1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
21
22 typedef struct qctx_st QCTX;
23
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43 static void qctx_maybe_autotick(QCTX *ctx);
44 static int qctx_should_autotick(QCTX *ctx);
45
46 /*
47 * QUIC Front-End I/O API: Common Utilities
48 * ========================================
49 */
50
51 /*
52 * Block until a predicate is met.
53 *
54 * Precondition: Must have a channel.
55 * Precondition: Must hold channel lock (unchecked).
56 */
57 QUIC_NEEDS_LOCK
block_until_pred(QUIC_CONNECTION * qc,int (* pred)(void * arg),void * pred_arg,uint32_t flags)58 static int block_until_pred(QUIC_CONNECTION *qc,
59 int (*pred)(void *arg), void *pred_arg,
60 uint32_t flags)
61 {
62 QUIC_REACTOR *rtor;
63
64 assert(qc->ch != NULL);
65
66 /*
67 * Any attempt to block auto-disables tick inhibition as otherwise we will
68 * hang around forever.
69 */
70 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
71
72 rtor = ossl_quic_channel_get_reactor(qc->ch);
73 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
74 qc->mutex);
75 }
76
get_time(QUIC_CONNECTION * qc)77 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
78 {
79 if (qc->override_now_cb != NULL)
80 return qc->override_now_cb(qc->override_now_cb_arg);
81 else
82 return ossl_time_now();
83 }
84
get_time_cb(void * arg)85 static OSSL_TIME get_time_cb(void *arg)
86 {
87 QUIC_CONNECTION *qc = arg;
88
89 return get_time(qc);
90 }
91
92 /*
93 * QCTX is a utility structure which provides information we commonly wish to
94 * unwrap upon an API call being dispatched to us, namely:
95 *
96 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
97 * was passed);
98 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
99 * a QCSO with a default stream was passed);
100 * - whether a QSSO was passed (xso == NULL must not be used to determine this
101 * because it may be non-NULL when a QCSO is passed if that QCSO has a
102 * default stream);
103 * - whether we are in "I/O context", meaning that non-normal errors can
104 * be reported via SSL_get_error() as well as via ERR. Functions such as
105 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
106 * functions which are allowed to change the value returned by
107 * SSL_get_error. However, other functions (including functions which call
108 * SSL_do_handshake() implicitly) are not allowed to change the return value
109 * of SSL_get_error.
110 */
111 struct qctx_st {
112 QUIC_CONNECTION *qc;
113 QUIC_XSO *xso;
114 int is_stream, in_io;
115 };
116
117 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)118 static void quic_set_last_error(QCTX *ctx, int last_error)
119 {
120 if (!ctx->in_io)
121 return;
122
123 if (ctx->is_stream && ctx->xso != NULL)
124 ctx->xso->last_error = last_error;
125 else if (!ctx->is_stream && ctx->qc != NULL)
126 ctx->qc->last_error = last_error;
127 }
128
129 /*
130 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
131 * rather than via ERR. Note that normal errors must always be raised while
132 * holding a lock.
133 */
134 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)135 static int quic_raise_normal_error(QCTX *ctx,
136 int err)
137 {
138 assert(ctx->in_io);
139 quic_set_last_error(ctx, err);
140
141 return 0;
142 }
143
144 /*
145 * Raise a 'non-normal' error, meaning any error that is not reported via
146 * SSL_get_error() and must be reported via ERR.
147 *
148 * qc should be provided if available. In exceptional circumstances when qc is
149 * not known NULL may be passed. This should generally only happen when an
150 * expect_...() function defined below fails, which generally indicates a
151 * dispatch error or caller error.
152 *
153 * ctx should be NULL if the connection lock is not held.
154 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)155 static int quic_raise_non_normal_error(QCTX *ctx,
156 const char *file,
157 int line,
158 const char *func,
159 int reason,
160 const char *fmt,
161 ...)
162 {
163 va_list args;
164
165 if (ctx != NULL) {
166 quic_set_last_error(ctx, SSL_ERROR_SSL);
167
168 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
169 ossl_quic_channel_restore_err_state(ctx->qc->ch);
170 }
171
172 ERR_new();
173 ERR_set_debug(file, line, func);
174
175 va_start(args, fmt);
176 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
177 va_end(args);
178
179 return 0;
180 }
181
182 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
183 quic_raise_normal_error((ctx), (err))
184
185 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
186 quic_raise_non_normal_error((ctx), \
187 OPENSSL_FILE, OPENSSL_LINE, \
188 OPENSSL_FUNC, \
189 (reason), \
190 (msg))
191
192 /*
193 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
194 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
195 *
196 * After this returns 1, all fields of the passed QCTX are initialised.
197 * Returns 0 on failure. This function is intended to be used to provide API
198 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
199 */
expect_quic(const SSL * s,QCTX * ctx)200 static int expect_quic(const SSL *s, QCTX *ctx)
201 {
202 QUIC_CONNECTION *qc;
203 QUIC_XSO *xso;
204
205 ctx->qc = NULL;
206 ctx->xso = NULL;
207 ctx->is_stream = 0;
208
209 if (s == NULL)
210 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
211
212 switch (s->type) {
213 case SSL_TYPE_QUIC_CONNECTION:
214 qc = (QUIC_CONNECTION *)s;
215 ctx->qc = qc;
216 ctx->xso = qc->default_xso;
217 ctx->is_stream = 0;
218 ctx->in_io = 0;
219 return 1;
220
221 case SSL_TYPE_QUIC_XSO:
222 xso = (QUIC_XSO *)s;
223 ctx->qc = xso->conn;
224 ctx->xso = xso;
225 ctx->is_stream = 1;
226 ctx->in_io = 0;
227 return 1;
228
229 default:
230 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
231 }
232 }
233
234 /*
235 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
236 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
237 * stream.
238 *
239 * remote_init determines if we expect the default XSO to be remotely created or
240 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
241 *
242 * Channel mutex is acquired and retained on success.
243 */
244 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)245 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
246 int in_io, QCTX *ctx)
247 {
248 if (!expect_quic(s, ctx))
249 return 0;
250
251 if (in_io)
252 quic_lock_for_io(ctx);
253 else
254 quic_lock(ctx->qc);
255
256 if (ctx->xso == NULL && remote_init >= 0) {
257 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
258 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
259 goto err;
260 }
261
262 /* If we haven't finished the handshake, try to advance it. */
263 if (quic_do_handshake(ctx) < 1)
264 /* ossl_quic_do_handshake raised error here */
265 goto err;
266
267 if (remote_init == 0) {
268 if (!qc_try_create_default_xso_for_write(ctx))
269 goto err;
270 } else {
271 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
272 goto err;
273 }
274
275 ctx->xso = ctx->qc->default_xso;
276 }
277
278 if (ctx->xso == NULL) {
279 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
280 goto err;
281 }
282
283 return 1; /* coverity[missing_unlock]: lock held */
284
285 err:
286 quic_unlock(ctx->qc);
287 return 0;
288 }
289
290 /*
291 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
292 * be non-NULL if the QCSO has a default stream.
293 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)294 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
295 {
296 if (!expect_quic(s, ctx))
297 return 0;
298
299 if (ctx->is_stream)
300 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
301
302 return 1;
303 }
304
305 /*
306 * Ensures that the channel mutex is held for a method which touches channel
307 * state.
308 *
309 * Precondition: Channel mutex is not held (unchecked)
310 */
quic_lock(QUIC_CONNECTION * qc)311 static void quic_lock(QUIC_CONNECTION *qc)
312 {
313 #if defined(OPENSSL_THREADS)
314 ossl_crypto_mutex_lock(qc->mutex);
315 #endif
316 }
317
quic_lock_for_io(QCTX * ctx)318 static void quic_lock_for_io(QCTX *ctx)
319 {
320 quic_lock(ctx->qc);
321 ctx->in_io = 1;
322
323 /*
324 * We are entering an I/O function so we must update the values returned by
325 * SSL_get_error and SSL_want. Set no error. This will be overridden later
326 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
327 * occurs during the API call.
328 */
329 quic_set_last_error(ctx, SSL_ERROR_NONE);
330 }
331
332 /* Precondition: Channel mutex is held (unchecked) */
333 QUIC_NEEDS_LOCK
quic_unlock(QUIC_CONNECTION * qc)334 static void quic_unlock(QUIC_CONNECTION *qc)
335 {
336 #if defined(OPENSSL_THREADS)
337 ossl_crypto_mutex_unlock(qc->mutex);
338 #endif
339 }
340
341 /*
342 * This predicate is the criterion which should determine API call rejection for
343 * *most* mutating API calls, particularly stream-related operations for send
344 * parts.
345 *
346 * A call is rejected (this function returns 0) if shutdown is in progress
347 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
348 * req_active=1, the connection must be active (i.e., the IDLE state is also
349 * rejected).
350 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)351 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
352 {
353 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
354 return 0;
355
356 if (req_active && !ossl_quic_channel_is_active(qc->ch))
357 return 0;
358
359 return 1;
360 }
361
362 /*
363 * QUIC Front-End I/O API: Initialization
364 * ======================================
365 *
366 * SSL_new => ossl_quic_new
367 * ossl_quic_init
368 * SSL_reset => ossl_quic_reset
369 * SSL_clear => ossl_quic_clear
370 * ossl_quic_deinit
371 * SSL_free => ossl_quic_free
372 *
373 * SSL_set_options => ossl_quic_set_options
374 * SSL_get_options => ossl_quic_get_options
375 * SSL_clear_options => ossl_quic_clear_options
376 *
377 */
378
379 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)380 SSL *ossl_quic_new(SSL_CTX *ctx)
381 {
382 QUIC_CONNECTION *qc = NULL;
383 SSL *ssl_base = NULL;
384 SSL_CONNECTION *sc = NULL;
385
386 qc = OPENSSL_zalloc(sizeof(*qc));
387 if (qc == NULL) {
388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
389 return NULL;
390 }
391 #if defined(OPENSSL_THREADS)
392 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
393 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
394 goto err;
395 }
396 #endif
397
398 /* Initialise the QUIC_CONNECTION's stub header. */
399 ssl_base = &qc->ssl;
400 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
401 ssl_base = NULL;
402 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
403 goto err;
404 }
405
406 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
407 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
408 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
409 goto err;
410 }
411
412 /* override the user_ssl of the inner connection */
413 sc->s3.flags |= TLS1_FLAGS_QUIC;
414
415 /* Restrict options derived from the SSL_CTX. */
416 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
417 sc->pha_enabled = 0;
418
419 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
420 qc->is_thread_assisted
421 = (ssl_base->method == OSSL_QUIC_client_thread_method());
422 #endif
423
424 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
425 qc->as_server_state = qc->as_server;
426
427 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
428 qc->default_ssl_mode = qc->ssl.ctx->mode;
429 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
430 qc->desires_blocking = 1;
431 qc->blocking = 0;
432 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
433 qc->last_error = SSL_ERROR_NONE;
434
435 if (!create_channel(qc))
436 goto err;
437
438 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
439 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
440
441 qc_update_reject_policy(qc);
442
443 /*
444 * We do not create the default XSO yet. The reason for this is that the
445 * stream ID of the default XSO will depend on whether the stream is client
446 * or server-initiated, which depends on who transmits first. Since we do
447 * not know whether the application will be using a client-transmits-first
448 * or server-transmits-first protocol, we defer default XSO creation until
449 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
450 * we take that as a cue that the client is expecting a server-initiated
451 * stream, and vice versa if SSL_write() is called first.
452 */
453 return ssl_base;
454
455 err:
456 if (ssl_base == NULL) {
457 #if defined(OPENSSL_THREADS)
458 ossl_crypto_mutex_free(&qc->mutex);
459 #endif
460 OPENSSL_free(qc);
461 } else {
462 SSL_free(ssl_base);
463 }
464 return NULL;
465 }
466
467 /* SSL_free */
468 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)469 void ossl_quic_free(SSL *s)
470 {
471 QCTX ctx;
472 int is_default;
473
474 /* We should never be called on anything but a QSO. */
475 if (!expect_quic(s, &ctx))
476 return;
477
478 quic_lock(ctx.qc);
479
480 if (ctx.is_stream) {
481 /*
482 * When a QSSO is freed, the XSO is freed immediately, because the XSO
483 * itself only contains API personality layer data. However the
484 * underlying QUIC_STREAM is not freed immediately but is instead marked
485 * as deleted for later collection.
486 */
487
488 assert(ctx.qc->num_xso > 0);
489 --ctx.qc->num_xso;
490
491 /* If a stream's send part has not been finished, auto-reset it. */
492 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
493 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
494 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
495 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
496 ctx.xso->stream, 0);
497
498 /* Do STOP_SENDING for the receive part, if applicable. */
499 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
500 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
501 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
502 ctx.xso->stream, 0);
503
504 /* Update stream state. */
505 ctx.xso->stream->deleted = 1;
506 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
507 ctx.xso->stream);
508
509 is_default = (ctx.xso == ctx.qc->default_xso);
510 quic_unlock(ctx.qc);
511
512 /*
513 * Unref the connection in most cases; the XSO has a ref to the QC and
514 * not vice versa. But for a default XSO, to avoid circular references,
515 * the QC refs the XSO but the XSO does not ref the QC. If we are the
516 * default XSO, we only get here when the QC is being torn down anyway,
517 * so don't call SSL_free(qc) as we are already in it.
518 */
519 if (!is_default)
520 SSL_free(&ctx.qc->ssl);
521
522 /* Note: SSL_free calls OPENSSL_free(xso) for us */
523 return;
524 }
525
526 /*
527 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
528 * stage, but is freed during the channel free when the whole QSM is freed.
