1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/hashfunc.h"
16 #include "internal/ssl_unwrap.h"
17 #include "internal/quic_tls.h"
18 #include "internal/quic_rx_depack.h"
19 #include "internal/quic_error.h"
20 #include "internal/quic_engine.h"
21 #include "internal/quic_port.h"
22 #include "internal/quic_reactor_wait_ctx.h"
23 #include "internal/time.h"
24
25 typedef struct qctx_st QCTX;
26
27 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock);
28 static void aon_write_finish(QUIC_XSO *xso);
29 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx);
30 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
31 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch);
32 static int qc_try_create_default_xso_for_write(QCTX *ctx);
33 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
34 static void qctx_lock(QCTX *qctx);
35 static void qctx_unlock(QCTX *qctx);
36 static void qctx_lock_for_io(QCTX *ctx);
37 static int quic_do_handshake(QCTX *ctx);
38 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
39 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
40 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
41 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
42 int touch, QUIC_XSO **old_xso);
43 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
44 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
45 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
46 static void qctx_maybe_autotick(QCTX *ctx);
47 static int qctx_should_autotick(QCTX *ctx);
48
49 /*
50 * QCTX is a utility structure which provides information we commonly wish to
51 * unwrap upon an API call being dispatched to us, namely:
52 *
53 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
54 * was passed);
55 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
56 * a QCSO with a default stream was passed);
57 * - whether a QSSO was passed (xso == NULL must not be used to determine this
58 * because it may be non-NULL when a QCSO is passed if that QCSO has a
59 * default stream);
60 * - a pointer to a QUIC_LISTENER object, if one is relevant;
61 * - whether we are in "I/O context", meaning that non-normal errors can
62 * be reported via SSL_get_error() as well as via ERR. Functions such as
63 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
64 * functions which are allowed to change the value returned by
65 * SSL_get_error. However, other functions (including functions which call
66 * SSL_do_handshake() implicitly) are not allowed to change the return value
67 * of SSL_get_error.
68 */
69 struct qctx_st {
70 QUIC_OBJ *obj;
71 QUIC_DOMAIN *qd;
72 QUIC_LISTENER *ql;
73 QUIC_CONNECTION *qc;
74 QUIC_XSO *xso;
75 int is_stream, is_listener, is_domain, in_io;
76 };
77
78 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)79 static void quic_set_last_error(QCTX *ctx, int last_error)
80 {
81 if (!ctx->in_io)
82 return;
83
84 if (ctx->is_stream && ctx->xso != NULL)
85 ctx->xso->last_error = last_error;
86 else if (!ctx->is_stream && ctx->qc != NULL)
87 ctx->qc->last_error = last_error;
88 }
89
90 /*
91 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
92 * rather than via ERR. Note that normal errors must always be raised while
93 * holding a lock.
94 */
95 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)96 static int quic_raise_normal_error(QCTX *ctx,
97 int err)
98 {
99 assert(ctx->in_io);
100 quic_set_last_error(ctx, err);
101
102 return 0;
103 }
104
105 /*
106 * Raise a 'non-normal' error, meaning any error that is not reported via
107 * SSL_get_error() and must be reported via ERR.
108 *
109 * qc should be provided if available. In exceptional circumstances when qc is
110 * not known NULL may be passed. This should generally only happen when an
111 * expect_...() function defined below fails, which generally indicates a
112 * dispatch error or caller error.
113 *
114 * ctx should be NULL if the connection lock is not held.
115 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)116 static int quic_raise_non_normal_error(QCTX *ctx,
117 const char *file,
118 int line,
119 const char *func,
120 int reason,
121 const char *fmt,
122 ...)
123 {
124 va_list args;
125
126 if (ctx != NULL) {
127 quic_set_last_error(ctx, SSL_ERROR_SSL);
128
129 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
130 ossl_quic_channel_restore_err_state(ctx->qc->ch);
131 }
132
133 ERR_new();
134 ERR_set_debug(file, line, func);
135
136 va_start(args, fmt);
137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
138 va_end(args);
139
140 return 0;
141 }
142
143 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
144 quic_raise_normal_error((ctx), (err))
145
146 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
147 quic_raise_non_normal_error((ctx), \
148 OPENSSL_FILE, OPENSSL_LINE, \
149 OPENSSL_FUNC, \
150 (reason), \
151 (msg))
152 /*
153 * Flags for expect_quic_as:
154 *
155 * QCTX_C
156 * The input SSL object may be a QCSO.
157 *
158 * QCTX_S
159 * The input SSL object may be a QSSO or a QCSO with a default stream
160 * attached.
161 *
162 * (Note this means there is no current way to require an SSL object with a
163 * QUIC stream which is not a QCSO; a QCSO with a default stream attached
164 * is always considered to satisfy QCTX_S.)
165 *
166 * QCTX_AUTO_S
167 * The input SSL object may be a QSSO or a QCSO with a default stream
168 * attached. If no default stream is currently attached to a QCSO,
169 * one may be auto-created if possible.
170 *
171 * If QCTX_REMOTE_INIT is set, an auto-created default XSO is
172 * initiated by the remote party (i.e., local party reads first).
173 *
174 * If it is not set, an auto-created default XSO is
175 * initiated by the local party (i.e., local party writes first).
176 *
177 * QCTX_L
178 * The input SSL object may be a QLSO.
179 *
180 * QCTX_LOCK
181 * If and only if the function returns successfully, the ctx
182 * is guaranteed to be locked.
183 *
184 * QCTX_IO
185 * Begin an I/O context. If not set, begins a non-I/O context.
186 * This determines whether SSL_get_error() is updated; the value it returns
187 * is modified only by an I/O call.
188 *
189 * QCTX_NO_ERROR
190 * Don't raise an error if the object type is wrong. Should not be used in
191 * conjunction with any flags that may raise errors not related to a wrong
192 * object type.
193 */
194 #define QCTX_C (1U << 0)
195 #define QCTX_S (1U << 1)
196 #define QCTX_L (1U << 2)
197 #define QCTX_AUTO_S (1U << 3)
198 #define QCTX_REMOTE_INIT (1U << 4)
199 #define QCTX_LOCK (1U << 5)
200 #define QCTX_IO (1U << 6)
201 #define QCTX_D (1U << 7)
202 #define QCTX_NO_ERROR (1U << 8)
203
204 /*
205 * Called when expect_quic failed. Used to diagnose why such a call failed and
206 * raise a reasonable error code based on the configured preconditions in flags.
207 */
wrong_type(const SSL * s,uint32_t flags)208 static int wrong_type(const SSL *s, uint32_t flags)
209 {
210 const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D;
211 int code = ERR_R_UNSUPPORTED;
212
213 if ((flags & QCTX_NO_ERROR) != 0)
214 return 1;
215 else if ((flags & mask) == QCTX_D)
216 code = SSL_R_DOMAIN_USE_ONLY;
217 else if ((flags & mask) == QCTX_L)
218 code = SSL_R_LISTENER_USE_ONLY;
219 else if ((flags & mask) == QCTX_C)
220 code = SSL_R_CONN_USE_ONLY;
221 else if ((flags & mask) == QCTX_S
222 || (flags & mask) == (QCTX_C | QCTX_S))
223 code = SSL_R_NO_STREAM;
224
225 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, code, NULL);
226 }
227
228 /*
229 * Given a QDSO, QCSO, QSSO or QLSO, initialises a QCTX, determining the
230 * contextually applicable QUIC_LISTENER, QUIC_CONNECTION and QUIC_XSO
231 * pointers.
232 *
233 * After this returns 1, all fields of the passed QCTX are initialised.
234 * Returns 0 on failure. This function is intended to be used to provide API
235 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure
236 * unless the QCTX_NO_ERROR flag is set.
237 *
238 * The flags argument controls the preconditions and postconditions of this
239 * function. See above for the different flags.
240 *
241 * The fields of a QCTX are initialised as follows depending on the identity of
242 * the SSL object, and assuming the preconditions demanded by the flags field as
243 * described above are met:
244 *
245 * QDSO QLSO QCSO QSSO
246 * qd non-NULL maybe maybe maybe
247 * ql NULL non-NULL maybe maybe
248 * qc NULL NULL non-NULL non-NULL
249 * xso NULL NULL maybe non-NULL
250 * is_stream 0 0 0 1
251 * is_listener 0 1 0 0
252 * is_domain 1 0 0 0
253 *
254 */
expect_quic_as(const SSL * s,QCTX * ctx,uint32_t flags)255 static int expect_quic_as(const SSL *s, QCTX *ctx, uint32_t flags)
256 {
257 int ok = 0, locked = 0, lock_requested = ((flags & QCTX_LOCK) != 0);
258 QUIC_DOMAIN *qd;
259 QUIC_LISTENER *ql;
260 QUIC_CONNECTION *qc;
261 QUIC_XSO *xso;
262
263 if ((flags & QCTX_AUTO_S) != 0)
264 flags |= QCTX_S;
265
266 ctx->obj = NULL;
267 ctx->qd = NULL;
268 ctx->ql = NULL;
269 ctx->qc = NULL;
270 ctx->xso = NULL;
271 ctx->is_stream = 0;
272 ctx->is_listener = 0;
273 ctx->is_domain = 0;
274 ctx->in_io = ((flags & QCTX_IO) != 0);
275
276 if (s == NULL) {
277 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
278 goto err;
279 }
280
281 switch (s->type) {
282 case SSL_TYPE_QUIC_DOMAIN:
283 if ((flags & QCTX_D) == 0) {
284 wrong_type(s, flags);
285 goto err;
286 }
287
288 qd = (QUIC_DOMAIN *)s;
289 ctx->obj = &qd->obj;
290 ctx->qd = qd;
291 ctx->is_domain = 1;
292 break;
293
294 case SSL_TYPE_QUIC_LISTENER:
295 if ((flags & QCTX_L) == 0) {
296 wrong_type(s, flags);
297 goto err;
298 }
299
300 ql = (QUIC_LISTENER *)s;
301 ctx->obj = &ql->obj;
302 ctx->qd = ql->domain;
303 ctx->ql = ql;
304 ctx->is_listener = 1;
305 break;
306
307 case SSL_TYPE_QUIC_CONNECTION:
308 qc = (QUIC_CONNECTION *)s;
309 ctx->obj = &qc->obj;
310 ctx->qd = qc->domain;
311 ctx->ql = qc->listener; /* never changes, so can be read without lock */
312 ctx->qc = qc;
313
314 if ((flags & QCTX_AUTO_S) != 0) {
315 if ((flags & QCTX_IO) != 0)
316 qctx_lock_for_io(ctx);
317 else
318 qctx_lock(ctx);
319
320 locked = 1;
321 }
322
323 if ((flags & QCTX_AUTO_S) != 0 && qc->default_xso == NULL) {
324 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
326 goto err;
327 }
328
329 /* If we haven't finished the handshake, try to advance it. */
330 if (quic_do_handshake(ctx) < 1)
331 /* ossl_quic_do_handshake raised error here */
332 goto err;
333
334 if ((flags & QCTX_REMOTE_INIT) != 0) {
335 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
336 goto err;
337 } else {
338 if (!qc_try_create_default_xso_for_write(ctx))
339 goto err;
340 }
341 }
342
343 if ((flags & QCTX_C) == 0
344 && (qc->default_xso == NULL || (flags & QCTX_S) == 0)) {
345 wrong_type(s, flags);
346 goto err;
347 }
348
349 ctx->xso = qc->default_xso;
350 break;
351
352 case SSL_TYPE_QUIC_XSO:
353 if ((flags & QCTX_S) == 0) {
354 wrong_type(s, flags);
355 goto err;
356 }
357
358 xso = (QUIC_XSO *)s;
359 ctx->obj = &xso->obj;
360 ctx->qd = xso->conn->domain;
361 ctx->ql = xso->conn->listener;
362 ctx->qc = xso->conn;
363 ctx->xso = xso;
364 ctx->is_stream = 1;
365 break;
366
367 default:
368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
369 goto err;
370 }
371
372 if (lock_requested && !locked) {
373 if ((flags & QCTX_IO) != 0)
374 qctx_lock_for_io(ctx);
375 else
376 qctx_lock(ctx);
377
378 locked = 1;
379 }
380
381 ok = 1;
382 err:
383 if (locked && (!ok || !lock_requested))
384 qctx_unlock(ctx);
385
386 return ok;
387 }
388
is_quic_c(const SSL * s,QCTX * ctx,int raiseerrs)389 static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs)
390 {
391 uint32_t flags = QCTX_C;
392
393 if (!raiseerrs)
394 flags |= QCTX_NO_ERROR;
395 return expect_quic_as(s, ctx, flags);
396 }
397
398 /* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */
is_quic_cs(const SSL * s,QCTX * ctx,int raiseerrs)399 static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs)
400 {
401 uint32_t flags = QCTX_C | QCTX_S;
402
403 if (!raiseerrs)
404 flags |= QCTX_NO_ERROR;
405 return expect_quic_as(s, ctx, flags);
406 }
407
expect_quic_cs(const SSL * s,QCTX * ctx)408 static int expect_quic_cs(const SSL *s, QCTX *ctx)
409 {
410 return expect_quic_as(s, ctx, QCTX_C | QCTX_S);
411 }
412
expect_quic_csl(const SSL * s,QCTX * ctx)413 static int expect_quic_csl(const SSL *s, QCTX *ctx)
414 {
415 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L);
416 }
417
expect_quic_csld(const SSL * s,QCTX * ctx)418 static int expect_quic_csld(const SSL *s, QCTX *ctx)
419 {
420 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L | QCTX_D);
421 }
422
423 #define expect_quic_any expect_quic_csld
424
expect_quic_listener(const SSL * s,QCTX * ctx)425 static int expect_quic_listener(const SSL *s, QCTX *ctx)
426 {
427 return expect_quic_as(s, ctx, QCTX_L);
428 }
429
expect_quic_domain(const SSL * s,QCTX * ctx)430 static int expect_quic_domain(const SSL *s, QCTX *ctx)
431 {
432 return expect_quic_as(s, ctx, QCTX_D);
433 }
434
435 /*
436 * Like expect_quic_cs(), but requires a QUIC_XSO be contextually available. In
437 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
438 * stream.
439 *
440 * remote_init determines if we expect the default XSO to be remotely created or
441 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
442 *
443 * Channel mutex is acquired and retained on success.
444 */
445 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)446 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
447 int in_io, QCTX *ctx)
448 {
449 uint32_t flags = QCTX_S | QCTX_LOCK;
450
451 if (remote_init >= 0)
452 flags |= QCTX_AUTO_S;
453
454 if (remote_init > 0)
455 flags |= QCTX_REMOTE_INIT;
456
457 if (in_io)
458 flags |= QCTX_IO;
459
460 return expect_quic_as(s, ctx, flags);
461 }
462
463 /*
464 * Like expect_quic_cs(), but fails if called on a QUIC_XSO. ctx->xso may still
465 * be non-NULL if the QCSO has a default stream.
466 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)467 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
468 {
469 return expect_quic_as(s, ctx, QCTX_C);
470 }
471
472 /*
473 * Ensures that the domain mutex is held for a method which touches channel
474 * state.
475 *
476 * Precondition: Domain mutex is not held (unchecked)
477 */
qctx_lock(QCTX * ctx)478 static void qctx_lock(QCTX *ctx)
479 {
480 #if defined(OPENSSL_THREADS)
481 assert(ctx->obj != NULL);
482 ossl_crypto_mutex_lock(ossl_quic_obj_get0_mutex(ctx->obj));
483 #endif
484 }
485
486 /* Precondition: Channel mutex is held (unchecked) */
487 QUIC_NEEDS_LOCK
qctx_unlock(QCTX * ctx)488 static void qctx_unlock(QCTX *ctx)
489 {
490 #if defined(OPENSSL_THREADS)
491 assert(ctx->obj != NULL);
492 ossl_crypto_mutex_unlock(ossl_quic_obj_get0_mutex(ctx->obj));
493 #endif
494 }
495
qctx_lock_for_io(QCTX * ctx)496 static void qctx_lock_for_io(QCTX *ctx)
497 {
498 qctx_lock(ctx);
499 ctx->in_io = 1;
500
501 /*
502 * We are entering an I/O function so we must update the values returned by
503 * SSL_get_error and SSL_want. Set no error. This will be overridden later
504 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
505 * occurs during the API call.
506 */
507 quic_set_last_error(ctx, SSL_ERROR_NONE);
508 }
509
510 /*
511 * This predicate is the criterion which should determine API call rejection for
512 * *most* mutating API calls, particularly stream-related operations for send
513 * parts.
514 *
515 * A call is rejected (this function returns 0) if shutdown is in progress
516 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
517 * req_active=1, the connection must be active (i.e., the IDLE state is also
518 * rejected).
519 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)520 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
521 {
522 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
523 return 0;
524
525 if (req_active && !ossl_quic_channel_is_active(qc->ch))
526 return 0;
527
528 return 1;
529 }
530
qctx_is_top_level(QCTX * ctx)531 static int qctx_is_top_level(QCTX *ctx)
532 {
533 return ctx->obj->parent_obj == NULL;
534 }
535
qctx_blocking(QCTX * ctx)536 static int qctx_blocking(QCTX *ctx)
537 {
538 return ossl_quic_obj_blocking(ctx->obj);
539 }
540
541 /*
542 * Block until a predicate is met.
