xref: /curl/lib/vquic/curl_osslq.c (revision fa0ccd9f) 
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * SPDX-License-Identifier: curl
22  *
23  ***************************************************************************/
24 
25 #include "curl_setup.h"
26 
27 #if defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
28 
29 #include <openssl/ssl.h>
30 #include <openssl/bio.h>
31 #include <openssl/err.h>
32 #include <nghttp3/nghttp3.h>
33 
34 #include "urldata.h"
35 #include "hash.h"
36 #include "sendf.h"
37 #include "strdup.h"
38 #include "rand.h"
39 #include "multiif.h"
40 #include "strcase.h"
41 #include "cfilters.h"
42 #include "cf-socket.h"
43 #include "connect.h"
44 #include "progress.h"
45 #include "strerror.h"
46 #include "dynbuf.h"
47 #include "http1.h"
48 #include "select.h"
49 #include "inet_pton.h"
50 #include "vquic.h"
51 #include "vquic_int.h"
52 #include "vquic-tls.h"
53 #include "vtls/keylog.h"
54 #include "vtls/vtls.h"
55 #include "vtls/openssl.h"
56 #include "curl_osslq.h"
57 
58 #include "warnless.h"
59 
60 /* The last 3 #include files should be in this order */
61 #include "curl_printf.h"
62 #include "curl_memory.h"
63 #include "memdebug.h"
64 
65 /* A stream window is the maximum amount we need to buffer for
66  * each active transfer. We use HTTP/3 flow control and only ACK
67  * when we take things out of the buffer.
68  * Chunk size is large enough to take a full DATA frame */
69 #define H3_STREAM_WINDOW_SIZE (128 * 1024)
70 #define H3_STREAM_CHUNK_SIZE   (16 * 1024)
71 /* The pool keeps spares around and half of a full stream window
72  * seems good. More does not seem to improve performance.
73  * The benefit of the pool is that stream buffer to not keep
74  * spares. Memory consumption goes down when streams run empty,
75  * have a large upload done, etc. */
76 #define H3_STREAM_POOL_SPARES \
77           (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2
78 /* Receive and Send max number of chunks just follows from the
79  * chunk size and window size */
80 #define H3_STREAM_RECV_CHUNKS \
81           (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
82 #define H3_STREAM_SEND_CHUNKS \
83           (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
84 
85 #ifndef ARRAYSIZE
86 #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
87 #endif
88 
89 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
90 typedef uint32_t sslerr_t;
91 #else
92 typedef unsigned long sslerr_t;
93 #endif
94 
95 
96 /* How to access `call_data` from a cf_osslq filter */
97 #undef CF_CTX_CALL_DATA
98 #define CF_CTX_CALL_DATA(cf)  \
99   ((struct cf_osslq_ctx *)(cf)->ctx)->call_data
100 
101 static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
102                                     struct Curl_easy *data);
103 
osslq_SSL_ERROR_to_str(int err)104 static const char *osslq_SSL_ERROR_to_str(int err)
105 {
106   switch(err) {
107   case SSL_ERROR_NONE:
108     return "SSL_ERROR_NONE";
109   case SSL_ERROR_SSL:
110     return "SSL_ERROR_SSL";
111   case SSL_ERROR_WANT_READ:
112     return "SSL_ERROR_WANT_READ";
113   case SSL_ERROR_WANT_WRITE:
114     return "SSL_ERROR_WANT_WRITE";
115   case SSL_ERROR_WANT_X509_LOOKUP:
116     return "SSL_ERROR_WANT_X509_LOOKUP";
117   case SSL_ERROR_SYSCALL:
118     return "SSL_ERROR_SYSCALL";
119   case SSL_ERROR_ZERO_RETURN:
120     return "SSL_ERROR_ZERO_RETURN";
121   case SSL_ERROR_WANT_CONNECT:
122     return "SSL_ERROR_WANT_CONNECT";
123   case SSL_ERROR_WANT_ACCEPT:
124     return "SSL_ERROR_WANT_ACCEPT";
125 #if defined(SSL_ERROR_WANT_ASYNC)
126   case SSL_ERROR_WANT_ASYNC:
127     return "SSL_ERROR_WANT_ASYNC";
128 #endif
129 #if defined(SSL_ERROR_WANT_ASYNC_JOB)
130   case SSL_ERROR_WANT_ASYNC_JOB:
131     return "SSL_ERROR_WANT_ASYNC_JOB";
132 #endif
133 #if defined(SSL_ERROR_WANT_EARLY)
134   case SSL_ERROR_WANT_EARLY:
135     return "SSL_ERROR_WANT_EARLY";
136 #endif
137   default:
138     return "SSL_ERROR unknown";
139   }
140 }
141 
142 /* Return error string for last OpenSSL error */
osslq_strerror(unsigned long error,char * buf,size_t size)143 static char *osslq_strerror(unsigned long error, char *buf, size_t size)
144 {
145   DEBUGASSERT(size);
146   *buf = '\0';
147 
148 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
149   ERR_error_string_n((uint32_t)error, buf, size);
150 #else
151   ERR_error_string_n(error, buf, size);
152 #endif
153 
154   if(!*buf) {
155     const char *msg = error ? "Unknown error" : "No error";
156     if(strlen(msg) < size)
157       strcpy(buf, msg);
158   }
159 
160   return buf;
161 }
162 
make_bio_addr(BIO_ADDR ** pbio_addr,const struct Curl_sockaddr_ex * addr)163 static CURLcode make_bio_addr(BIO_ADDR **pbio_addr,
164                               const struct Curl_sockaddr_ex *addr)
165 {
166   BIO_ADDR *ba;
167   CURLcode result = CURLE_FAILED_INIT;
168 
169   ba = BIO_ADDR_new();
170   if(!ba) {
171     result = CURLE_OUT_OF_MEMORY;
172     goto out;
173   }
174 
175   switch(addr->family) {
176   case AF_INET: {
177     struct sockaddr_in * const sin =
178       (struct sockaddr_in * const)(void *)&addr->curl_sa_addr;
179     if(!BIO_ADDR_rawmake(ba, AF_INET, &sin->sin_addr,
180                          sizeof(sin->sin_addr), sin->sin_port)) {
181       goto out;
182     }
183     result = CURLE_OK;
184     break;
185   }
186 #ifdef USE_IPV6
187   case AF_INET6: {
188     struct sockaddr_in6 * const sin =
189       (struct sockaddr_in6 * const)(void *)&addr->curl_sa_addr;
190     if(!BIO_ADDR_rawmake(ba, AF_INET6, &sin->sin6_addr,
191                          sizeof(sin->sin6_addr), sin->sin6_port)) {
192     }
193     result = CURLE_OK;
194     break;
195   }
196 #endif /* USE_IPV6 */
197   default:
198     /* sunsupported */
199     DEBUGASSERT(0);
200     break;
201   }
202 
203 out:
204   if(result && ba) {
205     BIO_ADDR_free(ba);
206     ba = NULL;
207   }
208   *pbio_addr = ba;
209   return result;
210 }
211 
212 /* QUIC stream (not necessarily H3) */
213 struct cf_osslq_stream {
214   curl_int64_t id;
215   SSL *ssl;
216   struct bufq recvbuf; /* QUIC war data recv buffer */
217   BIT(recvd_eos);
218   BIT(closed);
219   BIT(reset);
220   BIT(send_blocked);
221 };
222 
cf_osslq_stream_open(struct cf_osslq_stream * s,SSL * conn,uint64_t flags,struct bufc_pool * bufcp,void * user_data)223 static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s,
224                                      SSL *conn,
225                                      uint64_t flags,
226                                      struct bufc_pool *bufcp,
227                                      void *user_data)
228 {
229   DEBUGASSERT(!s->ssl);
230   Curl_bufq_initp(&s->recvbuf, bufcp, 1, BUFQ_OPT_NONE);
231   s->ssl = SSL_new_stream(conn, flags);
232   if(!s->ssl) {
233     return CURLE_FAILED_INIT;
234   }
235   s->id = (curl_int64_t)SSL_get_stream_id(s->ssl);
236   SSL_set_app_data(s->ssl, user_data);
237   return CURLE_OK;
238 }
239 
cf_osslq_stream_cleanup(struct cf_osslq_stream * s)240 static void cf_osslq_stream_cleanup(struct cf_osslq_stream *s)
241 {
242   if(s->ssl) {
243     SSL_set_app_data(s->ssl, NULL);
244     SSL_free(s->ssl);
245   }
246   Curl_bufq_free(&s->recvbuf);
247   memset(s, 0, sizeof(*s));
248 }
249 
cf_osslq_stream_close(struct cf_osslq_stream * s)250 static void cf_osslq_stream_close(struct cf_osslq_stream *s)
251 {
252   if(s->ssl) {
253     SSL_free(s->ssl);
254     s->ssl = NULL;
255   }
256 }
257 
258 struct cf_osslq_h3conn {
259   nghttp3_conn *conn;
260   nghttp3_settings settings;
261   struct cf_osslq_stream s_ctrl;
262   struct cf_osslq_stream s_qpack_enc;
263   struct cf_osslq_stream s_qpack_dec;
264   struct cf_osslq_stream remote_ctrl[3]; /* uni streams opened by the peer */
265   size_t remote_ctrl_n; /* number of peer streams opened */
266 };
267 
cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn * h3)268 static void cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn *h3)
269 {
270   size_t i;
271 
272   if(h3->conn)
273     nghttp3_conn_del(h3->conn);
274   cf_osslq_stream_cleanup(&h3->s_ctrl);
275   cf_osslq_stream_cleanup(&h3->s_qpack_enc);
276   cf_osslq_stream_cleanup(&h3->s_qpack_dec);
277   for(i = 0; i < h3->remote_ctrl_n; ++i) {
278     cf_osslq_stream_cleanup(&h3->remote_ctrl[i]);
279   }
280 }
281 
282 struct cf_osslq_ctx {
283   struct cf_quic_ctx q;
284   struct ssl_peer peer;
285   struct curl_tls_ctx tls;
286   struct cf_call_data call_data;
287   struct cf_osslq_h3conn h3;
288   struct curltime started_at;        /* time the current attempt started */
289   struct curltime handshake_at;      /* time connect handshake finished */
290   struct curltime first_byte_at;     /* when first byte was recvd */
291   struct bufc_pool stream_bufcp;     /* chunk pool for streams */
292   struct Curl_hash streams;          /* hash `data->mid` to `h3_stream_ctx` */
293   size_t max_stream_window;          /* max flow window for one stream */
294   uint64_t max_idle_ms;              /* max idle time for QUIC connection */
295   BIT(initialized);