529 */
530 if (ctx.qc->default_xso != NULL) {
531 QUIC_XSO *xso = ctx.qc->default_xso;
532
533 quic_unlock(ctx.qc);
534 SSL_free(&xso->ssl);
535 quic_lock(ctx.qc);
536 ctx.qc->default_xso = NULL;
537 }
538
539 /* Ensure we have no remaining XSOs. */
540 assert(ctx.qc->num_xso == 0);
541
542 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
543 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
544 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
545 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
546 }
547 #endif
548
549 SSL_free(ctx.qc->tls);
550
551 ossl_quic_channel_free(ctx.qc->ch);
552 ossl_quic_port_free(ctx.qc->port);
553 ossl_quic_engine_free(ctx.qc->engine);
554
555 BIO_free_all(ctx.qc->net_rbio);
556 BIO_free_all(ctx.qc->net_wbio);
557
558 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
559 #if defined(OPENSSL_THREADS)
560 ossl_crypto_mutex_free(&ctx.qc->mutex);
561 #endif
562
563 /*
564 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
565 * us
566 */
567 }
568
569 /* SSL method init */
ossl_quic_init(SSL * s)570 int ossl_quic_init(SSL *s)
571 {
572 /* Same op as SSL_clear, forward the call. */
573 return ossl_quic_clear(s);
574 }
575
576 /* SSL method deinit */
ossl_quic_deinit(SSL * s)577 void ossl_quic_deinit(SSL *s)
578 {
579 /* No-op. */
580 }
581
582 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)583 int ossl_quic_reset(SSL *s)
584 {
585 QCTX ctx;
586
587 if (!expect_quic(s, &ctx))
588 return 0;
589
590 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
591 return 0;
592 }
593
594 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)595 int ossl_quic_clear(SSL *s)
596 {
597 QCTX ctx;
598
599 if (!expect_quic(s, &ctx))
600 return 0;
601
602 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
603 return 0;
604 }
605
ossl_quic_conn_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)606 int ossl_quic_conn_set_override_now_cb(SSL *s,
607 OSSL_TIME (*now_cb)(void *arg),
608 void *now_cb_arg)
609 {
610 QCTX ctx;
611
612 if (!expect_quic(s, &ctx))
613 return 0;
614
615 quic_lock(ctx.qc);
616
617 ctx.qc->override_now_cb = now_cb;
618 ctx.qc->override_now_cb_arg = now_cb_arg;
619
620 quic_unlock(ctx.qc);
621 return 1;
622 }
623
ossl_quic_conn_force_assist_thread_wake(SSL * s)624 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
625 {
626 QCTX ctx;
627
628 if (!expect_quic(s, &ctx))
629 return;
630
631 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
632 if (ctx.qc->is_thread_assisted && ctx.qc->started)
633 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
634 #endif
635 }
636
637 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)638 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
639 {
640 qc->default_xso_created = 1;
641 qc_update_reject_policy(qc);
642 }
643
644 /*
645 * Changes default XSO. Allows caller to keep reference to the old default XSO
646 * (if any). Reference to new XSO is transferred from caller.
647 */
648 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)649 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
650 int touch,
651 QUIC_XSO **old_xso)
652 {
653 int refs;
654
655 *old_xso = NULL;
656
657 if (qc->default_xso != xso) {
658 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
659
660 qc->default_xso = xso;
661
662 if (xso == NULL) {
663 /*
664 * Changing to not having a default XSO. XSO becomes standalone and
665 * now has a ref to the QC.
666 */
667 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
668 return;
669 } else {
670 /*
671 * Changing from not having a default XSO to having one. The new XSO
672 * will have had a reference to the QC we need to drop to avoid a
673 * circular reference.
674 *
675 * Currently we never change directly from one default XSO to
676 * another, though this function would also still be correct if this
677 * weren't the case.
678 */
679 assert(*old_xso == NULL);
680
681 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
682 assert(refs > 0);
683 }
684 }
685
686 if (touch)
687 qc_touch_default_xso(qc);
688 }
689
690 /*
691 * Changes default XSO, releasing the reference to any previous default XSO.
692 * Reference to new XSO is transferred from caller.
693 */
694 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)695 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
696 {
697 QUIC_XSO *old_xso = NULL;
698
699 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
700
701 if (old_xso != NULL)
702 SSL_free(&old_xso->ssl);
703 }
704
705 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)706 static void xso_update_options(QUIC_XSO *xso)
707 {
708 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
709
710 if (xso->stream->rstream != NULL)
711 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
712
713 if (xso->stream->sstream != NULL)
714 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
715 }
716
717 /*
718 * SSL_set_options
719 * ---------------
720 *
721 * Setting options on a QCSO
722 * - configures the handshake-layer options;
723 * - configures the default data-plane options for new streams;
724 * - configures the data-plane options on the default XSO, if there is one.
725 *
726 * Setting options on a QSSO
727 * - configures data-plane options for that stream only.
728 */
729 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)730 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
731 {
732 QCTX ctx;
733 uint64_t hs_mask_value, hs_or_value, ret;
734
735 if (!expect_quic(ssl, &ctx))
736 return 0;
737
738 quic_lock(ctx.qc);
739
740 if (!ctx.is_stream) {
741 /*
742 * If we were called on the connection, we apply any handshake option
743 * changes.
744 */
745 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
746 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
747
748 SSL_clear_options(ctx.qc->tls, hs_mask_value);
749 SSL_set_options(ctx.qc->tls, hs_or_value);
750
751 /* Update defaults for new streams. */
752 ctx.qc->default_ssl_options
753 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
754 & OSSL_QUIC_PERMITTED_OPTIONS;
755 }
756
757 if (ctx.xso != NULL) {
758 ctx.xso->ssl_options
759 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
760 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
761
762 xso_update_options(ctx.xso);
763 }
764
765 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
766
767 quic_unlock(ctx.qc);
768 return ret;
769 }
770
ossl_quic_set_options(SSL * ssl,uint64_t options)771 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
772 {
773 return quic_mask_or_options(ssl, 0, options);
774 }
775
776 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)777 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
778 {
779 return quic_mask_or_options(ssl, options, 0);
780 }
781
782 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)783 uint64_t ossl_quic_get_options(const SSL *ssl)
784 {
785 return quic_mask_or_options((SSL *)ssl, 0, 0);
786 }
787
788 /*
789 * QUIC Front-End I/O API: Network BIO Configuration
790 * =================================================
791 *
792 * Handling the different BIOs is difficult:
793 *
794 * - It is more or less a requirement that we use non-blocking network I/O;
795 * we need to be able to have timeouts on recv() calls, and make best effort
796 * (non blocking) send() and recv() calls.
797 *
798 * The only sensible way to do this is to configure the socket into
799 * non-blocking mode. We could try to do select() before calling send() or
800 * recv() to get a guarantee that the call will not block, but this will
801 * probably run into issues with buggy OSes which generate spurious socket
802 * readiness events. In any case, relying on this to work reliably does not
803 * seem sane.
804 *
805 * Timeouts could be handled via setsockopt() socket timeout options, but
806 * this depends on OS support and adds another syscall to every network I/O
807 * operation. It also has obvious thread safety concerns if we want to move
808 * to concurrent use of a single socket at some later date.
809 *
810 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
811 * be made non-blocking. However some OSes (e.g. Windows) do not support
812 * this, so we cannot rely on this.
813 *
814 * As such, we need to configure any FD in non-blocking mode. This may
815 * confound users who pass a blocking socket to libssl. However, in practice
816 * it would be extremely strange for a user of QUIC to pass an FD to us,
817 * then also try and send receive traffic on the same socket(!). Thus the
818 * impact of this should be limited, and can be documented.
819 *
820 * - We support both blocking and non-blocking operation in terms of the API
821 * presented to the user. One prospect is to set the blocking mode based on
822 * whether the socket passed to us was already in blocking mode. However,
823 * Windows has no API for determining if a socket is in blocking mode (!),
824 * therefore this cannot be done portably. Currently therefore we expose an
825 * explicit API call to set this, and default to blocking mode.
826 *
827 * - We need to determine our initial destination UDP address. The "natural"
828 * way for a user to do this is to set the peer variable on a BIO_dgram.
829 * However, this has problems because BIO_dgram's peer variable is used for
830 * both transmission and reception. This means it can be constantly being
831 * changed to a malicious value (e.g. if some random unrelated entity on the
832 * network starts sending traffic to us) on every read call. This is not a
833 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
834 * calls only, which do not use this variable. However, we do need to let
835 * the user specify the peer in a 'normal' manner. The compromise here is
836 * that we grab the current peer value set at the time the write BIO is set
837 * and do not read the value again.
838 *
839 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
840 * Currently we do this by only supporting non-blocking mode.
841 *
842 */
843
844 /*
845 * Determines what initial destination UDP address we should use, if possible.
846 * If this fails the client must set the destination address manually, or use a
847 * BIO which does not need a destination address.
848 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)849 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
850 {
851 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
852 return 0;
853
854 return 1;
855 }
856
qc_can_support_blocking_cached(QUIC_CONNECTION * qc)857 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
858 {
859 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
860
861 return ossl_quic_reactor_can_poll_r(rtor)
862 && ossl_quic_reactor_can_poll_w(rtor);
863 }
864
qc_update_can_support_blocking(QUIC_CONNECTION * qc)865 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
866 {
867 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
868 }
869
qc_update_blocking_mode(QUIC_CONNECTION * qc)870 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
871 {
872 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
873 }
874
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)875 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
876 {
877 QCTX ctx;
878
879 if (!expect_quic(s, &ctx))
880 return;
881
882 if (ctx.qc->net_rbio == net_rbio)
883 return;
884
885 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
886 return;
887
888 BIO_free_all(ctx.qc->net_rbio);
889 ctx.qc->net_rbio = net_rbio;
890
891 if (net_rbio != NULL)
892 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
893
894 /*
895 * Determine if the current pair of read/write BIOs now set allows blocking
896 * mode to be supported.
897 */
898 qc_update_can_support_blocking(ctx.qc);
899 qc_update_blocking_mode(ctx.qc);
900 }
901
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)902 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
903 {
904 QCTX ctx;
905
906 if (!expect_quic(s, &ctx))
907 return;
908
909 if (ctx.qc->net_wbio == net_wbio)
910 return;
911
912 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
913 return;
914
915 BIO_free_all(ctx.qc->net_wbio);
916 ctx.qc->net_wbio = net_wbio;
917
918 if (net_wbio != NULL)
919 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
920
921 /*
922 * Determine if the current pair of read/write BIOs now set allows blocking
923 * mode to be supported.
924 */
925 qc_update_can_support_blocking(ctx.qc);
926 qc_update_blocking_mode(ctx.qc);
927 }
928
ossl_quic_conn_get_net_rbio(const SSL * s)929 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
930 {
931 QCTX ctx;
932
933 if (!expect_quic(s, &ctx))
934 return NULL;
935
936 return ctx.qc->net_rbio;
937 }
938
ossl_quic_conn_get_net_wbio(const SSL * s)939 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
940 {
941 QCTX ctx;
942
943 if (!expect_quic(s, &ctx))
944 return NULL;
945
946 return ctx.qc->net_wbio;
947 }
948
ossl_quic_conn_get_blocking_mode(const SSL * s)949 int ossl_quic_conn_get_blocking_mode(const SSL *s)
950 {
951 QCTX ctx;
952
953 if (!expect_quic(s, &ctx))
954 return 0;
955
956 if (ctx.is_stream)
957 return xso_blocking_mode(ctx.xso);
958
959 return qc_blocking_mode(ctx.qc);
960 }
961
962 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)963 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
964 {
965 int ret = 0;
966 QCTX ctx;
967
968 if (!expect_quic(s, &ctx))
969 return 0;
970
971 quic_lock(ctx.qc);
972
973 /* Sanity check - can we support the request given the current network BIO? */
974 if (blocking) {
975 /*
976 * If called directly on a QCSO, update our information on network BIO
977 * capabilities.
978 */
979 if (!ctx.is_stream)
980 qc_update_can_support_blocking(ctx.qc);
981
982 /* Cannot enable blocking mode if we do not have pollable FDs. */
983 if (!qc_can_support_blocking_cached(ctx.qc)) {
984 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
985 goto out;
986 }
987 }
988
989 if (!ctx.is_stream)
990 /*
991 * If called directly on a QCSO, update default and connection-level
992 * blocking modes.
993 */
994 ctx.qc->desires_blocking = (blocking != 0);
995
996 if (ctx.xso != NULL) {
997 /*
998 * If called on a QSSO or a QCSO with a default XSO, update the blocking
999 * mode.