543 *
544 * Precondition: Must have a channel.
545 * Precondition: Must hold channel lock (unchecked).
546 */
547 QUIC_NEEDS_LOCK
block_until_pred(QCTX * ctx,int (* pred)(void * arg),void * pred_arg,uint32_t flags)548 static int block_until_pred(QCTX *ctx,
549 int (*pred)(void *arg), void *pred_arg,
550 uint32_t flags)
551 {
552 QUIC_ENGINE *qeng;
553 QUIC_REACTOR *rtor;
554
555 qeng = ossl_quic_obj_get0_engine(ctx->obj);
556 assert(qeng != NULL);
557
558 /*
559 * Any attempt to block auto-disables tick inhibition as otherwise we will
560 * hang around forever.
561 */
562 ossl_quic_engine_set_inhibit_tick(qeng, 0);
563
564 rtor = ossl_quic_engine_get0_reactor(qeng);
565 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags);
566 }
567
568 /*
569 * QUIC Front-End I/O API: Initialization
570 * ======================================
571 *
572 * SSL_new => ossl_quic_new
573 * ossl_quic_init
574 * SSL_reset => ossl_quic_reset
575 * SSL_clear => ossl_quic_clear
576 * ossl_quic_deinit
577 * SSL_free => ossl_quic_free
578 *
579 * SSL_set_options => ossl_quic_set_options
580 * SSL_get_options => ossl_quic_get_options
581 * SSL_clear_options => ossl_quic_clear_options
582 *
583 */
584
585 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)586 SSL *ossl_quic_new(SSL_CTX *ctx)
587 {
588 QUIC_CONNECTION *qc = NULL;
589 SSL_CONNECTION *sc = NULL;
590
591 /*
592 * QUIC_server_method should not be used with SSL_new.
593 * It should only be used with SSL_new_listener.
594 */
595 if (ctx->method == OSSL_QUIC_server_method()) {
596 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
597 return NULL;
598 }
599
600 qc = OPENSSL_zalloc(sizeof(*qc));
601 if (qc == NULL) {
602 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
603 return NULL;
604 }
605
606 /* Create the QUIC domain mutex. */
607 #if defined(OPENSSL_THREADS)
608 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
609 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
610 goto err;
611 }
612 #endif
613
614 /* Create the handshake layer. */
615 qc->tls = ossl_ssl_connection_new_int(ctx, &qc->obj.ssl, TLS_method());
616 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
617 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
618 goto err;
619 }
620
621 /* override the user_ssl of the inner connection */
622 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
623
624 /* Restrict options derived from the SSL_CTX. */
625 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
626 sc->pha_enabled = 0;
627
628 /* Determine mode of operation. */
629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
630 qc->is_thread_assisted
631 = ((ctx->domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
632 #endif
633
634 qc->as_server = 0;
635 qc->as_server_state = qc->as_server;
636
637 if (!create_channel(qc, ctx))
638 goto err;
639
640 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, &qc->obj.ssl);
641 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
642
643 /* Initialise the QUIC_CONNECTION's QUIC_OBJ base. */
644 if (!ossl_quic_obj_init(&qc->obj, ctx, SSL_TYPE_QUIC_CONNECTION, NULL,
645 qc->engine, qc->port)) {
646 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
647 goto err;
648 }
649
650 /* Initialise libssl APL-related state. */
651 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
652 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
653 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
654 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
655 qc->last_error = SSL_ERROR_NONE;
656
657 qc_update_reject_policy(qc);
658
659 /*
660 * We do not create the default XSO yet. The reason for this is that the
661 * stream ID of the default XSO will depend on whether the stream is client
662 * or server-initiated, which depends on who transmits first. Since we do
663 * not know whether the application will be using a client-transmits-first
664 * or server-transmits-first protocol, we defer default XSO creation until
665 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
666 * we take that as a cue that the client is expecting a server-initiated
667 * stream, and vice versa if SSL_write() is called first.
668 */
669 return &qc->obj.ssl;
670
671 err:
672 if (qc != NULL) {
673 qc_cleanup(qc, /*have_lock=*/0);
674 OPENSSL_free(qc);
675 }
676 return NULL;
677 }
678
679 QUIC_NEEDS_LOCK
quic_unref_port_bios(QUIC_PORT * port)680 static void quic_unref_port_bios(QUIC_PORT *port)
681 {
682 BIO *b;
683
684 b = ossl_quic_port_get_net_rbio(port);
685 BIO_free_all(b);
686
687 b = ossl_quic_port_get_net_wbio(port);
688 BIO_free_all(b);
689 }
690
691 QUIC_NEEDS_LOCK
qc_cleanup(QUIC_CONNECTION * qc,int have_lock)692 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock)
693 {
694 SSL_free(qc->tls);
695 qc->tls = NULL;
696
697 ossl_quic_channel_free(qc->ch);
698 qc->ch = NULL;
699
700 if (qc->port != NULL && qc->listener == NULL && qc->pending == 0) { /* TODO */
701 quic_unref_port_bios(qc->port);
702 ossl_quic_port_free(qc->port);
703 qc->port = NULL;
704
705 ossl_quic_engine_free(qc->engine);
706 qc->engine = NULL;
707 }
708
709 #if defined(OPENSSL_THREADS)
710 if (have_lock)
711 /* tsan doesn't like freeing locked mutexes */
712 ossl_crypto_mutex_unlock(qc->mutex);
713
714 if (qc->listener == NULL && qc->pending == 0)
715 ossl_crypto_mutex_free(&qc->mutex);
716 #endif
717 }
718
719 /* SSL_free */
720 QUIC_TAKES_LOCK
quic_free_listener(QCTX * ctx)721 static void quic_free_listener(QCTX *ctx)
722 {
723 quic_unref_port_bios(ctx->ql->port);
724 ossl_quic_port_drop_incoming(ctx->ql->port);
725 ossl_quic_port_free(ctx->ql->port);
726
727 if (ctx->ql->domain == NULL) {
728 ossl_quic_engine_free(ctx->ql->engine);
729 #if defined(OPENSSL_THREADS)
730 ossl_crypto_mutex_free(&ctx->ql->mutex);
731 #endif
732 } else {
733 SSL_free(&ctx->ql->domain->obj.ssl);
734 }
735 }
736
737 /* SSL_free */
738 QUIC_TAKES_LOCK
quic_free_domain(QCTX * ctx)739 static void quic_free_domain(QCTX *ctx)
740 {
741 ossl_quic_engine_free(ctx->qd->engine);
742 #if defined(OPENSSL_THREADS)
743 ossl_crypto_mutex_free(&ctx->qd->mutex);
744 #endif
745 }
746
747 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)748 void ossl_quic_free(SSL *s)
749 {
750 QCTX ctx;
751 int is_default;
752
753 /* We should never be called on anything but a QSO. */
754 if (!expect_quic_any(s, &ctx))
755 return;
756
757 if (ctx.is_domain) {
758 quic_free_domain(&ctx);
759 return;
760 }
761
762 if (ctx.is_listener) {
763 quic_free_listener(&ctx);
764 return;
765 }
766
767 qctx_lock(&ctx);
768
769 if (ctx.is_stream) {
770 /*
771 * When a QSSO is freed, the XSO is freed immediately, because the XSO
772 * itself only contains API personality layer data. However the
773 * underlying QUIC_STREAM is not freed immediately but is instead marked
774 * as deleted for later collection.
775 */
776
777 assert(ctx.qc->num_xso > 0);
778 --ctx.qc->num_xso;
779
780 /* If a stream's send part has not been finished, auto-reset it. */
781 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
782 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
783 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
784 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
785 ctx.xso->stream, 0);
786
787 /* Do STOP_SENDING for the receive part, if applicable. */
788 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
789 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
790 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
791 ctx.xso->stream, 0);
792
793 /* Update stream state. */
794 ctx.xso->stream->deleted = 1;
795 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
796 ctx.xso->stream);
797
798 is_default = (ctx.xso == ctx.qc->default_xso);
799 qctx_unlock(&ctx);
800
801 /*
802 * Unref the connection in most cases; the XSO has a ref to the QC and
803 * not vice versa. But for a default XSO, to avoid circular references,
804 * the QC refs the XSO but the XSO does not ref the QC. If we are the
805 * default XSO, we only get here when the QC is being torn down anyway,
806 * so don't call SSL_free(qc) as we are already in it.
807 */
808 if (!is_default)
809 SSL_free(&ctx.qc->obj.ssl);
810
811 /* Note: SSL_free calls OPENSSL_free(xso) for us */
812 return;
813 }
814
815 /*
816 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
817 * stage, but is freed during the channel free when the whole QSM is freed.
818 */
819 if (ctx.qc->default_xso != NULL) {
820 QUIC_XSO *xso = ctx.qc->default_xso;
821
822 qctx_unlock(&ctx);
823 SSL_free(&xso->obj.ssl);
824 qctx_lock(&ctx);
825 ctx.qc->default_xso = NULL;
826 }
827
828 /* Ensure we have no remaining XSOs. */
829 assert(ctx.qc->num_xso == 0);
830
831 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
832 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
833 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
834 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
835 }
836 #endif
837
838 /*
839 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
840 * us
841 */
842 qc_cleanup(ctx.qc, /*have_lock=*/1);
843 /* Note: SSL_free calls OPENSSL_free(qc) for us */
844
845 if (ctx.qc->listener != NULL)
846 SSL_free(&ctx.qc->listener->obj.ssl);
847 if (ctx.qc->domain != NULL)
848 SSL_free(&ctx.qc->domain->obj.ssl);
849 }
850
851 /* SSL method init */
ossl_quic_init(SSL * s)852 int ossl_quic_init(SSL *s)
853 {
854 /* Same op as SSL_clear, forward the call. */
855 return ossl_quic_clear(s);
856 }
857
858 /* SSL method deinit */
ossl_quic_deinit(SSL * s)859 void ossl_quic_deinit(SSL *s)
860 {
861 /* No-op. */
862 }
863
864 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)865 int ossl_quic_reset(SSL *s)
866 {
867 QCTX ctx;
868
869 if (!expect_quic_any(s, &ctx))
870 return 0;
871
872 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
873 return 0;
874 }
875
876 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)877 int ossl_quic_clear(SSL *s)
878 {
879 QCTX ctx;
880
881 if (!expect_quic_any(s, &ctx))
882 return 0;
883
884 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
885 return 0;
886 }
887
ossl_quic_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)888 int ossl_quic_set_override_now_cb(SSL *s,
889 OSSL_TIME (*now_cb)(void *arg),
890 void *now_cb_arg)
891 {
892 QCTX ctx;
893
894 if (!expect_quic_any(s, &ctx))
895 return 0;
896
897 qctx_lock(&ctx);
898
899 ossl_quic_engine_set_time_cb(ctx.obj->engine, now_cb, now_cb_arg);
900
901 qctx_unlock(&ctx);
902 return 1;
903 }
904
ossl_quic_conn_force_assist_thread_wake(SSL * s)905 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
906 {
907 QCTX ctx;
908
909 if (!expect_quic_conn_only(s, &ctx))
910 return;
911
912 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
913 if (ctx.qc->is_thread_assisted && ctx.qc->started)
914 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
915 #endif
916 }
917
918 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)919 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
920 {
921 qc->default_xso_created = 1;
922 qc_update_reject_policy(qc);
923 }
924
925 /*
926 * Changes default XSO. Allows caller to keep reference to the old default XSO
927 * (if any). Reference to new XSO is transferred from caller.
928 */
929 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)930 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
931 int touch,
932 QUIC_XSO **old_xso)
933 {
934 int refs;
935
936 *old_xso = NULL;
937
938 if (qc->default_xso != xso) {
939 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
940
941 qc->default_xso = xso;
942
943 if (xso == NULL) {
944 /*
945 * Changing to not having a default XSO. XSO becomes standalone and
946 * now has a ref to the QC.
947 */
948 if (!ossl_assert(SSL_up_ref(&qc->obj.ssl)))
949 return;
950 } else {
951 /*
952 * Changing from not having a default XSO to having one. The new XSO
953 * will have had a reference to the QC we need to drop to avoid a
954 * circular reference.
955 *
956 * Currently we never change directly from one default XSO to
957 * another, though this function would also still be correct if this
958 * weren't the case.
959 */
960 assert(*old_xso == NULL);
961
962 CRYPTO_DOWN_REF(&qc->obj.ssl.references, &refs);
963 assert(refs > 0);
964 }
965 }
966
967 if (touch)
968 qc_touch_default_xso(qc);
969 }
970
971 /*
972 * Changes default XSO, releasing the reference to any previous default XSO.
973 * Reference to new XSO is transferred from caller.
974 */
975 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)976 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
977 {
978 QUIC_XSO *old_xso = NULL;
979
980 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
981
982 if (old_xso != NULL)
983 SSL_free(&old_xso->obj.ssl);
984 }
985
986 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)987 static void xso_update_options(QUIC_XSO *xso)
988 {
989 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
990
991 if (xso->stream->rstream != NULL)
992 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
993
994 if (xso->stream->sstream != NULL)
995 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
996 }
997
998 /*
999 * SSL_set_options
1000 * ---------------
1001 *
1002 * Setting options on a QCSO
1003 * - configures the handshake-layer options;
1004 * - configures the default data-plane options for new streams;
1005 * - configures the data-plane options on the default XSO, if there is one.
1006 *
1007 * Setting options on a QSSO
1008 * - configures data-plane options for that stream only.
1009 */
1010 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)1011 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
1012 {
1013 QCTX ctx;
1014 uint64_t hs_mask_value, hs_or_value, ret;
1015
1016 if (!expect_quic_cs(ssl, &ctx))
1017 return 0;
1018
1019 qctx_lock(&ctx);
1020
1021 if (!ctx.is_stream) {
1022 /*
1023 * If we were called on the connection, we apply any handshake option
1024 * changes.
1025 */
1026 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1027 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1028
1029 SSL_clear_options(ctx.qc->tls, hs_mask_value);
1030 SSL_set_options(ctx.qc->tls, hs_or_value);
1031
1032 /* Update defaults for new streams. */
1033 ctx.qc->default_ssl_options
1034 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
1035 & OSSL_QUIC_PERMITTED_OPTIONS;
1036 }
1037
1038 ret = ctx.qc->default_ssl_options;
1039 if (ctx.xso != NULL) {
1040 ctx.xso->ssl_options
1041 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
1042 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1043
1044 xso_update_options(ctx.xso);
1045
1046 if (ctx.is_stream)
1047 ret = ctx.xso->ssl_options;
1048 }
1049
1050 qctx_unlock(&ctx);
1051 return ret;
1052 }
1053
ossl_quic_set_options(SSL * ssl,uint64_t options)1054 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
1055 {
1056 return quic_mask_or_options(ssl, 0, options);
1057 }
1058
1059 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)1060 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
1061 {
1062 return quic_mask_or_options(ssl, options, 0);
1063 }
1064
1065 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)1066 uint64_t ossl_quic_get_options(const SSL *ssl)
1067 {
1068 return quic_mask_or_options((SSL *)ssl, 0, 0);
1069 }
1070
1071 /*
1072 * QUIC Front-End I/O API: Network BIO Configuration
1073 * =================================================
1074 *
1075 * Handling the different BIOs is difficult:
1076 *
1077 * - It is more or less a requirement that we use non-blocking network I/O;
1078 * we need to be able to have timeouts on recv() calls, and make best effort
1079 * (non blocking) send() and recv() calls.
1080 *
1081 * The only sensible way to do this is to configure the socket into
1082 * non-blocking mode. We could try to do select() before calling send() or
1083 * recv() to get a guarantee that the call will not block, but this will
1084 * probably run into issues with buggy OSes which generate spurious socket
1085 * readiness events. In any case, relying on this to work reliably does not
1086 * seem sane.
1087 *
1088 * Timeouts could be handled via setsockopt() socket timeout options, but
1089 * this depends on OS support and adds another syscall to every network I/O
1090 * operation. It also has obvious thread safety concerns if we want to move
1091 * to concurrent use of a single socket at some later date.
1092 *
1093 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
1094 * be made non-blocking. However some OSes (e.g. Windows) do not support
1095 * this, so we cannot rely on this.
1096 *
1097 * As such, we need to configure any FD in non-blocking mode. This may
1098 * confound users who pass a blocking socket to libssl. However, in practice
1099 * it would be extremely strange for a user of QUIC to pass an FD to us,
1100 * then also try and send receive traffic on the same socket(!). Thus the
1101 * impact of this should be limited, and can be documented.
1102 *
1103 * - We support both blocking and non-blocking operation in terms of the API
1104 * presented to the user. One prospect is to set the blocking mode based on
1105 * whether the socket passed to us was already in blocking mode. However,
1106 * Windows has no API for determining if a socket is in blocking mode (!),
1107 * therefore this cannot be done portably. Currently therefore we expose an
1108 * explicit API call to set this, and default to blocking mode.
