",
1387 nghttp3_strerror(rv));
1388 result = CURLE_RECV_ERROR;
1389 goto out;
1390 }
1391 }
1392 }
1393 }
1394 out:
1395 if(result)
1396 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_osslq_stream_recv -> %d",
1397 s->id, result);
1398 return result;
1399 }
1400
cf_progress_ingress(struct Curl_cfilter * cf,struct Curl_easy * data)1401 static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
1402 struct Curl_easy *data)
1403 {
1404 struct cf_osslq_ctx *ctx = cf->ctx;
1405 CURLcode result = CURLE_OK;
1406
1407 if(!ctx->tls.ossl.ssl)
1408 goto out;
1409
1410 ERR_clear_error();
1411
1412 /* 1. Check for new incoming streams */
1413 while(1) {
1414 SSL *snew = SSL_accept_stream(ctx->tls.ossl.ssl,
1415 SSL_ACCEPT_STREAM_NO_BLOCK);
1416 if(!snew)
1417 break;
1418
1419 (void)cf_osslq_h3conn_add_stream(&ctx->h3, snew, cf, data);
1420 }
1421
1422 if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
1423 int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
1424 result = cf_osslq_ssl_err(cf, data, detail, CURLE_RECV_ERROR);
1425 }
1426
1427 if(ctx->h3.conn) {
1428 size_t i;
1429 for(i = 0; i < ctx->h3.remote_ctrl_n; ++i) {
1430 result = cf_osslq_stream_recv(&ctx->h3.remote_ctrl[i], cf, data);
1431 if(result)
1432 goto out;
1433 }
1434 }
1435
1436 if(ctx->h3.conn) {
1437 struct Curl_llist_node *e;
1438 struct h3_stream_ctx *stream;
1439 /* PULL all open streams */
1440 DEBUGASSERT(data->multi);
1441 for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
1442 struct Curl_easy *sdata = Curl_node_elem(e);
1443 if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) {
1444 stream = H3_STREAM_CTX(ctx, sdata);
1445 if(stream && !stream->closed &&
1446 !Curl_bufq_is_full(&stream->recvbuf)) {
1447 result = cf_osslq_stream_recv(&stream->s, cf, sdata);
1448 if(result)
1449 goto out;
1450 }
1451 }
1452 }
1453 }
1454
1455 out:
1456 CURL_TRC_CF(data, cf, "progress_ingress -> %d", result);
1457 return result;
1458 }
1459
1460 /* Iterate over all streams and check if blocked can be unblocked */
cf_osslq_check_and_unblock(struct Curl_cfilter * cf,struct Curl_easy * data)1461 static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf,
1462 struct Curl_easy *data)
1463 {
1464 struct cf_osslq_ctx *ctx = cf->ctx;
1465 struct h3_stream_ctx *stream;
1466
1467 if(ctx->h3.conn) {
1468 struct Curl_llist_node *e;
1469 for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
1470 struct Curl_easy *sdata = Curl_node_elem(e);
1471 if(sdata->conn == data->conn) {
1472 stream = H3_STREAM_CTX(ctx, sdata);
1473 if(stream && stream->s.ssl && stream->s.send_blocked &&
1474 !SSL_want_write(stream->s.ssl)) {
1475 nghttp3_conn_unblock_stream(ctx->h3.conn, stream->s.id);
1476 stream->s.send_blocked = FALSE;
1477 h3_drain_stream(cf, sdata);
1478 CURL_TRC_CF(sdata, cf, "unblocked");
1479 }
1480 }
1481 }
1482 }
1483 return CURLE_OK;
1484 }
1485
h3_send_streams(struct Curl_cfilter * cf,struct Curl_easy * data)1486 static CURLcode h3_send_streams(struct Curl_cfilter *cf,
1487 struct Curl_easy *data)
1488 {
1489 struct cf_osslq_ctx *ctx = cf->ctx;
1490 CURLcode result = CURLE_OK;
1491
1492 if(!ctx->tls.ossl.ssl || !ctx->h3.conn)
1493 goto out;
1494
1495 for(;;) {
1496 struct cf_osslq_stream *s = NULL;
1497 nghttp3_vec vec[16];
1498 nghttp3_ssize n, i;
1499 int64_t stream_id;
1500 size_t written;
1501 int eos, ok, rv;
1502 size_t total_len, acked_len = 0;
1503 bool blocked = FALSE, eos_written = FALSE;
1504
1505 n = nghttp3_conn_writev_stream(ctx->h3.conn, &stream_id, &eos,
1506 vec, ARRAYSIZE(vec));
1507 if(n < 0) {
1508 failf(data, "nghttp3_conn_writev_stream returned error: %s",
1509 nghttp3_strerror((int)n));
1510 result = CURLE_SEND_ERROR;