296   BIT(got_first_byte);               /* if first byte was received */
297   BIT(x509_store_setup);             /* if x509 store has been set up */
298   BIT(protocol_shutdown);            /* QUIC connection is shut down */
299   BIT(need_recv);                    /* QUIC connection needs to receive */
300   BIT(need_send);                    /* QUIC connection needs to send */
301 };
302 
303 static void h3_stream_hash_free(void *stream);
304 
cf_osslq_ctx_init(struct cf_osslq_ctx * ctx)305 static void cf_osslq_ctx_init(struct cf_osslq_ctx *ctx)
306 {
307   DEBUGASSERT(!ctx->initialized);
308   Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE,
309                   H3_STREAM_POOL_SPARES);
310   Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free);
311   ctx->initialized = TRUE;
312 }
313 
cf_osslq_ctx_free(struct cf_osslq_ctx * ctx)314 static void cf_osslq_ctx_free(struct cf_osslq_ctx *ctx)
315 {
316   if(ctx && ctx->initialized) {
317     Curl_bufcp_free(&ctx->stream_bufcp);
318     Curl_hash_clean(&ctx->streams);
319     Curl_hash_destroy(&ctx->streams);
320     Curl_ssl_peer_cleanup(&ctx->peer);
321   }
322   free(ctx);
323 }
324 
cf_osslq_ctx_close(struct cf_osslq_ctx * ctx)325 static void cf_osslq_ctx_close(struct cf_osslq_ctx *ctx)
326 {
327   struct cf_call_data save = ctx->call_data;
328 
329   cf_osslq_h3conn_cleanup(&ctx->h3);
330   Curl_vquic_tls_cleanup(&ctx->tls);
331   vquic_ctx_free(&ctx->q);
332   ctx->call_data = save;
333 }
334 
cf_osslq_shutdown(struct Curl_cfilter * cf,struct Curl_easy * data,bool * done)335 static CURLcode cf_osslq_shutdown(struct Curl_cfilter *cf,
336                                   struct Curl_easy *data, bool *done)
337 {
338   struct cf_osslq_ctx *ctx = cf->ctx;
339   struct cf_call_data save;
340   CURLcode result = CURLE_OK;
341   int rc;
342 
343   CF_DATA_SAVE(save, cf, data);
344 
345   if(cf->shutdown || ctx->protocol_shutdown) {
346     *done = TRUE;
347     return CURLE_OK;
348   }
349 
350   CF_DATA_SAVE(save, cf, data);
351   *done = FALSE;
352   ctx->need_send = FALSE;
353   ctx->need_recv = FALSE;
354 
355   rc = SSL_shutdown_ex(ctx->tls.ossl.ssl,
356                        SSL_SHUTDOWN_FLAG_NO_BLOCK, NULL, 0);
357   if(rc == 0) {  /* ongoing */
358     CURL_TRC_CF(data, cf, "shutdown ongoing");
359     ctx->need_recv = TRUE;
360     goto out;
361   }
362   else if(rc == 1) {  /* done */
363     CURL_TRC_CF(data, cf, "shutdown finished");
364     *done = TRUE;
365     goto out;
366   }
367   else {
368     long sslerr;
369     char err_buffer[256];
370     int err = SSL_get_error(ctx->tls.ossl.ssl, rc);
371 
372     switch(err) {
373     case SSL_ERROR_NONE:
374     case SSL_ERROR_ZERO_RETURN:
375       CURL_TRC_CF(data, cf, "shutdown not received, but closed");
376       *done = TRUE;
377       goto out;
378     case SSL_ERROR_WANT_READ:
379       /* SSL has send its notify and now wants to read the reply
380        * from the server. We are not really interested in that. */
381       CURL_TRC_CF(data, cf, "shutdown sent, want receive");
382       ctx->need_recv = TRUE;
383       goto out;
384     case SSL_ERROR_WANT_WRITE:
385       CURL_TRC_CF(data, cf, "shutdown send blocked");
386       ctx->need_send = TRUE;
387       goto out;
388     default:
389       /* We give up on this. */
390       sslerr = ERR_get_error();
391       CURL_TRC_CF(data, cf, "shutdown, ignore recv error: '%s', errno %d",
392                   (sslerr ?
393                    osslq_strerror(sslerr, err_buffer, sizeof(err_buffer)) :
394                    osslq_SSL_ERROR_to_str(err)),
395                   SOCKERRNO);
396       *done = TRUE;
397       result = CURLE_OK;
398       goto out;
399     }
400   }
401 out:
402   CF_DATA_RESTORE(cf, save);
403   return result;
404 }
405 
cf_osslq_close(struct Curl_cfilter * cf,struct Curl_easy * data)406 static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data)
407 {
408   struct cf_osslq_ctx *ctx = cf->ctx;
409   struct cf_call_data save;
410 
411   CF_DATA_SAVE(save, cf, data);
412   if(ctx && ctx->tls.ossl.ssl) {
413     CURL_TRC_CF(data, cf, "cf_osslq_close()");
414     if(!cf->shutdown && !ctx->protocol_shutdown) {
415       /* last best effort, which OpenSSL calls a "rapid" shutdown. */
416       SSL_shutdown_ex(ctx->tls.ossl.ssl,
417                       (SSL_SHUTDOWN_FLAG_NO_BLOCK | SSL_SHUTDOWN_FLAG_RAPID),
418                       NULL, 0);
419     }
420     cf_osslq_ctx_close(ctx);
421   }
422 
423   cf->connected = FALSE;
424   CF_DATA_RESTORE(cf, save);
425 }
426 
cf_osslq_destroy(struct Curl_cfilter * cf,struct Curl_easy * data)427 static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
428 {
429   struct cf_osslq_ctx *ctx = cf->ctx;
430   struct cf_call_data save;
431 
432   CF_DATA_SAVE(save, cf, data);
433   CURL_TRC_CF(data, cf, "destroy");
434   if(ctx) {
435     CURL_TRC_CF(data, cf, "cf_osslq_destroy()");
436     if(ctx->tls.ossl.ssl)
437       cf_osslq_ctx_close(ctx);
438     cf_osslq_ctx_free(ctx);
439   }
440   cf->ctx = NULL;
441   /* No CF_DATA_RESTORE(cf, save) possible */
442   (void)save;
443 }
444 
cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn * h3,SSL * stream_ssl,struct Curl_cfilter * cf,struct Curl_easy * data)445 static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
446                                            SSL *stream_ssl,
447                                            struct Curl_cfilter *cf,
448                                            struct Curl_easy *data)
449 {
450   struct cf_osslq_ctx *ctx = cf->ctx;
451   curl_int64_t stream_id = (curl_int64_t)SSL_get_stream_id(stream_ssl);
452 
453   if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) {
454     /* rejected, we are full */
455     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] rejecting remote stream",
456                 stream_id);
457     SSL_free(stream_ssl);
458     return CURLE_FAILED_INIT;
459   }
460   switch(SSL_get_stream_type(stream_ssl)) {
461     case SSL_STREAM_TYPE_READ: {
462       struct cf_osslq_stream *nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
463       nstream->id = stream_id;
464       nstream->ssl = stream_ssl;
465       Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
466       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] accepted remote uni stream",
467                   stream_id);
468       break;
469     }
470     default:
471       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reject remote non-uni-read"
472                   " stream", stream_id);
473       SSL_free(stream_ssl);
474       return CURLE_FAILED_INIT;
475   }
476   return CURLE_OK;
477 
478 }
479 
cf_osslq_ssl_err(struct Curl_cfilter * cf,struct Curl_easy * data,int detail,CURLcode def_result)480 static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf,
481                                  struct Curl_easy *data,
482                                  int detail, CURLcode def_result)
483 {
484   struct cf_osslq_ctx *ctx = cf->ctx;
485   CURLcode result = def_result;
486   sslerr_t errdetail;
487   char ebuf[256] = "unknown";
488   const char *err_descr = ebuf;
489   long lerr;
490   int lib;
491   int reason;
492   struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
493 
494   errdetail = ERR_get_error();
495   lib = ERR_GET_LIB(errdetail);
496   reason = ERR_GET_REASON(errdetail);
497 
498   if((lib == ERR_LIB_SSL) &&
499      ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
500       (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
501     result = CURLE_PEER_FAILED_VERIFICATION;
502 
503     lerr = SSL_get_verify_result(ctx->tls.ossl.ssl);
504     if(lerr != X509_V_OK) {
505       ssl_config->certverifyresult = lerr;
506       msnprintf(ebuf, sizeof(ebuf),
507                 "SSL certificate problem: %s",
508                 X509_verify_cert_error_string(lerr));
509     }
510     else
511       err_descr = "SSL certificate verification failed";
512   }
513 #if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)
514   /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
515      OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
516   else if((lib == ERR_LIB_SSL) &&
517           (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
518     /* If client certificate is required, communicate the
519        error to client */
520     result = CURLE_SSL_CLIENTCERT;
521     osslq_strerror(errdetail, ebuf, sizeof(ebuf));
522   }
523 #endif
524   else if((lib == ERR_LIB_SSL) && (reason == SSL_R_PROTOCOL_IS_SHUTDOWN)) {
525     ctx->protocol_shutdown = TRUE;
526     err_descr = "QUIC connection has been shut down";
527     result = def_result;
528   }
529   else {
530     result = def_result;
531     osslq_strerror(errdetail, ebuf, sizeof(ebuf));
532   }
533 
534   /* detail is already set to the SSL error above */
535 
536   /* If we e.g. use SSLv2 request-method and the server does not like us
537    * (RST connection, etc.), OpenSSL gives no explanation whatsoever and
538    * the SO_ERROR is also lost.