1109 *
1110 * - We need to determine our initial destination UDP address. The "natural"
1111 * way for a user to do this is to set the peer variable on a BIO_dgram.
1112 * However, this has problems because BIO_dgram's peer variable is used for
1113 * both transmission and reception. This means it can be constantly being
1114 * changed to a malicious value (e.g. if some random unrelated entity on the
1115 * network starts sending traffic to us) on every read call. This is not a
1116 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
1117 * calls only, which do not use this variable. However, we do need to let
1118 * the user specify the peer in a 'normal' manner. The compromise here is
1119 * that we grab the current peer value set at the time the write BIO is set
1120 * and do not read the value again.
1121 *
1122 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
1123 * Currently we do this by only supporting non-blocking mode.
1124 *
1125 */
1126
1127 /*
1128 * Determines what initial destination UDP address we should use, if possible.
1129 * If this fails the client must set the destination address manually, or use a
1130 * BIO which does not need a destination address.
1131 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)1132 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
1133 {
1134 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
1135 return 0;
1136
1137 return 1;
1138 }
1139
1140 static int
quic_set0_net_rbio(QUIC_OBJ * obj,BIO * net_rbio)1141 quic_set0_net_rbio(QUIC_OBJ *obj, BIO *net_rbio)
1142 {
1143 QUIC_PORT *port;
1144 BIO *old_rbio = NULL;
1145
1146 port = ossl_quic_obj_get0_port(obj);
1147 old_rbio = ossl_quic_port_get_net_rbio(port);
1148 if (old_rbio == net_rbio)
1149 return 0;
1150
1151 if (!ossl_quic_port_set_net_rbio(port, net_rbio))
1152 return 0;
1153
1154 BIO_free_all(old_rbio);
1155 if (net_rbio != NULL)
1156 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
1157
1158 return 1;
1159 }
1160
1161 static int
quic_set0_net_wbio(QUIC_OBJ * obj,BIO * net_wbio)1162 quic_set0_net_wbio(QUIC_OBJ *obj, BIO *net_wbio)
1163 {
1164 QUIC_PORT *port;
1165 BIO *old_wbio = NULL;
1166
1167 port = ossl_quic_obj_get0_port(obj);
1168 old_wbio = ossl_quic_port_get_net_wbio(port);
1169 if (old_wbio == net_wbio)
1170 return 0;
1171
1172 if (!ossl_quic_port_set_net_wbio(port, net_wbio))
1173 return 0;
1174
1175 BIO_free_all(old_wbio);
1176 if (net_wbio != NULL)
1177 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
1178
1179 return 1;
1180 }
1181
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)1182 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
1183 {
1184 QCTX ctx;
1185
1186 if (!expect_quic_csl(s, &ctx))
1187 return;
1188
1189 /* Returns 0 if no change. */
1190 if (!quic_set0_net_rbio(ctx.obj, net_rbio))
1191 return;
1192 }
1193
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)1194 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
1195 {
1196 QCTX ctx;
1197
1198 if (!expect_quic_csl(s, &ctx))
1199 return;
1200
1201 /* Returns 0 if no change. */
1202 if (!quic_set0_net_wbio(ctx.obj, net_wbio))
1203 return;
1204 }
1205
ossl_quic_conn_get_net_rbio(const SSL * s)1206 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
1207 {
1208 QCTX ctx;
1209 QUIC_PORT *port;
1210
1211 if (!expect_quic_csl(s, &ctx))
1212 return NULL;
1213
1214 port = ossl_quic_obj_get0_port(ctx.obj);
1215 assert(port != NULL);
1216 return ossl_quic_port_get_net_rbio(port);
1217 }
1218
ossl_quic_conn_get_net_wbio(const SSL * s)1219 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
1220 {
1221 QCTX ctx;
1222 QUIC_PORT *port;
1223
1224 if (!expect_quic_csl(s, &ctx))
1225 return NULL;
1226
1227 port = ossl_quic_obj_get0_port(ctx.obj);
1228 assert(port != NULL);
1229 return ossl_quic_port_get_net_wbio(port);
1230 }
1231
ossl_quic_conn_get_blocking_mode(const SSL * s)1232 int ossl_quic_conn_get_blocking_mode(const SSL *s)
1233 {
1234 QCTX ctx;
1235
1236 if (!expect_quic_csl(s, &ctx))
1237 return 0;
1238
1239 return qctx_blocking(&ctx);
1240 }
1241
1242 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)1243 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
1244 {
1245 int ret = 0;
1246 unsigned int mode;
1247 QCTX ctx;
1248
1249 if (!expect_quic_csl(s, &ctx))
1250 return 0;
1251
1252 qctx_lock(&ctx);
1253
1254 /* Sanity check - can we support the request given the current network BIO? */
1255 if (blocking) {
1256 /*
1257 * If called directly on a top-level object (QCSO or QLSO), update our
1258 * information on network BIO capabilities.
1259 */
1260 if (qctx_is_top_level(&ctx))
1261 ossl_quic_engine_update_poll_descriptors(ctx.obj->engine, /*force=*/1);
1262
1263 /* Cannot enable blocking mode if we do not have pollable FDs. */
1264 if (!ossl_quic_obj_can_support_blocking(ctx.obj)) {
1265 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1266 goto out;
1267 }
1268 }
1269
1270 mode = (blocking != 0)
1271 ? QUIC_BLOCKING_MODE_BLOCKING
1272 : QUIC_BLOCKING_MODE_NONBLOCKING;
1273
1274 ossl_quic_obj_set_blocking_mode(ctx.obj, mode);
1275
1276 ret = 1;
1277 out:
1278 qctx_unlock(&ctx);
1279 return ret;
1280 }
1281
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1282 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1283 const BIO_ADDR *peer_addr)
1284 {
1285 QCTX ctx;
1286
1287 if (!expect_quic_cs(s, &ctx))
1288 return 0;
1289
1290 if (ctx.qc->started)
1291 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1292 NULL);
1293
1294 if (peer_addr == NULL) {
1295 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1296 return 1;
1297 }
1298
1299 return BIO_ADDR_copy(&ctx.qc->init_peer_addr, peer_addr);
1300 }
1301
1302 /*
1303 * QUIC Front-End I/O API: Asynchronous I/O Management
1304 * ===================================================
1305 *
1306 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1307 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1308 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1309 *
1310 */
1311
1312 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1313 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1314 int ossl_quic_handle_events(SSL *s)
1315 {
1316 QCTX ctx;
1317
1318 if (!expect_quic_any(s, &ctx))
1319 return 0;
1320
1321 qctx_lock(&ctx);
1322 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
1323 qctx_unlock(&ctx);
1324 return 1;
1325 }
1326
1327 /*
1328 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1329 * should next have events handled by the application by calling
1330 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1331 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1332 * the value of *tv is undefined.
1333 */
1334 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1335 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1336 {
1337 QCTX ctx;
1338 QUIC_REACTOR *reactor;
1339 OSSL_TIME deadline;
1340 OSSL_TIME basetime;
1341
1342 if (!expect_quic_any(s, &ctx))
1343 return 0;
1344
1345 qctx_lock(&ctx);
1346
1347 reactor = ossl_quic_obj_get0_reactor(ctx.obj);
1348 deadline = ossl_quic_reactor_get_tick_deadline(reactor);
1349
1350 if (ossl_time_is_infinite(deadline)) {
1351 qctx_unlock(&ctx);
1352 *is_infinite = 1;
1353
1354 /*
1355 * Robustness against faulty applications that don't check *is_infinite;
1356 * harmless long timeout.
1357 */
1358 tv->tv_sec = 1000000;
1359 tv->tv_usec = 0;
1360 return 1;
1361 }
1362
1363 basetime = ossl_quic_engine_get_time(ctx.obj->engine);
1364
1365 qctx_unlock(&ctx);
1366
1367 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, basetime));
1368 *is_infinite = 0;
1369
1370 return 1;
1371 }
1372
1373 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1374 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1375 {
1376 QCTX ctx;
1377 QUIC_PORT *port = NULL;
1378 BIO *net_rbio;
1379
1380 if (!expect_quic_csl(s, &ctx))
1381 return 0;
1382
1383 port = ossl_quic_obj_get0_port(ctx.obj);
1384 net_rbio = ossl_quic_port_get_net_rbio(port);
1385 if (desc == NULL || net_rbio == NULL)
1386 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1387 NULL);
1388
1389 return BIO_get_rpoll_descriptor(net_rbio, desc);
1390 }
1391
1392 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1393 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1394 {
1395 QCTX ctx;
1396 QUIC_PORT *port = NULL;
1397 BIO *net_wbio;
1398
1399 if (!expect_quic_csl(s, &ctx))
1400 return 0;
1401
1402 port = ossl_quic_obj_get0_port(ctx.obj);
1403 net_wbio = ossl_quic_port_get_net_wbio(port);
1404 if (desc == NULL || net_wbio == NULL)
1405 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1406 NULL);
1407
1408 return BIO_get_wpoll_descriptor(net_wbio, desc);
1409 }
1410
1411 /* SSL_net_read_desired */
1412 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1413 int ossl_quic_get_net_read_desired(SSL *s)
1414 {
1415 QCTX ctx;
1416 int ret;
1417
1418 if (!expect_quic_csl(s, &ctx))
1419 return 0;
1420
1421 qctx_lock(&ctx);
1422 ret = ossl_quic_reactor_net_read_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1423 qctx_unlock(&ctx);
1424 return ret;
1425 }
1426
1427 /* SSL_net_write_desired */
1428 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1429 int ossl_quic_get_net_write_desired(SSL *s)
1430 {
1431 int ret;
1432 QCTX ctx;
1433
1434 if (!expect_quic_csl(s, &ctx))
1435 return 0;
1436
1437 qctx_lock(&ctx);
1438 ret = ossl_quic_reactor_net_write_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1439 qctx_unlock(&ctx);
1440 return ret;
1441 }
1442
1443 /*
1444 * QUIC Front-End I/O API: Connection Lifecycle Operations
1445 * =======================================================
1446 *
1447 * SSL_do_handshake => ossl_quic_do_handshake
1448 * SSL_set_connect_state => ossl_quic_set_connect_state
1449 * SSL_set_accept_state => ossl_quic_set_accept_state
1450 * SSL_shutdown => ossl_quic_shutdown
1451 * SSL_ctrl => ossl_quic_ctrl
1452 * (BIO/)SSL_connect => ossl_quic_connect
1453 * (BIO/)SSL_accept => ossl_quic_accept
1454 *
1455 */
1456
1457 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1458 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1459 {
1460 QUIC_STREAM_MAP *qsm;
1461
1462 if (qc->shutting_down)
1463 return;
1464
1465 qsm = ossl_quic_channel_get_qsm(qc->ch);
1466
1467 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1468 qc->shutting_down = 1;
1469 }
1470
1471 /* Returns 1 if all shutdown-flush streams have been done with. */
1472 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1473 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1474 {
1475 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1476
1477 return qc->shutting_down
1478 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1479 }
1480
1481 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1482 static int quic_shutdown_wait(void *arg)
1483 {
1484 QUIC_CONNECTION *qc = arg;
1485
1486 return ossl_quic_channel_is_terminated(qc->ch);
1487 }
1488
1489 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1490 static int quic_shutdown_flush_wait(void *arg)
1491 {
1492 QUIC_CONNECTION *qc = arg;
1493
1494 return ossl_quic_channel_is_term_any(qc->ch)
1495 || qc_shutdown_flush_finished(qc);
1496 }
1497
quic_shutdown_peer_wait(void * arg)1498 static int quic_shutdown_peer_wait(void *arg)
1499 {
1500 QUIC_CONNECTION *qc = arg;
1501 return ossl_quic_channel_is_term_any(qc->ch);
1502 }
1503
1504 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1505 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1506 const SSL_SHUTDOWN_EX_ARGS *args,
1507 size_t args_len)
1508 {
1509 int ret;
1510 QCTX ctx;
1511 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1512 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1513 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1514
1515 if (!expect_quic_cs(s, &ctx))
1516 return -1;
1517
1518 if (ctx.is_stream) {
1519 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1520 return -1;
1521 }
1522
1523 qctx_lock(&ctx);
1524
1525 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1526 qctx_unlock(&ctx);
1527 return 1;
1528 }
1529
1530 /* Phase 1: Stream Flushing */
1531 if (!wait_peer && stream_flush) {
1532 qc_shutdown_flush_init(ctx.qc);
1533
1534 if (!qc_shutdown_flush_finished(ctx.qc)) {
1535 if (!no_block && qctx_blocking(&ctx)) {
1536 ret = block_until_pred(&ctx, quic_shutdown_flush_wait, ctx.qc, 0);
1537 if (ret < 1) {
1538 ret = 0;
1539 goto err;
1540 }
1541 } else {
1542 qctx_maybe_autotick(&ctx);
1543 }
1544 }
1545
1546 if (!qc_shutdown_flush_finished(ctx.qc)) {
1547 qctx_unlock(&ctx);
1548 return 0; /* ongoing */
1549 }
1550 }
1551
1552 /* Phase 2: Connection Closure */
1553 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1554 if (!no_block && qctx_blocking(&ctx)) {
1555 ret = block_until_pred(&ctx, quic_shutdown_peer_wait, ctx.qc, 0);
1556 if (ret < 1) {
1557 ret = 0;
1558 goto err;
1559 }
1560 } else {
1561 qctx_maybe_autotick(&ctx);
1562 }
1563
1564 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1565 ret = 0; /* peer hasn't closed yet - still not done */
1566 goto err;
1567 }
1568
1569 /*
1570 * We are at least terminating - go through the normal process of
1571 * waiting until we are in the TERMINATED state.
1572 */
1573 }
1574
1575 /* Block mutation ops regardless of if we did stream flush. */
1576 ctx.qc->shutting_down = 1;
1577
1578 /*
1579 * This call is a no-op if we are already terminating, so it doesn't
1580 * affect the wait_peer case.
1581 */
1582 ossl_quic_channel_local_close(ctx.qc->ch,
1583 args != NULL ? args->quic_error_code : 0,
1584 args != NULL ? args->quic_reason : NULL);
1585
1586 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1587
1588 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1589 qctx_unlock(&ctx);
1590 return 1;
1591 }
1592
1593 /* Phase 3: Terminating Wait Time */
1594 if (!no_block && qctx_blocking(&ctx)
1595 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1596 ret = block_until_pred(&ctx, quic_shutdown_wait, ctx.qc, 0);
1597 if (ret < 1) {
1598 ret = 0;
1599 goto err;
1600 }
1601 } else {
1602 qctx_maybe_autotick(&ctx);
1603 }
1604
1605 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1606 err:
1607 qctx_unlock(&ctx);
1608 return ret;
1609 }
1610
1611 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1612 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1613 {
1614 QCTX ctx;
1615
1616 if (!expect_quic_csl(s, &ctx))
1617 return 0;
1618
1619 switch (cmd) {
1620 case SSL_CTRL_MODE:
1621 if (ctx.is_listener)
1622 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1623
1624 /* If called on a QCSO, update the default mode. */
1625 if (!ctx.is_stream)
1626 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1627
1628 /*
1629 * If we were called on a QSSO or have a default stream, we also update
1630 * that.
1631 */
1632 if (ctx.xso != NULL) {
1633 /* Cannot enable EPW while AON write in progress. */
1634 if (ctx.xso->aon_write_in_progress)
1635 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1636
1637 ctx.xso->ssl_mode |= (uint32_t)larg;
1638 return ctx.xso->ssl_mode;
1639 }
1640
1641 return ctx.qc->default_ssl_mode;
1642 case SSL_CTRL_CLEAR_MODE:
1643 if (ctx.is_listener)
1644 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1645
1646 if (!ctx.is_stream)
1647 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1648
1649 if (ctx.xso != NULL) {
1650 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1651 return ctx.xso->ssl_mode;
1652 }
1653
1654 return ctx.qc->default_ssl_mode;
1655
1656 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1657 if (ctx.is_listener)
1658 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1659
1660 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1661 /* This ctrl also needs to be passed to the internal SSL object */
1662 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1663
1664 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1665 {
1666 int is_infinite;
1667
1668 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1669 return 0;
1670
1671 return !is_infinite;
1672 }
1673 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1674 /* For legacy compatibility with DTLS calls. */
1675 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1676
1677 /* Mask ctrls we shouldn't support for QUIC. */
1678 case SSL_CTRL_GET_READ_AHEAD:
1679 case SSL_CTRL_SET_READ_AHEAD:
1680 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1681 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1682 case SSL_CTRL_SET_MAX_PIPELINES:
1683 return 0;
1684
1685 default:
1686 /*
1687 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1688 * implementation. Either SSL_ctrl will handle it itself by direct
1689 * access into handshake layer state, or failing that, it will be passed
1690 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1691 * supported by anything, the handshake layer's ctrl method will finally
1692 * return 0.