1511 goto out;
1512 }
1513 if(stream_id < 0) {
1514 result = CURLE_OK;
1515 goto out;
1516 }
1517
1518 /* Get the stream for this data */
1519 s = cf_osslq_get_qstream(cf, data, stream_id);
1520 if(!s) {
1521 failf(data, "nghttp3_conn_writev_stream gave unknown stream %"
1522 FMT_PRId64, (curl_int64_t)stream_id);
1523 result = CURLE_SEND_ERROR;
1524 goto out;
1525 }
1526 /* Now write the data to the stream's SSL*, it may not all fit! */
1527 DEBUGASSERT(s->id == stream_id);
1528 for(i = 0, total_len = 0; i < n; ++i) {
1529 total_len += vec[i].len;
1530 }
1531 for(i = 0; (i < n) && !blocked; ++i) {
1532 /* Without stream->s.ssl, we closed that already, so
1533 * pretend the write did succeed. */
1534 uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0;
1535 written = vec[i].len;
1536 ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
1537 &written);
1538 if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
1539 eos_written = TRUE;
1540 if(ok) {
1541 /* As OpenSSL buffers the data, we count this as acknowledged
1542 * from nghttp3's point of view */
1543 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send %zu bytes to QUIC ok",
1544 s->id, vec[i].len);
1545 acked_len += vec[i].len;
1546 }
1547 else {
1548 int detail = SSL_get_error(s->ssl, 0);
1549 switch(detail) {
1550 case SSL_ERROR_WANT_WRITE:
1551 case SSL_ERROR_WANT_READ:
1552 /* QUIC blocked us from writing more */
1553 CURL_TRC_CF(data, cf, "[%"FMT_PRId64 "] send %zu bytes to "
1554 "QUIC blocked", s->id, vec[i].len);
1555 written = 0;
1556 nghttp3_conn_block_stream(ctx->h3.conn, s->id);
1557 s->send_blocked = blocked = TRUE;
1558 break;
1559 default:
1560 failf(data, "[%"FMT_PRId64 "] send %zu bytes to QUIC, SSL error %d",
1561 s->id, vec[i].len, detail);
1562 result = cf_osslq_ssl_err(cf, data, detail, CURLE_HTTP3);
1563 goto out;
1564 }
1565 }
1566 }
1567
1568 if(acked_len > 0 || (eos && !s->send_blocked)) {
1569 /* Since QUIC buffers the data written internally, we can tell
1570 * nghttp3 that it can move forward on it */
1571 ctx->q.last_io = Curl_now();
1572 rv = nghttp3_conn_add_write_offset(ctx->h3.conn, s->id, acked_len);
1573 if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1574 failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
1575 nghttp3_strerror(rv));
1576 result = CURLE_SEND_ERROR;
1577 goto out;
1578 }
1579 rv = nghttp3_conn_add_ack_offset(ctx->h3.conn, s->id, acked_len);
1580 if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1581 failf(data, "nghttp3_conn_add_ack_offset returned error: %s\n",
1582 nghttp3_strerror(rv));
1583 result = CURLE_SEND_ERROR;
1584 goto out;
1585 }
1586 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forwarded %zu/%zu h3 bytes "
1587 "to QUIC, eos=%d", s->id, acked_len, total_len, eos);
1588 }
1589
1590 if(eos && !s->send_blocked && !eos_written) {
1591 /* wrote everything and H3 indicates end of stream */
1592 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] closing QUIC stream", s->id);
1593 SSL_stream_conclude(s->ssl, 0);
1594 }
1595 }
1596
1597 out:
1598 CURL_TRC_CF(data, cf, "h3_send_streams -> %d", result);
1599 return result;
1600 }
1601
cf_progress_egress(struct Curl_cfilter * cf,struct Curl_easy * data)1602 static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
1603 struct Curl_easy *data)
1604 {
1605 struct cf_osslq_ctx *ctx = cf->ctx;
1606 CURLcode result = CURLE_OK;
1607
1608 if(!ctx->tls.ossl.ssl)
1609 goto out;
1610
1611 ERR_clear_error();
1612 result = h3_send_streams(cf, data);
1613 if(result)
1614 goto out;
1615
1616 if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
1617 int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