539    */
540   if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
541     char extramsg[80]="";
542     int sockerr = SOCKERRNO;
543     struct ip_quadruple ip;
544 
545     Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
546     if(sockerr && detail == SSL_ERROR_SYSCALL)
547       Curl_strerror(sockerr, extramsg, sizeof(extramsg));
548     failf(data, "QUIC connect: %s in connection to %s:%d (%s)",
549           extramsg[0] ? extramsg : osslq_SSL_ERROR_to_str(detail),
550           ctx->peer.dispname, ip.remote_port, ip.remote_ip);
551   }
552   else {
553     /* Could be a CERT problem */
554     failf(data, "%s", err_descr);
555   }
556   return result;
557 }
558 
cf_osslq_verify_peer(struct Curl_cfilter * cf,struct Curl_easy * data)559 static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf,
560                                   struct Curl_easy *data)
561 {
562   struct cf_osslq_ctx *ctx = cf->ctx;
563 
564   cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
565   cf->conn->httpversion = 30;
566 
567   return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer);
568 }
569 
570 /**
571  * All about the H3 internals of a stream
572  */
573 struct h3_stream_ctx {
574   struct cf_osslq_stream s;
575   struct bufq sendbuf;   /* h3 request body */
576   struct bufq recvbuf;   /* h3 response body */
577   struct h1_req_parser h1; /* h1 request parsing */
578   size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
579   size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
580   curl_uint64_t error3; /* HTTP/3 stream error code */
581   curl_off_t upload_left; /* number of request bytes left to upload */
582   curl_off_t download_recvd; /* number of response DATA bytes received */
583   int status_code; /* HTTP status code */
584   bool resp_hds_complete; /* we have a complete, final response */
585   bool closed; /* TRUE on stream close */
586   bool reset;  /* TRUE on stream reset */
587   bool send_closed; /* stream is local closed */
588   BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
589 };
590 
591 #define H3_STREAM_CTX(ctx,data)   ((struct h3_stream_ctx *)(\
592             data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL))
593 
h3_stream_ctx_free(struct h3_stream_ctx * stream)594 static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
595 {
596   cf_osslq_stream_cleanup(&stream->s);
597   Curl_bufq_free(&stream->sendbuf);
598   Curl_bufq_free(&stream->recvbuf);
599   Curl_h1_req_parse_free(&stream->h1);
600   free(stream);
601 }
602 
h3_stream_hash_free(void * stream)603 static void h3_stream_hash_free(void *stream)
604 {
605   DEBUGASSERT(stream);
606   h3_stream_ctx_free((struct h3_stream_ctx *)stream);
607 }
608 
h3_data_setup(struct Curl_cfilter * cf,struct Curl_easy * data)609 static CURLcode h3_data_setup(struct Curl_cfilter *cf,
610                               struct Curl_easy *data)
611 {
612   struct cf_osslq_ctx *ctx = cf->ctx;
613   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
614 
615   if(!data)
616     return CURLE_FAILED_INIT;
617 
618   if(stream)
619     return CURLE_OK;
620 
621   stream = calloc(1, sizeof(*stream));
622   if(!stream)
623     return CURLE_OUT_OF_MEMORY;
624 
625   stream->s.id = -1;
626   /* on send, we control how much we put into the buffer */
627   Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp,
628                   H3_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE);
629   stream->sendbuf_len_in_flight = 0;
630   /* on recv, we need a flexible buffer limit since we also write
631    * headers to it that are not counted against the nghttp3 flow limits. */
632   Curl_bufq_initp(&stream->recvbuf, &ctx->stream_bufcp,
633                   H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT);
634   stream->recv_buf_nonflow = 0;
635   Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
636 
637   if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) {
638     h3_stream_ctx_free(stream);
639     return CURLE_OUT_OF_MEMORY;
640   }
641 
642   return CURLE_OK;
643 }
644 
h3_data_done(struct Curl_cfilter * cf,struct Curl_easy * data)645 static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
646 {
647   struct cf_osslq_ctx *ctx = cf->ctx;
648   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
649 
650   (void)cf;
651   if(stream) {
652     CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done",
653                 stream->s.id);
654     if(ctx->h3.conn && !stream->closed) {
655       nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
656       nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
657                                 NGHTTP3_H3_REQUEST_CANCELLED);
658       nghttp3_conn_set_stream_user_data(ctx->h3.conn, stream->s.id, NULL);
659       stream->closed = TRUE;
660     }
661 
662     Curl_hash_offt_remove(&ctx->streams, data->mid);
663   }
664 }
665 
cf_osslq_get_qstream(struct Curl_cfilter * cf,struct Curl_easy * data,int64_t stream_id)666 static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf,
667                                                     struct Curl_easy *data,
668                                                     int64_t stream_id)
669 {
670   struct cf_osslq_ctx *ctx = cf->ctx;
671   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
672 
673   if(stream && stream->s.id == stream_id) {
674     return &stream->s;
675   }
676   else if(ctx->h3.s_ctrl.id == stream_id) {
677     return &ctx->h3.s_ctrl;
678   }
679   else if(ctx->h3.s_qpack_enc.id == stream_id) {
680     return &ctx->h3.s_qpack_enc;
681   }
682   else if(ctx->h3.s_qpack_dec.id == stream_id) {
683     return &ctx->h3.s_qpack_dec;
684   }
685   else {
686     struct Curl_llist_node *e;
687     DEBUGASSERT(data->multi);
688     for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
689       struct Curl_easy *sdata = Curl_node_elem(e);
690       if(sdata->conn != data->conn)
691         continue;
692       stream = H3_STREAM_CTX(ctx, sdata);
693       if(stream && stream->s.id == stream_id) {
694         return &stream->s;
695       }
696     }
697   }
698   return NULL;
699 }
700 
h3_drain_stream(struct Curl_cfilter * cf,struct Curl_easy * data)701 static void h3_drain_stream(struct Curl_cfilter *cf,
702                             struct Curl_easy *data)
703 {
704   struct cf_osslq_ctx *ctx = cf->ctx;
705   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
706   unsigned char bits;
707 
708   (void)cf;
709   bits = CURL_CSELECT_IN;
710   if(stream && stream->upload_left && !stream->send_closed)
711     bits |= CURL_CSELECT_OUT;
712   if(data->state.select_bits != bits) {
713     data->state.select_bits = bits;
714     Curl_expire(data, 0, EXPIRE_RUN_NOW);
715   }
716 }
717 
h3_data_pause(struct Curl_cfilter * cf,struct Curl_easy * data,bool pause)718 static CURLcode h3_data_pause(struct Curl_cfilter *cf,
719                               struct Curl_easy *data,
720                               bool pause)
721 {
722   if(!pause) {
723     /* unpaused. make it run again right away */
724     h3_drain_stream(cf, data);
725     Curl_expire(data, 0, EXPIRE_RUN_NOW);
726   }
727   return CURLE_OK;
728 }
729 
cb_h3_stream_close(nghttp3_conn * conn,int64_t stream_id,uint64_t app_error_code,void * user_data,void * stream_user_data)730 static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
731                               uint64_t app_error_code, void *user_data,
732                               void *stream_user_data)
733 {
734   struct Curl_cfilter *cf = user_data;
735   struct cf_osslq_ctx *ctx = cf->ctx;
736   struct Curl_easy *data = stream_user_data;
737   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
738   (void)conn;
739   (void)stream_id;
740 
741   /* we might be called by nghttp3 after we already cleaned up */
742   if(!stream)
743     return 0;
744 
745   stream->closed = TRUE;
746   stream->error3 = app_error_code;
747   if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
748     stream->reset = TRUE;
749     stream->send_closed = TRUE;
750     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64,
751                 stream->s.id, stream->error3);
752   }
753   else {
754     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->s.id);
755   }
756   h3_drain_stream(cf, data);
757   return 0;
758 }
759 
760 /*
761  * write_resp_raw() copies response data in raw format to the `data`'s
762   * receive buffer. If not enough space is available, it appends to the
763  * `data`'s overflow buffer.
764  */
write_resp_raw(struct Curl_cfilter * cf,struct Curl_easy * data,const void * mem,size_t memlen,bool flow)765 static CURLcode write_resp_raw(struct Curl_cfilter *cf,
766                                struct Curl_easy *data,
767                                const void *mem, size_t memlen,
768                                bool flow)
769 {
770   struct cf_osslq_ctx *ctx = cf->ctx;
771   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
772   CURLcode result = CURLE_OK;
773   ssize_t nwritten;
774 
775   (void)cf;
776   if(!stream) {
777     return CURLE_RECV_ERROR;
778   }
779   nwritten = Curl_bufq_write(&stream->recvbuf, mem, memlen, &result);
780   if(nwritten < 0) {
781     return result;
782   }
783 
784   if(!flow)
785     stream->recv_buf_nonflow += (size_t)nwritten;
786 
787   if((size_t)nwritten < memlen) {
788     /* This MUST not happen. Our recbuf is dimensioned to hold the
789      * full max_stream_window and then some for this very reason. */
790     DEBUGASSERT(0);
791     return CURLE_RECV_ERROR;
792   }
793   return result;
794 }
795 
cb_h3_recv_data(nghttp3_conn * conn,int64_t stream3_id,const uint8_t * buf,size_t buflen,void * user_data,void * stream_user_data)796 static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
797                            const uint8_t *buf, size_t buflen,
798                            void *user_data, void *stream_user_data)
799 {
800   struct Curl_cfilter *cf = user_data;
801   struct cf_osslq_ctx *ctx = cf->ctx;
802   struct Curl_easy *data = stream_user_data;
803   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
804   CURLcode result;
805 
806   (void)conn;
807   (void)stream3_id;
808 
809   if(!stream)
810     return NGHTTP3_ERR_CALLBACK_FAILURE;
811 
812   result = write_resp_raw(cf, data, buf, buflen, TRUE);
813   if(result) {
814     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, ERROR %d",
815                 stream->s.id, buflen, result);
816     return NGHTTP3_ERR_CALLBACK_FAILURE;
817   }
818   stream->download_recvd += (curl_off_t)buflen;
819   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, total=%zd",
820               stream->s.id, buflen, stream->download_recvd);
821   h3_drain_stream(cf, data);
822   return 0;
823 }
824 
cb_h3_deferred_consume(nghttp3_conn * conn,int64_t stream_id,size_t consumed,void * user_data,void * stream_user_data)825 static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id,
826                                   size_t consumed, void *user_data,
827                                   void *stream_user_data)
828 {
829   struct Curl_cfilter *cf = user_data;
830   struct cf_osslq_ctx *ctx = cf->ctx;
831   struct Curl_easy *data = stream_user_data;
832   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
833 
834   (void)conn;
835   (void)stream_id;
836   if(stream)
837     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] deferred consume %zu bytes",
838                 stream->s.id, consumed);
839   return 0;
840 }
841 
cb_h3_recv_header(nghttp3_conn * conn,int64_t sid,int32_t token,nghttp3_rcbuf * name,nghttp3_rcbuf * value,uint8_t flags,void * user_data,void * stream_user_data)842 static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid,
843                              int32_t token, nghttp3_rcbuf *name,
844                              nghttp3_rcbuf *value, uint8_t flags,
845                              void *user_data, void *stream_user_data)
846 {
847   struct Curl_cfilter *cf = user_data;
848   curl_int64_t stream_id = sid;
849   struct cf_osslq_ctx *ctx = cf->ctx;
850   nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
851   nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
852   struct Curl_easy *data = stream_user_data;
853   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
854   CURLcode result = CURLE_OK;
855   (void)conn;
856   (void)stream_id;
857   (void)token;
858   (void)flags;
859   (void)cf;
860 
861   /* we might have cleaned up this transfer already */
862   if(!stream)
863     return 0;
864 
865   if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
866     char line[14]; /* status line is always 13 characters long */
867     size_t ncopy;
868 
869     result = Curl_http_decode_status(&stream->status_code,
870                                      (const char *)h3val.base, h3val.len);
871     if(result)
872       return -1;
873     ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
874                       stream->status_code);
875     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, line);
876     result = write_resp_raw(cf, data, line, ncopy, FALSE);
877     if(result) {
878       return -1;
879     }
880   }
881   else {
882     /* store as an HTTP1-style header */
883     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s",
884                 stream_id, (int)h3name.len, h3name.base,
885                 (int)h3val.len, h3val.base);
886     result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE);
887     if(result) {
888       return -1;
889     }
890     result = write_resp_raw(cf, data, ": ", 2, FALSE);
891     if(result) {
892       return -1;
893     }
894     result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE);
895     if(result) {
896       return -1;
897     }
898     result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
899     if(result) {
900       return -1;
901     }
902   }
903   return 0;
904 }
905 
cb_h3_end_headers(nghttp3_conn * conn,int64_t sid,int fin,void * user_data,void * stream_user_data)906 static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid,
907                              int fin, void *user_data, void *stream_user_data)
908 {
909   struct Curl_cfilter *cf = user_data;
910   struct cf_osslq_ctx *ctx = cf->ctx;
911   struct Curl_easy *data = stream_user_data;
912   curl_int64_t stream_id = sid;
913   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
914   CURLcode result = CURLE_OK;
915   (void)conn;
916   (void)stream_id;
917   (void)fin;
918   (void)cf;
919 
920   if(!stream)
921     return 0;
922   /* add a CRLF only if we have received some headers */
923   result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
924   if(result) {
925     return -1;
926   }
927 
928   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d",
929               stream_id, stream->status_code);
930   if(stream->status_code / 100 != 1) {
931     stream->resp_hds_complete = TRUE;
932   }
933   h3_drain_stream(cf, data);
934   return 0;
935 }
936 
cb_h3_stop_sending(nghttp3_conn * conn,int64_t sid,uint64_t app_error_code,void * user_data,void * stream_user_data)937 static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t sid,
938                               uint64_t app_error_code, void *user_data,
939                               void *stream_user_data)
940 {
941   struct Curl_cfilter *cf = user_data;
942   struct cf_osslq_ctx *ctx = cf->ctx;
943   struct Curl_easy *data = stream_user_data;
944   curl_int64_t stream_id = sid;
945   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
946   (void)conn;
947   (void)app_error_code;
948 
949   if(!stream || !stream->s.ssl)
950     return 0;
951 
952   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] stop_sending", stream_id);
953   cf_osslq_stream_close(&stream->s);
954   return 0;
955 }
956 
cb_h3_reset_stream(nghttp3_conn * conn,int64_t sid,uint64_t app_error_code,void * user_data,void * stream_user_data)957 static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid,
958                               uint64_t app_error_code, void *user_data,
959                               void *stream_user_data) {
960   struct Curl_cfilter *cf = user_data;
961   struct cf_osslq_ctx *ctx = cf->ctx;
962   struct Curl_easy *data = stream_user_data;
963   curl_int64_t stream_id = sid;
964   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
965   int rv;
966   (void)conn;
967 
968   if(stream && stream->s.ssl) {
969     SSL_STREAM_RESET_ARGS args = {0};
970     args.quic_error_code = app_error_code;
971     rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args));
972     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv);
973     if(!rv) {
974       return NGHTTP3_ERR_CALLBACK_FAILURE;
975     }
976   }
977   return 0;
978 }
979 
980 static nghttp3_ssize
cb_h3_read_req_body(nghttp3_conn * conn,int64_t stream_id,nghttp3_vec * vec,size_t veccnt,uint32_t * pflags,void * user_data,void * stream_user_data)981 cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
982                     nghttp3_vec *vec, size_t veccnt,
983                     uint32_t *pflags, void *user_data,
984                     void *stream_user_data)
985 {
986   struct Curl_cfilter *cf = user_data;
987   struct cf_osslq_ctx *ctx = cf->ctx;
988   struct Curl_easy *data = stream_user_data;
989   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
990   ssize_t nwritten = 0;
991   size_t nvecs = 0;
992   (void)cf;
993   (void)conn;
994   (void)stream_id;
995   (void)user_data;
996   (void)veccnt;
997 
998   if(!stream)
999     return NGHTTP3_ERR_CALLBACK_FAILURE;
1000   /* nghttp3 keeps references to the sendbuf data until it is ACKed
1001    * by the server (see `cb_h3_acked_req_body()` for updates).