1000 */
1001 ctx.xso->desires_blocking = (blocking != 0);
1002 ctx.xso->desires_blocking_set = 1;
1003 }
1004
1005 ret = 1;
1006 out:
1007 qc_update_blocking_mode(ctx.qc);
1008 quic_unlock(ctx.qc);
1009 return ret;
1010 }
1011
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1012 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1013 const BIO_ADDR *peer_addr)
1014 {
1015 QCTX ctx;
1016
1017 if (!expect_quic(s, &ctx))
1018 return 0;
1019
1020 if (ctx.qc->started)
1021 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1022 NULL);
1023
1024 if (peer_addr == NULL) {
1025 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1026 return 1;
1027 }
1028
1029 ctx.qc->init_peer_addr = *peer_addr;
1030 return 1;
1031 }
1032
1033 /*
1034 * QUIC Front-End I/O API: Asynchronous I/O Management
1035 * ===================================================
1036 *
1037 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1038 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1039 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1040 *
1041 */
1042
1043 /* Returns 1 if the connection is being used in blocking mode. */
qc_blocking_mode(const QUIC_CONNECTION * qc)1044 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1045 {
1046 return qc->blocking;
1047 }
1048
xso_blocking_mode(const QUIC_XSO * xso)1049 static int xso_blocking_mode(const QUIC_XSO *xso)
1050 {
1051 if (xso->desires_blocking_set)
1052 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1053 else
1054 /* Only ever set if we can support blocking. */
1055 return xso->conn->blocking;
1056 }
1057
1058 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1059 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1060 int ossl_quic_handle_events(SSL *s)
1061 {
1062 QCTX ctx;
1063
1064 if (!expect_quic(s, &ctx))
1065 return 0;
1066
1067 quic_lock(ctx.qc);
1068 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1069 quic_unlock(ctx.qc);
1070 return 1;
1071 }
1072
1073 /*
1074 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1075 * should next have events handled by the application by calling
1076 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1077 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1078 * the value of *tv is undefined.
1079 */
1080 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1081 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1082 {
1083 QCTX ctx;
1084 OSSL_TIME deadline = ossl_time_infinite();
1085
1086 if (!expect_quic(s, &ctx))
1087 return 0;
1088
1089 quic_lock(ctx.qc);
1090
1091 deadline
1092 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1093
1094 if (ossl_time_is_infinite(deadline)) {
1095 *is_infinite = 1;
1096
1097 /*
1098 * Robustness against faulty applications that don't check *is_infinite;
1099 * harmless long timeout.
1100 */
1101 tv->tv_sec = 1000000;
1102 tv->tv_usec = 0;
1103
1104 quic_unlock(ctx.qc);
1105 return 1;
1106 }
1107
1108 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1109 *is_infinite = 0;
1110 quic_unlock(ctx.qc);
1111 return 1;
1112 }
1113
1114 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1115 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1116 {
1117 QCTX ctx;
1118
1119 if (!expect_quic(s, &ctx))
1120 return 0;
1121
1122 if (desc == NULL || ctx.qc->net_rbio == NULL)
1123 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1124 NULL);
1125
1126 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1127 }
1128
1129 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1130 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1131 {
1132 QCTX ctx;
1133
1134 if (!expect_quic(s, &ctx))
1135 return 0;
1136
1137 if (desc == NULL || ctx.qc->net_wbio == NULL)
1138 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1139 NULL);
1140
1141 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1142 }
1143
1144 /* SSL_net_read_desired */
1145 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1146 int ossl_quic_get_net_read_desired(SSL *s)
1147 {
1148 QCTX ctx;
1149 int ret;
1150
1151 if (!expect_quic(s, &ctx))
1152 return 0;
1153
1154 quic_lock(ctx.qc);
1155 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1156 quic_unlock(ctx.qc);
1157 return ret;
1158 }
1159
1160 /* SSL_net_write_desired */
1161 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1162 int ossl_quic_get_net_write_desired(SSL *s)
1163 {
1164 int ret;
1165 QCTX ctx;
1166
1167 if (!expect_quic(s, &ctx))
1168 return 0;
1169
1170 quic_lock(ctx.qc);
1171 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1172 quic_unlock(ctx.qc);
1173 return ret;
1174 }
1175
1176 /*
1177 * QUIC Front-End I/O API: Connection Lifecycle Operations
1178 * =======================================================
1179 *
1180 * SSL_do_handshake => ossl_quic_do_handshake
1181 * SSL_set_connect_state => ossl_quic_set_connect_state
1182 * SSL_set_accept_state => ossl_quic_set_accept_state
1183 * SSL_shutdown => ossl_quic_shutdown
1184 * SSL_ctrl => ossl_quic_ctrl
1185 * (BIO/)SSL_connect => ossl_quic_connect
1186 * (BIO/)SSL_accept => ossl_quic_accept
1187 *
1188 */
1189
1190 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1191 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1192 {
1193 QUIC_STREAM_MAP *qsm;
1194
1195 if (qc->shutting_down)
1196 return;
1197
1198 qsm = ossl_quic_channel_get_qsm(qc->ch);
1199
1200 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1201 qc->shutting_down = 1;
1202 }
1203
1204 /* Returns 1 if all shutdown-flush streams have been done with. */
1205 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1206 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1207 {
1208 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1209
1210 return qc->shutting_down
1211 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1212 }
1213
1214 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1215 static int quic_shutdown_wait(void *arg)
1216 {
1217 QUIC_CONNECTION *qc = arg;
1218
1219 return ossl_quic_channel_is_terminated(qc->ch);
1220 }
1221
1222 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1223 static int quic_shutdown_flush_wait(void *arg)
1224 {
1225 QUIC_CONNECTION *qc = arg;
1226
1227 return ossl_quic_channel_is_term_any(qc->ch)
1228 || qc_shutdown_flush_finished(qc);
1229 }
1230
quic_shutdown_peer_wait(void * arg)1231 static int quic_shutdown_peer_wait(void *arg)
1232 {
1233 QUIC_CONNECTION *qc = arg;
1234 return ossl_quic_channel_is_term_any(qc->ch);
1235 }
1236
1237 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1238 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1239 const SSL_SHUTDOWN_EX_ARGS *args,
1240 size_t args_len)
1241 {
1242 int ret;
1243 QCTX ctx;
1244 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1245 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1246 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1247
1248 if (!expect_quic(s, &ctx))
1249 return -1;
1250
1251 if (ctx.is_stream) {
1252 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1253 return -1;
1254 }
1255
1256 quic_lock(ctx.qc);
1257
1258 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1259 quic_unlock(ctx.qc);
1260 return 1;
1261 }
1262
1263 /* Phase 1: Stream Flushing */
1264 if (!wait_peer && stream_flush) {
1265 qc_shutdown_flush_init(ctx.qc);
1266
1267 if (!qc_shutdown_flush_finished(ctx.qc)) {
1268 if (!no_block && qc_blocking_mode(ctx.qc)) {
1269 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1270 if (ret < 1) {
1271 ret = 0;
1272 goto err;
1273 }
1274 } else {
1275 qctx_maybe_autotick(&ctx);
1276 }
1277 }
1278
1279 if (!qc_shutdown_flush_finished(ctx.qc)) {
1280 quic_unlock(ctx.qc);
1281 return 0; /* ongoing */
1282 }
1283 }
1284
1285 /* Phase 2: Connection Closure */
1286 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1287 if (!no_block && qc_blocking_mode(ctx.qc)) {
1288 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1289 if (ret < 1) {
1290 ret = 0;
1291 goto err;
1292 }
1293 } else {
1294 qctx_maybe_autotick(&ctx);
1295 }
1296
1297 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1298 ret = 0; /* peer hasn't closed yet - still not done */
1299 goto err;
1300 }
1301
1302 /*
1303 * We are at least terminating - go through the normal process of
1304 * waiting until we are in the TERMINATED state.
1305 */
1306 }
1307
1308 /* Block mutation ops regardless of if we did stream flush. */
1309 ctx.qc->shutting_down = 1;
1310
1311 /*
1312 * This call is a no-op if we are already terminating, so it doesn't
1313 * affect the wait_peer case.
1314 */
1315 ossl_quic_channel_local_close(ctx.qc->ch,
1316 args != NULL ? args->quic_error_code : 0,
1317 args != NULL ? args->quic_reason : NULL);
1318
1319 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1320
1321 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1322 quic_unlock(ctx.qc);
1323 return 1;
1324 }
1325
1326 /* Phase 3: Terminating Wait Time */
1327 if (!no_block && qc_blocking_mode(ctx.qc)
1328 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1329 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1330 if (ret < 1) {
1331 ret = 0;
1332 goto err;
1333 }
1334 } else {
1335 qctx_maybe_autotick(&ctx);
1336 }
1337
1338 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1339 err:
1340 quic_unlock(ctx.qc);
1341 return ret;
1342 }
1343
1344 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1345 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1346 {
1347 QCTX ctx;
1348
1349 if (!expect_quic(s, &ctx))
1350 return 0;
1351
1352 switch (cmd) {
1353 case SSL_CTRL_MODE:
1354 /* If called on a QCSO, update the default mode. */
1355 if (!ctx.is_stream)
1356 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1357
1358 /*
1359 * If we were called on a QSSO or have a default stream, we also update
1360 * that.
1361 */
1362 if (ctx.xso != NULL) {
1363 /* Cannot enable EPW while AON write in progress. */
1364 if (ctx.xso->aon_write_in_progress)
1365 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1366
1367 ctx.xso->ssl_mode |= (uint32_t)larg;
1368 return ctx.xso->ssl_mode;
1369 }
1370
1371 return ctx.qc->default_ssl_mode;
1372 case SSL_CTRL_CLEAR_MODE:
1373 if (!ctx.is_stream)
1374 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1375
1376 if (ctx.xso != NULL) {
1377 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1378 return ctx.xso->ssl_mode;
1379 }
1380
1381 return ctx.qc->default_ssl_mode;
1382
1383 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1384 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1385 /* This ctrl also needs to be passed to the internal SSL object */
1386 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1387
1388 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1389 {
1390 int is_infinite;
1391
1392 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1393 return 0;
1394
1395 return !is_infinite;
1396 }
1397 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1398 /* For legacy compatibility with DTLS calls. */
1399 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1400
1401 /* Mask ctrls we shouldn't support for QUIC. */
1402 case SSL_CTRL_GET_READ_AHEAD:
1403 case SSL_CTRL_SET_READ_AHEAD:
1404 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1405 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1406 case SSL_CTRL_SET_MAX_PIPELINES:
1407 return 0;
1408
1409 default:
1410 /*
1411 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1412 * implementation. Either SSL_ctrl will handle it itself by direct
1413 * access into handshake layer state, or failing that, it will be passed
1414 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1415 * supported by anything, the handshake layer's ctrl method will finally
1416 * return 0.
1417 */
1418 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1419 }
1420 }
1421
1422 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s)1423 void ossl_quic_set_connect_state(SSL *s)
1424 {
1425 QCTX ctx;
1426
1427 if (!expect_quic(s, &ctx))
1428 return;
1429
1430 /* Cannot be changed after handshake started */
1431 if (ctx.qc->started || ctx.is_stream)
1432 return;
1433
1434 ctx.qc->as_server_state = 0;
1435 }
1436
1437 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s)1438 void ossl_quic_set_accept_state(SSL *s)
1439 {
1440 QCTX ctx;
1441
1442 if (!expect_quic(s, &ctx))
1443 return;
1444
1445 /* Cannot be changed after handshake started */
1446 if (ctx.qc->started || ctx.is_stream)
1447 return;
1448
1449 ctx.qc->as_server_state = 1;
1450 }
1451
1452 /* SSL_do_handshake */
1453 struct quic_handshake_wait_args {
1454 QUIC_CONNECTION *qc;
1455 };
1456
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1457 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1458 {
1459 int want = SSL_want(qc->tls);
1460
1461 if (want == SSL_X509_LOOKUP
1462 || want == SSL_CLIENT_HELLO_CB
1463 || want == SSL_RETRY_VERIFY)
1464 return 1;
1465
1466 return 0;
1467 }
1468
quic_handshake_wait(void * arg)1469 static int quic_handshake_wait(void *arg)
1470 {
1471 struct quic_handshake_wait_args *args = arg;
1472
1473 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1474 return -1;
1475
1476 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1477 return 1;
1478
1479 if (tls_wants_non_io_retry(args->qc))
1480 return 1;
1481
1482 return 0;
1483 }
1484
configure_channel(QUIC_CONNECTION * qc)1485 static int configure_channel(QUIC_CONNECTION *qc)
1486 {
1487 assert(qc->ch != NULL);
1488
1489 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1490 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1491 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1492 return 0;
1493
1494 return 1;
1495 }
1496
1497 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc)1498 static int create_channel(QUIC_CONNECTION *qc)
1499 {
1500 QUIC_ENGINE_ARGS engine_args = {0};
1501 QUIC_PORT_ARGS port_args = {0};
1502
1503 engine_args.libctx = qc->ssl.ctx->libctx;
1504 engine_args.propq = qc->ssl.ctx->propq;
1505 engine_args.mutex = qc->mutex;
1506 engine_args.now_cb = get_time_cb;
1507 engine_args.now_cb_arg = qc;
1508 qc->engine = ossl_quic_engine_new(&engine_args);
1509 if (qc->engine == NULL) {
1510 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1511 return 0;
1512 }
1513
1514 port_args.channel_ctx = qc->ssl.ctx;
1515 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1516 if (qc->port == NULL) {
1517 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1518 ossl_quic_engine_free(qc->engine);
1519 return 0;
1520 }
1521
1522 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1523 if (qc->ch == NULL) {
1524 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1525 ossl_quic_port_free(qc->port);
1526 ossl_quic_engine_free(qc->engine);
1527 return 0;
1528 }
1529
1530 return 1;
1531 }
1532
1533 /*
1534 * Configures a channel with the information we have accumulated via calls made
1535 * to us from the application prior to starting a handshake attempt.