1618 result = cf_osslq_ssl_err(cf, data, detail, CURLE_SEND_ERROR);
1619 }
1620
1621 result = cf_osslq_check_and_unblock(cf, data);
1622
1623 out:
1624 CURL_TRC_CF(data, cf, "progress_egress -> %d", result);
1625 return result;
1626 }
1627
check_and_set_expiry(struct Curl_cfilter * cf,struct Curl_easy * data)1628 static CURLcode check_and_set_expiry(struct Curl_cfilter *cf,
1629 struct Curl_easy *data)
1630 {
1631 struct cf_osslq_ctx *ctx = cf->ctx;
1632 CURLcode result = CURLE_OK;
1633 struct timeval tv;
1634 timediff_t timeoutms;
1635 int is_infinite = TRUE;
1636
1637 if(ctx->tls.ossl.ssl &&
1638 SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite) &&
1639 !is_infinite) {
1640 timeoutms = curlx_tvtoms(&tv);
1641 /* QUIC want to be called again latest at the returned timeout */
1642 if(timeoutms <= 0) {
1643 result = cf_progress_ingress(cf, data);
1644 if(result)
1645 goto out;
1646 result = cf_progress_egress(cf, data);
1647 if(result)
1648 goto out;
1649 if(SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite)) {
1650 timeoutms = curlx_tvtoms(&tv);
1651 }
1652 }
1653 if(!is_infinite) {
1654 Curl_expire(data, timeoutms, EXPIRE_QUIC);
1655 CURL_TRC_CF(data, cf, "QUIC expiry in %ldms", (long)timeoutms);
1656 }
1657 }
1658 out:
1659 return result;
1660 }
1661
cf_osslq_connect(struct Curl_cfilter * cf,struct Curl_easy * data,bool blocking,bool * done)1662 static CURLcode cf_osslq_connect(struct Curl_cfilter *cf,
1663 struct Curl_easy *data,
1664 bool blocking, bool *done)
1665 {
1666 struct cf_osslq_ctx *ctx = cf->ctx;
1667 CURLcode result = CURLE_OK;
1668 struct cf_call_data save;
1669 struct curltime now;
1670 int err;
1671
1672 if(cf->connected) {
1673 *done = TRUE;
1674 return CURLE_OK;
1675 }
1676
1677 /* Connect the UDP filter first */
1678 if(!cf->next->connected) {
1679 result = Curl_conn_cf_connect(cf->next, data, blocking, done);
1680 if(result || !*done)
1681 return result;
1682 }
1683
1684 *done = FALSE;
1685 now = Curl_now();
1686 CF_DATA_SAVE(save, cf, data);
1687
1688 if(!ctx->tls.ossl.ssl) {
1689 ctx->started_at = now;
1690 result = cf_osslq_ctx_start(cf, data);
1691 if(result)
1692 goto out;
1693 }
1694
1695 if(!ctx->got_first_byte) {
1696 int readable = SOCKET_READABLE(ctx->q.sockfd, 0);
1697 if(readable > 0 && (readable & CURL_CSELECT_IN)) {
1698 ctx->got_first_byte = TRUE;
1699 ctx->first_byte_at = Curl_now();
1700 }
1701 }
1702
1703 ERR_clear_error();
1704 err = SSL_do_handshake(ctx->tls.ossl.ssl);
1705
1706 if(err == 1) {
1707 /* connected */
1708 ctx->handshake_at = now;
1709 ctx->q.last_io = now;
1710 CURL_TRC_CF(data, cf, "handshake complete after %dms",
1711 (int)Curl_timediff(now, ctx->started_at));
1712 result = cf_osslq_verify_peer(cf, data);
1713 if(!result) {
1714 CURL_TRC_CF(data, cf, "peer verified");
1715 cf->connected = TRUE;
1716 cf->conn->alpn = CURL_HTTP_VERSION_3;
1717 *done = TRUE;
1718 connkeep(cf->conn, "HTTP/3 default");
1719 }
1720 }
1721 else {
1722 int detail = SSL_get_error(ctx->tls.ossl.ssl, err);
1723 switch(detail) {
1724 case SSL_ERROR_WANT_READ:
1725 ctx->q.last_io = now;
1726 CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV");
1727 result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data);
1728 goto out;
1729 case SSL_ERROR_WANT_WRITE:
1730 ctx->q.last_io = now;
1731 CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_SEND");
1732 result = CURLE_OK;
1733 goto out;
1734 #ifdef SSL_ERROR_WANT_ASYNC
1735 case SSL_ERROR_WANT_ASYNC:
1736 ctx->q.last_io = now;
1737 CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_ASYNC");
1738 result = CURLE_OK;
1739 goto out;
1740 #endif
1741 #ifdef SSL_ERROR_WANT_RETRY_VERIFY
1742 case SSL_ERROR_WANT_RETRY_VERIFY:
1743 result = CURLE_OK;