1002    * `sendbuf_len_in_flight` is the amount of bytes in `sendbuf`
1003    * that we have already passed to nghttp3, but which have not been
1004    * ACKed yet.
1005    * Any amount beyond `sendbuf_len_in_flight` we need still to pass
1006    * to nghttp3. Do that now, if we can. */
1007   if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
1008     nvecs = 0;
1009     while(nvecs < veccnt &&
1010           Curl_bufq_peek_at(&stream->sendbuf,
1011                             stream->sendbuf_len_in_flight,
1012                             (const unsigned char **)&vec[nvecs].base,
1013                             &vec[nvecs].len)) {
1014       stream->sendbuf_len_in_flight += vec[nvecs].len;
1015       nwritten += vec[nvecs].len;
1016       ++nvecs;
1017     }
1018     DEBUGASSERT(nvecs > 0); /* we SHOULD have been be able to peek */
1019   }
1020 
1021   if(nwritten > 0 && stream->upload_left != -1)
1022     stream->upload_left -= nwritten;
1023 
1024   /* When we stopped sending and everything in `sendbuf` is "in flight",
1025    * we are at the end of the request body. */
1026   if(stream->upload_left == 0) {
1027     *pflags = NGHTTP3_DATA_FLAG_EOF;
1028     stream->send_closed = TRUE;
1029   }
1030   else if(!nwritten) {
1031     /* Not EOF, and nothing to give, we signal WOULDBLOCK. */
1032     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN",
1033                 stream->s.id);
1034     return NGHTTP3_ERR_WOULDBLOCK;
1035   }
1036 
1037   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> "
1038               "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")",
1039               stream->s.id, (int)nvecs,
1040               *pflags == NGHTTP3_DATA_FLAG_EOF ? " EOF" : "",
1041               nwritten, Curl_bufq_len(&stream->sendbuf),
1042               stream->upload_left);
1043   return (nghttp3_ssize)nvecs;
1044 }
1045 
cb_h3_acked_stream_data(nghttp3_conn * conn,int64_t stream_id,uint64_t datalen,void * user_data,void * stream_user_data)1046 static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
1047                                    uint64_t datalen, void *user_data,
1048                                    void *stream_user_data)
1049 {
1050   struct Curl_cfilter *cf = user_data;
1051   struct cf_osslq_ctx *ctx = cf->ctx;
1052   struct Curl_easy *data = stream_user_data;
1053   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
1054   size_t skiplen;
1055 
1056   (void)cf;
1057   if(!stream)
1058     return 0;
1059   /* The server acknowledged `datalen` of bytes from our request body.
1060    * This is a delta. We have kept this data in `sendbuf` for
1061    * re-transmissions and can free it now. */
1062   if(datalen >= (uint64_t)stream->sendbuf_len_in_flight)
1063     skiplen = stream->sendbuf_len_in_flight;
1064   else
1065     skiplen = (size_t)datalen;
1066   Curl_bufq_skip(&stream->sendbuf, skiplen);
1067   stream->sendbuf_len_in_flight -= skiplen;
1068 
1069   /* Resume upload processing if we have more data to send */
1070   if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
1071     int rv = nghttp3_conn_resume_stream(conn, stream_id);
1072     if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1073       return NGHTTP3_ERR_CALLBACK_FAILURE;
1074     }
1075   }
1076   return 0;
1077 }
1078 
1079 static nghttp3_callbacks ngh3_callbacks = {
1080   cb_h3_acked_stream_data,
1081   cb_h3_stream_close,
1082   cb_h3_recv_data,
1083   cb_h3_deferred_consume,
1084   NULL, /* begin_headers */
1085   cb_h3_recv_header,
1086   cb_h3_end_headers,
1087   NULL, /* begin_trailers */
1088   cb_h3_recv_header,
1089   NULL, /* end_trailers */
1090   cb_h3_stop_sending,
1091   NULL, /* end_stream */
1092   cb_h3_reset_stream,
1093   NULL, /* shutdown */
1094   NULL /* recv_settings */
1095 };
1096 
cf_osslq_h3conn_init(struct cf_osslq_ctx * ctx,SSL * conn,void * user_data)1097 static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn,
1098                                      void *user_data)
1099 {
1100   struct cf_osslq_h3conn *h3 = &ctx->h3;
1101   CURLcode result;
1102   int rc;
1103 
1104   nghttp3_settings_default(&h3->settings);
1105   rc = nghttp3_conn_client_new(&h3->conn,
1106                                &ngh3_callbacks,
1107                                &h3->settings,
1108                                nghttp3_mem_default(),
1109                                user_data);
1110   if(rc) {
1111     result = CURLE_OUT_OF_MEMORY;
1112     goto out;
1113   }
1114 
1115   result = cf_osslq_stream_open(&h3->s_ctrl, conn,
1116                                 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1117                                 &ctx->stream_bufcp, NULL);
1118   if(result) {
1119     result = CURLE_QUIC_CONNECT_ERROR;
1120     goto out;
1121   }
1122   result = cf_osslq_stream_open(&h3->s_qpack_enc, conn,
1123                                 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1124                                 &ctx->stream_bufcp, NULL);
1125   if(result) {
1126     result = CURLE_QUIC_CONNECT_ERROR;
1127     goto out;
1128   }
1129   result = cf_osslq_stream_open(&h3->s_qpack_dec, conn,
1130                                 SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
1131                                 &ctx->stream_bufcp, NULL);
1132   if(result) {
1133     result = CURLE_QUIC_CONNECT_ERROR;
1134     goto out;
1135   }
1136 
1137   rc = nghttp3_conn_bind_control_stream(h3->conn, h3->s_ctrl.id);
1138   if(rc) {
1139     result = CURLE_QUIC_CONNECT_ERROR;
1140     goto out;
1141   }
1142   rc = nghttp3_conn_bind_qpack_streams(h3->conn, h3->s_qpack_enc.id,
1143                                        h3->s_qpack_dec.id);
1144   if(rc) {
1145     result = CURLE_QUIC_CONNECT_ERROR;
1146     goto out;
1147   }
1148 
1149   result = CURLE_OK;
1150 out:
1151   return result;
1152 }
1153 
cf_osslq_ctx_start(struct Curl_cfilter * cf,struct Curl_easy * data)1154 static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf,
1155                                    struct Curl_easy *data)
1156 {
1157   struct cf_osslq_ctx *ctx = cf->ctx;
1158   CURLcode result;
1159   int rv;
1160   const struct Curl_sockaddr_ex *peer_addr = NULL;
1161   BIO *bio = NULL;
1162   BIO_ADDR *baddr = NULL;
1163 
1164   DEBUGASSERT(ctx->initialized);
1165 
1166 #define H3_ALPN "\x2h3"
1167   result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer,
1168                                H3_ALPN, sizeof(H3_ALPN) - 1,
1169                                NULL, NULL, NULL);
1170   if(result)
1171     goto out;
1172 
1173   result = vquic_ctx_init(&ctx->q);
1174   if(result)
1175     goto out;
1176 
1177   result = CURLE_QUIC_CONNECT_ERROR;
1178   Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd, &peer_addr, NULL);
1179   if(!peer_addr)
1180     goto out;
1181 
1182   ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
1183   rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
1184                    &ctx->q.local_addrlen);
1185   if(rv == -1)
1186     goto out;
1187 
1188   result = make_bio_addr(&baddr, peer_addr);
1189   if(result) {
1190     failf(data, "error creating BIO_ADDR from sockaddr");
1191     goto out;
1192   }
1193 
1194   /* Type conversions, see #12861: OpenSSL wants an `int`, but on 64-bit
1195    * Win32 systems, Microsoft defines SOCKET as `unsigned long long`.