1536 */
1537 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1538 static int ensure_channel_started(QCTX *ctx)
1539 {
1540 QUIC_CONNECTION *qc = ctx->qc;
1541
1542 if (!qc->started) {
1543 if (!configure_channel(qc)) {
1544 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1545 "failed to configure channel");
1546 return 0;
1547 }
1548
1549 if (!ossl_quic_channel_start(qc->ch)) {
1550 ossl_quic_channel_restore_err_state(qc->ch);
1551 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1552 "failed to start channel");
1553 return 0;
1554 }
1555
1556 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1557 if (qc->is_thread_assisted)
1558 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1559 qc->override_now_cb,
1560 qc->override_now_cb_arg)) {
1561 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1562 "failed to start assist thread");
1563 return 0;
1564 }
1565 #endif
1566 }
1567
1568 qc->started = 1;
1569 return 1;
1570 }
1571
1572 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1573 static int quic_do_handshake(QCTX *ctx)
1574 {
1575 int ret;
1576 QUIC_CONNECTION *qc = ctx->qc;
1577
1578 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1579 /* Handshake already completed. */
1580 return 1;
1581
1582 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1583 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1584
1585 if (qc->as_server != qc->as_server_state) {
1586 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1587 return -1; /* Non-protocol error */
1588 }
1589
1590 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1591 /* Need read and write BIOs. */
1592 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1593 return -1; /* Non-protocol error */
1594 }
1595
1596 /*
1597 * We need to determine our addressing mode. There are basically two
1598 * ways we can use L4 addresses:
1599 *
1600 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1601 * addresses attached to them which we expect the underlying network BIO
1602 * to handle;
1603 *
1604 * - Unaddressed mode, in which the BIO provided to us on the
1605 * network side neither provides us with L4 addresses nor is capable of
1606 * honouring ones we provide. We don't know where the QUIC traffic we
1607 * send ends up exactly and trust the application to know what it is
1608 * doing.
1609 *
1610 * Addressed mode is preferred because it enables support for connection
1611 * migration, multipath, etc. in the future. Addressed mode is automatically
1612 * enabled if we are using e.g. BIO_s_datagram, with or without
1613 * BIO_s_connect.
1614 *
1615 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1616 * use unaddressed mode unless that BIO supports capability flags indicating
1617 * it can provide and honour L4 addresses.
1618 *
1619 * Our strategy for determining address mode is simple: we probe the
1620 * underlying network BIOs for their capabilities. If the network BIOs
1621 * support what we need, we use addressed mode. Otherwise, we use
1622 * unaddressed mode.
1623 *
1624 * If addressed mode is chosen, we require an initial peer address to be
1625 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1626 * require this, as such an address is superfluous, though it can be set if
1627 * desired.
1628 */
1629 if (!qc->started && !qc->addressing_probe_done) {
1630 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1631 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1632
1633 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1634 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1635 qc->addressing_probe_done = 1;
1636 }
1637
1638 if (!qc->started && qc->addressed_mode_w
1639 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1640 /*
1641 * We are trying to connect and are using addressed mode, which means we
1642 * need an initial peer address; if we do not have a peer address yet,
1643 * we should try to autodetect one.
1644 *
1645 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1646 * may not be able to provide us with a peer address until they have
1647 * finished their own processing. They may not be able to perform this
1648 * processing until an application has finished configuring that BIO
1649 * (e.g. with setter calls), which might happen after SSL_set_bio is
1650 * called.
1651 */
1652 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1653 /* best effort */
1654 BIO_ADDR_clear(&qc->init_peer_addr);
1655 else
1656 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1657 }
1658
1659 if (!qc->started
1660 && qc->addressed_mode_w
1661 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1662 /*
1663 * If we still don't have a peer address in addressed mode, we can't do
1664 * anything.
1665 */
1666 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1667 return -1; /* Non-protocol error */
1668 }
1669
1670 /*
1671 * Start connection process. Note we may come here multiple times in
1672 * non-blocking mode, which is fine.
1673 */
1674 if (!ensure_channel_started(ctx)) /* raises on failure */
1675 return -1; /* Non-protocol error */
1676
1677 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1678 /* The handshake is now done. */
1679 return 1;
1680
1681 if (!qc_blocking_mode(qc)) {
1682 /* Try to advance the reactor. */
1683 qctx_maybe_autotick(ctx);
1684
1685 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1686 /* The handshake is now done. */
1687 return 1;
1688
1689 if (ossl_quic_channel_is_term_any(qc->ch)) {
1690 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1691 return 0;
1692 } else if (qc->desires_blocking) {
1693 /*
1694 * As a special case when doing a handshake when blocking mode is
1695 * desired yet not available, see if the network BIOs have become
1696 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1697 * which do late creation of socket FDs and therefore cannot expose
1698 * a poll descriptor until after a network BIO is set on the QCSO.
1699 */
1700 assert(!qc->blocking);
1701 qc_update_can_support_blocking(qc);
1702 qc_update_blocking_mode(qc);
1703 }
1704 }
1705
1706 /*
1707 * We are either in blocking mode or just entered it due to the code above.
1708 */
1709 if (qc_blocking_mode(qc)) {
1710 /* In blocking mode, wait for the handshake to complete. */
1711 struct quic_handshake_wait_args args;
1712
1713 args.qc = qc;
1714
1715 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1716 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1717 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1718 return 0; /* Shutdown before completion */
1719 } else if (ret <= 0) {
1720 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1721 return -1; /* Non-protocol error */
1722 }
1723
1724 if (tls_wants_non_io_retry(qc)) {
1725 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1726 return -1;
1727 }
1728
1729 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1730 return 1;
1731 }
1732
1733 if (tls_wants_non_io_retry(qc)) {
1734 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1735 return -1;
1736 }
1737
1738 /*
1739 * Otherwise, indicate that the handshake isn't done yet.
1740 * We can only get here in non-blocking mode.
1741 */
1742 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1743 return -1; /* Non-protocol error */
1744 }
1745
1746 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)1747 int ossl_quic_do_handshake(SSL *s)
1748 {
1749 int ret;
1750 QCTX ctx;
1751
1752 if (!expect_quic(s, &ctx))
1753 return 0;
1754
1755 quic_lock_for_io(&ctx);
1756
1757 ret = quic_do_handshake(&ctx);
1758 quic_unlock(ctx.qc);
1759 return ret;
1760 }
1761
1762 /* SSL_connect */
ossl_quic_connect(SSL * s)1763 int ossl_quic_connect(SSL *s)
1764 {
1765 /* Ensure we are in connect state (no-op if non-idle). */
1766 ossl_quic_set_connect_state(s);
1767
1768 /* Begin or continue the handshake */
1769 return ossl_quic_do_handshake(s);
1770 }
1771
1772 /* SSL_accept */
ossl_quic_accept(SSL * s)1773 int ossl_quic_accept(SSL *s)
1774 {
1775 /* Ensure we are in accept state (no-op if non-idle). */
1776 ossl_quic_set_accept_state(s);
1777
1778 /* Begin or continue the handshake */
1779 return ossl_quic_do_handshake(s);
1780 }
1781
1782 /*
1783 * QUIC Front-End I/O API: Stream Lifecycle Operations
1784 * ===================================================
1785 *
1786 * SSL_stream_new => ossl_quic_conn_stream_new
1787 *
1788 */
1789
1790 /*
1791 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1792 * default XSO was created. Returns 0 if it was not (e.g. because it already
1793 * exists). Note that this is NOT an error condition.
1794 */
1795 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)1796 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1797 {
1798 uint64_t flags = 0;
1799 QUIC_CONNECTION *qc = ctx->qc;
1800
1801 if (qc->default_xso_created
1802 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1803 /*
1804 * We only do this once. If the user detaches a previously created
1805 * default XSO we don't auto-create another one.
1806 */
1807 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1808
1809 /* Create a locally-initiated stream. */
1810 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1811 flags |= SSL_STREAM_FLAG_UNI;
1812
1813 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1814 /*needs_lock=*/0),
1815 /*touch=*/0);
1816 if (qc->default_xso == NULL)
1817 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1818
1819 qc_touch_default_xso(qc);
1820 return 1;
1821 }
1822
1823 struct quic_wait_for_stream_args {
1824 QUIC_CONNECTION *qc;
1825 QUIC_STREAM *qs;
1826 QCTX *ctx;
1827 uint64_t expect_id;
1828 };
1829
1830 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)1831 static int quic_wait_for_stream(void *arg)
1832 {
1833 struct quic_wait_for_stream_args *args = arg;
1834
1835 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1836 /* If connection is torn down due to an error while blocking, stop. */
1837 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1838 return -1;
1839 }
1840
1841 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1842 args->expect_id | QUIC_STREAM_DIR_BIDI);
1843 if (args->qs == NULL)
1844 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1845 args->expect_id | QUIC_STREAM_DIR_UNI);
1846
1847 if (args->qs != NULL)
1848 return 1; /* stream now exists */
1849
1850 return 0; /* did not get a stream, keep trying */
1851 }
1852
1853 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)1854 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
1855 {
1856 /* Called on a QCSO and we don't currently have a default stream. */
1857 uint64_t expect_id;
1858 QUIC_CONNECTION *qc = ctx->qc;
1859 QUIC_STREAM *qs;
1860 int res;
1861 struct quic_wait_for_stream_args wargs;
1862 OSSL_RTT_INFO rtt_info;
1863
1864 /*
1865 * If default stream functionality is disabled or we already detached
1866 * one, don't make another default stream and just fail.
1867 */
1868 if (qc->default_xso_created
1869 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1870 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1871
1872 /*
1873 * The peer may have opened a stream since we last ticked. So tick and
1874 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1875 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1876 * first stream created by a peer must have an ordinal of 0.
1877 */
1878 expect_id = qc->as_server
1879 ? QUIC_STREAM_INITIATOR_CLIENT
1880 : QUIC_STREAM_INITIATOR_SERVER;
1881
1882 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1883 expect_id | QUIC_STREAM_DIR_BIDI);
1884 if (qs == NULL)
1885 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1886 expect_id | QUIC_STREAM_DIR_UNI);
1887
1888 if (qs == NULL) {
1889 qctx_maybe_autotick(ctx);
1890
1891 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1892 expect_id);
1893 }
1894
1895 if (qs == NULL) {
1896 if (peek)
1897 return 0;
1898
1899 if (!qc_blocking_mode(qc))
1900 /* Non-blocking mode, so just bail immediately. */
1901 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1902
1903 /* Block until we have a stream. */
1904 wargs.qc = qc;
1905 wargs.qs = NULL;
1906 wargs.ctx = ctx;
1907 wargs.expect_id = expect_id;
1908
1909 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1910 if (res == 0)
1911 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1912 else if (res < 0 || wargs.qs == NULL)
1913 /* quic_wait_for_stream raised error here */
1914 return 0;
1915
1916 qs = wargs.qs;
1917 }
1918
1919 /*
1920 * We now have qs != NULL. Remove it from the incoming stream queue so that
1921 * it isn't also returned by any future SSL_accept_stream calls.
1922 */
1923 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1924 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1925 qs, rtt_info.smoothed_rtt);
1926
1927 /*
1928 * Now make qs the default stream, creating the necessary XSO.
1929 */
1930 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1931 if (qc->default_xso == NULL)
1932 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1933
1934 qc_touch_default_xso(qc); /* inhibits default XSO */
1935 return 1;
1936 }
1937
1938 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)1939 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1940 {
1941 QUIC_XSO *xso = NULL;
1942
1943 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1944 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1945 goto err;
1946 }
1947
1948 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1949 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1950 goto err;
1951 }
1952
1953 /* XSO refs QC */
1954 if (!SSL_up_ref(&qc->ssl)) {
1955 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1956 goto err;
1957 }
1958
1959 xso->conn = qc;
1960 xso->ssl_mode = qc->default_ssl_mode;
1961 xso->ssl_options
1962 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1963 xso->last_error = SSL_ERROR_NONE;
1964
1965 xso->stream = qs;
1966
1967 ++qc->num_xso;
1968 xso_update_options(xso);
1969 return xso;
1970
1971 err:
1972 OPENSSL_free(xso);
1973 return NULL;
1974 }
1975
1976 struct quic_new_stream_wait_args {
1977 QUIC_CONNECTION *qc;
1978 int is_uni;
1979 };
1980
quic_new_stream_wait(void * arg)1981 static int quic_new_stream_wait(void *arg)
1982 {
1983 struct quic_new_stream_wait_args *args = arg;
1984 QUIC_CONNECTION *qc = args->qc;
1985
1986 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1987 return -1;
1988
1989 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1990 return 1;
1991
1992 return 0;
1993 }
1994
1995 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)1996 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1997 {
1998 int ret;
1999 QUIC_CONNECTION *qc = ctx->qc;
2000 QUIC_XSO *xso = NULL;
2001 QUIC_STREAM *qs = NULL;
2002 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2003 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2004 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2005
2006 if (need_lock)
2007 quic_lock(qc);
2008
2009 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2010 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2011 goto err;
2012 }
2013
2014 if (!advance
2015 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2016 struct quic_new_stream_wait_args args;
2017
2018 /*
2019 * Stream count flow control currently doesn't permit this stream to be
2020 * opened.