1744 goto out;
1745 #endif
1746 default:
1747 result = cf_osslq_ssl_err(cf, data, detail, CURLE_COULDNT_CONNECT);
1748 goto out;
1749 }
1750 }
1751
1752 out:
1753 if(result == CURLE_RECV_ERROR && ctx->tls.ossl.ssl &&
1754 ctx->protocol_shutdown) {
1755 /* When a QUIC server instance is shutting down, it may send us a
1756 * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
1757 * state. The CONNECT may work in the near future again. Indicate
1758 * that as a "weird" reply. */
1759 result = CURLE_WEIRD_SERVER_REPLY;
1760 }
1761
1762 #ifndef CURL_DISABLE_VERBOSE_STRINGS
1763 if(result) {
1764 struct ip_quadruple ip;
1765
1766 Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
1767 infof(data, "QUIC connect to %s port %u failed: %s",
1768 ip.remote_ip, ip.remote_port, curl_easy_strerror(result));
1769 }
1770 #endif
1771 if(!result)
1772 result = check_and_set_expiry(cf, data);
1773 if(result || *done)
1774 CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);
1775 CF_DATA_RESTORE(cf, save);
1776 return result;
1777 }
1778
h3_stream_open(struct Curl_cfilter * cf,struct Curl_easy * data,const void * buf,size_t len,CURLcode * err)1779 static ssize_t h3_stream_open(struct Curl_cfilter *cf,
1780 struct Curl_easy *data,
1781 const void *buf, size_t len,
1782 CURLcode *err)
1783 {
1784 struct cf_osslq_ctx *ctx = cf->ctx;
1785 struct h3_stream_ctx *stream = NULL;
1786 struct dynhds h2_headers;
1787 size_t nheader;
1788 nghttp3_nv *nva = NULL;
1789 int rc = 0;
1790 unsigned int i;
1791 ssize_t nwritten = -1;
1792 nghttp3_data_reader reader;
1793 nghttp3_data_reader *preader = NULL;
1794
1795 Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
1796
1797 *err = h3_data_setup(cf, data);
1798 if(*err)
1799 goto out;
1800 stream = H3_STREAM_CTX(ctx, data);
1801 DEBUGASSERT(stream);
1802 if(!stream) {
1803 *err = CURLE_FAILED_INIT;
1804 goto out;
1805 }
1806
1807 nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err);
1808 if(nwritten < 0)
1809 goto out;
1810 if(!stream->h1.done) {
1811 /* need more data */
1812 goto out;
1813 }
1814 DEBUGASSERT(stream->h1.req);
1815
1816 *err = Curl_http_req_to_h2(&h2_headers, stream->h1.req, data);
1817 if(*err) {
1818 nwritten = -1;
1819 goto out;
1820 }
1821 /* no longer needed */
1822 Curl_h1_req_parse_free(&stream->h1);
1823
1824 nheader = Curl_dynhds_count(&h2_headers);
1825 nva = malloc(sizeof(nghttp3_nv) * nheader);
1826 if(!nva) {
1827 *err = CURLE_OUT_OF_MEMORY;
1828 nwritten = -1;
1829 goto out;
1830 }
1831
1832 for(i = 0; i < nheader; ++i) {
1833 struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i);
1834 nva[i].name = (unsigned char *)e->name;
1835 nva[i].namelen = e->namelen;
1836 nva[i].value = (unsigned char *)e->value;
1837 nva[i].valuelen = e->valuelen;
1838 nva[i].flags = NGHTTP3_NV_FLAG_NONE;
1839 }
1840
1841 DEBUGASSERT(stream->s.id == -1);
1842 *err = cf_osslq_stream_open(&stream->s, ctx->tls.ossl.ssl, 0,
1843 &ctx->stream_bufcp, data);
1844 if(*err) {
1845 failf(data, "cannot get bidi streams");
1846 *err = CURLE_SEND_ERROR;
1847 goto out;
1848 }
1849
1850 switch(data->state.httpreq) {
1851 case HTTPREQ_POST:
1852 case HTTPREQ_POST_FORM:
1853 case HTTPREQ_POST_MIME:
1854 case HTTPREQ_PUT:
1855 /* known request body size or -1 */
1856 if(data->state.infilesize != -1)
1857 stream->upload_left = data->state.infilesize;
1858 else
1859 /* data sending without specifying the data amount up front */
1860 stream->upload_left = -1; /* unknown */
1861 break;
1862 default:
1863 /* there is not request body */
1864 stream->upload_left = 0; /* no request body */
1865 break;
1866 }
1867
1868 stream->send_closed = (stream->upload_left == 0);
1869 if(!stream->send_closed) {