1196    */
1197 #if defined(_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H)
1198   if(ctx->q.sockfd > INT_MAX) {
1199     failf(data, "Windows socket identifier larger than MAX_INT, "
1200           "unable to set in OpenSSL dgram API.");
1201     result = CURLE_QUIC_CONNECT_ERROR;
1202     goto out;
1203   }
1204   bio = BIO_new_dgram((int)ctx->q.sockfd, BIO_NOCLOSE);
1205 #else
1206   bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE);
1207 #endif
1208   if(!bio) {
1209     result = CURLE_OUT_OF_MEMORY;
1210     goto out;
1211   }
1212 
1213   if(!SSL_set1_initial_peer_addr(ctx->tls.ossl.ssl, baddr)) {
1214     failf(data, "failed to set the initial peer address");
1215     result = CURLE_FAILED_INIT;
1216     goto out;
1217   }
1218   if(!SSL_set_blocking_mode(ctx->tls.ossl.ssl, 0)) {
1219     failf(data, "failed to turn off blocking mode");
1220     result = CURLE_FAILED_INIT;
1221     goto out;
1222   }
1223 
1224 #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
1225   /* Added in OpenSSL v3.3.x */
1226   if(!SSL_set_feature_request_uint(ctx->tls.ossl.ssl,
1227                                    SSL_VALUE_QUIC_IDLE_TIMEOUT,
1228                                    CURL_QUIC_MAX_IDLE_MS)) {
1229     CURL_TRC_CF(data, cf, "error setting idle timeout, ");
1230     result = CURLE_FAILED_INIT;
1231     goto out;
1232   }
1233 #endif
1234 
1235   SSL_set_bio(ctx->tls.ossl.ssl, bio, bio);
1236   bio = NULL;
1237   SSL_set_connect_state(ctx->tls.ossl.ssl);
1238   SSL_set_incoming_stream_policy(ctx->tls.ossl.ssl,
1239                                  SSL_INCOMING_STREAM_POLICY_ACCEPT, 0);
1240   /* setup the H3 things on top of the QUIC connection */
1241   result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf);
1242 
1243 out:
1244   if(bio)
1245     BIO_free(bio);
1246   if(baddr)
1247     BIO_ADDR_free(baddr);
1248   CURL_TRC_CF(data, cf, "QUIC tls init -> %d", result);
1249   return result;
1250 }
1251 
1252 struct h3_quic_recv_ctx {
1253   struct Curl_cfilter *cf;
1254   struct Curl_easy *data;
1255   struct cf_osslq_stream *s;
1256 };
1257 
h3_quic_recv(void * reader_ctx,unsigned char * buf,size_t len,CURLcode * err)1258 static ssize_t h3_quic_recv(void *reader_ctx,
1259                             unsigned char *buf, size_t len,
1260                             CURLcode *err)
1261 {
1262   struct h3_quic_recv_ctx *x = reader_ctx;
1263   size_t nread;
1264   int rv;
1265 
1266   *err = CURLE_OK;
1267   rv = SSL_read_ex(x->s->ssl, buf, len, &nread);
1268   if(rv <= 0) {
1269     int detail = SSL_get_error(x->s->ssl, rv);
1270     if(detail == SSL_ERROR_WANT_READ || detail == SSL_ERROR_WANT_WRITE) {
1271       *err = CURLE_AGAIN;
1272       return -1;
1273     }
1274     else if(detail == SSL_ERROR_ZERO_RETURN) {
1275       CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> EOS",
1276                   x->s->id);
1277       x->s->recvd_eos = TRUE;
1278       return 0;
1279     }
1280     else if(SSL_get_stream_read_state(x->s->ssl) ==
1281             SSL_STREAM_STATE_RESET_REMOTE) {
1282       uint64_t app_error_code = NGHTTP3_H3_NO_ERROR;
1283       SSL_get_stream_read_error_code(x->s->ssl, &app_error_code);
1284       CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, "
1285                   "rv=%d, app_err=%" FMT_PRIu64,
1286                   x->s->id, rv, (curl_uint64_t)app_error_code);
1287       if(app_error_code != NGHTTP3_H3_NO_ERROR) {
1288         x->s->reset = TRUE;
1289       }
1290       x->s->recvd_eos = TRUE;
1291       return 0;
1292     }
1293     else {
1294       *err = cf_osslq_ssl_err(x->cf, x->data, detail, CURLE_RECV_ERROR);
1295       return -1;
1296     }
1297   }
1298   return (ssize_t)nread;
1299 }
1300 
cf_osslq_stream_recv(struct cf_osslq_stream * s,struct Curl_cfilter * cf,struct Curl_easy * data)1301 static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s,
1302                                      struct Curl_cfilter *cf,
1303                                      struct Curl_easy *data)
1304 {
1305   struct cf_osslq_ctx *ctx = cf->ctx;
1306   CURLcode result = CURLE_OK;
1307   ssize_t nread;
1308   struct h3_quic_recv_ctx x;
1309   bool eagain = FALSE;
1310   size_t total_recv_len = 0;
1311 
1312   DEBUGASSERT(s);
1313   if(s->closed)
1314     return CURLE_OK;
1315 
1316   x.cf = cf;
1317   x.data = data;
1318   x.s = s;
1319   while(s->ssl && !s->closed && !eagain &&
1320         (total_recv_len < H3_STREAM_CHUNK_SIZE)) {
1321     if(Curl_bufq_is_empty(&s->recvbuf) && !s->recvd_eos) {
1322       while(!eagain && !s->recvd_eos && !Curl_bufq_is_full(&s->recvbuf)) {
1323         nread = Curl_bufq_sipn(&s->recvbuf, 0, h3_quic_recv, &x, &result);
1324         if(nread < 0) {
1325           if(result != CURLE_AGAIN)
1326             goto out;
1327           result = CURLE_OK;
1328           eagain = TRUE;
1329         }
1330       }
1331     }
1332 
1333     /* Forward what we have to nghttp3 */
1334     if(!Curl_bufq_is_empty(&s->recvbuf)) {
1335       const unsigned char *buf;
1336       size_t blen;
1337 
1338       while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) {
1339         nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id,
1340                                          buf, blen, 0);
1341         CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forward %zu bytes "
1342                     "to nghttp3 -> %zd", s->id, blen, nread);
1343         if(nread < 0) {
1344           failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s",
1345                 blen, nghttp3_strerror((int)nread));
1346           result = CURLE_RECV_ERROR;
1347           goto out;
1348         }
1349         /* success, `nread` is the flow for QUIC to count as "consumed",
1350          * not sure how that will work with OpenSSL. Anyways, without error,
1351          * all data that we passed is not owned by nghttp3. */
1352         Curl_bufq_skip(&s->recvbuf, blen);
1353         total_recv_len += blen;
1354       }
1355     }
1356 
1357     /* When we forwarded everything, handle RESET/EOS */
1358     if(Curl_bufq_is_empty(&s->recvbuf) && !s->closed) {
1359       int rv;
1360       result = CURLE_OK;
1361       if(s->reset) {
1362         uint64_t app_error;
1363         if(!SSL_get_stream_read_error_code(s->ssl, &app_error)) {
1364           failf(data, "SSL_get_stream_read_error_code returned error");
1365           result = CURLE_RECV_ERROR;
1366           goto out;
1367         }
1368         rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, app_error);
1369         s->closed = TRUE;
1370         if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1371           failf(data, "nghttp3_conn_close_stream returned error: %s",
1372                 nghttp3_strerror(rv));
1373           result = CURLE_RECV_ERROR;
1374           goto out;
1375         }
1376       }
1377       else if(s->recvd_eos) {
1378         rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id,
1379                                        NGHTTP3_H3_NO_ERROR);
1380         s->closed = TRUE;
1381         CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] close nghttp3 stream -> %d",
1382                     s->id, rv);
1383         if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1384           failf(data, "nghttp3_conn_close_stream returned error: %s",
1385                 nghttp3_strerror(rv));
1386           result = CURLE_RECV_ERROR;
1387           goto out;
1388         }
1389       }
1390     }
1391   }
1392 out:
1393   if(result)
1394     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_osslq_stream_recv -> %d",
1395                 s->id, result);
1396   return result;
1397 }
1398 
cf_progress_ingress(struct Curl_cfilter * cf,struct Curl_easy * data)1399 static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
1400                                     struct Curl_easy *data)
1401 {
1402   struct cf_osslq_ctx *ctx = cf->ctx;
1403   CURLcode result = CURLE_OK;
1404 
1405   if(!ctx->tls.ossl.ssl)
1406     goto out;
1407 
1408   ERR_clear_error();
1409 
1410   /* 1. Check for new incoming streams */
1411   while(1) {
1412     SSL *snew = SSL_accept_stream(ctx->tls.ossl.ssl,
1413                                   SSL_ACCEPT_STREAM_NO_BLOCK);
1414     if(!snew)
1415       break;
1416 
1417     (void)cf_osslq_h3conn_add_stream(&ctx->h3, snew, cf, data);
1418   }
1419 
1420   if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
1421     int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
1422     result = cf_osslq_ssl_err(cf, data, detail, CURLE_RECV_ERROR);
1423   }
1424 
1425   if(ctx->h3.conn) {
1426     size_t i;
1427     for(i = 0; i < ctx->h3.remote_ctrl_n; ++i) {
1428       result = cf_osslq_stream_recv(&ctx->h3.remote_ctrl[i], cf, data);
1429       if(result)
1430         goto out;
1431     }
1432   }
1433 
1434   if(ctx->h3.conn) {
1435     struct Curl_llist_node *e;
1436     struct h3_stream_ctx *stream;
1437     /* PULL all open streams */
1438     DEBUGASSERT(data->multi);
1439     for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
1440       struct Curl_easy *sdata = Curl_node_elem(e);
1441       if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) {
1442         stream = H3_STREAM_CTX(ctx, sdata);
1443         if(stream && !stream->closed &&
1444            !Curl_bufq_is_full(&stream->recvbuf)) {
1445           result = cf_osslq_stream_recv(&stream->s, cf, sdata);
1446           if(result)