1693 */
1694 if (ctx.is_listener)
1695 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1696
1697 return ossl_ctrl_internal(&ctx.qc->obj.ssl, cmd, larg, parg, /*no_quic=*/1);
1698 }
1699 }
1700
1701 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s,int raiseerrs)1702 int ossl_quic_set_connect_state(SSL *s, int raiseerrs)
1703 {
1704 QCTX ctx;
1705
1706 if (!is_quic_c(s, &ctx, raiseerrs))
1707 return 0;
1708
1709 if (ctx.qc->as_server_state == 0)
1710 return 1;
1711
1712 /* Cannot be changed after handshake started */
1713 if (ctx.qc->started) {
1714 if (raiseerrs)
1715 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1716 return 0;
1717 }
1718
1719 ctx.qc->as_server_state = 0;
1720 return 1;
1721 }
1722
1723 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s,int raiseerrs)1724 int ossl_quic_set_accept_state(SSL *s, int raiseerrs)
1725 {
1726 QCTX ctx;
1727
1728 if (!is_quic_c(s, &ctx, raiseerrs))
1729 return 0;
1730
1731 if (ctx.qc->as_server_state == 1)
1732 return 1;
1733
1734 /* Cannot be changed after handshake started */
1735 if (ctx.qc->started) {
1736 if (raiseerrs)
1737 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1738 return 0;
1739 }
1740
1741 ctx.qc->as_server_state = 1;
1742 return 1;
1743 }
1744
1745 /* SSL_do_handshake */
1746 struct quic_handshake_wait_args {
1747 QUIC_CONNECTION *qc;
1748 };
1749
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1750 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1751 {
1752 int want = SSL_want(qc->tls);
1753
1754 if (want == SSL_X509_LOOKUP
1755 || want == SSL_CLIENT_HELLO_CB
1756 || want == SSL_RETRY_VERIFY)
1757 return 1;
1758
1759 return 0;
1760 }
1761
quic_handshake_wait(void * arg)1762 static int quic_handshake_wait(void *arg)
1763 {
1764 struct quic_handshake_wait_args *args = arg;
1765
1766 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1767 return -1;
1768
1769 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1770 return 1;
1771
1772 if (tls_wants_non_io_retry(args->qc))
1773 return 1;
1774
1775 return 0;
1776 }
1777
configure_channel(QUIC_CONNECTION * qc)1778 static int configure_channel(QUIC_CONNECTION *qc)
1779 {
1780 assert(qc->ch != NULL);
1781
1782 if (!ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1783 return 0;
1784
1785 return 1;
1786 }
1787
need_notifier_for_domain_flags(uint64_t domain_flags)1788 static int need_notifier_for_domain_flags(uint64_t domain_flags)
1789 {
1790 return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0
1791 || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0
1792 && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0);
1793 }
1794
1795 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc,SSL_CTX * ctx)1796 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx)
1797 {
1798 QUIC_ENGINE_ARGS engine_args = {0};
1799 QUIC_PORT_ARGS port_args = {0};
1800
1801 engine_args.libctx = ctx->libctx;
1802 engine_args.propq = ctx->propq;
1803 #if defined(OPENSSL_THREADS)
1804 engine_args.mutex = qc->mutex;
1805 #endif
1806
1807 if (need_notifier_for_domain_flags(ctx->domain_flags))
1808 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
1809
1810 qc->engine = ossl_quic_engine_new(&engine_args);
1811 if (qc->engine == NULL) {
1812 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1813 return 0;
1814 }
1815
1816 port_args.channel_ctx = ctx;
1817 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1818 if (qc->port == NULL) {
1819 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1820 ossl_quic_engine_free(qc->engine);
1821 return 0;
1822 }
1823
1824 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1825 if (qc->ch == NULL) {
1826 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1827 ossl_quic_port_free(qc->port);
1828 ossl_quic_engine_free(qc->engine);
1829 return 0;
1830 }
1831
1832 return 1;
1833 }
1834
1835 /*
1836 * Configures a channel with the information we have accumulated via calls made
1837 * to us from the application prior to starting a handshake attempt.
1838 */
1839 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1840 static int ensure_channel_started(QCTX *ctx)
1841 {
1842 QUIC_CONNECTION *qc = ctx->qc;
1843
1844 if (!qc->started) {
1845 if (!configure_channel(qc)) {
1846 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1847 "failed to configure channel");
1848 return 0;
1849 }
1850
1851 if (!ossl_quic_channel_start(qc->ch)) {
1852 ossl_quic_channel_restore_err_state(qc->ch);
1853 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1854 "failed to start channel");
1855 return 0;
1856 }
1857
1858 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1859 if (qc->is_thread_assisted)
1860 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) {
1861 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1862 "failed to start assist thread");
1863 return 0;
1864 }
1865 #endif
1866 }
1867
1868 qc->started = 1;
1869 return 1;
1870 }
1871
1872 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1873 static int quic_do_handshake(QCTX *ctx)
1874 {
1875 int ret;
1876 QUIC_CONNECTION *qc = ctx->qc;
1877 QUIC_PORT *port;
1878 BIO *net_rbio, *net_wbio;
1879
1880 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1881 /* Handshake already completed. */
1882 return 1;
1883
1884 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1885 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1886
1887 if (qc->as_server != qc->as_server_state) {
1888 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1889 return -1; /* Non-protocol error */
1890 }
1891
1892 port = ossl_quic_obj_get0_port(ctx->obj);
1893 net_rbio = ossl_quic_port_get_net_rbio(port);
1894 net_wbio = ossl_quic_port_get_net_wbio(port);
1895 if (net_rbio == NULL || net_wbio == NULL) {
1896 /* Need read and write BIOs. */
1897 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1898 return -1; /* Non-protocol error */
1899 }
1900
1901 if (!qc->started && ossl_quic_port_is_addressed_w(port)
1902 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1903 /*
1904 * We are trying to connect and are using addressed mode, which means we
1905 * need an initial peer address; if we do not have a peer address yet,
1906 * we should try to autodetect one.
1907 *
1908 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1909 * may not be able to provide us with a peer address until they have
1910 * finished their own processing. They may not be able to perform this
1911 * processing until an application has finished configuring that BIO
1912 * (e.g. with setter calls), which might happen after SSL_set_bio is
1913 * called.
1914 */
1915 if (!csm_analyse_init_peer_addr(net_wbio, &qc->init_peer_addr))
1916 /* best effort */
1917 BIO_ADDR_clear(&qc->init_peer_addr);
1918 else
1919 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1920 }
1921
1922 if (!qc->started
1923 && ossl_quic_port_is_addressed_w(port)
1924 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1925 /*
1926 * If we still don't have a peer address in addressed mode, we can't do
1927 * anything.
1928 */
1929 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1930 return -1; /* Non-protocol error */
1931 }
1932
1933 /*
1934 * Start connection process. Note we may come here multiple times in
1935 * non-blocking mode, which is fine.
1936 */
1937 if (!ensure_channel_started(ctx)) /* raises on failure */
1938 return -1; /* Non-protocol error */
1939
1940 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1941 /* The handshake is now done. */
1942 return 1;
1943
1944 if (!qctx_blocking(ctx)) {
1945 /* Try to advance the reactor. */
1946 qctx_maybe_autotick(ctx);
1947
1948 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1949 /* The handshake is now done. */
1950 return 1;
1951
1952 if (ossl_quic_channel_is_term_any(qc->ch)) {
1953 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1954 return 0;
1955 } else if (ossl_quic_obj_desires_blocking(&qc->obj)) {
1956 /*
1957 * As a special case when doing a handshake when blocking mode is
1958 * desired yet not available, see if the network BIOs have become
1959 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1960 * which do late creation of socket FDs and therefore cannot expose
1961 * a poll descriptor until after a network BIO is set on the QCSO.
1962 */
1963 ossl_quic_engine_update_poll_descriptors(qc->obj.engine, /*force=*/1);
1964 }
1965 }
1966
1967 /*
1968 * We are either in blocking mode or just entered it due to the code above.
1969 */
1970 if (qctx_blocking(ctx)) {
1971 /* In blocking mode, wait for the handshake to complete. */
1972 struct quic_handshake_wait_args args;
1973
1974 args.qc = qc;
1975
1976 ret = block_until_pred(ctx, quic_handshake_wait, &args, 0);
1977 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1978 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1979 return 0; /* Shutdown before completion */
1980 } else if (ret <= 0) {
1981 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1982 return -1; /* Non-protocol error */
1983 }
1984
1985 if (tls_wants_non_io_retry(qc)) {
1986 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1987 return -1;
1988 }
1989
1990 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1991 return 1;
1992 }
1993
1994 if (tls_wants_non_io_retry(qc)) {
1995 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1996 return -1;
1997 }
1998
1999 /*
2000 * Otherwise, indicate that the handshake isn't done yet.
2001 * We can only get here in non-blocking mode.
2002 */
2003 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2004 return -1; /* Non-protocol error */
2005 }
2006
2007 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)2008 int ossl_quic_do_handshake(SSL *s)
2009 {
2010 int ret;
2011 QCTX ctx;
2012
2013 if (!expect_quic_cs(s, &ctx))
2014 return 0;
2015
2016 qctx_lock_for_io(&ctx);
2017
2018 ret = quic_do_handshake(&ctx);
2019 qctx_unlock(&ctx);
2020 return ret;
2021 }
2022
2023 /* SSL_connect */
ossl_quic_connect(SSL * s)2024 int ossl_quic_connect(SSL *s)
2025 {
2026 /* Ensure we are in connect state (no-op if non-idle). */
2027 if (!ossl_quic_set_connect_state(s, 1))
2028 return -1;
2029
2030 /* Begin or continue the handshake */
2031 return ossl_quic_do_handshake(s);
2032 }
2033
2034 /* SSL_accept */
ossl_quic_accept(SSL * s)2035 int ossl_quic_accept(SSL *s)
2036 {
2037 /* Ensure we are in accept state (no-op if non-idle). */
2038 if (!ossl_quic_set_accept_state(s, 1))
2039 return -1;
2040
2041 /* Begin or continue the handshake */
2042 return ossl_quic_do_handshake(s);
2043 }
2044
2045 /*
2046 * QUIC Front-End I/O API: Stream Lifecycle Operations
2047 * ===================================================
2048 *
2049 * SSL_stream_new => ossl_quic_conn_stream_new
2050 *
2051 */
2052
2053 /*
2054 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
2055 * default XSO was created. Returns 0 if it was not (e.g. because it already
2056 * exists). Note that this is NOT an error condition.
2057 */
2058 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)2059 static int qc_try_create_default_xso_for_write(QCTX *ctx)
2060 {
2061 uint64_t flags = 0;
2062 QUIC_CONNECTION *qc = ctx->qc;
2063
2064 if (qc->default_xso_created
2065 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2066 /*
2067 * We only do this once. If the user detaches a previously created
2068 * default XSO we don't auto-create another one.
2069 */
2070 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2071
2072 /* Create a locally-initiated stream. */
2073 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2074 flags |= SSL_STREAM_FLAG_UNI;
2075
2076 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
2077 /*needs_lock=*/0),
2078 /*touch=*/0);
2079 if (qc->default_xso == NULL)
2080 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2081
2082 qc_touch_default_xso(qc);
2083 return 1;
2084 }
2085
2086 struct quic_wait_for_stream_args {
2087 QUIC_CONNECTION *qc;
2088 QUIC_STREAM *qs;
2089 QCTX *ctx;
2090 uint64_t expect_id;
2091 };
2092
2093 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)2094 static int quic_wait_for_stream(void *arg)
2095 {
2096 struct quic_wait_for_stream_args *args = arg;
2097
2098 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
2099 /* If connection is torn down due to an error while blocking, stop. */
2100 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2101 return -1;
2102 }
2103
2104 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2105 args->expect_id | QUIC_STREAM_DIR_BIDI);
2106 if (args->qs == NULL)
2107 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2108 args->expect_id | QUIC_STREAM_DIR_UNI);
2109
2110 if (args->qs != NULL)
2111 return 1; /* stream now exists */
2112
2113 return 0; /* did not get a stream, keep trying */
2114 }
2115
2116 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)2117 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
2118 {
2119 /* Called on a QCSO and we don't currently have a default stream. */
2120 uint64_t expect_id;
2121 QUIC_CONNECTION *qc = ctx->qc;
2122 QUIC_STREAM *qs;
2123 int res;
2124 struct quic_wait_for_stream_args wargs;
2125 OSSL_RTT_INFO rtt_info;
2126
2127 /*
2128 * If default stream functionality is disabled or we already detached
2129 * one, don't make another default stream and just fail.
2130 */
2131 if (qc->default_xso_created
2132 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2133 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2134
2135 /*
2136 * The peer may have opened a stream since we last ticked. So tick and
2137 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
2138 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
2139 * first stream created by a peer must have an ordinal of 0.
2140 */
2141 expect_id = qc->as_server
2142 ? QUIC_STREAM_INITIATOR_CLIENT
2143 : QUIC_STREAM_INITIATOR_SERVER;
2144
2145 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2146 expect_id | QUIC_STREAM_DIR_BIDI);
2147 if (qs == NULL)
2148 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2149 expect_id | QUIC_STREAM_DIR_UNI);
2150
2151 if (qs == NULL) {
2152 qctx_maybe_autotick(ctx);
2153
2154 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2155 expect_id);
2156 }
2157
2158 if (qs == NULL) {
2159 if (peek)
2160 return 0;
2161
2162 if (ossl_quic_channel_is_term_any(qc->ch)) {
2163 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2164 } else if (!qctx_blocking(ctx)) {
2165 /* Non-blocking mode, so just bail immediately. */
2166 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2167 }
2168
2169 /* Block until we have a stream. */
2170 wargs.qc = qc;
2171 wargs.qs = NULL;
2172 wargs.ctx = ctx;
2173 wargs.expect_id = expect_id;
2174
2175 res = block_until_pred(ctx, quic_wait_for_stream, &wargs, 0);
2176 if (res == 0)
2177 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2178 else if (res < 0 || wargs.qs == NULL)
2179 /* quic_wait_for_stream raised error here */
2180 return 0;
2181
2182 qs = wargs.qs;
2183 }
2184
2185 /*
2186 * We now have qs != NULL. Remove it from the incoming stream queue so that
2187 * it isn't also returned by any future SSL_accept_stream calls.
2188 */
2189 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2190 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
2191 qs, rtt_info.smoothed_rtt);
2192
2193 /*
2194 * Now make qs the default stream, creating the necessary XSO.
2195 */
2196 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
2197 if (qc->default_xso == NULL)
2198 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2199
2200 qc_touch_default_xso(qc); /* inhibits default XSO */
2201 return 1;
2202 }
2203
2204 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)2205 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
2206 {
2207 QUIC_XSO *xso = NULL;
2208
2209 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
2210 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
2211 goto err;
2212 }
2213
2214 if (!ossl_quic_obj_init(&xso->obj, qc->obj.ssl.ctx, SSL_TYPE_QUIC_XSO,
2215 &qc->obj.ssl, NULL, NULL)) {
2216 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
2217 goto err;
2218 }
2219
2220 /* XSO refs QC */
2221 if (!SSL_up_ref(&qc->obj.ssl)) {
2222 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
2223 goto err;
2224 }
2225
2226 xso->conn = qc;
2227 xso->ssl_mode = qc->default_ssl_mode;
2228 xso->ssl_options
2229 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
2230 xso->last_error = SSL_ERROR_NONE;
2231
2232 xso->stream = qs;
2233
2234 ++qc->num_xso;
2235 xso_update_options(xso);
2236 return xso;
2237
2238 err:
2239 OPENSSL_free(xso);
2240 return NULL;
2241 }
2242
2243 struct quic_new_stream_wait_args {
2244 QUIC_CONNECTION *qc;
2245 int is_uni;
2246 };
2247
quic_new_stream_wait(void * arg)2248 static int quic_new_stream_wait(void *arg)
2249 {
2250 struct quic_new_stream_wait_args *args = arg;
2251 QUIC_CONNECTION *qc = args->qc;
2252
2253 if (!quic_mutation_allowed(qc, /*req_active=*/1))
2254 return -1;
2255
2256 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
2257 return 1;
2258
2259 return 0;
2260 }
2261
2262 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)2263 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
2264 {
2265 int ret;
2266 QUIC_CONNECTION *qc = ctx->qc;
2267 QUIC_XSO *xso = NULL;
2268 QUIC_STREAM *qs = NULL;
2269 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2270 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2271 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2272
2273 if (need_lock)
2274 qctx_lock(ctx);
2275
2276 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2278 goto err;
2279 }
2280
2281 if (!advance
2282 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2283 struct quic_new_stream_wait_args args;
2284
2285 /*
2286 * Stream count flow control currently doesn't permit this stream to be
2287 * opened.