1870 reader.read_data = cb_h3_read_req_body;
1871 preader = &reader;
1872 }
1873
1874 rc = nghttp3_conn_submit_request(ctx->h3.conn, stream->s.id,
1875 nva, nheader, preader, data);
1876 if(rc) {
1877 switch(rc) {
1878 case NGHTTP3_ERR_CONN_CLOSING:
1879 CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64"] failed to send, "
1880 "connection is closing", stream->s.id);
1881 break;
1882 default:
1883 CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64 "] failed to send -> %d (%s)",
1884 stream->s.id, rc, nghttp3_strerror(rc));
1885 break;
1886 }
1887 *err = CURLE_SEND_ERROR;
1888 nwritten = -1;
1889 goto out;
1890 }
1891
1892 if(Curl_trc_is_verbose(data)) {
1893 infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s",
1894 stream->s.id, data->state.url);
1895 for(i = 0; i < nheader; ++i) {
1896 infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]",
1897 stream->s.id,
1898 (int)nva[i].namelen, nva[i].name,
1899 (int)nva[i].valuelen, nva[i].value);
1900 }
1901 }
1902
1903 out:
1904 free(nva);
1905 Curl_dynhds_free(&h2_headers);
1906 return nwritten;
1907 }
1908
cf_osslq_send(struct Curl_cfilter * cf,struct Curl_easy * data,const void * buf,size_t len,bool eos,CURLcode * err)1909 static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data,
1910 const void *buf, size_t len, bool eos,
1911 CURLcode *err)
1912 {
1913 struct cf_osslq_ctx *ctx = cf->ctx;
1914 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
1915 struct cf_call_data save;
1916 ssize_t nwritten;
1917 CURLcode result;
1918
1919 (void)eos; /* TODO: use to end stream */
1920 CF_DATA_SAVE(save, cf, data);
1921 DEBUGASSERT(cf->connected);
1922 DEBUGASSERT(ctx->tls.ossl.ssl);
1923 DEBUGASSERT(ctx->h3.conn);
1924 *err = CURLE_OK;
1925
1926 result = cf_progress_ingress(cf, data);
1927 if(result) {
1928 *err = result;
1929 nwritten = -1;
1930 goto out;
1931 }
1932
1933 result = cf_progress_egress(cf, data);
1934 if(result) {
1935 *err = result;
1936 nwritten = -1;
1937 goto out;
1938 }
1939
1940 if(!stream || stream->s.id < 0) {
1941 nwritten = h3_stream_open(cf, data, buf, len, err);
1942 if(nwritten < 0) {
1943 CURL_TRC_CF(data, cf, "failed to open stream -> %d", *err);
1944 goto out;
1945 }
1946 stream = H3_STREAM_CTX(ctx, data);
1947 }
1948 else if(stream->closed) {
1949 if(stream->resp_hds_complete) {
1950 /* Server decided to close the stream after having sent us a final
1951 * response. This is valid if it is not interested in the request
1952 * body. This happens on 30x or 40x responses.
1953 * We silently discard the data sent, since this is not a transport
1954 * error situation. */
1955 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data"
1956 "on closed stream with response", stream->s.id);
1957 *err = CURLE_OK;
1958 nwritten = (ssize_t)len;
1959 goto out;
1960 }
1961 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) "
1962 "-> stream closed", stream->s.id, len);
1963 *err = CURLE_HTTP3;
1964 nwritten = -1;
1965 goto out;
1966 }
1967 else {
1968 nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err);
1969 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to "
1970 "sendbuf(len=%zu) -> %zd, %d",
1971 stream->s.id, len, nwritten, *err);
1972 if(nwritten < 0) {
1973 goto out;
1974 }
1975
1976 (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
1977 }
1978
1979 result = cf_progress_egress(cf, data);
1980 if(result) {
1981 *err = result;
1982 nwritten = -1;
1983 }
1984
1985 out:
1986 result = check_and_set_expiry(cf, data);
1987 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d",
1988 stream ? stream->s.id : -1, len, nwritten, *err);
1989 CF_DATA_RESTORE(cf, save);
1990 return nwritten;
1991 }
1992