1447             goto out;
1448         }
1449       }
1450     }
1451   }
1452 
1453 out:
1454   CURL_TRC_CF(data, cf, "progress_ingress -> %d", result);
1455   return result;
1456 }
1457 
1458 /* Iterate over all streams and check if blocked can be unblocked */
cf_osslq_check_and_unblock(struct Curl_cfilter * cf,struct Curl_easy * data)1459 static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf,
1460                                            struct Curl_easy *data)
1461 {
1462   struct cf_osslq_ctx *ctx = cf->ctx;
1463   struct h3_stream_ctx *stream;
1464 
1465   if(ctx->h3.conn) {
1466     struct Curl_llist_node *e;
1467     for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
1468       struct Curl_easy *sdata = Curl_node_elem(e);
1469       if(sdata->conn == data->conn) {
1470         stream = H3_STREAM_CTX(ctx, sdata);
1471         if(stream && stream->s.ssl && stream->s.send_blocked &&
1472            !SSL_want_write(stream->s.ssl)) {
1473           nghttp3_conn_unblock_stream(ctx->h3.conn, stream->s.id);
1474           stream->s.send_blocked = FALSE;
1475           h3_drain_stream(cf, sdata);
1476           CURL_TRC_CF(sdata, cf, "unblocked");
1477         }
1478       }
1479     }
1480   }
1481   return CURLE_OK;
1482 }
1483 
h3_send_streams(struct Curl_cfilter * cf,struct Curl_easy * data)1484 static CURLcode h3_send_streams(struct Curl_cfilter *cf,
1485                                 struct Curl_easy *data)
1486 {
1487   struct cf_osslq_ctx *ctx = cf->ctx;
1488   CURLcode result = CURLE_OK;
1489 
1490   if(!ctx->tls.ossl.ssl || !ctx->h3.conn)
1491     goto out;
1492 
1493   for(;;) {
1494     struct cf_osslq_stream *s = NULL;
1495     nghttp3_vec vec[16];
1496     nghttp3_ssize n, i;
1497     int64_t stream_id;
1498     size_t written;
1499     int eos, ok, rv;
1500     size_t total_len, acked_len = 0;
1501     bool blocked = FALSE, eos_written = FALSE;
1502 
1503     n = nghttp3_conn_writev_stream(ctx->h3.conn, &stream_id, &eos,
1504                                    vec, ARRAYSIZE(vec));
1505     if(n < 0) {
1506       failf(data, "nghttp3_conn_writev_stream returned error: %s",
1507             nghttp3_strerror((int)n));
1508       result = CURLE_SEND_ERROR;
1509       goto out;
1510     }
1511     if(stream_id < 0) {
1512       result = CURLE_OK;
1513       goto out;
1514     }
1515 
1516     /* Get the stream for this data */
1517     s = cf_osslq_get_qstream(cf, data, stream_id);
1518     if(!s) {
1519       failf(data, "nghttp3_conn_writev_stream gave unknown stream %"
1520             FMT_PRId64, (curl_int64_t)stream_id);
1521       result = CURLE_SEND_ERROR;
1522       goto out;
1523     }
1524     /* Now write the data to the stream's SSL*, it may not all fit! */
1525     DEBUGASSERT(s->id == stream_id);
1526     for(i = 0, total_len = 0; i < n; ++i) {
1527       total_len += vec[i].len;
1528     }
1529     for(i = 0; (i < n) && !blocked; ++i) {
1530       /* Without stream->s.ssl, we closed that already, so
1531        * pretend the write did succeed. */
1532       uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0;
1533       written = vec[i].len;
1534       ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
1535                                    &written);
1536       if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
1537         eos_written = TRUE;
1538       if(ok) {
1539         /* As OpenSSL buffers the data, we count this as acknowledged
1540          * from nghttp3's point of view */
1541         CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send %zu bytes to QUIC ok",
1542                     s->id, vec[i].len);
1543         acked_len += vec[i].len;
1544       }
1545       else {
1546         int detail = SSL_get_error(s->ssl, 0);
1547         switch(detail) {
1548         case SSL_ERROR_WANT_WRITE:
1549         case SSL_ERROR_WANT_READ:
1550           /* QUIC blocked us from writing more */
1551           CURL_TRC_CF(data, cf, "[%"FMT_PRId64 "] send %zu bytes to "
1552                       "QUIC blocked", s->id, vec[i].len);
1553           written = 0;
1554           nghttp3_conn_block_stream(ctx->h3.conn, s->id);
1555           s->send_blocked = blocked = TRUE;
1556           break;
1557         default:
1558           failf(data, "[%"FMT_PRId64 "] send %zu bytes to QUIC, SSL error %d",
1559                 s->id, vec[i].len, detail);
1560           result = cf_osslq_ssl_err(cf, data, detail, CURLE_HTTP3);
1561           goto out;
1562         }
1563       }
1564     }
1565 
1566     if(acked_len > 0 || (eos && !s->send_blocked)) {
1567       /* Since QUIC buffers the data written internally, we can tell
1568        * nghttp3 that it can move forward on it */
1569       ctx->q.last_io = Curl_now();
1570       rv = nghttp3_conn_add_write_offset(ctx->h3.conn, s->id, acked_len);
1571       if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1572         failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
1573               nghttp3_strerror(rv));
1574         result = CURLE_SEND_ERROR;
1575         goto out;
1576       }
1577       rv = nghttp3_conn_add_ack_offset(ctx->h3.conn, s->id, acked_len);
1578       if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
1579         failf(data, "nghttp3_conn_add_ack_offset returned error: %s\n",
1580               nghttp3_strerror(rv));
1581         result = CURLE_SEND_ERROR;
1582         goto out;
1583       }
1584       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forwarded %zu/%zu h3 bytes "
1585                   "to QUIC, eos=%d", s->id, acked_len, total_len, eos);
1586     }
1587 
1588     if(eos && !s->send_blocked && !eos_written) {
1589       /* wrote everything and H3 indicates end of stream */
1590       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] closing QUIC stream", s->id);
1591       SSL_stream_conclude(s->ssl, 0);
1592     }
1593   }
1594 
1595 out:
1596   CURL_TRC_CF(data, cf, "h3_send_streams -> %d", result);
1597   return result;
1598 }
1599 
cf_progress_egress(struct Curl_cfilter * cf,struct Curl_easy * data)1600 static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
1601                                    struct Curl_easy *data)
1602 {
1603   struct cf_osslq_ctx *ctx = cf->ctx;
1604   CURLcode result = CURLE_OK;
1605 
1606   if(!ctx->tls.ossl.ssl)
1607     goto out;
1608 
1609   ERR_clear_error();
1610   result = h3_send_streams(cf, data);
1611   if(result)
1612     goto out;
1613 
1614   if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
1615     int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
1616     result = cf_osslq_ssl_err(cf, data, detail, CURLE_SEND_ERROR);
1617   }
1618 
1619   result = cf_osslq_check_and_unblock(cf, data);
1620 
1621 out:
1622   CURL_TRC_CF(data, cf, "progress_egress -> %d", result);
1623   return result;
1624 }
1625 
check_and_set_expiry(struct Curl_cfilter * cf,struct Curl_easy * data)1626 static CURLcode check_and_set_expiry(struct Curl_cfilter *cf,
1627                                      struct Curl_easy *data)
1628 {
1629   struct cf_osslq_ctx *ctx = cf->ctx;
1630   CURLcode result = CURLE_OK;
1631   struct timeval tv;
1632   timediff_t timeoutms;
1633   int is_infinite = 1;
1634 
1635   if(ctx->tls.ossl.ssl &&
1636      SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite) &&
1637      !is_infinite) {
1638     timeoutms = curlx_tvtoms(&tv);
1639     /* QUIC want to be called again latest at the returned timeout */
1640     if(timeoutms <= 0) {
1641       result = cf_progress_ingress(cf, data);
1642       if(result)
1643         goto out;
1644       result = cf_progress_egress(cf, data);
1645       if(result)
1646         goto out;
1647       if(SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite)) {
1648         timeoutms = curlx_tvtoms(&tv);
1649       }
1650     }
1651     if(!is_infinite) {
1652       Curl_expire(data, timeoutms, EXPIRE_QUIC);
1653       CURL_TRC_CF(data, cf, "QUIC expiry in %ldms", (long)timeoutms);
1654     }
1655   }
1656 out:
1657   return result;
1658 }
1659 
cf_osslq_connect(struct Curl_cfilter * cf,struct Curl_easy * data,bool blocking,bool * done)1660 static CURLcode cf_osslq_connect(struct Curl_cfilter *cf,
1661                                  struct Curl_easy *data,
1662                                  bool blocking, bool *done)
1663 {
1664   struct cf_osslq_ctx *ctx = cf->ctx;
1665   CURLcode result = CURLE_OK;
1666   struct cf_call_data save;
1667   struct curltime now;
1668   int err;
1669 
1670   if(cf->connected) {
1671     *done = TRUE;
1672     return CURLE_OK;
1673   }
1674 
1675   /* Connect the UDP filter first */
1676   if(!cf->next->connected) {
1677     result = Curl_conn_cf_connect(cf->next, data, blocking, done);
1678     if(result || !*done)
1679       return result;
1680   }
1681 
1682   *done = FALSE;
1683   now = Curl_now();
1684   CF_DATA_SAVE(save, cf, data);
1685 
1686   if(!ctx->tls.ossl.ssl) {
1687     ctx->started_at = now;
1688     result = cf_osslq_ctx_start(cf, data);
1689     if(result)
1690       goto out;
1691   }
1692 
1693   if(!ctx->got_first_byte) {
1694     int readable = SOCKET_READABLE(ctx->q.sockfd, 0);
1695     if(readable > 0 && (readable & CURL_CSELECT_IN)) {
1696       ctx->got_first_byte = TRUE;
1697       ctx->first_byte_at = Curl_now();
1698     }
1699   }
1700 
1701   /* Since OpenSSL does its own send/recv internally, we may miss the
1702    * moment to populate the x509 store right before the server response.