2021 */
2022 if (no_blocking || !qc_blocking_mode(qc)) {
2023 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2024 goto err;
2025 }
2026
2027 args.qc = qc;
2028 args.is_uni = is_uni;
2029
2030 /* Blocking mode - wait until we can get a stream. */
2031 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2032 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2033 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2034 goto err; /* Shutdown before completion */
2035 } else if (ret <= 0) {
2036 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2037 goto err; /* Non-protocol error */
2038 }
2039 }
2040
2041 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2042 if (qs == NULL) {
2043 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2044 goto err;
2045 }
2046
2047 xso = create_xso_from_stream(qc, qs);
2048 if (xso == NULL)
2049 goto err;
2050
2051 qc_touch_default_xso(qc); /* inhibits default XSO */
2052 if (need_lock)
2053 quic_unlock(qc);
2054
2055 return &xso->ssl;
2056
2057 err:
2058 OPENSSL_free(xso);
2059 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2060 if (need_lock)
2061 quic_unlock(qc);
2062
2063 return NULL;
2064
2065 }
2066
2067 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2068 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2069 {
2070 QCTX ctx;
2071
2072 if (!expect_quic_conn_only(s, &ctx))
2073 return NULL;
2074
2075 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2076 }
2077
2078 /*
2079 * QUIC Front-End I/O API: Steady-State Operations
2080 * ===============================================
2081 *
2082 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2083 * is, the functions used during the established phase of a QUIC connection
2084 * (e.g. SSL_read, SSL_write).
2085 *
2086 * Each function must handle both blocking and non-blocking modes. As discussed
2087 * above, all QUIC I/O is implemented using non-blocking mode internally.
2088 *
2089 * SSL_get_error => partially implemented by ossl_quic_get_error
2090 * SSL_want => ossl_quic_want
2091 * (BIO/)SSL_read => ossl_quic_read
2092 * (BIO/)SSL_write => ossl_quic_write
2093 * SSL_pending => ossl_quic_pending
2094 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2095 * SSL_key_update => ossl_quic_key_update
2096 */
2097
2098 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2099 int ossl_quic_get_error(const SSL *s, int i)
2100 {
2101 QCTX ctx;
2102 int net_error, last_error;
2103
2104 if (!expect_quic(s, &ctx))
2105 return 0;
2106
2107 quic_lock(ctx.qc);
2108 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2109 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2110 quic_unlock(ctx.qc);
2111
2112 if (net_error)
2113 return SSL_ERROR_SYSCALL;
2114
2115 return last_error;
2116 }
2117
2118 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2119 static int error_to_want(int error)
2120 {
2121 switch (error) {
2122 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2123 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2124 case SSL_ERROR_ZERO_RETURN:
2125 default:
2126 return SSL_NOTHING;
2127
2128 case SSL_ERROR_WANT_READ:
2129 return SSL_READING;
2130
2131 case SSL_ERROR_WANT_WRITE:
2132 return SSL_WRITING;
2133
2134 case SSL_ERROR_WANT_RETRY_VERIFY:
2135 return SSL_RETRY_VERIFY;
2136
2137 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2138 return SSL_CLIENT_HELLO_CB;
2139
2140 case SSL_ERROR_WANT_X509_LOOKUP:
2141 return SSL_X509_LOOKUP;
2142 }
2143 }
2144
2145 /* SSL_want */
ossl_quic_want(const SSL * s)2146 int ossl_quic_want(const SSL *s)
2147 {
2148 QCTX ctx;
2149 int w;
2150
2151 if (!expect_quic(s, &ctx))
2152 return SSL_NOTHING;
2153
2154 quic_lock(ctx.qc);
2155
2156 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2157
2158 quic_unlock(ctx.qc);
2159 return w;
2160 }
2161
2162 /*
2163 * SSL_write
2164 * ---------
2165 *
2166 * The set of functions below provide the implementation of the public SSL_write
2167 * function. We must handle:
2168 *
2169 * - both blocking and non-blocking operation at the application level,
2170 * depending on how we are configured;
2171 *
2172 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2173 *
2174 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2175 *
2176 */
2177 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2178 static void quic_post_write(QUIC_XSO *xso, int did_append,
2179 int did_append_all, uint64_t flags,
2180 int do_tick)
2181 {
2182 /*
2183 * We have appended at least one byte to the stream.
2184 * Potentially mark stream as active, depending on FC.
2185 */
2186 if (did_append)
2187 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2188 xso->stream);
2189
2190 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2191 ossl_quic_sstream_fin(xso->stream->sstream);
2192
2193 /*
2194 * Try and send.
2195 *
2196 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2197 * immediately, plus we should eventually consider Nagle's algorithm.
2198 */
2199 if (do_tick)
2200 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2201 }
2202
2203 struct quic_write_again_args {
2204 QUIC_XSO *xso;
2205 const unsigned char *buf;
2206 size_t len;
2207 size_t total_written;
2208 int err;
2209 uint64_t flags;
2210 };
2211
2212 /*
2213 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2214 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2215 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2216 */
2217 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2218
2219 /*
2220 * Ensure spare buffer space available (up until a limit, at least).
2221 */
2222 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2223 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2224 {
2225 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2226 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2227 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2228 size_t new_sz, growth;
2229
2230 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2231 return 1;
2232
2233 growth = spare_ - avail;
2234 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2235 new_sz = MAX_WRITE_BUF_SIZE;
2236 else
2237 new_sz = cur_sz + growth;
2238
2239 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2240 }
2241
2242 /*
2243 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2244 * as needed according to flow control.
2245 */
2246 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2247 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2248 size_t len, size_t *actual_written)
2249 {
2250 QUIC_SSTREAM *sstream = xso->stream->sstream;
2251 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2252 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2253 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2254
2255 if (len > permitted)
2256 len = (size_t)permitted;
2257
2258 if (!sstream_ensure_spare(sstream, len))
2259 return 0;
2260
2261 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2262 }
2263
2264 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2265 static int quic_write_again(void *arg)
2266 {
2267 struct quic_write_again_args *args = arg;
2268 size_t actual_written = 0;
2269
2270 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2271 /* If connection is torn down due to an error while blocking, stop. */
2272 return -2;
2273
2274 if (!quic_validate_for_write(args->xso, &args->err))
2275 /*
2276 * Stream may have become invalid for write due to connection events
2277 * while we blocked.
2278 */
2279 return -2;
2280
2281 args->err = ERR_R_INTERNAL_ERROR;
2282 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2283 return -2;
2284
2285 quic_post_write(args->xso, actual_written > 0,
2286 args->len == actual_written, args->flags, 0);
2287
2288 args->buf += actual_written;
2289 args->len -= actual_written;
2290 args->total_written += actual_written;
2291
2292 if (args->len == 0)
2293 /* Written everything, done. */
2294 return 1;
2295
2296 /* Not written everything yet, keep trying. */
2297 return 0;
2298 }
2299
2300 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2301 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2302 uint64_t flags, size_t *written)
2303 {
2304 int res;
2305 QUIC_XSO *xso = ctx->xso;
2306 struct quic_write_again_args args;
2307 size_t actual_written = 0;
2308
2309 /* First make a best effort to append as much of the data as possible. */
2310 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2311 /* Stream already finished or allocation error. */
2312 *written = 0;
2313 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2314 }
2315
2316 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2317
2318 if (actual_written == len) {
2319 /* Managed to append everything on the first try. */
2320 *written = actual_written;
2321 return 1;
2322 }
2323
2324 /*
2325 * We did not manage to append all of the data immediately, so the stream
2326 * buffer has probably filled up. This means we need to block until some of
2327 * it is freed up.
2328 */
2329 args.xso = xso;
2330 args.buf = (const unsigned char *)buf + actual_written;
2331 args.len = len - actual_written;
2332 args.total_written = 0;
2333 args.err = ERR_R_INTERNAL_ERROR;
2334 args.flags = flags;
2335
2336 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2337 if (res <= 0) {
2338 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2339 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2340 else
2341 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2342 }
2343
2344 *written = args.total_written;
2345 return 1;
2346 }
2347
2348 /*
2349 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2350 * write semantics.
2351 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2352 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2353 size_t buf_len, size_t already_sent)
2354 {
2355 assert(!xso->aon_write_in_progress);
2356
2357 xso->aon_write_in_progress = 1;
2358 xso->aon_buf_base = buf;
2359 xso->aon_buf_pos = already_sent;
2360 xso->aon_buf_len = buf_len;
2361 }
2362
aon_write_finish(QUIC_XSO * xso)2363 static void aon_write_finish(QUIC_XSO *xso)
2364 {
2365 xso->aon_write_in_progress = 0;
2366 xso->aon_buf_base = NULL;
2367 xso->aon_buf_pos = 0;
2368 xso->aon_buf_len = 0;
2369 }
2370
2371 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2372 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2373 size_t len, uint64_t flags,
2374 size_t *written)
2375 {
2376 QUIC_XSO *xso = ctx->xso;
2377 const void *actual_buf;
2378 size_t actual_len, actual_written = 0;
2379 int accept_moving_buffer
2380 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2381
2382 if (xso->aon_write_in_progress) {
2383 /*
2384 * We are in the middle of an AON write (i.e., a previous write did not
2385 * manage to append all data to the SSTREAM and we have Enable Partial
2386 * Write (EPW) mode disabled.)
2387 */
2388 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2389 || len != xso->aon_buf_len)
2390 /*
2391 * Pointer must not have changed if we are not in accept moving
2392 * buffer mode. Length must never change.
2393 */
2394 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2395
2396 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2397 actual_len = len - xso->aon_buf_pos;
2398 assert(actual_len > 0);
2399 } else {
2400 actual_buf = buf;
2401 actual_len = len;
2402 }
2403
2404 /* First make a best effort to append as much of the data as possible. */
2405 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2406 /* Stream already finished or allocation error. */
2407 *written = 0;
2408 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2409 }
2410
2411 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2412 flags, qctx_should_autotick(ctx));
2413
2414 if (actual_written == actual_len) {
2415 /* We have sent everything. */
2416 if (xso->aon_write_in_progress) {
2417 /*
2418 * We have sent everything, and we were in the middle of an AON
2419 * write. The output write length is the total length of the AON
2420 * buffer, not however many bytes we managed to write to the stream
2421 * in this call.
2422 */
2423 *written = xso->aon_buf_len;
2424 aon_write_finish(xso);
2425 } else {
2426 *written = actual_written;
2427 }
2428
2429 return 1;
2430 }
2431
2432 if (xso->aon_write_in_progress) {
2433 /*
2434 * AON write is in progress but we have not written everything yet. We
2435 * may have managed to send zero bytes, or some number of bytes less
2436 * than the total remaining which need to be appended during this
2437 * AON operation.
2438 */
2439 xso->aon_buf_pos += actual_written;
2440 assert(xso->aon_buf_pos < xso->aon_buf_len);
2441 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2442 }
2443
2444 /*
2445 * Not in an existing AON operation but partial write is not enabled, so we
2446 * need to begin a new AON operation. However we needn't bother if we didn't
2447 * actually append anything.
2448 */
2449 if (actual_written > 0)
2450 aon_write_begin(xso, buf, len, actual_written);
2451
2452 /*
2453 * AON - We do not publicly admit to having appended anything until AON
2454 * completes.
2455 */
2456 *written = 0;
2457 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2458 }
2459
2460 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2461 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2462 uint64_t flags, size_t *written)
2463 {
2464 QUIC_XSO *xso = ctx->xso;
2465
2466 /* Simple best effort operation. */
2467 if (!xso_sstream_append(xso, buf, len, written)) {
2468 /* Stream already finished or allocation error. */
2469 *written = 0;
2470 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2471 }
2472
2473 quic_post_write(xso, *written > 0, *written == len, flags,
2474 qctx_should_autotick(ctx));
2475
2476 if (*written == 0)
2477 /* SSL_write_ex returns 0 if it didn't read anything. */
2478 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2479
2480 return 1;
2481 }
2482
2483 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2484 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2485 {
2486 QUIC_STREAM_MAP *qsm;
2487
2488 if (xso == NULL || xso->stream == NULL) {
2489 *err = ERR_R_INTERNAL_ERROR;
2490 return 0;
2491 }
2492
2493 switch (xso->stream->send_state) {
2494 default:
2495 case QUIC_SSTREAM_STATE_NONE:
2496 *err = SSL_R_STREAM_RECV_ONLY;
2497 return 0;
2498
2499 case QUIC_SSTREAM_STATE_READY:
2500 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2501
2502 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2503 *err = ERR_R_INTERNAL_ERROR;
2504 return 0;
2505 }
2506
2507 /* FALLTHROUGH */
2508 case QUIC_SSTREAM_STATE_SEND:
2509 case QUIC_SSTREAM_STATE_DATA_SENT:
2510 case QUIC_SSTREAM_STATE_DATA_RECVD:
2511 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2512 *err = SSL_R_STREAM_FINISHED;
2513 return 0;
2514 }
2515
2516 return 1;
2517
2518 case QUIC_SSTREAM_STATE_RESET_SENT:
2519 case QUIC_SSTREAM_STATE_RESET_RECVD:
2520 *err = SSL_R_STREAM_RESET;
2521 return 0;
2522 }
2523 }
2524
2525 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2526 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2527 uint64_t flags, size_t *written)
2528 {
2529 int ret;
2530 QCTX ctx;
2531 int partial_write, err;
2532
2533 *written = 0;
2534
2535 if (len == 0) {
2536 /* Do not autocreate default XSO for zero-length writes. */
2537 if (!expect_quic(s, &ctx))
2538 return 0;
2539
2540 quic_lock_for_io(&ctx);
2541 } else {
2542 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2543 return 0;
2544 }
2545
2546 partial_write = ((ctx.xso != NULL)
2547 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0);
2548
2549 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2550 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2551 goto out;
2552 }
2553
2554 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2555 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2556 goto out;
2557 }
2558
2559 /*
2560 * If we haven't finished the handshake, try to advance it.
2561 * We don't accept writes until the handshake is completed.