recv_closed_stream(struct Curl_cfilter * cf,struct Curl_easy * data,struct h3_stream_ctx * stream,CURLcode * err)1993 static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
1994 struct Curl_easy *data,
1995 struct h3_stream_ctx *stream,
1996 CURLcode *err)
1997 {
1998 ssize_t nread = -1;
1999
2000 (void)cf;
2001 if(stream->reset) {
2002 failf(data,
2003 "HTTP/3 stream %" FMT_PRId64 " reset by server",
2004 stream->s.id);
2005 *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3;
2006 goto out;
2007 }
2008 else if(!stream->resp_hds_complete) {
2009 failf(data,
2010 "HTTP/3 stream %" FMT_PRId64
2011 " was closed cleanly, but before getting"
2012 " all response header fields, treated as error",
2013 stream->s.id);
2014 *err = CURLE_HTTP3;
2015 goto out;
2016 }
2017 *err = CURLE_OK;
2018 nread = 0;
2019
2020 out:
2021 return nread;
2022 }
2023
cf_osslq_recv(struct Curl_cfilter * cf,struct Curl_easy * data,char * buf,size_t len,CURLcode * err)2024 static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
2025 char *buf, size_t len, CURLcode *err)
2026 {
2027 struct cf_osslq_ctx *ctx = cf->ctx;
2028 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2029 ssize_t nread = -1;
2030 struct cf_call_data save;
2031 CURLcode result;
2032
2033 (void)ctx;
2034 CF_DATA_SAVE(save, cf, data);
2035 DEBUGASSERT(cf->connected);
2036 DEBUGASSERT(ctx);
2037 DEBUGASSERT(ctx->tls.ossl.ssl);
2038 DEBUGASSERT(ctx->h3.conn);
2039 *err = CURLE_OK;
2040
2041 if(!stream) {
2042 *err = CURLE_RECV_ERROR;
2043 goto out;
2044 }
2045
2046 if(!Curl_bufq_is_empty(&stream->recvbuf)) {
2047 nread = Curl_bufq_read(&stream->recvbuf,
2048 (unsigned char *)buf, len, err);
2049 if(nread < 0) {
2050 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
2051 "-> %zd, %d", stream->s.id, len, nread, *err);
2052 goto out;
2053 }
2054 }
2055
2056 result = cf_progress_ingress(cf, data);
2057 if(result) {
2058 *err = result;
2059 nread = -1;
2060 goto out;
2061 }
2062
2063 /* recvbuf had nothing before, maybe after progressing ingress? */
2064 if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) {
2065 nread = Curl_bufq_read(&stream->recvbuf,
2066 (unsigned char *)buf, len, err);
2067 if(nread < 0) {
2068 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
2069 "-> %zd, %d", stream->s.id, len, nread, *err);
2070 goto out;
2071 }
2072 }
2073
2074 if(nread > 0) {
2075 h3_drain_stream(cf, data);
2076 }
2077 else {
2078 if(stream->closed) {
2079 nread = recv_closed_stream(cf, data, stream, err);
2080 goto out;
2081 }
2082 *err = CURLE_AGAIN;
2083 nread = -1;
2084 }
2085
2086 out:
2087 if(cf_progress_egress(cf, data)) {
2088 *err = CURLE_SEND_ERROR;
2089 nread = -1;
2090 }
2091 else {
2092 CURLcode result2 = check_and_set_expiry(cf, data);
2093 if(result2) {
2094 *err = result2;
2095 nread = -1;
2096 }
2097 }
2098 CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(len=%zu) -> %zd, %d",
2099 stream ? stream->s.id : -1, len, nread, *err);
2100 CF_DATA_RESTORE(cf, save);
2101 return nread;
2102 }
2103
2104 /*
2105 * Called from transfer.c:data_pending to know if we should keep looping
2106 * to receive more data from the connection.
2107 */
cf_osslq_data_pending(struct Curl_cfilter * cf,const struct Curl_easy * data)2108 static bool cf_osslq_data_pending(struct Curl_cfilter *cf,
2109 const struct Curl_easy *data)
2110 {
2111 struct cf_osslq_ctx *ctx = cf->ctx;
2112 const struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2113 (void)cf;
2114 return stream && !Curl_bufq_is_empty(&stream->recvbuf);
2115 }
2116
cf_osslq_data_event(struct Curl_cfilter * cf,struct Curl_easy * data,int event,int arg1,void * arg2)2117 static CURLcode cf_osslq_data_event(struct Curl_cfilter *cf,