1703    * Do it instead before we start the handshake, at the loss of the
1704    * time to set this up. */
1705   result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data);
1706   if(result)
1707     goto out;
1708 
1709   ERR_clear_error();
1710   err = SSL_do_handshake(ctx->tls.ossl.ssl);
1711 
1712   if(err == 1) {
1713     /* connected */
1714     ctx->handshake_at = now;
1715     ctx->q.last_io = now;
1716     CURL_TRC_CF(data, cf, "handshake complete after %dms",
1717                (int)Curl_timediff(now, ctx->started_at));
1718     result = cf_osslq_verify_peer(cf, data);
1719     if(!result) {
1720       CURL_TRC_CF(data, cf, "peer verified");
1721       cf->connected = TRUE;
1722       cf->conn->alpn = CURL_HTTP_VERSION_3;
1723       *done = TRUE;
1724       connkeep(cf->conn, "HTTP/3 default");
1725     }
1726   }
1727   else {
1728     int detail = SSL_get_error(ctx->tls.ossl.ssl, err);
1729     switch(detail) {
1730     case SSL_ERROR_WANT_READ:
1731       ctx->q.last_io = now;
1732       CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV");
1733       goto out;
1734     case SSL_ERROR_WANT_WRITE:
1735       ctx->q.last_io = now;
1736       CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_SEND");
1737       result = CURLE_OK;
1738       goto out;
1739 #ifdef SSL_ERROR_WANT_ASYNC
1740     case SSL_ERROR_WANT_ASYNC:
1741       ctx->q.last_io = now;
1742       CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_ASYNC");
1743       result = CURLE_OK;
1744       goto out;
1745 #endif
1746 #ifdef SSL_ERROR_WANT_RETRY_VERIFY
1747     case SSL_ERROR_WANT_RETRY_VERIFY:
1748       result = CURLE_OK;
1749       goto out;
1750 #endif
1751     default:
1752       result = cf_osslq_ssl_err(cf, data, detail, CURLE_COULDNT_CONNECT);
1753       goto out;
1754     }
1755   }
1756 
1757 out:
1758   if(result == CURLE_RECV_ERROR && ctx->tls.ossl.ssl &&
1759      ctx->protocol_shutdown) {
1760     /* When a QUIC server instance is shutting down, it may send us a
1761      * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
1762      * state. The CONNECT may work in the near future again. Indicate
1763      * that as a "weird" reply. */
1764     result = CURLE_WEIRD_SERVER_REPLY;
1765   }
1766 
1767 #ifndef CURL_DISABLE_VERBOSE_STRINGS
1768   if(result) {
1769     struct ip_quadruple ip;
1770 
1771     Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
1772     infof(data, "QUIC connect to %s port %u failed: %s",
1773           ip.remote_ip, ip.remote_port, curl_easy_strerror(result));
1774   }
1775 #endif
1776   if(!result)
1777     result = check_and_set_expiry(cf, data);
1778   if(result || *done)
1779     CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);
1780   CF_DATA_RESTORE(cf, save);
1781   return result;
1782 }
1783 
h3_stream_open(struct Curl_cfilter * cf,struct Curl_easy * data,const void * buf,size_t len,CURLcode * err)1784 static ssize_t h3_stream_open(struct Curl_cfilter *cf,
1785                               struct Curl_easy *data,
1786                               const void *buf, size_t len,
1787                               CURLcode *err)
1788 {
1789   struct cf_osslq_ctx *ctx = cf->ctx;
1790   struct h3_stream_ctx *stream = NULL;
1791   struct dynhds h2_headers;
1792   size_t nheader;
1793   nghttp3_nv *nva = NULL;
1794   int rc = 0;
1795   unsigned int i;
1796   ssize_t nwritten = -1;
1797   nghttp3_data_reader reader;
1798   nghttp3_data_reader *preader = NULL;
1799 
1800   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
1801 
1802   *err = h3_data_setup(cf, data);
1803   if(*err)
1804     goto out;
1805   stream = H3_STREAM_CTX(ctx, data);
1806   DEBUGASSERT(stream);
1807   if(!stream) {
1808     *err = CURLE_FAILED_INIT;
1809     goto out;
1810   }
1811 
1812   nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err);
1813   if(nwritten < 0)
1814     goto out;
1815   if(!stream->h1.done) {
1816     /* need more data */
1817     goto out;
1818   }
1819   DEBUGASSERT(stream->h1.req);
1820 
1821   *err = Curl_http_req_to_h2(&h2_headers, stream->h1.req, data);
1822   if(*err) {
1823     nwritten = -1;
1824     goto out;
1825   }
1826   /* no longer needed */
1827   Curl_h1_req_parse_free(&stream->h1);
1828 
1829   nheader = Curl_dynhds_count(&h2_headers);
1830   nva = malloc(sizeof(nghttp3_nv) * nheader);
1831   if(!nva) {
1832     *err = CURLE_OUT_OF_MEMORY;
1833     nwritten = -1;
1834     goto out;
1835   }
1836 
1837   for(i = 0; i < nheader; ++i) {
1838     struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i);
1839     nva[i].name = (unsigned char *)e->name;
1840     nva[i].namelen = e->namelen;
1841     nva[i].value = (unsigned char *)e->value;
1842     nva[i].valuelen = e->valuelen;
1843     nva[i].flags = NGHTTP3_NV_FLAG_NONE;
1844   }
1845 
1846   DEBUGASSERT(stream->s.id == -1);
1847   *err = cf_osslq_stream_open(&stream->s, ctx->tls.ossl.ssl, 0,
1848                               &ctx->stream_bufcp, data);
1849   if(*err) {
1850     failf(data, "cannot get bidi streams");
1851     *err = CURLE_SEND_ERROR;
1852     goto out;
1853   }
1854 
1855   switch(data->state.httpreq) {
1856   case HTTPREQ_POST:
1857   case HTTPREQ_POST_FORM:
1858   case HTTPREQ_POST_MIME:
1859   case HTTPREQ_PUT:
1860     /* known request body size or -1 */
1861     if(data->state.infilesize != -1)
1862       stream->upload_left = data->state.infilesize;
1863     else
1864       /* data sending without specifying the data amount up front */
1865       stream->upload_left = -1; /* unknown */
1866     break;
1867   default:
1868     /* there is not request body */
1869     stream->upload_left = 0; /* no request body */
1870     break;
1871   }
1872 
1873   stream->send_closed = (stream->upload_left == 0);
1874   if(!stream->send_closed) {
1875     reader.read_data = cb_h3_read_req_body;
1876     preader = &reader;
1877   }
1878 
1879   rc = nghttp3_conn_submit_request(ctx->h3.conn, stream->s.id,
1880                                    nva, nheader, preader, data);
1881   if(rc) {
1882     switch(rc) {
1883     case NGHTTP3_ERR_CONN_CLOSING:
1884       CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64"] failed to send, "
1885                   "connection is closing", stream->s.id);
1886       break;
1887     default:
1888       CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64 "] failed to send -> %d (%s)",
1889                   stream->s.id, rc, nghttp3_strerror(rc));
1890       break;
1891     }
1892     *err = CURLE_SEND_ERROR;
1893     nwritten = -1;
1894     goto out;
1895   }
1896 
1897   if(Curl_trc_is_verbose(data)) {
1898     infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s",
1899           stream->s.id, data->state.url);
1900     for(i = 0; i < nheader; ++i) {
1901       infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]",
1902             stream->s.id,
1903             (int)nva[i].namelen, nva[i].name,
1904             (int)nva[i].valuelen, nva[i].value);
1905     }
1906   }
1907 
1908 out:
1909   free(nva);
1910   Curl_dynhds_free(&h2_headers);
1911   return nwritten;
1912 }
1913 
cf_osslq_send(struct Curl_cfilter * cf,struct Curl_easy * data,const void * buf,size_t len,bool eos,CURLcode * err)1914 static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data,
1915                              const void *buf, size_t len, bool eos,
1916                              CURLcode *err)
1917 {
1918   struct cf_osslq_ctx *ctx = cf->ctx;
1919   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
1920   struct cf_call_data save;
1921   ssize_t nwritten;
1922   CURLcode result;
1923 
1924   (void)eos; /* TODO: use to end stream */
1925   CF_DATA_SAVE(save, cf, data);
1926   DEBUGASSERT(cf->connected);
1927   DEBUGASSERT(ctx->tls.ossl.ssl);
1928   DEBUGASSERT(ctx->h3.conn);
1929   *err = CURLE_OK;
1930 
1931   result = cf_progress_ingress(cf, data);
1932   if(result) {
1933     *err = result;
1934     nwritten = -1;
1935     goto out;
1936   }
1937 
1938   result = cf_progress_egress(cf, data);
1939   if(result) {
1940     *err = result;
1941     nwritten = -1;
1942     goto out;
1943   }
1944 
1945   if(!stream || stream->s.id < 0) {
1946     nwritten = h3_stream_open(cf, data, buf, len, err);
1947     if(nwritten < 0) {
1948       CURL_TRC_CF(data, cf, "failed to open stream -> %d", *err);
1949       goto out;
1950     }
1951     stream = H3_STREAM_CTX(ctx, data);
1952   }
1953   else if(stream->closed) {
1954     if(stream->resp_hds_complete) {
1955       /* Server decided to close the stream after having sent us a final
1956        * response. This is valid if it is not interested in the request
1957        * body. This happens on 30x or 40x responses.
1958        * We silently discard the data sent, since this is not a transport
1959        * error situation. */
1960       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data"
1961                   "on closed stream with response", stream->s.id);
1962       *err = CURLE_OK;
1963       nwritten = (ssize_t)len;
1964       goto out;
1965     }
1966     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) "
1967                 "-> stream closed", stream->s.id, len);
1968     *err = CURLE_HTTP3;
1969     nwritten = -1;
1970     goto out;
1971   }
1972   else {
1973     nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err);
1974     CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to "
1975                 "sendbuf(len=%zu) -> %zd, %d",
1976                 stream->s.id, len, nwritten, *err);
1977     if(nwritten < 0) {
1978       goto out;
1979     }
1980 
1981     (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
1982   }
1983 
1984   result = cf_progress_egress(cf, data);
1985   if(result) {
1986     *err = result;
1987     nwritten = -1;
1988   }
1989 
1990 out:
1991   result = check_and_set_expiry(cf, data);
1992   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d",
1993               stream ? stream->s.id : -1, len, nwritten, *err);
1994   CF_DATA_RESTORE(cf, save);
1995   return nwritten;
1996 }
1997 
recv_closed_stream(struct Curl_cfilter * cf,struct Curl_easy * data,struct h3_stream_ctx * stream,CURLcode * err)1998 static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
1999                                   struct Curl_easy *data,
2000                                   struct h3_stream_ctx *stream,
2001                                   CURLcode *err)
2002 {
2003   ssize_t nread = -1;
2004 
2005   (void)cf;
2006   if(stream->reset) {
2007     failf(data,
2008           "HTTP/3 stream %" FMT_PRId64 " reset by server",
2009           stream->s.id);
2010     *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3;
2011     goto out;
2012   }
2013   else if(!stream->resp_hds_complete) {
2014     failf(data,
2015           "HTTP/3 stream %" FMT_PRId64
2016           " was closed cleanly, but before getting"
2017           " all response header fields, treated as error",
2018           stream->s.id);
2019     *err = CURLE_HTTP3;
2020     goto out;
2021   }
2022   *err = CURLE_OK;
2023   nread = 0;
2024 
2025 out:
2026   return nread;
2027 }
2028 
cf_osslq_recv(struct Curl_cfilter * cf,struct Curl_easy * data,char * buf,size_t len,CURLcode * err)2029 static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
2030                              char *buf, size_t len, CURLcode *err)
2031 {
2032   struct cf_osslq_ctx *ctx = cf->ctx;
2033   struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2034   ssize_t nread = -1;
2035   struct cf_call_data save;
2036   CURLcode result;
2037 
2038   (void)ctx;
2039   CF_DATA_SAVE(save, cf, data);
2040   DEBUGASSERT(cf->connected);
2041   DEBUGASSERT(ctx);
2042   DEBUGASSERT(ctx->tls.ossl.ssl);
2043   DEBUGASSERT(ctx->h3.conn);
2044   *err = CURLE_OK;
2045 
2046   if(!stream) {
2047     *err = CURLE_RECV_ERROR;
2048     goto out;
2049   }
2050 
2051   if(!Curl_bufq_is_empty(&stream->recvbuf)) {
2052     nread = Curl_bufq_read(&stream->recvbuf,
2053                            (unsigned char *)buf, len, err);
2054     if(nread < 0) {
2055       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
2056                   "-> %zd, %d", stream->s.id, len, nread, *err);
2057       goto out;
2058     }
2059   }
2060 
2061   result = cf_progress_ingress(cf, data);
2062   if(result) {
2063     *err = result;
2064     nread = -1;
2065     goto out;
2066   }
2067 
2068   /* recvbuf had nothing before, maybe after progressing ingress? */
2069   if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) {
2070     nread = Curl_bufq_read(&stream->recvbuf,
2071                            (unsigned char *)buf, len, err);
2072     if(nread < 0) {
2073       CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
2074                   "-> %zd, %d", stream->s.id, len, nread, *err);
2075       goto out;
2076     }
2077   }
2078 
2079   if(nread > 0) {
2080     h3_drain_stream(cf, data);
2081   }
2082   else {
2083     if(stream->closed) {
2084       nread = recv_closed_stream(cf, data, stream, err);
2085       goto out;
2086     }
2087     *err = CURLE_AGAIN;
2088     nread = -1;
2089   }
2090 
2091 out:
2092   if(cf_progress_egress(cf, data)) {
2093     *err = CURLE_SEND_ERROR;
2094     nread = -1;
2095   }
2096   else {
2097     CURLcode result2 = check_and_set_expiry(cf, data);
2098     if(result2) {
2099       *err = result2;
2100       nread = -1;
2101     }
2102   }
2103   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(len=%zu) -> %zd, %d",
2104               stream ? stream->s.id : -1, len, nread, *err);
2105   CF_DATA_RESTORE(cf, save);
2106   return nread;
2107 }
2108 
2109 /*
2110  * Called from transfer.c:data_pending to know if we should keep looping
2111  * to receive more data from the connection.