2288 */
2289 if (no_blocking || !qctx_blocking(ctx)) {
2290 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2291 goto err;
2292 }
2293
2294 args.qc = qc;
2295 args.is_uni = is_uni;
2296
2297 /* Blocking mode - wait until we can get a stream. */
2298 ret = block_until_pred(ctx, quic_new_stream_wait, &args, 0);
2299 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2300 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2301 goto err; /* Shutdown before completion */
2302 } else if (ret <= 0) {
2303 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2304 goto err; /* Non-protocol error */
2305 }
2306 }
2307
2308 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2309 if (qs == NULL) {
2310 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2311 goto err;
2312 }
2313
2314 xso = create_xso_from_stream(qc, qs);
2315 if (xso == NULL)
2316 goto err;
2317
2318 qc_touch_default_xso(qc); /* inhibits default XSO */
2319 if (need_lock)
2320 qctx_unlock(ctx);
2321
2322 return &xso->obj.ssl;
2323
2324 err:
2325 OPENSSL_free(xso);
2326 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2327 if (need_lock)
2328 qctx_unlock(ctx);
2329
2330 return NULL;
2331
2332 }
2333
2334 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2335 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2336 {
2337 QCTX ctx;
2338
2339 if (!expect_quic_conn_only(s, &ctx))
2340 return NULL;
2341
2342 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2343 }
2344
2345 /*
2346 * QUIC Front-End I/O API: Steady-State Operations
2347 * ===============================================
2348 *
2349 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2350 * is, the functions used during the established phase of a QUIC connection
2351 * (e.g. SSL_read, SSL_write).
2352 *
2353 * Each function must handle both blocking and non-blocking modes. As discussed
2354 * above, all QUIC I/O is implemented using non-blocking mode internally.
2355 *
2356 * SSL_get_error => partially implemented by ossl_quic_get_error
2357 * SSL_want => ossl_quic_want
2358 * (BIO/)SSL_read => ossl_quic_read
2359 * (BIO/)SSL_write => ossl_quic_write
2360 * SSL_pending => ossl_quic_pending
2361 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2362 * SSL_key_update => ossl_quic_key_update
2363 */
2364
2365 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2366 int ossl_quic_get_error(const SSL *s, int i)
2367 {
2368 QCTX ctx;
2369 int net_error, last_error;
2370
2371 /* SSL_get_errors() should not raise new errors */
2372 if (!is_quic_cs(s, &ctx, 0 /* suppress errors */))
2373 return SSL_ERROR_SSL;
2374
2375 qctx_lock(&ctx);
2376 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2377 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2378 qctx_unlock(&ctx);
2379
2380 if (net_error)
2381 return SSL_ERROR_SYSCALL;
2382
2383 return last_error;
2384 }
2385
2386 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2387 static int error_to_want(int error)
2388 {
2389 switch (error) {
2390 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2391 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2392 case SSL_ERROR_ZERO_RETURN:
2393 default:
2394 return SSL_NOTHING;
2395
2396 case SSL_ERROR_WANT_READ:
2397 return SSL_READING;
2398
2399 case SSL_ERROR_WANT_WRITE:
2400 return SSL_WRITING;
2401
2402 case SSL_ERROR_WANT_RETRY_VERIFY:
2403 return SSL_RETRY_VERIFY;
2404
2405 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2406 return SSL_CLIENT_HELLO_CB;
2407
2408 case SSL_ERROR_WANT_X509_LOOKUP:
2409 return SSL_X509_LOOKUP;
2410 }
2411 }
2412
2413 /* SSL_want */
ossl_quic_want(const SSL * s)2414 int ossl_quic_want(const SSL *s)
2415 {
2416 QCTX ctx;
2417 int w;
2418
2419 if (!expect_quic_cs(s, &ctx))
2420 return SSL_NOTHING;
2421
2422 qctx_lock(&ctx);
2423
2424 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2425
2426 qctx_unlock(&ctx);
2427 return w;
2428 }
2429
2430 /*
2431 * SSL_write
2432 * ---------
2433 *
2434 * The set of functions below provide the implementation of the public SSL_write
2435 * function. We must handle:
2436 *
2437 * - both blocking and non-blocking operation at the application level,
2438 * depending on how we are configured;
2439 *
2440 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2441 *
2442 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2443 *
2444 */
2445 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2446 static void quic_post_write(QUIC_XSO *xso, int did_append,
2447 int did_append_all, uint64_t flags,
2448 int do_tick)
2449 {
2450 /*
2451 * We have appended at least one byte to the stream.
2452 * Potentially mark stream as active, depending on FC.
2453 */
2454 if (did_append)
2455 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2456 xso->stream);
2457
2458 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2459 ossl_quic_sstream_fin(xso->stream->sstream);
2460
2461 /*
2462 * Try and send.
2463 *
2464 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2465 * immediately, plus we should eventually consider Nagle's algorithm.
2466 */
2467 if (do_tick)
2468 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2469 }
2470
2471 struct quic_write_again_args {
2472 QUIC_XSO *xso;
2473 const unsigned char *buf;
2474 size_t len;
2475 size_t total_written;
2476 int err;
2477 uint64_t flags;
2478 };
2479
2480 /*
2481 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2482 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2483 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2484 */
2485 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2486
2487 /*
2488 * Ensure spare buffer space available (up until a limit, at least).
2489 */
2490 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2491 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2492 {
2493 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2494 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2495 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2496 size_t new_sz, growth;
2497
2498 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2499 return 1;
2500
2501 growth = spare_ - avail;
2502 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2503 new_sz = MAX_WRITE_BUF_SIZE;
2504 else
2505 new_sz = cur_sz + growth;
2506
2507 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2508 }
2509
2510 /*
2511 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2512 * as needed according to flow control.
2513 */
2514 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2515 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2516 size_t len, size_t *actual_written)
2517 {
2518 QUIC_SSTREAM *sstream = xso->stream->sstream;
2519 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2520 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2521 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2522
2523 if (len > permitted)
2524 len = (size_t)permitted;
2525
2526 if (!sstream_ensure_spare(sstream, len))
2527 return 0;
2528
2529 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2530 }
2531
2532 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2533 static int quic_write_again(void *arg)
2534 {
2535 struct quic_write_again_args *args = arg;
2536 size_t actual_written = 0;
2537
2538 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2539 /* If connection is torn down due to an error while blocking, stop. */
2540 return -2;
2541
2542 if (!quic_validate_for_write(args->xso, &args->err))
2543 /*
2544 * Stream may have become invalid for write due to connection events
2545 * while we blocked.
2546 */
2547 return -2;
2548
2549 args->err = ERR_R_INTERNAL_ERROR;
2550 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2551 return -2;
2552
2553 quic_post_write(args->xso, actual_written > 0,
2554 args->len == actual_written, args->flags, 0);
2555
2556 args->buf += actual_written;
2557 args->len -= actual_written;
2558 args->total_written += actual_written;
2559
2560 if (args->len == 0)
2561 /* Written everything, done. */
2562 return 1;
2563
2564 /* Not written everything yet, keep trying. */
2565 return 0;
2566 }
2567
2568 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2569 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2570 uint64_t flags, size_t *written)
2571 {
2572 int res;
2573 QUIC_XSO *xso = ctx->xso;
2574 struct quic_write_again_args args;
2575 size_t actual_written = 0;
2576
2577 /* First make a best effort to append as much of the data as possible. */
2578 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2579 /* Stream already finished or allocation error. */
2580 *written = 0;
2581 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2582 }
2583
2584 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2585
2586 /*
2587 * Record however much data we wrote
2588 */
2589 *written = actual_written;
2590
2591 if (actual_written == len) {
2592 /* Managed to append everything on the first try. */
2593 return 1;
2594 }
2595
2596 /*
2597 * We did not manage to append all of the data immediately, so the stream
2598 * buffer has probably filled up. This means we need to block until some of
2599 * it is freed up.
2600 */
2601 args.xso = xso;
2602 args.buf = (const unsigned char *)buf + actual_written;
2603 args.len = len - actual_written;
2604 args.total_written = 0;
2605 args.err = ERR_R_INTERNAL_ERROR;
2606 args.flags = flags;
2607
2608 res = block_until_pred(ctx, quic_write_again, &args, 0);
2609 if (res <= 0) {
2610 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2611 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2612 else
2613 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2614 }
2615
2616 /*
2617 * When waiting on extra buffer space to be available, args.total_written
2618 * holds the amount of remaining data we requested to write, which will be
2619 * something less than the len parameter passed in, however much we wrote
2620 * here, add it to the value that we wrote when we initially called
2621 * xso_sstream_append
2622 */
2623 *written += args.total_written;
2624 return 1;
2625 }
2626
2627 /*
2628 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2629 * write semantics.
2630 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2631 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2632 size_t buf_len, size_t already_sent)
2633 {
2634 assert(!xso->aon_write_in_progress);
2635
2636 xso->aon_write_in_progress = 1;
2637 xso->aon_buf_base = buf;
2638 xso->aon_buf_pos = already_sent;
2639 xso->aon_buf_len = buf_len;
2640 }
2641
aon_write_finish(QUIC_XSO * xso)2642 static void aon_write_finish(QUIC_XSO *xso)
2643 {
2644 xso->aon_write_in_progress = 0;
2645 xso->aon_buf_base = NULL;
2646 xso->aon_buf_pos = 0;
2647 xso->aon_buf_len = 0;
2648 }
2649
2650 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2651 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2652 size_t len, uint64_t flags,
2653 size_t *written)
2654 {
2655 QUIC_XSO *xso = ctx->xso;
2656 const void *actual_buf;
2657 size_t actual_len, actual_written = 0;
2658 int accept_moving_buffer
2659 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2660
2661 if (xso->aon_write_in_progress) {
2662 /*
2663 * We are in the middle of an AON write (i.e., a previous write did not
2664 * manage to append all data to the SSTREAM and we have Enable Partial
2665 * Write (EPW) mode disabled.)
2666 */
2667 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2668 || len != xso->aon_buf_len)
2669 /*
2670 * Pointer must not have changed if we are not in accept moving
2671 * buffer mode. Length must never change.
2672 */
2673 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2674
2675 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2676 actual_len = len - xso->aon_buf_pos;
2677 assert(actual_len > 0);
2678 } else {
2679 actual_buf = buf;
2680 actual_len = len;
2681 }
2682
2683 /* First make a best effort to append as much of the data as possible. */
2684 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2685 /* Stream already finished or allocation error. */
2686 *written = 0;
2687 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2688 }
2689
2690 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2691 flags, qctx_should_autotick(ctx));
2692
2693 if (actual_written == actual_len) {
2694 /* We have sent everything. */
2695 if (xso->aon_write_in_progress) {
2696 /*
2697 * We have sent everything, and we were in the middle of an AON
2698 * write. The output write length is the total length of the AON
2699 * buffer, not however many bytes we managed to write to the stream
2700 * in this call.
2701 */
2702 *written = xso->aon_buf_len;
2703 aon_write_finish(xso);
2704 } else {
2705 *written = actual_written;
2706 }
2707
2708 return 1;
2709 }
2710
2711 if (xso->aon_write_in_progress) {
2712 /*
2713 * AON write is in progress but we have not written everything yet. We
2714 * may have managed to send zero bytes, or some number of bytes less
2715 * than the total remaining which need to be appended during this
2716 * AON operation.
2717 */
2718 xso->aon_buf_pos += actual_written;
2719 assert(xso->aon_buf_pos < xso->aon_buf_len);
2720 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2721 }
2722
2723 /*
2724 * Not in an existing AON operation but partial write is not enabled, so we
2725 * need to begin a new AON operation. However we needn't bother if we didn't
2726 * actually append anything.
2727 */
2728 if (actual_written > 0)
2729 aon_write_begin(xso, buf, len, actual_written);
2730
2731 /*
2732 * AON - We do not publicly admit to having appended anything until AON
2733 * completes.
2734 */
2735 *written = 0;
2736 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2737 }
2738
2739 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2740 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2741 uint64_t flags, size_t *written)
2742 {
2743 QUIC_XSO *xso = ctx->xso;
2744
2745 /* Simple best effort operation. */
2746 if (!xso_sstream_append(xso, buf, len, written)) {
2747 /* Stream already finished or allocation error. */
2748 *written = 0;
2749 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2750 }
2751
2752 quic_post_write(xso, *written > 0, *written == len, flags,
2753 qctx_should_autotick(ctx));
2754
2755 if (*written == 0)
2756 /* SSL_write_ex returns 0 if it didn't write anything. */
2757 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2758
2759 return 1;
2760 }
2761
2762 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2763 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2764 {
2765 QUIC_STREAM_MAP *qsm;
2766
2767 if (xso == NULL || xso->stream == NULL) {
2768 *err = ERR_R_INTERNAL_ERROR;
2769 return 0;
2770 }
2771
2772 switch (xso->stream->send_state) {
2773 default:
2774 case QUIC_SSTREAM_STATE_NONE:
2775 *err = SSL_R_STREAM_RECV_ONLY;
2776 return 0;
2777
2778 case QUIC_SSTREAM_STATE_READY:
2779 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2780
2781 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2782 *err = ERR_R_INTERNAL_ERROR;
2783 return 0;
2784 }
2785
2786 /* FALLTHROUGH */
2787 case QUIC_SSTREAM_STATE_SEND:
2788 case QUIC_SSTREAM_STATE_DATA_SENT:
2789 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2790 *err = SSL_R_STREAM_FINISHED;
2791 return 0;
2792 }
2793 return 1;
2794
2795 case QUIC_SSTREAM_STATE_DATA_RECVD:
2796 *err = SSL_R_STREAM_FINISHED;
2797 return 0;
2798
2799 case QUIC_SSTREAM_STATE_RESET_SENT:
2800 case QUIC_SSTREAM_STATE_RESET_RECVD:
2801 *err = SSL_R_STREAM_RESET;
2802 return 0;
2803 }
2804 }
2805
2806 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2807 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2808 uint64_t flags, size_t *written)
2809 {
2810 int ret;
2811 QCTX ctx;
2812 int partial_write, err;
2813
2814 *written = 0;
2815
2816 if (len == 0) {
2817 /* Do not autocreate default XSO for zero-length writes. */
2818 if (!expect_quic_cs(s, &ctx))
2819 return 0;
2820
2821 qctx_lock_for_io(&ctx);
2822 } else {
2823 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2824 return 0;
2825 }
2826
2827 partial_write = ((ctx.xso != NULL)
2828 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0);
2829
2830 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2831 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2832 goto out;
2833 }
2834
2835 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2836 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2837 goto out;
2838 }
2839
2840 /*
2841 * If we haven't finished the handshake, try to advance it.
2842 * We don't accept writes until the handshake is completed.
2843 */
2844 if (quic_do_handshake(&ctx) < 1) {
2845 ret = 0;
2846 goto out;
2847 }
2848
2849 /* Ensure correct stream state, stream send part not concluded, etc. */
2850 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2851 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2852 goto out;
2853 }
2854
2855 if (len == 0) {
2856 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2857 quic_post_write(ctx.xso, 0, 1, flags,
2858 qctx_should_autotick(&ctx));
2859
2860 ret = 1;
2861 goto out;
2862 }
2863
2864 if (qctx_blocking(&ctx))
2865 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2866 else if (partial_write)
2867 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2868 else
2869 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2870
2871 out:
2872 qctx_unlock(&ctx);
2873 return ret;
2874 }
2875
2876 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2877 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2878 {
2879 return ossl_quic_write_flags(s, buf, len, 0, written);
2880 }
2881
2882 /*
2883 * SSL_read
2884 * --------
2885 */
2886 struct quic_read_again_args {
2887 QCTX *ctx;
2888 QUIC_STREAM *stream;
2889 void *buf;
2890 size_t len;
2891 size_t *bytes_read;
2892 int peek;
2893 };
2894
2895 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2896 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2897 {
2898 QUIC_STREAM_MAP *qsm;
2899
2900 *eos = 0;
2901
2902 if (xso == NULL || xso->stream == NULL) {
2903 *err = ERR_R_INTERNAL_ERROR;
2904 return 0;
2905 }
2906
2907 switch (xso->stream->recv_state) {
2908 default:
2909 case QUIC_RSTREAM_STATE_NONE:
2910 *err = SSL_R_STREAM_SEND_ONLY;
2911 return 0;
2912
2913 case QUIC_RSTREAM_STATE_RECV:
2914 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2915 case QUIC_RSTREAM_STATE_DATA_RECVD:
2916 return 1;
2917
2918 case QUIC_RSTREAM_STATE_DATA_READ:
2919 *eos = 1;
2920 return 0;
2921
2922 case QUIC_RSTREAM_STATE_RESET_RECVD:
2923 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2924 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2925
2926 /* FALLTHROUGH */
2927 case QUIC_RSTREAM_STATE_RESET_READ:
2928 *err = SSL_R_STREAM_RESET;
2929 return 0;
2930 }
2931 }
2932
2933 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2934 static int quic_read_actual(QCTX *ctx,
2935 QUIC_STREAM *stream,
2936 void *buf, size_t buf_len,
2937 size_t *bytes_read,
2938 int peek)
2939 {
2940 int is_fin = 0, err, eos;
2941 QUIC_CONNECTION *qc = ctx->qc;
2942
2943 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2944 if (eos) {
2945 ctx->xso->retired_fin = 1;
2946 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2947 } else {
2948 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2949 }
2950 }
2951
2952 if (peek) {
2953 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2954 bytes_read, &is_fin))
2955 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2956
2957 } else {
2958 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2959 bytes_read, &is_fin))
2960 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2961 }
2962
2963 if (!peek) {
2964 if (*bytes_read > 0) {
2965 /*
2966 * We have read at least one byte from the stream. Inform stream-level
2967 * RXFC of the retirement of controlled bytes. Update the active stream
2968 * status (the RXFC may now want to emit a frame granting more credit to
2969 * the peer).