2562 */
2563 if (quic_do_handshake(&ctx) < 1) {
2564 ret = 0;
2565 goto out;
2566 }
2567
2568 /* Ensure correct stream state, stream send part not concluded, etc. */
2569 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2570 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2571 goto out;
2572 }
2573
2574 if (len == 0) {
2575 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2576 quic_post_write(ctx.xso, 0, 1, flags,
2577 qctx_should_autotick(&ctx));
2578
2579 ret = 1;
2580 goto out;
2581 }
2582
2583 if (xso_blocking_mode(ctx.xso))
2584 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2585 else if (partial_write)
2586 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2587 else
2588 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2589
2590 out:
2591 quic_unlock(ctx.qc);
2592 return ret;
2593 }
2594
2595 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2596 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2597 {
2598 return ossl_quic_write_flags(s, buf, len, 0, written);
2599 }
2600
2601 /*
2602 * SSL_read
2603 * --------
2604 */
2605 struct quic_read_again_args {
2606 QCTX *ctx;
2607 QUIC_STREAM *stream;
2608 void *buf;
2609 size_t len;
2610 size_t *bytes_read;
2611 int peek;
2612 };
2613
2614 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2615 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2616 {
2617 QUIC_STREAM_MAP *qsm;
2618
2619 *eos = 0;
2620
2621 if (xso == NULL || xso->stream == NULL) {
2622 *err = ERR_R_INTERNAL_ERROR;
2623 return 0;
2624 }
2625
2626 switch (xso->stream->recv_state) {
2627 default:
2628 case QUIC_RSTREAM_STATE_NONE:
2629 *err = SSL_R_STREAM_SEND_ONLY;
2630 return 0;
2631
2632 case QUIC_RSTREAM_STATE_RECV:
2633 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2634 case QUIC_RSTREAM_STATE_DATA_RECVD:
2635 return 1;
2636
2637 case QUIC_RSTREAM_STATE_DATA_READ:
2638 *eos = 1;
2639 return 0;
2640
2641 case QUIC_RSTREAM_STATE_RESET_RECVD:
2642 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2643 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2644
2645 /* FALLTHROUGH */
2646 case QUIC_RSTREAM_STATE_RESET_READ:
2647 *err = SSL_R_STREAM_RESET;
2648 return 0;
2649 }
2650 }
2651
2652 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2653 static int quic_read_actual(QCTX *ctx,
2654 QUIC_STREAM *stream,
2655 void *buf, size_t buf_len,
2656 size_t *bytes_read,
2657 int peek)
2658 {
2659 int is_fin = 0, err, eos;
2660 QUIC_CONNECTION *qc = ctx->qc;
2661
2662 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2663 if (eos) {
2664 ctx->xso->retired_fin = 1;
2665 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2666 } else {
2667 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2668 }
2669 }
2670
2671 if (peek) {
2672 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2673 bytes_read, &is_fin))
2674 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2675
2676 } else {
2677 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2678 bytes_read, &is_fin))
2679 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2680 }
2681
2682 if (!peek) {
2683 if (*bytes_read > 0) {
2684 /*
2685 * We have read at least one byte from the stream. Inform stream-level
2686 * RXFC of the retirement of controlled bytes. Update the active stream
2687 * status (the RXFC may now want to emit a frame granting more credit to
2688 * the peer).
2689 */
2690 OSSL_RTT_INFO rtt_info;
2691
2692 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2693
2694 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2695 rtt_info.smoothed_rtt))
2696 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2697 }
2698
2699 if (is_fin && !peek) {
2700 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2701
2702 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2703 }
2704
2705 if (*bytes_read > 0)
2706 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2707 stream);
2708 }
2709
2710 if (*bytes_read == 0 && is_fin) {
2711 ctx->xso->retired_fin = 1;
2712 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2713 }
2714
2715 return 1;
2716 }
2717
2718 QUIC_NEEDS_LOCK
quic_read_again(void * arg)2719 static int quic_read_again(void *arg)
2720 {
2721 struct quic_read_again_args *args = arg;
2722
2723 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2724 /* If connection is torn down due to an error while blocking, stop. */
2725 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2726 return -1;
2727 }
2728
2729 if (!quic_read_actual(args->ctx, args->stream,
2730 args->buf, args->len, args->bytes_read,
2731 args->peek))
2732 return -1;
2733
2734 if (*args->bytes_read > 0)
2735 /* got at least one byte, the SSL_read op can finish now */
2736 return 1;
2737
2738 return 0; /* did not read anything, keep trying */
2739 }
2740
2741 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)2742 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2743 {
2744 int ret, res;
2745 QCTX ctx;
2746 struct quic_read_again_args args;
2747
2748 *bytes_read = 0;
2749
2750 if (!expect_quic(s, &ctx))
2751 return 0;
2752
2753 quic_lock_for_io(&ctx);
2754
2755 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2756 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2757 goto out;
2758 }
2759
2760 /* If we haven't finished the handshake, try to advance it. */
2761 if (quic_do_handshake(&ctx) < 1) {
2762 ret = 0; /* ossl_quic_do_handshake raised error here */
2763 goto out;
2764 }
2765
2766 if (ctx.xso == NULL) {
2767 /*
2768 * Called on a QCSO and we don't currently have a default stream.
2769 *
2770 * Wait until we get a stream initiated by the peer (blocking mode) or
2771 * fail if we don't have one yet (non-blocking mode).
2772 */
2773 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
2774 ret = 0; /* error already raised here */
2775 goto out;
2776 }
2777
2778 ctx.xso = ctx.qc->default_xso;
2779 }
2780
2781 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2782 ret = 0; /* quic_read_actual raised error here */
2783 goto out;
2784 }
2785
2786 if (*bytes_read > 0) {
2787 /*
2788 * Even though we succeeded, tick the reactor here to ensure we are
2789 * handling other aspects of the QUIC connection.
2790 */
2791 qctx_maybe_autotick(&ctx);
2792 ret = 1;
2793 } else if (xso_blocking_mode(ctx.xso)) {
2794 /*
2795 * We were not able to read anything immediately, so our stream
2796 * buffer is empty. This means we need to block until we get
2797 * at least one byte.
2798 */
2799 args.ctx = &ctx;
2800 args.stream = ctx.xso->stream;
2801 args.buf = buf;
2802 args.len = len;
2803 args.bytes_read = bytes_read;
2804 args.peek = peek;
2805
2806 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2807 if (res == 0) {
2808 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2809 goto out;
2810 } else if (res < 0) {
2811 ret = 0; /* quic_read_again raised error here */
2812 goto out;
2813 }
2814
2815 ret = 1;
2816 } else {
2817 /*
2818 * We did not get any bytes and are not in blocking mode.
2819 * Tick to see if this delivers any more.
2820 */
2821 qctx_maybe_autotick(&ctx);
2822
2823 /* Try the read again. */
2824 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2825 ret = 0; /* quic_read_actual raised error here */
2826 goto out;
2827 }
2828
2829 if (*bytes_read > 0)
2830 ret = 1; /* Succeeded this time. */
2831 else
2832 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2833 }
2834
2835 out:
2836 quic_unlock(ctx.qc);
2837 return ret;
2838 }
2839
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)2840 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2841 {
2842 return quic_read(s, buf, len, bytes_read, 0);
2843 }
2844
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)2845 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2846 {
2847 return quic_read(s, buf, len, bytes_read, 1);
2848 }
2849
2850 /*
2851 * SSL_pending
2852 * -----------
2853 */
2854
2855 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)2856 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2857 {
2858 QCTX ctx;
2859 size_t avail = 0;
2860
2861 if (!expect_quic(s, &ctx))
2862 return 0;
2863
2864 quic_lock(ctx.qc);
2865
2866 if (ctx.xso == NULL) {
2867 /* No XSO yet, but there might be a default XSO eligible to be created. */
2868 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
2869 ctx.xso = ctx.qc->default_xso;
2870 } else {
2871 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2872 goto out;
2873 }
2874 }
2875
2876 if (ctx.xso->stream == NULL) {
2877 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2878 goto out;
2879 }
2880
2881 if (check_channel)
2882 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2883 /*include_fin=*/1)
2884 || ossl_quic_channel_has_pending(ctx.qc->ch)
2885 || ossl_quic_channel_is_term_any(ctx.qc->ch);
2886 else
2887 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
2888 /*include_fin=*/0);
2889
2890 out:
2891 quic_unlock(ctx.qc);
2892 return avail;
2893 }
2894
ossl_quic_pending(const SSL * s)2895 size_t ossl_quic_pending(const SSL *s)
2896 {
2897 return ossl_quic_pending_int(s, /*check_channel=*/0);
2898 }
2899
ossl_quic_has_pending(const SSL * s)2900 int ossl_quic_has_pending(const SSL *s)
2901 {
2902 /* Do we have app-side pending data or pending URXEs or RXEs? */
2903 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2904 }
2905
2906 /*
2907 * SSL_stream_conclude
2908 * -------------------
2909 */
2910 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)2911 int ossl_quic_conn_stream_conclude(SSL *s)
2912 {
2913 QCTX ctx;
2914 QUIC_STREAM *qs;
2915 int err;
2916
2917 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2918 return 0;
2919
2920 qs = ctx.xso->stream;
2921
2922 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2923 quic_unlock(ctx.qc);
2924 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2925 }
2926
2927 if (!quic_validate_for_write(ctx.xso, &err)) {
2928 quic_unlock(ctx.qc);
2929 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2930 }
2931
2932 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2933 quic_unlock(ctx.qc);
2934 return 1;
2935 }
2936
2937 ossl_quic_sstream_fin(qs->sstream);
2938 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
2939 quic_unlock(ctx.qc);
2940 return 1;
2941 }
2942
2943 /*
2944 * SSL_inject_net_dgram
2945 * --------------------
2946 */
2947 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)2948 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2949 size_t buf_len,
2950 const BIO_ADDR *peer,
2951 const BIO_ADDR *local)
2952 {
2953 int ret;
2954 QCTX ctx;
2955 QUIC_DEMUX *demux;
2956
2957 if (!expect_quic(s, &ctx))
2958 return 0;
2959
2960 quic_lock(ctx.qc);
2961
2962 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2963 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2964
2965 quic_unlock(ctx.qc);
2966 return ret;
2967 }
2968
2969 /*
2970 * SSL_get0_connection
2971 * -------------------
2972 */
ossl_quic_get0_connection(SSL * s)2973 SSL *ossl_quic_get0_connection(SSL *s)
2974 {
2975 QCTX ctx;
2976
2977 if (!expect_quic(s, &ctx))
2978 return NULL;
2979
2980 return &ctx.qc->ssl;
2981 }
2982
2983 /*
2984 * SSL_get_stream_type
2985 * -------------------
2986 */
ossl_quic_get_stream_type(SSL * s)2987 int ossl_quic_get_stream_type(SSL *s)
2988 {
2989 QCTX ctx;
2990
2991 if (!expect_quic(s, &ctx))
2992 return SSL_STREAM_TYPE_BIDI;
2993
2994 if (ctx.xso == NULL) {
2995 /*
2996 * If deferred XSO creation has yet to occur, proceed according to the
2997 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2998 * what kind of stream will be created yet, so return BIDI on the basis
2999 * that at this time, the client still has the option of calling
3000 * SSL_read() or SSL_write() first.
3001 */
3002 if (ctx.qc->default_xso_created
3003 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3004 return SSL_STREAM_TYPE_NONE;
3005 else
3006 return SSL_STREAM_TYPE_BIDI;
3007 }
3008
3009 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3010 return SSL_STREAM_TYPE_BIDI;
3011
3012 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3013 return SSL_STREAM_TYPE_READ;
3014 else
3015 return SSL_STREAM_TYPE_WRITE;
3016 }
3017
3018 /*
3019 * SSL_get_stream_id
3020 * -----------------
3021 */
3022 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3023 uint64_t ossl_quic_get_stream_id(SSL *s)
3024 {
3025 QCTX ctx;
3026 uint64_t id;
3027
3028 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3029 return UINT64_MAX;
3030
3031 id = ctx.xso->stream->id;
3032 quic_unlock(ctx.qc);
3033
3034 return id;
3035 }
3036
3037 /*
3038 * SSL_is_stream_local
3039 * -------------------
3040 */
3041 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3042 int ossl_quic_is_stream_local(SSL *s)
3043 {
3044 QCTX ctx;
3045 int is_local;
3046
3047 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3048 return -1;
3049
3050 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3051 quic_unlock(ctx.qc);
3052
3053 return is_local;
3054 }
3055
3056 /*
3057 * SSL_set_default_stream_mode
3058 * ---------------------------
3059 */
3060 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3061 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3062 {
3063 QCTX ctx;
3064
3065 if (!expect_quic_conn_only(s, &ctx))
3066 return 0;
3067
3068 quic_lock(ctx.qc);
3069
3070 if (ctx.qc->default_xso_created) {
3071 quic_unlock(ctx.qc);
3072 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3073 "too late to change default stream mode");
3074 }
3075
3076 switch (mode) {
3077 case SSL_DEFAULT_STREAM_MODE_NONE:
3078 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3079 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3080 ctx.qc->default_stream_mode = mode;
3081 break;
3082 default:
3083 quic_unlock(ctx.qc);
3084 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3085 "bad default stream type");
3086 }
3087
3088 quic_unlock(ctx.qc);
3089 return 1;
3090 }
3091
3092 /*
3093 * SSL_detach_stream
3094 * -----------------
3095 */
3096 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3097 SSL *ossl_quic_detach_stream(SSL *s)
3098 {
3099 QCTX ctx;
3100 QUIC_XSO *xso = NULL;
3101
3102 if (!expect_quic_conn_only(s, &ctx))
3103 return NULL;
3104
3105 quic_lock(ctx.qc);
3106
3107 /* Calling this function inhibits default XSO autocreation. */
3108 /* QC ref to any default XSO is transferred to us and to caller. */
3109 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3110
3111 quic_unlock(ctx.qc);
3112
3113 return xso != NULL ? &xso->ssl : NULL;
3114 }
3115
3116 /*
3117 * SSL_attach_stream
3118 * -----------------
3119 */
3120 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3121 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3122 {
3123 QCTX ctx;
3124 QUIC_XSO *xso;
3125 int nref;
3126
3127 if (!expect_quic_conn_only(conn, &ctx))
3128 return 0;
3129
3130 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3131 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3132 "stream to attach must be a valid QUIC stream");
3133
3134 xso = (QUIC_XSO *)stream;
3135
3136 quic_lock(ctx.qc);
3137
3138 if (ctx.qc->default_xso != NULL) {
3139 quic_unlock(ctx.qc);
3140 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3141 "connection already has a default stream");
3142 }
3143
3144 /*
3145 * It is a caller error for the XSO being attached as a default XSO to have
3146 * more than one ref.