2118 struct Curl_easy *data,
2119 int event, int arg1, void *arg2)
2120 {
2121 struct cf_osslq_ctx *ctx = cf->ctx;
2122 CURLcode result = CURLE_OK;
2123 struct cf_call_data save;
2124
2125 CF_DATA_SAVE(save, cf, data);
2126 (void)arg1;
2127 (void)arg2;
2128 switch(event) {
2129 case CF_CTRL_DATA_SETUP:
2130 break;
2131 case CF_CTRL_DATA_PAUSE:
2132 result = h3_data_pause(cf, data, (arg1 != 0));
2133 break;
2134 case CF_CTRL_DATA_DETACH:
2135 h3_data_done(cf, data);
2136 break;
2137 case CF_CTRL_DATA_DONE:
2138 h3_data_done(cf, data);
2139 break;
2140 case CF_CTRL_DATA_DONE_SEND: {
2141 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2142 if(stream && !stream->send_closed) {
2143 stream->send_closed = TRUE;
2144 stream->upload_left = Curl_bufq_len(&stream->sendbuf) -
2145 stream->sendbuf_len_in_flight;
2146 (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
2147 }
2148 break;
2149 }
2150 case CF_CTRL_DATA_IDLE: {
2151 struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2152 CURL_TRC_CF(data, cf, "data idle");
2153 if(stream && !stream->closed) {
2154 result = check_and_set_expiry(cf, data);
2155 }
2156 break;
2157 }
2158 default:
2159 break;
2160 }
2161 CF_DATA_RESTORE(cf, save);
2162 return result;
2163 }
2164
cf_osslq_conn_is_alive(struct Curl_cfilter * cf,struct Curl_easy * data,bool * input_pending)2165 static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf,
2166 struct Curl_easy *data,
2167 bool *input_pending)
2168 {
2169 struct cf_osslq_ctx *ctx = cf->ctx;
2170 bool alive = FALSE;
2171 struct cf_call_data save;
2172
2173 CF_DATA_SAVE(save, cf, data);
2174 *input_pending = FALSE;
2175 if(!ctx->tls.ossl.ssl)
2176 goto out;
2177
2178 #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
2179 /* Added in OpenSSL v3.3.x */
2180 {
2181 timediff_t idletime;
2182 uint64_t idle_ms = ctx->max_idle_ms;
2183 if(!SSL_get_value_uint(ctx->tls.ossl.ssl,
2184 SSL_VALUE_CLASS_FEATURE_NEGOTIATED,
2185 SSL_VALUE_QUIC_IDLE_TIMEOUT, &idle_ms)) {
2186 CURL_TRC_CF(data, cf, "error getting negotiated idle timeout, "
2187 "assume connection is dead.");
2188 goto out;
2189 }
2190 CURL_TRC_CF(data, cf, "negotiated idle timeout: %zums", (size_t)idle_ms);
2191 idletime = Curl_timediff(Curl_now(), ctx->q.last_io);
2192 if(idletime > 0 && (uint64_t)idletime > idle_ms)
2193 goto out;
2194 }
2195
2196 #endif
2197
2198 if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
2199 goto out;
2200
2201 alive = TRUE;
2202 if(*input_pending) {
2203 CURLcode result;
2204 /* This happens before we have sent off a request and the connection is
2205 not in use by any other transfer, there should not be any data here,
2206 only "protocol frames" */
2207 *input_pending = FALSE;
2208 result = cf_progress_ingress(cf, data);
2209 CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result);
2210 alive = result ? FALSE : TRUE;
2211 }
2212
2213 out:
2214 CF_DATA_RESTORE(cf, save);
2215 return alive;
2216 }
2217
cf_osslq_adjust_pollset(struct Curl_cfilter * cf,struct Curl_easy * data,struct easy_pollset * ps)2218 static void cf_osslq_adjust_pollset(struct Curl_cfilter *cf,
2219 struct Curl_easy *data,
2220 struct easy_pollset *ps)
2221 {
2222 struct cf_osslq_ctx *ctx = cf->ctx;
2223
2224 if(!ctx->tls.ossl.ssl) {
2225 /* NOP */
2226 }
2227 else if(!cf->connected) {
2228 /* during handshake, transfer has not started yet. we always
2229 * add our socket for polling if SSL wants to send/recv */
2230 Curl_pollset_set(data, ps, ctx->q.sockfd,
2231 SSL_net_read_desired(ctx->tls.ossl.ssl),
2232 SSL_net_write_desired(ctx->tls.ossl.ssl));
2233 }
2234 else {
2235 /* once connected, we only modify the socket if it is present.