2970 */
2971 OSSL_RTT_INFO rtt_info;
2972
2973 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2974
2975 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2976 rtt_info.smoothed_rtt))
2977 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2978 }
2979
2980 if (is_fin && !peek) {
2981 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2982
2983 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2984 }
2985
2986 if (*bytes_read > 0)
2987 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2988 stream);
2989 }
2990
2991 if (*bytes_read == 0 && is_fin) {
2992 ctx->xso->retired_fin = 1;
2993 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2994 }
2995
2996 return 1;
2997 }
2998
2999 QUIC_NEEDS_LOCK
quic_read_again(void * arg)3000 static int quic_read_again(void *arg)
3001 {
3002 struct quic_read_again_args *args = arg;
3003
3004 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
3005 /* If connection is torn down due to an error while blocking, stop. */
3006 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3007 return -1;
3008 }
3009
3010 if (!quic_read_actual(args->ctx, args->stream,
3011 args->buf, args->len, args->bytes_read,
3012 args->peek))
3013 return -1;
3014
3015 if (*args->bytes_read > 0)
3016 /* got at least one byte, the SSL_read op can finish now */
3017 return 1;
3018
3019 return 0; /* did not read anything, keep trying */
3020 }
3021
3022 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)3023 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
3024 {
3025 int ret, res;
3026 QCTX ctx;
3027 struct quic_read_again_args args;
3028
3029 *bytes_read = 0;
3030
3031 if (!expect_quic_cs(s, &ctx))
3032 return 0;
3033
3034 qctx_lock_for_io(&ctx);
3035
3036 /* If we haven't finished the handshake, try to advance it. */
3037 if (quic_do_handshake(&ctx) < 1) {
3038 ret = 0; /* ossl_quic_do_handshake raised error here */
3039 goto out;
3040 }
3041
3042 if (ctx.xso == NULL) {
3043 /*
3044 * Called on a QCSO and we don't currently have a default stream.
3045 *
3046 * Wait until we get a stream initiated by the peer (blocking mode) or
3047 * fail if we don't have one yet (non-blocking mode).
3048 */
3049 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
3050 ret = 0; /* error already raised here */
3051 goto out;
3052 }
3053
3054 ctx.xso = ctx.qc->default_xso;
3055 }
3056
3057 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3058 ret = 0; /* quic_read_actual raised error here */
3059 goto out;
3060 }
3061
3062 if (*bytes_read > 0) {
3063 /*
3064 * Even though we succeeded, tick the reactor here to ensure we are
3065 * handling other aspects of the QUIC connection.
3066 */
3067 if (quic_mutation_allowed(ctx.qc, /*req_active=*/0))
3068 qctx_maybe_autotick(&ctx);
3069
3070 ret = 1;
3071 } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
3072 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3073 goto out;
3074 } else if (qctx_blocking(&ctx)) {
3075 /*
3076 * We were not able to read anything immediately, so our stream
3077 * buffer is empty. This means we need to block until we get
3078 * at least one byte.
3079 */
3080 args.ctx = &ctx;
3081 args.stream = ctx.xso->stream;
3082 args.buf = buf;
3083 args.len = len;
3084 args.bytes_read = bytes_read;
3085 args.peek = peek;
3086
3087 res = block_until_pred(&ctx, quic_read_again, &args, 0);
3088 if (res == 0) {
3089 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3090 goto out;
3091 } else if (res < 0) {
3092 ret = 0; /* quic_read_again raised error here */
3093 goto out;
3094 }
3095
3096 ret = 1;
3097 } else {
3098 /*
3099 * We did not get any bytes and are not in blocking mode.
3100 * Tick to see if this delivers any more.
3101 */
3102 qctx_maybe_autotick(&ctx);
3103
3104 /* Try the read again. */
3105 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3106 ret = 0; /* quic_read_actual raised error here */
3107 goto out;
3108 }
3109
3110 if (*bytes_read > 0)
3111 ret = 1; /* Succeeded this time. */
3112 else
3113 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
3114 }
3115
3116 out:
3117 qctx_unlock(&ctx);
3118 return ret;
3119 }
3120
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)3121 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
3122 {
3123 return quic_read(s, buf, len, bytes_read, 0);
3124 }
3125
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)3126 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
3127 {
3128 return quic_read(s, buf, len, bytes_read, 1);
3129 }
3130
3131 /*
3132 * SSL_pending
3133 * -----------
3134 */
3135
3136 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)3137 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
3138 {
3139 QCTX ctx;
3140 size_t avail = 0;
3141
3142 if (!expect_quic_cs(s, &ctx))
3143 return 0;
3144
3145 qctx_lock(&ctx);
3146
3147 if (!ctx.qc->started)
3148 goto out;
3149
3150 if (ctx.xso == NULL) {
3151 /* No XSO yet, but there might be a default XSO eligible to be created. */
3152 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
3153 ctx.xso = ctx.qc->default_xso;
3154 } else {
3155 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
3156 goto out;
3157 }
3158 }
3159
3160 if (ctx.xso->stream == NULL) {
3161 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3162 goto out;
3163 }
3164
3165 if (check_channel)
3166 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3167 /*include_fin=*/1)
3168 || ossl_quic_channel_has_pending(ctx.qc->ch)
3169 || ossl_quic_channel_is_term_any(ctx.qc->ch);
3170 else
3171 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3172 /*include_fin=*/0);
3173
3174 out:
3175 qctx_unlock(&ctx);
3176 return avail;
3177 }
3178
ossl_quic_pending(const SSL * s)3179 size_t ossl_quic_pending(const SSL *s)
3180 {
3181 return ossl_quic_pending_int(s, /*check_channel=*/0);
3182 }
3183
ossl_quic_has_pending(const SSL * s)3184 int ossl_quic_has_pending(const SSL *s)
3185 {
3186 /* Do we have app-side pending data or pending URXEs or RXEs? */
3187 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
3188 }
3189
3190 /*
3191 * SSL_stream_conclude
3192 * -------------------
3193 */
3194 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)3195 int ossl_quic_conn_stream_conclude(SSL *s)
3196 {
3197 QCTX ctx;
3198 QUIC_STREAM *qs;
3199 int err;
3200
3201 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
3202 return 0;
3203
3204 qs = ctx.xso->stream;
3205
3206 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
3207 qctx_unlock(&ctx);
3208 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3209 }
3210
3211 if (!quic_validate_for_write(ctx.xso, &err)) {
3212 qctx_unlock(&ctx);
3213 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3214 }
3215
3216 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
3217 qctx_unlock(&ctx);
3218 return 1;
3219 }
3220
3221 ossl_quic_sstream_fin(qs->sstream);
3222 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
3223 qctx_unlock(&ctx);
3224 return 1;
3225 }
3226
3227 /*
3228 * SSL_inject_net_dgram
3229 * --------------------
3230 */
3231 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)3232 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
3233 size_t buf_len,
3234 const BIO_ADDR *peer,
3235 const BIO_ADDR *local)
3236 {
3237 int ret = 0;
3238 QCTX ctx;
3239 QUIC_DEMUX *demux;
3240 QUIC_PORT *port;
3241
3242 if (!expect_quic_csl(s, &ctx))
3243 return 0;
3244
3245 qctx_lock(&ctx);
3246
3247 port = ossl_quic_obj_get0_port(ctx.obj);
3248 if (port == NULL) {
3249 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
3250 goto err;
3251 }
3252
3253 demux = ossl_quic_port_get0_demux(port);
3254 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
3255
3256 err:
3257 qctx_unlock(&ctx);
3258 return ret;
3259 }
3260
3261 /*
3262 * SSL_get0_connection
3263 * -------------------
3264 */
ossl_quic_get0_connection(SSL * s)3265 SSL *ossl_quic_get0_connection(SSL *s)
3266 {
3267 QCTX ctx;
3268
3269 if (!expect_quic_cs(s, &ctx))
3270 return NULL;
3271
3272 return &ctx.qc->obj.ssl;
3273 }
3274
3275 /*
3276 * SSL_get0_listener
3277 * -----------------
3278 */
ossl_quic_get0_listener(SSL * s)3279 SSL *ossl_quic_get0_listener(SSL *s)
3280 {
3281 QCTX ctx;
3282
3283 if (!expect_quic_csl(s, &ctx))
3284 return NULL;
3285
3286 return ctx.ql != NULL ? &ctx.ql->obj.ssl : NULL;
3287 }
3288
3289 /*
3290 * SSL_get0_domain
3291 * ---------------
3292 */
ossl_quic_get0_domain(SSL * s)3293 SSL *ossl_quic_get0_domain(SSL *s)
3294 {
3295 QCTX ctx;
3296
3297 if (!expect_quic_any(s, &ctx))
3298 return NULL;
3299
3300 return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL;
3301 }
3302
3303 /*
3304 * SSL_get_domain_flags
3305 * --------------------
3306 */
ossl_quic_get_domain_flags(const SSL * ssl,uint64_t * domain_flags)3307 int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags)
3308 {
3309 QCTX ctx;
3310
3311 if (!expect_quic_any(ssl, &ctx))
3312 return 0;
3313
3314 if (domain_flags != NULL)
3315 *domain_flags = ctx.obj->domain_flags;
3316
3317 return 1;
3318 }
3319
3320 /*
3321 * SSL_get_stream_type
3322 * -------------------
3323 */
ossl_quic_get_stream_type(SSL * s)3324 int ossl_quic_get_stream_type(SSL *s)
3325 {
3326 QCTX ctx;
3327
3328 if (!expect_quic_cs(s, &ctx))
3329 return SSL_STREAM_TYPE_BIDI;
3330
3331 if (ctx.xso == NULL) {
3332 /*
3333 * If deferred XSO creation has yet to occur, proceed according to the
3334 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
3335 * what kind of stream will be created yet, so return BIDI on the basis
3336 * that at this time, the client still has the option of calling
3337 * SSL_read() or SSL_write() first.
3338 */
3339 if (ctx.qc->default_xso_created
3340 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3341 return SSL_STREAM_TYPE_NONE;
3342 else
3343 return SSL_STREAM_TYPE_BIDI;
3344 }
3345
3346 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3347 return SSL_STREAM_TYPE_BIDI;
3348
3349 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3350 return SSL_STREAM_TYPE_READ;
3351 else
3352 return SSL_STREAM_TYPE_WRITE;
3353 }
3354
3355 /*
3356 * SSL_get_stream_id
3357 * -----------------
3358 */
3359 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3360 uint64_t ossl_quic_get_stream_id(SSL *s)
3361 {
3362 QCTX ctx;
3363 uint64_t id;
3364
3365 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3366 return UINT64_MAX;
3367
3368 id = ctx.xso->stream->id;
3369 qctx_unlock(&ctx);
3370
3371 return id;
3372 }
3373
3374 /*
3375 * SSL_is_stream_local
3376 * -------------------
3377 */
3378 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3379 int ossl_quic_is_stream_local(SSL *s)
3380 {
3381 QCTX ctx;
3382 int is_local;
3383
3384 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3385 return -1;
3386
3387 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3388 qctx_unlock(&ctx);
3389
3390 return is_local;
3391 }
3392
3393 /*
3394 * SSL_set_default_stream_mode
3395 * ---------------------------
3396 */
3397 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3398 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3399 {
3400 QCTX ctx;
3401
3402 if (!expect_quic_conn_only(s, &ctx))
3403 return 0;
3404
3405 qctx_lock(&ctx);
3406
3407 if (ctx.qc->default_xso_created) {
3408 qctx_unlock(&ctx);
3409 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3410 "too late to change default stream mode");
3411 }
3412
3413 switch (mode) {
3414 case SSL_DEFAULT_STREAM_MODE_NONE:
3415 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3416 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3417 ctx.qc->default_stream_mode = mode;
3418 break;
3419 default:
3420 qctx_unlock(&ctx);
3421 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3422 "bad default stream type");
3423 }
3424
3425 qctx_unlock(&ctx);
3426 return 1;
3427 }
3428
3429 /*
3430 * SSL_detach_stream
3431 * -----------------
3432 */
3433 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3434 SSL *ossl_quic_detach_stream(SSL *s)
3435 {
3436 QCTX ctx;
3437 QUIC_XSO *xso = NULL;
3438
3439 if (!expect_quic_conn_only(s, &ctx))
3440 return NULL;
3441
3442 qctx_lock(&ctx);
3443
3444 /* Calling this function inhibits default XSO autocreation. */
3445 /* QC ref to any default XSO is transferred to us and to caller. */
3446 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3447
3448 qctx_unlock(&ctx);
3449
3450 return xso != NULL ? &xso->obj.ssl : NULL;
3451 }
3452
3453 /*
3454 * SSL_attach_stream
3455 * -----------------
3456 */
3457 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3458 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3459 {
3460 QCTX ctx;
3461 QUIC_XSO *xso;
3462 int nref;
3463
3464 if (!expect_quic_conn_only(conn, &ctx))
3465 return 0;
3466
3467 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3468 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3469 "stream to attach must be a valid QUIC stream");
3470
3471 xso = (QUIC_XSO *)stream;
3472
3473 qctx_lock(&ctx);
3474
3475 if (ctx.qc->default_xso != NULL) {
3476 qctx_unlock(&ctx);
3477 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3478 "connection already has a default stream");
3479 }
3480
3481 /*
3482 * It is a caller error for the XSO being attached as a default XSO to have
3483 * more than one ref.