3147 */
3148 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3149 quic_unlock(ctx.qc);
3150 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3151 "ref");
3152 }
3153
3154 if (nref != 1) {
3155 quic_unlock(ctx.qc);
3156 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3157 "stream being attached must have "
3158 "only 1 reference");
3159 }
3160
3161 /* Caller's reference to the XSO is transferred to us. */
3162 /* Calling this function inhibits default XSO autocreation. */
3163 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3164
3165 quic_unlock(ctx.qc);
3166 return 1;
3167 }
3168
3169 /*
3170 * SSL_set_incoming_stream_policy
3171 * ------------------------------
3172 */
3173 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3174 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3175 {
3176 switch (qc->incoming_stream_policy) {
3177 case SSL_INCOMING_STREAM_POLICY_AUTO:
3178 if ((qc->default_xso == NULL && !qc->default_xso_created)
3179 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3180 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3181 else
3182 return SSL_INCOMING_STREAM_POLICY_REJECT;
3183
3184 default:
3185 return qc->incoming_stream_policy;
3186 }
3187 }
3188
3189 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3190 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3191 {
3192 int policy = qc_get_effective_incoming_stream_policy(qc);
3193 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3194
3195 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3196 enable_reject,
3197 qc->incoming_stream_aec);
3198 }
3199
3200 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3201 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3202 uint64_t aec)
3203 {
3204 int ret = 1;
3205 QCTX ctx;
3206
3207 if (!expect_quic_conn_only(s, &ctx))
3208 return 0;
3209
3210 quic_lock(ctx.qc);
3211
3212 switch (policy) {
3213 case SSL_INCOMING_STREAM_POLICY_AUTO:
3214 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3215 case SSL_INCOMING_STREAM_POLICY_REJECT:
3216 ctx.qc->incoming_stream_policy = policy;
3217 ctx.qc->incoming_stream_aec = aec;
3218 break;
3219
3220 default:
3221 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3222 ret = 0;
3223 break;
3224 }
3225
3226 qc_update_reject_policy(ctx.qc);
3227 quic_unlock(ctx.qc);
3228 return ret;
3229 }
3230
3231 /*
3232 * SSL_get_value, SSL_set_value
3233 * ----------------------------
3234 */
3235 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3236 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3237 uint64_t *p_value_out, uint64_t *p_value_in)
3238 {
3239 int ret = 0;
3240 uint64_t value_out = 0, value_in;
3241
3242 quic_lock(ctx->qc);
3243
3244 switch (class_) {
3245 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3246 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3247
3248 if (p_value_in != NULL) {
3249 value_in = *p_value_in;
3250 if (value_in > OSSL_QUIC_VLINT_MAX) {
3251 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3252 NULL);
3253 goto err;
3254 }
3255
3256 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3257 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3258 NULL);
3259 goto err;
3260 }
3261
3262 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3263 }
3264 break;
3265
3266 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3267 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3268 if (p_value_in != NULL) {
3269 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3270 NULL);
3271 goto err;
3272 }
3273
3274 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3275 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3276 NULL);
3277 goto err;
3278 }
3279
3280 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3281 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3282 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3283 break;
3284
3285 default:
3286 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3287 NULL);
3288 goto err;
3289 }
3290
3291 ret = 1;
3292 err:
3293 quic_unlock(ctx->qc);
3294 if (ret && p_value_out != NULL)
3295 *p_value_out = value_out;
3296
3297 return ret;
3298 }
3299
3300 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3301 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3302 int is_uni, int is_remote,
3303 uint64_t *value)
3304 {
3305 int ret = 0;
3306
3307 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3308 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3309 NULL);
3310 return 0;
3311 }
3312
3313 quic_lock(ctx->qc);
3314
3315 *value = is_remote
3316 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3317 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3318
3319 ret = 1;
3320 quic_unlock(ctx->qc);
3321 return ret;
3322 }
3323
3324 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3325 static int qctx_should_autotick(QCTX *ctx)
3326 {
3327 int event_handling_mode;
3328
3329 if (ctx->is_stream) {
3330 event_handling_mode = ctx->xso->event_handling_mode;
3331 if (event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_INHERIT)
3332 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3333 }
3334
3335 event_handling_mode = ctx->qc->event_handling_mode;
3336 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3337 }
3338
3339 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3340 static void qctx_maybe_autotick(QCTX *ctx)
3341 {
3342 if (!qctx_should_autotick(ctx))
3343 return;
3344
3345 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx->qc->ch), 0);
3346 }
3347
3348 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3349 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3350 uint64_t *p_value_out,
3351 uint64_t *p_value_in)
3352 {
3353 int ret = 0;
3354 uint64_t value_out = 0;
3355
3356 quic_lock(ctx->qc);
3357
3358 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3359 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3360 NULL);
3361 goto err;
3362 }
3363
3364 if (p_value_in != NULL) {
3365 switch (*p_value_in) {
3366 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3367 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3368 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3369 break;
3370 default:
3371 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3372 NULL);
3373 goto err;
3374 }
3375
3376 value_out = *p_value_in;
3377 if (ctx->is_stream)
3378 ctx->xso->event_handling_mode = (int)value_out;
3379 else
3380 ctx->qc->event_handling_mode = (int)value_out;
3381 } else {
3382 value_out = ctx->is_stream
3383 ? ctx->xso->event_handling_mode
3384 : ctx->qc->event_handling_mode;
3385 }
3386
3387 ret = 1;
3388 err:
3389 quic_unlock(ctx->qc);
3390 if (ret && p_value_out != NULL)
3391 *p_value_out = value_out;
3392
3393 return ret;
3394 }
3395
3396 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3397 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3398 uint64_t *p_value_out,
3399 size_t (*getter)(QUIC_SSTREAM *sstream))
3400 {
3401 int ret = 0;
3402 size_t value = 0;
3403
3404 quic_lock(ctx->qc);
3405
3406 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3407 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3408 NULL);
3409 goto err;
3410 }
3411
3412 if (ctx->xso == NULL) {
3413 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3414 goto err;
3415 }
3416
3417 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3418 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3419 goto err;
3420 }
3421
3422 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3423 value = getter(ctx->xso->stream->sstream);
3424
3425 ret = 1;
3426 err:
3427 quic_unlock(ctx->qc);
3428 *p_value_out = (uint64_t)value;
3429 return ret;
3430 }
3431
3432 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3433 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3434 {
3435 switch (id) {
3436 case SSL_VALUE_EVENT_HANDLING_MODE:
3437 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3438 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3439 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3440 return expect_quic(s, ctx);
3441 default:
3442 return expect_quic_conn_only(s, ctx);
3443 }
3444 }
3445
3446 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3447 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3448 uint64_t *value)
3449 {
3450 QCTX ctx;
3451
3452 if (!expect_quic_for_value(s, &ctx, id))
3453 return 0;
3454
3455 if (value == NULL)
3456 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3457 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3458
3459 switch (id) {
3460 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3461 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3462
3463 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3464 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3465 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3466 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3467 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3468 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3469 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3470 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3471
3472 case SSL_VALUE_EVENT_HANDLING_MODE:
3473 return qc_getset_event_handling(&ctx, class_, value, NULL);
3474
3475 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3476 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3477 ossl_quic_sstream_get_buffer_size);
3478 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3479 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3480 ossl_quic_sstream_get_buffer_used);
3481 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3482 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3483 ossl_quic_sstream_get_buffer_avail);
3484
3485 default:
3486 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3487 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3488 }
3489
3490 return 1;
3491 }
3492
3493 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3494 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3495 uint64_t value)
3496 {
3497 QCTX ctx;
3498
3499 if (!expect_quic_for_value(s, &ctx, id))
3500 return 0;
3501
3502 switch (id) {
3503 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3504 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3505
3506 case SSL_VALUE_EVENT_HANDLING_MODE:
3507 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3508
3509 default:
3510 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3511 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3512 }
3513
3514 return 1;
3515 }
3516
3517 /*
3518 * SSL_accept_stream
3519 * -----------------
3520 */
3521 struct wait_for_incoming_stream_args {
3522 QCTX *ctx;
3523 QUIC_STREAM *qs;
3524 };
3525
3526 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3527 static int wait_for_incoming_stream(void *arg)
3528 {
3529 struct wait_for_incoming_stream_args *args = arg;
3530 QUIC_CONNECTION *qc = args->ctx->qc;
3531 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3532
3533 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3534 /* If connection is torn down due to an error while blocking, stop. */
3535 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3536 return -1;
3537 }
3538
3539 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3540 if (args->qs != NULL)
3541 return 1; /* got a stream */
3542
3543 return 0; /* did not get a stream, keep trying */
3544 }
3545
3546 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3547 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3548 {
3549 QCTX ctx;
3550 int ret;
3551 SSL *new_s = NULL;
3552 QUIC_STREAM_MAP *qsm;
3553 QUIC_STREAM *qs;
3554 QUIC_XSO *xso;
3555 OSSL_RTT_INFO rtt_info;
3556
3557 if (!expect_quic_conn_only(s, &ctx))
3558 return NULL;
3559
3560 quic_lock(ctx.qc);
3561
3562 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3563 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3564 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3565 goto out;
3566 }
3567
3568 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3569
3570 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3571 if (qs == NULL) {
3572 if (qc_blocking_mode(ctx.qc)
3573 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3574 struct wait_for_incoming_stream_args args;
3575
3576 args.ctx = &ctx;
3577 args.qs = NULL;
3578
3579 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3580 if (ret == 0) {
3581 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3582 goto out;
3583 } else if (ret < 0 || args.qs == NULL) {
3584 goto out;
3585 }
3586
3587 qs = args.qs;
3588 } else {
3589 goto out;
3590 }
3591 }
3592
3593 xso = create_xso_from_stream(ctx.qc, qs);
3594 if (xso == NULL)
3595 goto out;
3596
3597 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3598 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3599 rtt_info.smoothed_rtt);
3600 new_s = &xso->ssl;
3601
3602 /* Calling this function inhibits default XSO autocreation. */
3603 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3604
3605 out:
3606 quic_unlock(ctx.qc);
3607 return new_s;
3608 }
3609
3610 /*
3611 * SSL_get_accept_stream_queue_len
3612 * -------------------------------
3613 */
3614 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3615 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3616 {
3617 QCTX ctx;
3618 size_t v;
3619
3620 if (!expect_quic_conn_only(s, &ctx))
3621 return 0;
3622
3623 quic_lock(ctx.qc);
3624
3625 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3626
3627 quic_unlock(ctx.qc);
3628 return v;
3629 }
3630
3631 /*
3632 * SSL_stream_reset
3633 * ----------------
3634 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3635 int ossl_quic_stream_reset(SSL *ssl,
3636 const SSL_STREAM_RESET_ARGS *args,
3637 size_t args_len)
3638 {
3639 QCTX ctx;
3640 QUIC_STREAM_MAP *qsm;
3641 QUIC_STREAM *qs;
3642 uint64_t error_code;
3643 int ok, err;
3644
3645 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3646 return 0;
3647
3648 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3649 qs = ctx.xso->stream;
3650 error_code = (args != NULL ? args->quic_error_code : 0);
3651
3652 if (!quic_validate_for_write(ctx.xso, &err)) {
3653 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3654 goto err;
3655 }
3656
3657 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3658 if (ok)
3659 ctx.xso->requested_reset = 1;
3660
3661 err:
3662 quic_unlock(ctx.qc);
3663 return ok;
3664 }
3665
3666 /*
3667 * SSL_get_stream_read_state
3668 * -------------------------
3669 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)3670 static void quic_classify_stream(QUIC_CONNECTION *qc,
3671 QUIC_STREAM *qs,
3672 int is_write,
3673 int *state,
3674 uint64_t *app_error_code)
3675 {
3676 int local_init;
3677 uint64_t final_size;
3678
3679 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3680
3681 if (app_error_code != NULL)
3682 *app_error_code = UINT64_MAX;
3683 else
3684 app_error_code = &final_size; /* throw away value */
3685
3686 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3687 /*
3688 * Unidirectional stream and this direction of transmission doesn't
3689 * exist.
3690 */
3691 *state = SSL_STREAM_STATE_WRONG_DIR;
3692 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3693 /* Connection already closed. */
3694 *state = SSL_STREAM_STATE_CONN_CLOSED;
3695 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3696 /* Application has read a FIN. */
3697 *state = SSL_STREAM_STATE_FINISHED;
3698 } else if ((!is_write && qs->stop_sending)
3699 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3700 /*
3701 * Stream has been reset locally. FIN takes precedence over this for the
3702 * read case as the application need not care if the stream is reset
3703 * after a FIN has been successfully processed.