2236 * this avoids adding it for paused transfers. */
2237 bool want_recv, want_send;
2238 Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send);
2239 if(want_recv || want_send) {
2240 Curl_pollset_set(data, ps, ctx->q.sockfd,
2241 SSL_net_read_desired(ctx->tls.ossl.ssl),
2242 SSL_net_write_desired(ctx->tls.ossl.ssl));
2243 }
2244 else if(ctx->need_recv || ctx->need_send) {
2245 Curl_pollset_set(data, ps, ctx->q.sockfd,
2246 ctx->need_recv, ctx->need_send);
2247 }
2248 }
2249 }
2250
cf_osslq_query(struct Curl_cfilter * cf,struct Curl_easy * data,int query,int * pres1,void * pres2)2251 static CURLcode cf_osslq_query(struct Curl_cfilter *cf,
2252 struct Curl_easy *data,
2253 int query, int *pres1, void *pres2)
2254 {
2255 struct cf_osslq_ctx *ctx = cf->ctx;
2256
2257 switch(query) {
2258 case CF_QUERY_MAX_CONCURRENT: {
2259 #ifdef SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL
2260 /* Added in OpenSSL v3.3.x */
2261 uint64_t v;
2262 if(!SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC,
2263 SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, &v)) {
2264 CURL_TRC_CF(data, cf, "error getting available local bidi streams");
2265 return CURLE_HTTP3;
2266 }
2267 /* we report avail + in_use */
2268 v += CONN_INUSE(cf->conn);
2269 *pres1 = (v > INT_MAX) ? INT_MAX : (int)v;
2270 #else
2271 *pres1 = 100;
2272 #endif
2273 CURL_TRC_CF(data, cf, "query max_conncurrent -> %d", *pres1);
2274 return CURLE_OK;
2275 }
2276 case CF_QUERY_CONNECT_REPLY_MS:
2277 if(ctx->got_first_byte) {
2278 timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
2279 *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX;
2280 }
2281 else
2282 *pres1 = -1;
2283 return CURLE_OK;
2284 case CF_QUERY_TIMER_CONNECT: {
2285 struct curltime *when = pres2;
2286 if(ctx->got_first_byte)
2287 *when = ctx->first_byte_at;
2288 return CURLE_OK;
2289 }
2290 case CF_QUERY_TIMER_APPCONNECT: {
2291 struct curltime *when = pres2;
2292 if(cf->connected)
2293 *when = ctx->handshake_at;
2294 return CURLE_OK;
2295 }
2296 default:
2297 break;
2298 }
2299 return cf->next ?
2300 cf->next->cft->query(cf->next, data, query, pres1, pres2) :
2301 CURLE_UNKNOWN_OPTION;
2302 }
2303
2304 struct Curl_cftype Curl_cft_http3 = {
2305 "HTTP/3",
2306 CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
2307 0,
2308 cf_osslq_destroy,
2309 cf_osslq_connect,
2310 cf_osslq_close,
2311 cf_osslq_shutdown,
2312 Curl_cf_def_get_host,
2313 cf_osslq_adjust_pollset,
2314 cf_osslq_data_pending,
2315 cf_osslq_send,
2316 cf_osslq_recv,
2317 cf_osslq_data_event,
2318 cf_osslq_conn_is_alive,
2319 Curl_cf_def_conn_keep_alive,
2320 cf_osslq_query,
2321 };
2322
Curl_cf_osslq_create(struct Curl_cfilter ** pcf,struct Curl_easy * data,struct connectdata * conn,const struct Curl_addrinfo * ai)2323 CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf,
2324 struct Curl_easy *data,
2325 struct connectdata *conn,
2326 const struct Curl_addrinfo *ai)
2327 {
2328 struct cf_osslq_ctx *ctx = NULL;
2329 struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
2330 CURLcode result;
2331
2332 (void)data;
2333 ctx = calloc(1, sizeof(*ctx));
2334 if(!ctx) {
2335 result = CURLE_OUT_OF_MEMORY;
2336 goto out;
2337 }
2338 cf_osslq_ctx_init(ctx);
2339
2340 result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
2341 if(result)
2342 goto out;
2343
2344 result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
2345 if(result)
2346 goto out;
2347
2348 cf->conn = conn;
2349 udp_cf->conn = cf->conn;
2350 udp_cf->sockindex = cf->sockindex;
2351 cf->next = udp_cf;
2352
2353 out:
2354 *pcf = (!result) ? cf : NULL;
2355 if(result) {
2356 if(udp_cf)
2357 Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE);
2358 Curl_safefree(cf);
2359 cf_osslq_ctx_free(ctx);
2360 }
2361 return result;
2362 }
2363
Curl_conn_is_osslq(const struct Curl_easy * data,const struct connectdata * conn,int sockindex)2364 bool Curl_conn_is_osslq(const struct Curl_easy *data,
2365 const struct connectdata *conn,
2366 int sockindex)
2367 {
2368 struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL;
2369
2370 (void)data;
2371 for(; cf; cf = cf->next) {
2372 if(cf->cft == &Curl_cft_http3)
2373 return TRUE;
2374 if(cf->cft->flags & CF_TYPE_IP_CONNECT)
2375 return FALSE;
2376 }
2377 return FALSE;
2378 }
2379
2380 /*
2381 * Store ngtcp2 version info in this buffer.
2382 */
Curl_osslq_ver(char * p,size_t len)2383 void Curl_osslq_ver(char *p, size_t len)
2384 {
2385 const nghttp3_info *ht3 = nghttp3_version(0);
2386 (void)msnprintf(p, len, "nghttp3/%s", ht3->version_str);
2387 }
2388
2389 #endif /* USE_OPENSSL_QUIC && USE_NGHTTP3 */
2390