3484 */
3485 if (!CRYPTO_GET_REF(&xso->obj.ssl.references, &nref)) {
3486 qctx_unlock(&ctx);
3487 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3488 "ref");
3489 }
3490
3491 if (nref != 1) {
3492 qctx_unlock(&ctx);
3493 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3494 "stream being attached must have "
3495 "only 1 reference");
3496 }
3497
3498 /* Caller's reference to the XSO is transferred to us. */
3499 /* Calling this function inhibits default XSO autocreation. */
3500 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3501
3502 qctx_unlock(&ctx);
3503 return 1;
3504 }
3505
3506 /*
3507 * SSL_set_incoming_stream_policy
3508 * ------------------------------
3509 */
3510 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3511 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3512 {
3513 switch (qc->incoming_stream_policy) {
3514 case SSL_INCOMING_STREAM_POLICY_AUTO:
3515 if ((qc->default_xso == NULL && !qc->default_xso_created)
3516 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3517 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3518 else
3519 return SSL_INCOMING_STREAM_POLICY_REJECT;
3520
3521 default:
3522 return qc->incoming_stream_policy;
3523 }
3524 }
3525
3526 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3527 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3528 {
3529 int policy = qc_get_effective_incoming_stream_policy(qc);
3530 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3531
3532 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3533 enable_reject,
3534 qc->incoming_stream_aec);
3535 }
3536
3537 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3538 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3539 uint64_t aec)
3540 {
3541 int ret = 1;
3542 QCTX ctx;
3543
3544 if (!expect_quic_conn_only(s, &ctx))
3545 return 0;
3546
3547 qctx_lock(&ctx);
3548
3549 switch (policy) {
3550 case SSL_INCOMING_STREAM_POLICY_AUTO:
3551 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3552 case SSL_INCOMING_STREAM_POLICY_REJECT:
3553 ctx.qc->incoming_stream_policy = policy;
3554 ctx.qc->incoming_stream_aec = aec;
3555 break;
3556
3557 default:
3558 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3559 ret = 0;
3560 break;
3561 }
3562
3563 qc_update_reject_policy(ctx.qc);
3564 qctx_unlock(&ctx);
3565 return ret;
3566 }
3567
3568 /*
3569 * SSL_get_value, SSL_set_value
3570 * ----------------------------
3571 */
3572 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3573 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3574 uint64_t *p_value_out, uint64_t *p_value_in)
3575 {
3576 int ret = 0;
3577 uint64_t value_out = 0, value_in;
3578
3579 qctx_lock(ctx);
3580
3581 switch (class_) {
3582 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3583 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3584
3585 if (p_value_in != NULL) {
3586 value_in = *p_value_in;
3587 if (value_in > OSSL_QUIC_VLINT_MAX) {
3588 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3589 NULL);
3590 goto err;
3591 }
3592
3593 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3594 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3595 NULL);
3596 goto err;
3597 }
3598
3599 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3600 }
3601 break;
3602
3603 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3604 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3605 if (p_value_in != NULL) {
3606 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3607 NULL);
3608 goto err;
3609 }
3610
3611 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3612 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3613 NULL);
3614 goto err;
3615 }
3616
3617 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3618 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3619 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3620 break;
3621
3622 default:
3623 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3624 NULL);
3625 goto err;
3626 }
3627
3628 ret = 1;
3629 err:
3630 qctx_unlock(ctx);
3631 if (ret && p_value_out != NULL)
3632 *p_value_out = value_out;
3633
3634 return ret;
3635 }
3636
3637 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3638 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3639 int is_uni, int is_remote,
3640 uint64_t *value)
3641 {
3642 int ret = 0;
3643
3644 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3645 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3646 NULL);
3647 return 0;
3648 }
3649
3650 qctx_lock(ctx);
3651
3652 *value = is_remote
3653 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3654 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3655
3656 ret = 1;
3657 qctx_unlock(ctx);
3658 return ret;
3659 }
3660
3661 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3662 static int qctx_should_autotick(QCTX *ctx)
3663 {
3664 int event_handling_mode;
3665 QUIC_OBJ *obj = ctx->obj;
3666
3667 for (; (event_handling_mode = obj->event_handling_mode) == SSL_VALUE_EVENT_HANDLING_MODE_INHERIT
3668 && obj->parent_obj != NULL; obj = obj->parent_obj);
3669
3670 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3671 }
3672
3673 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3674 static void qctx_maybe_autotick(QCTX *ctx)
3675 {
3676 if (!qctx_should_autotick(ctx))
3677 return;
3678
3679 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx->obj), 0);
3680 }
3681
3682 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3683 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3684 uint64_t *p_value_out,
3685 uint64_t *p_value_in)
3686 {
3687 int ret = 0;
3688 uint64_t value_out = 0;
3689
3690 qctx_lock(ctx);
3691
3692 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3693 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3694 NULL);
3695 goto err;
3696 }
3697
3698 if (p_value_in != NULL) {
3699 switch (*p_value_in) {
3700 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3701 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3702 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3703 break;
3704 default:
3705 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3706 NULL);
3707 goto err;
3708 }
3709
3710 value_out = *p_value_in;
3711 ctx->obj->event_handling_mode = (int)value_out;
3712 } else {
3713 value_out = ctx->obj->event_handling_mode;
3714 }
3715
3716 ret = 1;
3717 err:
3718 qctx_unlock(ctx);
3719 if (ret && p_value_out != NULL)
3720 *p_value_out = value_out;
3721
3722 return ret;
3723 }
3724
3725 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3726 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3727 uint64_t *p_value_out,
3728 size_t (*getter)(QUIC_SSTREAM *sstream))
3729 {
3730 int ret = 0;
3731 size_t value = 0;
3732
3733 qctx_lock(ctx);
3734
3735 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3736 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3737 NULL);
3738 goto err;
3739 }
3740
3741 if (ctx->xso == NULL) {
3742 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3743 goto err;
3744 }
3745
3746 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3747 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3748 goto err;
3749 }
3750
3751 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3752 value = getter(ctx->xso->stream->sstream);
3753
3754 ret = 1;
3755 err:
3756 qctx_unlock(ctx);
3757 *p_value_out = (uint64_t)value;
3758 return ret;
3759 }
3760
3761 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3762 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3763 {
3764 switch (id) {
3765 case SSL_VALUE_EVENT_HANDLING_MODE:
3766 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3767 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3768 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3769 return expect_quic_cs(s, ctx);
3770 default:
3771 return expect_quic_conn_only(s, ctx);
3772 }
3773 }
3774
3775 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3776 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3777 uint64_t *value)
3778 {
3779 QCTX ctx;
3780
3781 if (!expect_quic_for_value(s, &ctx, id))
3782 return 0;
3783
3784 if (value == NULL)
3785 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3786 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3787
3788 switch (id) {
3789 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3790 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3791
3792 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3793 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3794 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3795 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3796 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3797 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3798 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3799 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3800
3801 case SSL_VALUE_EVENT_HANDLING_MODE:
3802 return qc_getset_event_handling(&ctx, class_, value, NULL);
3803
3804 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3805 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3806 ossl_quic_sstream_get_buffer_size);
3807 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3808 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3809 ossl_quic_sstream_get_buffer_used);
3810 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3811 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3812 ossl_quic_sstream_get_buffer_avail);
3813
3814 default:
3815 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3816 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3817 }
3818
3819 return 1;
3820 }
3821
3822 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3823 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3824 uint64_t value)
3825 {
3826 QCTX ctx;
3827
3828 if (!expect_quic_for_value(s, &ctx, id))
3829 return 0;
3830
3831 switch (id) {
3832 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3833 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3834
3835 case SSL_VALUE_EVENT_HANDLING_MODE:
3836 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3837
3838 default:
3839 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3840 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3841 }
3842
3843 return 1;
3844 }
3845
3846 /*
3847 * SSL_accept_stream
3848 * -----------------
3849 */
3850 struct wait_for_incoming_stream_args {
3851 QCTX *ctx;
3852 QUIC_STREAM *qs;
3853 };
3854
3855 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3856 static int wait_for_incoming_stream(void *arg)
3857 {
3858 struct wait_for_incoming_stream_args *args = arg;
3859 QUIC_CONNECTION *qc = args->ctx->qc;
3860 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3861
3862 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3863 /* If connection is torn down due to an error while blocking, stop. */
3864 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3865 return -1;
3866 }
3867
3868 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3869 if (args->qs != NULL)
3870 return 1; /* got a stream */
3871
3872 return 0; /* did not get a stream, keep trying */
3873 }
3874
3875 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3876 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3877 {
3878 QCTX ctx;
3879 int ret;
3880 SSL *new_s = NULL;
3881 QUIC_STREAM_MAP *qsm;
3882 QUIC_STREAM *qs;
3883 QUIC_XSO *xso;
3884 OSSL_RTT_INFO rtt_info;
3885
3886 if (!expect_quic_conn_only(s, &ctx))
3887 return NULL;
3888
3889 qctx_lock(&ctx);
3890
3891 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3892 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3893 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3894 goto out;
3895 }
3896
3897 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3898
3899 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3900 if (qs == NULL) {
3901 if (qctx_blocking(&ctx)
3902 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3903 struct wait_for_incoming_stream_args args;
3904
3905 args.ctx = &ctx;
3906 args.qs = NULL;
3907
3908 ret = block_until_pred(&ctx, wait_for_incoming_stream, &args, 0);
3909 if (ret == 0) {
3910 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3911 goto out;
3912 } else if (ret < 0 || args.qs == NULL) {
3913 goto out;
3914 }
3915
3916 qs = args.qs;
3917 } else {
3918 goto out;
3919 }
3920 }
3921
3922 xso = create_xso_from_stream(ctx.qc, qs);
3923 if (xso == NULL)
3924 goto out;
3925
3926 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3927 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3928 rtt_info.smoothed_rtt);
3929 new_s = &xso->obj.ssl;
3930
3931 /* Calling this function inhibits default XSO autocreation. */
3932 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3933
3934 out:
3935 qctx_unlock(&ctx);
3936 return new_s;
3937 }
3938
3939 /*
3940 * SSL_get_accept_stream_queue_len
3941 * -------------------------------
3942 */
3943 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3944 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3945 {
3946 QCTX ctx;
3947 size_t v;
3948
3949 if (!expect_quic_conn_only(s, &ctx))
3950 return 0;
3951
3952 qctx_lock(&ctx);
3953
3954 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3955
3956 qctx_unlock(&ctx);
3957 return v;
3958 }
3959
3960 /*
3961 * SSL_stream_reset
3962 * ----------------
3963 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3964 int ossl_quic_stream_reset(SSL *ssl,
3965 const SSL_STREAM_RESET_ARGS *args,
3966 size_t args_len)
3967 {
3968 QCTX ctx;
3969 QUIC_STREAM_MAP *qsm;
3970 QUIC_STREAM *qs;
3971 uint64_t error_code;
3972 int ok, err;
3973
3974 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3975 return 0;
3976
3977 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3978 qs = ctx.xso->stream;
3979 error_code = (args != NULL ? args->quic_error_code : 0);
3980
3981 if (!quic_validate_for_write(ctx.xso, &err)) {
3982 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3983 goto err;
3984 }
3985
3986 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3987 if (ok)
3988 ctx.xso->requested_reset = 1;
3989
3990 err:
3991 qctx_unlock(&ctx);
3992 return ok;
3993 }
3994
3995 /*
3996 * SSL_get_stream_read_state
3997 * -------------------------
3998 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)3999 static void quic_classify_stream(QUIC_CONNECTION *qc,
4000 QUIC_STREAM *qs,
4001 int is_write,
4002 int *state,
4003 uint64_t *app_error_code)
4004 {
4005 int local_init;
4006 uint64_t final_size;
4007
4008 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
4009
4010 if (app_error_code != NULL)
4011 *app_error_code = UINT64_MAX;
4012 else
4013 app_error_code = &final_size; /* throw away value */
4014
4015 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
4016 /*
4017 * Unidirectional stream and this direction of transmission doesn't
4018 * exist.
4019 */
4020 *state = SSL_STREAM_STATE_WRONG_DIR;
4021 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
4022 /* Connection already closed. */
4023 *state = SSL_STREAM_STATE_CONN_CLOSED;
4024 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
4025 /* Application has read a FIN. */
4026 *state = SSL_STREAM_STATE_FINISHED;
4027 } else if ((!is_write && qs->stop_sending)
4028 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
4029 /*
4030 * Stream has been reset locally. FIN takes precedence over this for the
4031 * read case as the application need not care if the stream is reset
4032 * after a FIN has been successfully processed.
4033 */
4034 *state = SSL_STREAM_STATE_RESET_LOCAL;
4035 *app_error_code = !is_write
4036 ? qs->stop_sending_aec
4037 : qs->reset_stream_aec;
4038 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
4039 || (is_write && qs->peer_stop_sending)) {
4040 /*
4041 * Stream has been reset remotely. */
4042 *state = SSL_STREAM_STATE_RESET_REMOTE;
4043 *app_error_code = !is_write
4044 ? qs->peer_reset_stream_aec
4045 : qs->peer_stop_sending_aec;
4046 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
4047 &final_size)) {
4048 /*
4049 * Stream has been finished. Stream reset takes precedence over this for
4050 * the write case as peer may not have received all data.
4051 */
4052 *state = SSL_STREAM_STATE_FINISHED;
4053 } else {
4054 /* Stream still healthy. */
4055 *state = SSL_STREAM_STATE_OK;
4056 }
4057 }
4058
quic_get_stream_state(SSL * ssl,int is_write)4059 static int quic_get_stream_state(SSL *ssl, int is_write)
4060 {
4061 QCTX ctx;
4062 int state;
4063
4064 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4065 return SSL_STREAM_STATE_NONE;
4066
4067 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
4068 qctx_unlock(&ctx);
4069 return state;
4070 }
4071
ossl_quic_get_stream_read_state(SSL * ssl)4072 int ossl_quic_get_stream_read_state(SSL *ssl)
4073 {
4074 return quic_get_stream_state(ssl, /*is_write=*/0);
4075 }
4076
4077 /*
4078 * SSL_get_stream_write_state
4079 * --------------------------
4080 */
ossl_quic_get_stream_write_state(SSL * ssl)4081 int ossl_quic_get_stream_write_state(SSL *ssl)
4082 {
4083 return quic_get_stream_state(ssl, /*is_write=*/1);
4084 }
4085
4086 /*
4087 * SSL_get_stream_read_error_code
4088 * ------------------------------
4089 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)4090 static int quic_get_stream_error_code(SSL *ssl, int is_write,
4091 uint64_t *app_error_code)
4092 {
4093 QCTX ctx;
4094 int state;
4095
4096 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4097 return -1;
4098
4099 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
4100 &state, app_error_code);
4101
4102 qctx_unlock(&ctx);
4103 switch (state) {
4104 case SSL_STREAM_STATE_FINISHED:
4105 return 0;
4106 case SSL_STREAM_STATE_RESET_LOCAL:
4107 case SSL_STREAM_STATE_RESET_REMOTE:
4108 return 1;
4109 default:
4110 return -1;
4111 }
4112 }
4113
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)4114 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
4115 {
4116 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
4117 }
4118
4119 /*
4120 * SSL_get_stream_write_error_code
4121 * -------------------------------
4122 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)4123 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
4124 {
4125 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
4126 }
4127
4128 /*
4129 * Write buffer size mutation
4130 * --------------------------
4131 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)4132 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
4133 {
4134 int ret = 0;
4135 QCTX ctx;
4136
4137 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4138 return 0;
4139
4140 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
4141 /* Called on a unidirectional receive-only stream - error. */
4142 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
4143 goto out;
4144 }
4145
4146 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
4147 /*
4148 * If the stream has a send part but we have disposed of it because we
4149 * no longer need it, this is a no-op.
4150 */
4151 ret = 1;
4152 goto out;
4153 }
4154
4155 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
4156 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
4157 goto out;
4158 }
4159
4160 ret = 1;
4161
4162 out:
4163 qctx_unlock(&ctx);
4164 return ret;
4165 }
4166
4167 /*
4168 * SSL_get_conn_close_info
4169 * -----------------------
4170 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)4171 int ossl_quic_get_conn_close_info(SSL *ssl,
4172 SSL_CONN_CLOSE_INFO *info,
4173 size_t info_len)
4174 {
4175 QCTX ctx;
4176 const QUIC_TERMINATE_CAUSE *tc;
4177
4178 if (!expect_quic_conn_only(ssl, &ctx))
4179 return -1;
4180
4181 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
4182 if (tc == NULL)
4183 return 0;
4184
4185 info->error_code = tc->error_code;
4186 info->frame_type = tc->frame_type;
4187 info->reason = tc->reason;
4188 info->reason_len = tc->reason_len;
4189 info->flags = 0;
4190 if (!tc->remote)
4191 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
4192 if (!tc->app)
4193 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
4194 return 1;
4195 }
4196
4197 /*
4198 * SSL_key_update
4199 * --------------
4200 */
ossl_quic_key_update(SSL * ssl,int update_type)4201 int ossl_quic_key_update(SSL *ssl, int update_type)
4202 {
4203 QCTX ctx;
4204
4205 if (!expect_quic_conn_only(ssl, &ctx))
4206 return 0;
4207
4208 switch (update_type) {
4209 case SSL_KEY_UPDATE_NOT_REQUESTED:
4210 /*
4211 * QUIC signals peer key update implicily by triggering a local
4212 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
4213 */
4214 case SSL_KEY_UPDATE_REQUESTED:
4215 break;
4216
4217 default:
4218 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4219 return 0;
4220 }
4221
4222 qctx_lock(&ctx);
4223
4224 /* Attempt to perform a TXKU. */
4225 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
4226 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
4227 qctx_unlock(&ctx);
4228 return 0;
4229 }
4230
4231 qctx_unlock(&ctx);
4232 return 1;
4233 }
4234
4235 /*
4236 * SSL_get_key_update_type
4237 * -----------------------
4238 */
ossl_quic_get_key_update_type(const SSL * s)4239 int ossl_quic_get_key_update_type(const SSL *s)
4240 {
4241 /*
4242 * We always handle key updates immediately so a key update is never
4243 * pending.
4244 */
4245 return SSL_KEY_UPDATE_NONE;
4246 }
4247
4248 /**
4249 * @brief Allocates an SSL object for a user from a QUIC channel.
4250 *
4251 * This function creates a new QUIC_CONNECTION object based on an incoming
4252 * connection associated with the provided QUIC_LISTENER. If the connection
4253 * creation fails, the function returns NULL. Otherwise, it returns a pointer
4254 * to the SSL object associated with the newly created connection.
4255 *
4256 * Note: This function is a registered port callback made from
4257 * ossl_quic_new_listener and ossl_quic_new_listener_from, and allows for
4258 * pre-allocation of the user_ssl object when a channel is created, rather than
4259 * when it is accepted
4260 *
4261 * @param ch Pointer to the QUIC_CHANNEL representing the incoming connection.
4262 * @param arg Pointer to a QUIC_LISTENER used to create the connection.
4263 *
4264 * @return Pointer to the SSL object on success, or NULL on failure.