3704 */
3705 *state = SSL_STREAM_STATE_RESET_LOCAL;
3706 *app_error_code = !is_write
3707 ? qs->stop_sending_aec
3708 : qs->reset_stream_aec;
3709 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3710 || (is_write && qs->peer_stop_sending)) {
3711 /*
3712 * Stream has been reset remotely. */
3713 *state = SSL_STREAM_STATE_RESET_REMOTE;
3714 *app_error_code = !is_write
3715 ? qs->peer_reset_stream_aec
3716 : qs->peer_stop_sending_aec;
3717 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3718 &final_size)) {
3719 /*
3720 * Stream has been finished. Stream reset takes precedence over this for
3721 * the write case as peer may not have received all data.
3722 */
3723 *state = SSL_STREAM_STATE_FINISHED;
3724 } else {
3725 /* Stream still healthy. */
3726 *state = SSL_STREAM_STATE_OK;
3727 }
3728 }
3729
quic_get_stream_state(SSL * ssl,int is_write)3730 static int quic_get_stream_state(SSL *ssl, int is_write)
3731 {
3732 QCTX ctx;
3733 int state;
3734
3735 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3736 return SSL_STREAM_STATE_NONE;
3737
3738 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3739 quic_unlock(ctx.qc);
3740 return state;
3741 }
3742
ossl_quic_get_stream_read_state(SSL * ssl)3743 int ossl_quic_get_stream_read_state(SSL *ssl)
3744 {
3745 return quic_get_stream_state(ssl, /*is_write=*/0);
3746 }
3747
3748 /*
3749 * SSL_get_stream_write_state
3750 * --------------------------
3751 */
ossl_quic_get_stream_write_state(SSL * ssl)3752 int ossl_quic_get_stream_write_state(SSL *ssl)
3753 {
3754 return quic_get_stream_state(ssl, /*is_write=*/1);
3755 }
3756
3757 /*
3758 * SSL_get_stream_read_error_code
3759 * ------------------------------
3760 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)3761 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3762 uint64_t *app_error_code)
3763 {
3764 QCTX ctx;
3765 int state;
3766
3767 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3768 return -1;
3769
3770 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3771 &state, app_error_code);
3772
3773 quic_unlock(ctx.qc);
3774 switch (state) {
3775 case SSL_STREAM_STATE_FINISHED:
3776 return 0;
3777 case SSL_STREAM_STATE_RESET_LOCAL:
3778 case SSL_STREAM_STATE_RESET_REMOTE:
3779 return 1;
3780 default:
3781 return -1;
3782 }
3783 }
3784
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)3785 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3786 {
3787 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3788 }
3789
3790 /*
3791 * SSL_get_stream_write_error_code
3792 * -------------------------------
3793 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)3794 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3795 {
3796 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3797 }
3798
3799 /*
3800 * Write buffer size mutation
3801 * --------------------------
3802 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)3803 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3804 {
3805 int ret = 0;
3806 QCTX ctx;
3807
3808 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3809 return 0;
3810
3811 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3812 /* Called on a unidirectional receive-only stream - error. */
3813 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3814 goto out;
3815 }
3816
3817 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3818 /*
3819 * If the stream has a send part but we have disposed of it because we
3820 * no longer need it, this is a no-op.
3821 */
3822 ret = 1;
3823 goto out;
3824 }
3825
3826 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3827 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3828 goto out;
3829 }
3830
3831 ret = 1;
3832
3833 out:
3834 quic_unlock(ctx.qc);
3835 return ret;
3836 }
3837
3838 /*
3839 * SSL_get_conn_close_info
3840 * -----------------------
3841 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)3842 int ossl_quic_get_conn_close_info(SSL *ssl,
3843 SSL_CONN_CLOSE_INFO *info,
3844 size_t info_len)
3845 {
3846 QCTX ctx;
3847 const QUIC_TERMINATE_CAUSE *tc;
3848
3849 if (!expect_quic_conn_only(ssl, &ctx))
3850 return -1;
3851
3852 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3853 if (tc == NULL)
3854 return 0;
3855
3856 info->error_code = tc->error_code;
3857 info->frame_type = tc->frame_type;
3858 info->reason = tc->reason;
3859 info->reason_len = tc->reason_len;
3860 info->flags = 0;
3861 if (!tc->remote)
3862 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3863 if (!tc->app)
3864 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3865 return 1;
3866 }
3867
3868 /*
3869 * SSL_key_update
3870 * --------------
3871 */
ossl_quic_key_update(SSL * ssl,int update_type)3872 int ossl_quic_key_update(SSL *ssl, int update_type)
3873 {
3874 QCTX ctx;
3875
3876 if (!expect_quic_conn_only(ssl, &ctx))
3877 return 0;
3878
3879 switch (update_type) {
3880 case SSL_KEY_UPDATE_NOT_REQUESTED:
3881 /*
3882 * QUIC signals peer key update implicily by triggering a local
3883 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3884 */
3885 case SSL_KEY_UPDATE_REQUESTED:
3886 break;
3887
3888 default:
3889 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3890 return 0;
3891 }
3892
3893 quic_lock(ctx.qc);
3894
3895 /* Attempt to perform a TXKU. */
3896 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3897 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3898 quic_unlock(ctx.qc);
3899 return 0;
3900 }
3901
3902 quic_unlock(ctx.qc);
3903 return 1;
3904 }
3905
3906 /*
3907 * SSL_get_key_update_type
3908 * -----------------------
3909 */
ossl_quic_get_key_update_type(const SSL * s)3910 int ossl_quic_get_key_update_type(const SSL *s)
3911 {
3912 /*
3913 * We always handle key updates immediately so a key update is never
3914 * pending.
3915 */
3916 return SSL_KEY_UPDATE_NONE;
3917 }
3918
3919 /*
3920 * QUIC Front-End I/O API: SSL_CTX Management
3921 * ==========================================
3922 */
3923
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3924 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3925 {
3926 switch (cmd) {
3927 default:
3928 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3929 }
3930 }
3931
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3932 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3933 {
3934 QCTX ctx;
3935
3936 if (!expect_quic_conn_only(s, &ctx))
3937 return 0;
3938
3939 switch (cmd) {
3940 case SSL_CTRL_SET_MSG_CALLBACK:
3941 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3942 &ctx.qc->ssl);
3943 /* This callback also needs to be set on the internal SSL object */
3944 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3945
3946 default:
3947 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3948 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3949 }
3950 }
3951
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))3952 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3953 {
3954 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3955 }
3956
ossl_quic_renegotiate_check(SSL * ssl,int initok)3957 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3958 {
3959 /* We never do renegotiation. */
3960 return 0;
3961 }
3962
ossl_quic_get_cipher_by_char(const unsigned char * p)3963 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3964 {
3965 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3966
3967 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3968 return NULL;
3969
3970 return ciph;
3971 }
3972
3973 /*
3974 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3975 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3976 */
3977
ossl_quic_num_ciphers(void)3978 int ossl_quic_num_ciphers(void)
3979 {
3980 return 0;
3981 }
3982
ossl_quic_get_cipher(unsigned int u)3983 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3984 {
3985 return NULL;
3986 }
3987
3988 /*
3989 * SSL_get_shutdown()
3990 * ------------------
3991 */
ossl_quic_get_shutdown(const SSL * s)3992 int ossl_quic_get_shutdown(const SSL *s)
3993 {
3994 QCTX ctx;
3995 int shut = 0;
3996
3997 if (!expect_quic_conn_only(s, &ctx))
3998 return 0;
3999
4000 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
4001 shut |= SSL_SENT_SHUTDOWN;
4002 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
4003 shut |= SSL_RECEIVED_SHUTDOWN;
4004 }
4005
4006 return shut;
4007 }
4008
4009 /*
4010 * QUIC Polling Support APIs
4011 * =========================
4012 */
4013
4014 /* Do we have the R (read) condition? */
4015 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)4016 static int test_poll_event_r(QUIC_XSO *xso)
4017 {
4018 int fin = 0;
4019 size_t avail = 0;
4020
4021 return ossl_quic_stream_has_recv_buffer(xso->stream)
4022 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
4023 && (avail > 0 || (fin && !xso->retired_fin));
4024 }
4025
4026 /* Do we have the ER (exception: read) condition? */
4027 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)4028 static int test_poll_event_er(QUIC_XSO *xso)
4029 {
4030 return ossl_quic_stream_has_recv(xso->stream)
4031 && ossl_quic_stream_recv_is_reset(xso->stream)
4032 && !xso->retired_fin;
4033 }
4034
4035 /* Do we have the W (write) condition? */
4036 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)4037 static int test_poll_event_w(QUIC_XSO *xso)
4038 {
4039 return !xso->conn->shutting_down
4040 && ossl_quic_stream_has_send_buffer(xso->stream)
4041 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
4042 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
4043 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
4044 }
4045
4046 /* Do we have the EW (exception: write) condition? */
4047 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)4048 static int test_poll_event_ew(QUIC_XSO *xso)
4049 {
4050 return ossl_quic_stream_has_send(xso->stream)
4051 && xso->stream->peer_stop_sending
4052 && !xso->requested_reset
4053 && !xso->conn->shutting_down;
4054 }
4055
4056 /* Do we have the EC (exception: connection) condition? */
4057 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)4058 static int test_poll_event_ec(QUIC_CONNECTION *qc)
4059 {
4060 return ossl_quic_channel_is_term_any(qc->ch);
4061 }
4062
4063 /* Do we have the ECD (exception: connection drained) condition? */
4064 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)4065 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
4066 {
4067 return ossl_quic_channel_is_terminated(qc->ch);
4068 }
4069
4070 /* Do we have the IS (incoming: stream) condition? */
4071 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)4072 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
4073 {
4074 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
4075 is_uni);
4076 }
4077
4078 /* Do we have the OS (outgoing: stream) condition? */
4079 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)4080 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
4081 {
4082 /* Is it currently possible for us to make an outgoing stream? */
4083 return quic_mutation_allowed(qc, /*req_active=*/1)
4084 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
4085 }
4086
4087 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)4088 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
4089 uint64_t *p_revents)
4090 {
4091 QCTX ctx;
4092 uint64_t revents = 0;
4093
4094 if (!expect_quic(ssl, &ctx))
4095 return 0;
4096
4097 quic_lock(ctx.qc);
4098
4099 if (do_tick)
4100 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
4101
4102 if (ctx.xso != NULL) {
4103 /* SSL object has a stream component. */
4104
4105 if ((events & SSL_POLL_EVENT_R) != 0
4106 && test_poll_event_r(ctx.xso))
4107 revents |= SSL_POLL_EVENT_R;
4108
4109 if ((events & SSL_POLL_EVENT_ER) != 0
4110 && test_poll_event_er(ctx.xso))
4111 revents |= SSL_POLL_EVENT_ER;
4112
4113 if ((events & SSL_POLL_EVENT_W) != 0
4114 && test_poll_event_w(ctx.xso))
4115 revents |= SSL_POLL_EVENT_W;
4116
4117 if ((events & SSL_POLL_EVENT_EW) != 0
4118 && test_poll_event_ew(ctx.xso))
4119 revents |= SSL_POLL_EVENT_EW;
4120 }
4121
4122 if (!ctx.is_stream) {
4123 if ((events & SSL_POLL_EVENT_EC) != 0
4124 && test_poll_event_ec(ctx.qc))
4125 revents |= SSL_POLL_EVENT_EC;
4126
4127 if ((events & SSL_POLL_EVENT_ECD) != 0
4128 && test_poll_event_ecd(ctx.qc))
4129 revents |= SSL_POLL_EVENT_ECD;
4130
4131 if ((events & SSL_POLL_EVENT_ISB) != 0
4132 && test_poll_event_is(ctx.qc, /*uni=*/0))
4133 revents |= SSL_POLL_EVENT_ISB;
4134
4135 if ((events & SSL_POLL_EVENT_ISU) != 0
4136 && test_poll_event_is(ctx.qc, /*uni=*/1))
4137 revents |= SSL_POLL_EVENT_ISU;
4138
4139 if ((events & SSL_POLL_EVENT_OSB) != 0
4140 && test_poll_event_os(ctx.qc, /*uni=*/0))
4141 revents |= SSL_POLL_EVENT_OSB;
4142
4143 if ((events & SSL_POLL_EVENT_OSU) != 0
4144 && test_poll_event_os(ctx.qc, /*uni=*/1))
4145 revents |= SSL_POLL_EVENT_OSU;
4146 }
4147
4148 quic_unlock(ctx.qc);
4149 *p_revents = revents;
4150 return 1;
4151 }
4152
4153 /*
4154 * Internal Testing APIs
4155 * =====================
4156 */
4157
ossl_quic_conn_get_channel(SSL * s)4158 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
4159 {
4160 QCTX ctx;
4161
4162 if (!expect_quic_conn_only(s, &ctx))
4163 return NULL;
4164
4165 return ctx.qc->ch;
4166 }
4167
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)4168 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
4169 {
4170 #ifndef OPENSSL_NO_QLOG
4171 OPENSSL_free(ctx->qlog_title);
4172 ctx->qlog_title = NULL;
4173
4174 if (title == NULL)
4175 return 1;
4176
4177 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
4178 return 0;
4179 #endif
4180
4181 return 1;
4182 }
4183