2112  */
cf_osslq_data_pending(struct Curl_cfilter * cf,const struct Curl_easy * data)2113 static bool cf_osslq_data_pending(struct Curl_cfilter *cf,
2114                                   const struct Curl_easy *data)
2115 {
2116   struct cf_osslq_ctx *ctx = cf->ctx;
2117   const struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2118   (void)cf;
2119   return stream && !Curl_bufq_is_empty(&stream->recvbuf);
2120 }
2121 
cf_osslq_data_event(struct Curl_cfilter * cf,struct Curl_easy * data,int event,int arg1,void * arg2)2122 static CURLcode cf_osslq_data_event(struct Curl_cfilter *cf,
2123                                     struct Curl_easy *data,
2124                                     int event, int arg1, void *arg2)
2125 {
2126   struct cf_osslq_ctx *ctx = cf->ctx;
2127   CURLcode result = CURLE_OK;
2128   struct cf_call_data save;
2129 
2130   CF_DATA_SAVE(save, cf, data);
2131   (void)arg1;
2132   (void)arg2;
2133   switch(event) {
2134   case CF_CTRL_DATA_SETUP:
2135     break;
2136   case CF_CTRL_DATA_PAUSE:
2137     result = h3_data_pause(cf, data, (arg1 != 0));
2138     break;
2139   case CF_CTRL_DATA_DETACH:
2140     h3_data_done(cf, data);
2141     break;
2142   case CF_CTRL_DATA_DONE:
2143     h3_data_done(cf, data);
2144     break;
2145   case CF_CTRL_DATA_DONE_SEND: {
2146     struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2147     if(stream && !stream->send_closed) {
2148       stream->send_closed = TRUE;
2149       stream->upload_left = Curl_bufq_len(&stream->sendbuf) -
2150         stream->sendbuf_len_in_flight;
2151       (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
2152     }
2153     break;
2154   }
2155   case CF_CTRL_DATA_IDLE: {
2156     struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
2157     CURL_TRC_CF(data, cf, "data idle");
2158     if(stream && !stream->closed) {
2159       result = check_and_set_expiry(cf, data);
2160     }
2161     break;
2162   }
2163   default:
2164     break;
2165   }
2166   CF_DATA_RESTORE(cf, save);
2167   return result;
2168 }
2169 
cf_osslq_conn_is_alive(struct Curl_cfilter * cf,struct Curl_easy * data,bool * input_pending)2170 static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf,
2171                                    struct Curl_easy *data,
2172                                    bool *input_pending)
2173 {
2174   struct cf_osslq_ctx *ctx = cf->ctx;
2175   bool alive = FALSE;
2176   struct cf_call_data save;
2177 
2178   CF_DATA_SAVE(save, cf, data);
2179   *input_pending = FALSE;
2180   if(!ctx->tls.ossl.ssl)
2181     goto out;
2182 
2183 #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
2184   /* Added in OpenSSL v3.3.x */
2185   {
2186     timediff_t idletime;
2187     uint64_t idle_ms = ctx->max_idle_ms;
2188     if(!SSL_get_value_uint(ctx->tls.ossl.ssl,
2189                            SSL_VALUE_CLASS_FEATURE_NEGOTIATED,
2190                            SSL_VALUE_QUIC_IDLE_TIMEOUT, &idle_ms)) {
2191       CURL_TRC_CF(data, cf, "error getting negotiated idle timeout, "
2192                   "assume connection is dead.");
2193       goto out;
2194     }
2195     CURL_TRC_CF(data, cf, "negotiated idle timeout: %zums", (size_t)idle_ms);
2196     idletime = Curl_timediff(Curl_now(), ctx->q.last_io);
2197     if(idletime > 0 && (uint64_t)idletime > idle_ms)
2198       goto out;
2199   }
2200 
2201 #endif
2202 
2203   if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
2204     goto out;
2205 
2206   alive = TRUE;
2207   if(*input_pending) {
2208     CURLcode result;
2209     /* This happens before we have sent off a request and the connection is
2210        not in use by any other transfer, there should not be any data here,
2211        only "protocol frames" */
2212     *input_pending = FALSE;
2213     result = cf_progress_ingress(cf, data);
2214     CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result);
2215     alive = result ? FALSE : TRUE;
2216   }
2217 
2218 out:
2219   CF_DATA_RESTORE(cf, save);
2220   return alive;
2221 }
2222 
cf_osslq_adjust_pollset(struct Curl_cfilter * cf,struct Curl_easy * data,struct easy_pollset * ps)2223 static void cf_osslq_adjust_pollset(struct Curl_cfilter *cf,
2224                                     struct Curl_easy *data,
2225                                     struct easy_pollset *ps)
2226 {
2227   struct cf_osslq_ctx *ctx = cf->ctx;
2228 
2229   if(!ctx->tls.ossl.ssl) {
2230     /* NOP */
2231   }
2232   else if(!cf->connected) {
2233     /* during handshake, transfer has not started yet. we always
2234      * add our socket for polling if SSL wants to send/recv */
2235     Curl_pollset_set(data, ps, ctx->q.sockfd,
2236                      SSL_net_read_desired(ctx->tls.ossl.ssl),
2237                      SSL_net_write_desired(ctx->tls.ossl.ssl));
2238   }
2239   else {
2240     /* once connected, we only modify the socket if it is present.
2241      * this avoids adding it for paused transfers. */
2242     bool want_recv, want_send;
2243     Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send);
2244     if(want_recv || want_send) {
2245       Curl_pollset_set(data, ps, ctx->q.sockfd,
2246                        SSL_net_read_desired(ctx->tls.ossl.ssl),
2247                        SSL_net_write_desired(ctx->tls.ossl.ssl));
2248     }
2249     else if(ctx->need_recv || ctx->need_send) {
2250       Curl_pollset_set(data, ps, ctx->q.sockfd,
2251                        ctx->need_recv, ctx->need_send);
2252     }
2253   }
2254 }
2255 
cf_osslq_query(struct Curl_cfilter * cf,struct Curl_easy * data,int query,int * pres1,void * pres2)2256 static CURLcode cf_osslq_query(struct Curl_cfilter *cf,
2257                                struct Curl_easy *data,
2258                                int query, int *pres1, void *pres2)
2259 {
2260   struct cf_osslq_ctx *ctx = cf->ctx;
2261 
2262   switch(query) {
2263   case CF_QUERY_MAX_CONCURRENT: {
2264 #ifdef SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL
2265     /* Added in OpenSSL v3.3.x */
2266     uint64_t v;
2267     if(!SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC,
2268                            SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, &v)) {
2269       CURL_TRC_CF(data, cf, "error getting available local bidi streams");
2270       return CURLE_HTTP3;
2271     }
2272     /* we report avail + in_use */
2273     v += CONN_INUSE(cf->conn);
2274     *pres1 = (v > INT_MAX) ? INT_MAX : (int)v;
2275 #else
2276     *pres1 = 100;
2277 #endif
2278     CURL_TRC_CF(data, cf, "query max_conncurrent -> %d", *pres1);
2279     return CURLE_OK;
2280   }
2281   case CF_QUERY_CONNECT_REPLY_MS:
2282     if(ctx->got_first_byte) {
2283       timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
2284       *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX;
2285     }
2286     else
2287       *pres1 = -1;
2288     return CURLE_OK;
2289   case CF_QUERY_TIMER_CONNECT: {
2290     struct curltime *when = pres2;
2291     if(ctx->got_first_byte)
2292       *when = ctx->first_byte_at;
2293     return CURLE_OK;
2294   }
2295   case CF_QUERY_TIMER_APPCONNECT: {
2296     struct curltime *when = pres2;
2297     if(cf->connected)
2298       *when = ctx->handshake_at;
2299     return CURLE_OK;
2300   }
2301   default:
2302     break;
2303   }
2304   return cf->next ?
2305     cf->next->cft->query(cf->next, data, query, pres1, pres2) :
2306     CURLE_UNKNOWN_OPTION;
2307 }
2308 
2309 struct Curl_cftype Curl_cft_http3 = {
2310   "HTTP/3",
2311   CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
2312   0,
2313   cf_osslq_destroy,
2314   cf_osslq_connect,
2315   cf_osslq_close,
2316   cf_osslq_shutdown,
2317   Curl_cf_def_get_host,
2318   cf_osslq_adjust_pollset,
2319   cf_osslq_data_pending,
2320   cf_osslq_send,
2321   cf_osslq_recv,
2322   cf_osslq_data_event,
2323   cf_osslq_conn_is_alive,
2324   Curl_cf_def_conn_keep_alive,
2325   cf_osslq_query,
2326 };
2327 
Curl_cf_osslq_create(struct Curl_cfilter ** pcf,struct Curl_easy * data,struct connectdata * conn,const struct Curl_addrinfo * ai)2328 CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf,
2329                               struct Curl_easy *data,
2330                               struct connectdata *conn,
2331                               const struct Curl_addrinfo *ai)
2332 {
2333   struct cf_osslq_ctx *ctx = NULL;
2334   struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
2335   CURLcode result;
2336 
2337   (void)data;
2338   ctx = calloc(1, sizeof(*ctx));
2339   if(!ctx) {
2340     result = CURLE_OUT_OF_MEMORY;
2341     goto out;
2342   }
2343   cf_osslq_ctx_init(ctx);
2344 
2345   result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
2346   if(result)
2347     goto out;
2348 
2349   result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
2350   if(result)
2351     goto out;
2352 
2353   cf->conn = conn;
2354   udp_cf->conn = cf->conn;
2355   udp_cf->sockindex = cf->sockindex;
2356   cf->next = udp_cf;
2357 
2358 out:
2359   *pcf = (!result) ? cf : NULL;
2360   if(result) {
2361     if(udp_cf)
2362       Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE);
2363     Curl_safefree(cf);
2364     cf_osslq_ctx_free(ctx);
2365   }
2366   return result;
2367 }
2368 
Curl_conn_is_osslq(const struct Curl_easy * data,const struct connectdata * conn,int sockindex)2369 bool Curl_conn_is_osslq(const struct Curl_easy *data,
2370                         const struct connectdata *conn,
2371                         int sockindex)
2372 {
2373   struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL;
2374 
2375   (void)data;
2376   for(; cf; cf = cf->next) {
2377     if(cf->cft == &Curl_cft_http3)
2378       return TRUE;
2379     if(cf->cft->flags & CF_TYPE_IP_CONNECT)
2380       return FALSE;
2381   }
2382   return FALSE;
2383 }
2384 
2385 /*
2386  * Store ngtcp2 version info in this buffer.
2387  */
Curl_osslq_ver(char * p,size_t len)2388 void Curl_osslq_ver(char *p, size_t len)
2389 {
2390   const nghttp3_info *ht3 = nghttp3_version(0);
2391   (void)msnprintf(p, len, "nghttp3/%s", ht3->version_str);
2392 }
2393 
2394 #endif /* USE_OPENSSL_QUIC && USE_NGHTTP3 */
2395