4265 */
alloc_port_user_ssl(QUIC_CHANNEL * ch,void * arg)4266 static SSL *alloc_port_user_ssl(QUIC_CHANNEL *ch, void *arg)
4267 {
4268 QUIC_LISTENER *ql = arg;
4269 QUIC_CONNECTION *qc = create_qc_from_incoming_conn(ql, ch);
4270
4271 return (qc == NULL) ? NULL : &qc->obj.ssl;
4272 }
4273
4274 /*
4275 * QUIC Front-End I/O API: Listeners
4276 * =================================
4277 */
4278
4279 /*
4280 * SSL_new_listener
4281 * ----------------
4282 */
ossl_quic_new_listener(SSL_CTX * ctx,uint64_t flags)4283 SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags)
4284 {
4285 QUIC_LISTENER *ql = NULL;
4286 QUIC_ENGINE_ARGS engine_args = {0};
4287 QUIC_PORT_ARGS port_args = {0};
4288
4289 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4290 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4291 goto err;
4292 }
4293
4294 #if defined(OPENSSL_THREADS)
4295 if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) {
4296 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4297 goto err;
4298 }
4299 #endif
4300
4301 engine_args.libctx = ctx->libctx;
4302 engine_args.propq = ctx->propq;
4303 #if defined(OPENSSL_THREADS)
4304 engine_args.mutex = ql->mutex;
4305 #endif
4306
4307 if (need_notifier_for_domain_flags(ctx->domain_flags))
4308 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
4309
4310 if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
4311 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4312 goto err;
4313 }
4314
4315 port_args.channel_ctx = ctx;
4316 port_args.is_multi_conn = 1;
4317 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4318 port_args.user_ssl_arg = ql;
4319 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4320 port_args.do_addr_validation = 1;
4321 ql->port = ossl_quic_engine_create_port(ql->engine, &port_args);
4322 if (ql->port == NULL) {
4323 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4324 goto err;
4325 }
4326
4327 /* TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT */
4328
4329 ossl_quic_port_set_allow_incoming(ql->port, 1);
4330
4331 /* Initialise the QUIC_LISTENER's object header. */
4332 if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL,
4333 ql->engine, ql->port))
4334 goto err;
4335
4336 return &ql->obj.ssl;
4337
4338 err:
4339 if (ql != NULL)
4340 ossl_quic_engine_free(ql->engine);
4341
4342 #if defined(OPENSSL_THREADS)
4343 ossl_crypto_mutex_free(&ql->mutex);
4344 #endif
4345 OPENSSL_free(ql);
4346 return NULL;
4347 }
4348
4349 /*
4350 * SSL_new_listener_from
4351 * ---------------------
4352 */
ossl_quic_new_listener_from(SSL * ssl,uint64_t flags)4353 SSL *ossl_quic_new_listener_from(SSL *ssl, uint64_t flags)
4354 {
4355 QCTX ctx;
4356 QUIC_LISTENER *ql = NULL;
4357 QUIC_PORT_ARGS port_args = {0};
4358
4359 if (!expect_quic_domain(ssl, &ctx))
4360 return NULL;
4361
4362 if (!SSL_up_ref(&ctx.qd->obj.ssl))
4363 return NULL;
4364
4365 qctx_lock(&ctx);
4366
4367 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4369 goto err;
4370 }
4371
4372 port_args.channel_ctx = ssl->ctx;
4373 port_args.is_multi_conn = 1;
4374 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4375 port_args.user_ssl_arg = ql;
4376 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4377 port_args.do_addr_validation = 1;
4378 ql->port = ossl_quic_engine_create_port(ctx.qd->engine, &port_args);
4379 if (ql->port == NULL) {
4380 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4381 goto err;
4382 }
4383
4384 ql->domain = ctx.qd;
4385 ql->engine = ctx.qd->engine;
4386 #if defined(OPENSSL_THREADS)
4387 ql->mutex = ctx.qd->mutex;
4388 #endif
4389
4390 /*
4391 * TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT
4392 * Given that we have apis to create client SSL objects from
4393 * server SSL objects (see SSL_new_from_listener), we have aspirations
4394 * to enable a flag that allows for the creation of the latter, but not
4395 * be used to do accept any connections. This is a placeholder for the
4396 * implementation of that flag
4397 */
4398
4399 ossl_quic_port_set_allow_incoming(ql->port, 1);
4400
4401 /* Initialise the QUIC_LISTENER's object header. */
4402 if (!ossl_quic_obj_init(&ql->obj, ssl->ctx, SSL_TYPE_QUIC_LISTENER,
4403 &ctx.qd->obj.ssl, NULL, ql->port))
4404 goto err;
4405
4406 qctx_unlock(&ctx);
4407 return &ql->obj.ssl;
4408
4409 err:
4410 if (ql != NULL)
4411 ossl_quic_port_free(ql->port);
4412
4413 OPENSSL_free(ql);
4414 qctx_unlock(&ctx);
4415 SSL_free(&ctx.qd->obj.ssl);
4416
4417 return NULL;
4418 }
4419
4420 /*
4421 * SSL_new_from_listener
4422 * ---------------------
4423 * code here is derived from ossl_quic_new(). The `ssl` argument is
4424 * a listener object which already comes with QUIC port/engine. The newly
4425 * created QUIC connection object (QCSO) is going to share the port/engine
4426 * with listener (`ssl`). The `ssl` also becomes a parent of QCSO created
4427 * by this function. The caller uses QCSO instance to connect to
4428 * remote QUIC server.
4429 *
4430 * The QCSO created here requires us to also create a channel so we
4431 * can connect to remote server.
4432 */
ossl_quic_new_from_listener(SSL * ssl,uint64_t flags)4433 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
4434 {
4435 QCTX ctx;
4436 QUIC_CONNECTION *qc = NULL;
4437 QUIC_LISTENER *ql;
4438 SSL_CONNECTION *sc = NULL;
4439
4440 if (flags != 0)
4441 return NULL;
4442
4443 if (!expect_quic_listener(ssl, &ctx))
4444 return NULL;
4445
4446 if (!SSL_up_ref(&ctx.ql->obj.ssl))
4447 return NULL;
4448
4449 qctx_lock(&ctx);
4450
4451 ql = ctx.ql;
4452
4453 /*
4454 * listeners (server) contexts don't typically
4455 * allocate a token cache because they don't need
4456 * to store them, but here we are using a server side
4457 * ctx as a client, so we should allocate one now
4458 */
4459 if (ssl->ctx->tokencache == NULL)
4460 if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL)
4461 goto err;
4462
4463 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4464 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4465 goto err;
4466 }
4467
4468 /*
4469 * NOTE: setting a listener here is needed so `qc_cleanup()` does the right
4470 * thing. Setting listener to ql avoids premature destruction of port in
4471 * qc_cleanup()
4472 */
4473 qc->listener = ql;
4474 qc->engine = ql->engine;
4475 qc->port = ql->port;
4476 /* create channel */
4477 #if defined(OPENSSL_THREADS)
4478 /* this is the engine mutex */
4479 qc->mutex = ql->mutex;
4480 #endif
4481 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
4482 qc->is_thread_assisted
4483 = ((ql->obj.domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
4484 #endif
4485
4486 /* Create the handshake layer. */
4487 qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, NULL, TLS_method());
4488 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
4489 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4490 goto err;
4491 }
4492 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
4493
4494 qc->default_ssl_options = OSSL_QUIC_PERMITTED_OPTIONS;
4495 qc->last_error = SSL_ERROR_NONE;
4496
4497 /*
4498 * This is QCSO, we don't expect to accept connections
4499 * on success the channel assumes ownership of tls, we need
4500 * to grab reference for qc.
4501 */
4502 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
4503
4504 ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl);
4505 ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg);
4506
4507 /*
4508 * We deliberately pass NULL for engine and port, because we don't want to
4509 * to turn QCSO we create here into an event leader, nor port leader.
4510 * Both those roles are occupied already by listener (`ssl`) we use
4511 * to create a new QCSO here.
4512 */
4513 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4514 SSL_TYPE_QUIC_CONNECTION,
4515 &ql->obj.ssl, NULL, NULL)) {
4516 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4517 goto err;
4518 }
4519
4520 /* Initialise libssl APL-related state. */
4521 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4522 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
4523 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4524 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4525 qc->last_error = SSL_ERROR_NONE;
4526
4527 qc_update_reject_policy(qc);
4528
4529 qctx_unlock(&ctx);
4530
4531 return &qc->obj.ssl;
4532
4533 err:
4534 if (qc != NULL) {
4535 qc_cleanup(qc, /* have_lock= */ 0);
4536 OPENSSL_free(qc);
4537 }
4538 qctx_unlock(&ctx);
4539 SSL_free(&ctx.ql->obj.ssl);
4540
4541 return NULL;
4542 }
4543
4544 /*
4545 * SSL_listen
4546 * ----------
4547 */
4548 QUIC_NEEDS_LOCK
ql_listen(QUIC_LISTENER * ql)4549 static int ql_listen(QUIC_LISTENER *ql)
4550 {
4551 if (ql->listening)
4552 return 1;
4553
4554 ossl_quic_port_set_allow_incoming(ql->port, 1);
4555 ql->listening = 1;
4556 return 1;
4557 }
4558
4559 QUIC_TAKES_LOCK
ossl_quic_listen(SSL * ssl)4560 int ossl_quic_listen(SSL *ssl)
4561 {
4562 QCTX ctx;
4563 int ret;
4564
4565 if (!expect_quic_listener(ssl, &ctx))
4566 return 0;
4567
4568 qctx_lock_for_io(&ctx);
4569
4570 ret = ql_listen(ctx.ql);
4571
4572 qctx_unlock(&ctx);
4573 return ret;
4574 }
4575
4576 /*
4577 * SSL_accept_connection
4578 * ---------------------
4579 */
quic_accept_connection_wait(void * arg)4580 static int quic_accept_connection_wait(void *arg)
4581 {
4582 QUIC_PORT *port = arg;
4583
4584 if (!ossl_quic_port_is_running(port))
4585 return -1;
4586
4587 if (ossl_quic_port_have_incoming(port))
4588 return 1;
4589
4590 return 0;
4591 }
4592
4593 QUIC_TAKES_LOCK
ossl_quic_accept_connection(SSL * ssl,uint64_t flags)4594 SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
4595 {
4596 int ret;
4597 QCTX ctx;
4598 SSL *conn_ssl = NULL;
4599 SSL_CONNECTION *conn = NULL;
4600 QUIC_CHANNEL *new_ch = NULL;
4601 QUIC_CONNECTION *qc;
4602 int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
4603
4604 if (!expect_quic_listener(ssl, &ctx))
4605 return NULL;
4606
4607 qctx_lock_for_io(&ctx);
4608
4609 if (!ql_listen(ctx.ql))
4610 goto out;
4611
4612 /* Wait for an incoming connection if needed. */
4613 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4614 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4615 if (!no_block && qctx_blocking(&ctx)) {
4616 ret = block_until_pred(&ctx, quic_accept_connection_wait,
4617 ctx.ql->port, 0);
4618 if (ret < 1)
4619 goto out;
4620 } else {
4621 qctx_maybe_autotick(&ctx);
4622 }
4623
4624 if (!ossl_quic_port_is_running(ctx.ql->port))
4625 goto out;
4626
4627 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4628 }
4629
4630 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4631 /* No connections already queued. */
4632 ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0);
4633
4634 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4635 }
4636
4637 /*
4638 * port_make_channel pre-allocates our user_ssl for us for each newly
4639 * created channel, so once we pop the new channel from the port above
4640 * we just need to extract it
4641 */
4642 if (new_ch == NULL
4643 || (conn_ssl = ossl_quic_channel_get0_tls(new_ch)) == NULL
4644 || (conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) == NULL
4645 || (conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) == NULL)
4646 goto out;
4647 qc = (QUIC_CONNECTION *)conn_ssl;
4648 qc->listener = ctx.ql;
4649 qc->pending = 0;
4650 if (!SSL_up_ref(&ctx.ql->obj.ssl)) {
4651 SSL_free(conn_ssl);
4652 SSL_free(ossl_quic_channel_get0_tls(new_ch));
4653 conn_ssl = NULL;
4654 }
4655
4656 out:
4657 qctx_unlock(&ctx);
4658 return conn_ssl;
4659 }
4660
create_qc_from_incoming_conn(QUIC_LISTENER * ql,QUIC_CHANNEL * ch)4661 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch)
4662 {
4663 QUIC_CONNECTION *qc = NULL;
4664
4665 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4666 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4667 goto err;
4668 }
4669
4670 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4671 SSL_TYPE_QUIC_CONNECTION,
4672 &ql->obj.ssl, NULL, NULL)) {
4673 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4674 goto err;
4675 }
4676
4677 ossl_quic_channel_get_peer_addr(ch, &qc->init_peer_addr); /* best effort */
4678 qc->pending = 1;
4679 qc->engine = ql->engine;
4680 qc->port = ql->port;
4681 qc->ch = ch;
4682 #if defined(OPENSSL_THREADS)
4683 qc->mutex = ql->mutex;
4684 #endif
4685 qc->tls = ossl_quic_channel_get0_tls(ch);
4686 qc->started = 1;
4687 qc->as_server = 1;
4688 qc->as_server_state = 1;
4689 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4690 qc->default_ssl_options = ql->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4691 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4692 qc->last_error = SSL_ERROR_NONE;
4693 qc_update_reject_policy(qc);
4694 return qc;
4695
4696 err:
4697 OPENSSL_free(qc);
4698 return NULL;
4699 }
4700
4701 DEFINE_LHASH_OF_EX(QUIC_TOKEN);
4702
4703 struct ssl_token_store_st {
4704 LHASH_OF(QUIC_TOKEN) *cache;
4705 CRYPTO_REF_COUNT references;
4706 CRYPTO_MUTEX *mutex;
4707 };
4708
quic_token_hash(const QUIC_TOKEN * item)4709 static unsigned long quic_token_hash(const QUIC_TOKEN *item)
4710 {
4711 return (unsigned long)ossl_fnv1a_hash(item->hashkey, item->hashkey_len);
4712 }
4713
quic_token_cmp(const QUIC_TOKEN * a,const QUIC_TOKEN * b)4714 static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b)
4715 {
4716 if (a->hashkey_len != b->hashkey_len)
4717 return 1;
4718 return memcmp(a->hashkey, b->hashkey, a->hashkey_len);
4719 }
4720
ossl_quic_new_token_store(void)4721 SSL_TOKEN_STORE *ossl_quic_new_token_store(void)
4722 {
4723 int ok = 0;
4724 SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE));
4725
4726 if (newcache == NULL)
4727 goto out;
4728
4729 newcache->cache = lh_QUIC_TOKEN_new(quic_token_hash, quic_token_cmp);
4730 if (newcache->cache == NULL)
4731 goto out;
4732
4733 #if defined(OPENSSL_THREADS)
4734 if ((newcache->mutex = ossl_crypto_mutex_new()) == NULL)
4735 goto out;
4736 #endif
4737
4738 if (!CRYPTO_NEW_REF(&newcache->references, 1))
4739 goto out;
4740
4741 ok = 1;
4742 out:
4743 if (!ok) {
4744 ossl_quic_free_token_store(newcache);
4745 newcache = NULL;
4746 }
4747 return newcache;
4748 }
4749
free_this_token(QUIC_TOKEN * tok)4750 static void free_this_token(QUIC_TOKEN *tok)
4751 {
4752 ossl_quic_free_peer_token(tok);
4753 }
4754
ossl_quic_free_token_store(SSL_TOKEN_STORE * hdl)4755 void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl)
4756 {
4757 int refs;
4758
4759 if (hdl == NULL)
4760 return;
4761
4762 if (!CRYPTO_DOWN_REF(&hdl->references, &refs))
4763 return;
4764
4765 if (refs > 0)
4766 return;
4767
4768 /* last reference, we can clean up */
4769 ossl_crypto_mutex_free(&hdl->mutex);
4770 lh_QUIC_TOKEN_doall(hdl->cache, free_this_token);
4771 lh_QUIC_TOKEN_free(hdl->cache);
4772 OPENSSL_free(hdl);
4773 return;
4774 }
4775
4776 /**
4777 * @brief build a new QUIC_TOKEN
4778 *
4779 * This function creates a new token storage structure for saving in our
4780 * tokencache
4781 *
4782 * In an effort to make allocation and freeing of these tokens a bit faster
4783 * We do them in a single allocation in this format
4784 * +---------------+ --\
4785 * | hashkey * |---| |
4786 * | hashkey_len | | | QUIC_TOKEN
4787 * | token * |---|--| |
4788 * | token_len | | | |
4789 * +---------------+<--| | --/
4790 * | hashkey buf | |
4791 * | | |
4792 * |---------------|<-----|
4793 * | token buf |
4794 * | |
4795 * +---------------+
4796 *
4797 * @param peer - the peer address that sent the token
4798 * @param token - the buffer holding the token
4799 * @param token_len - the size of token
4800 *
4801 * @returns a QUIC_TOKEN pointer or NULL on error
4802 */
ossl_quic_build_new_token(BIO_ADDR * peer,uint8_t * token,size_t token_len)4803 static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token,
4804 size_t token_len)
4805 {
4806 QUIC_TOKEN *new_token;
4807 size_t hashkey_len = 0;
4808 size_t addr_len = 0;
4809 int family;
4810 unsigned short port;
4811 int *famptr;
4812 unsigned short *portptr;
4813 uint8_t *addrptr;
4814
4815 if ((token != NULL && token_len == 0) || (token == NULL && token_len != 0))
4816 return NULL;
4817
4818 if (!BIO_ADDR_rawaddress(peer, NULL, &addr_len))
4819 return NULL;
4820 family = BIO_ADDR_family(peer);
4821 port = BIO_ADDR_rawport(peer);
4822
4823 hashkey_len += sizeof(int); /* hashkey(family) */
4824 hashkey_len += sizeof(unsigned short); /* hashkey(port) */
4825 hashkey_len += addr_len; /* hashkey(address) */
4826
4827 new_token = OPENSSL_zalloc(sizeof(QUIC_TOKEN) + hashkey_len + token_len);
4828 if (new_token == NULL)
4829 return NULL;
4830
4831 if (!CRYPTO_NEW_REF(&new_token->references, 1)) {
4832 OPENSSL_free(new_token);
4833 return NULL;
4834 }
4835
4836 new_token->hashkey_len = hashkey_len;
4837 /* hashkey is allocated inline, immediately after the QUIC_TOKEN struct */
4838 new_token->hashkey = (uint8_t *)(new_token + 1);
4839 /* token buffer follows the hashkey in the inline allocation */
4840 new_token->token = new_token->hashkey + hashkey_len;
4841 new_token->token_len = token_len;
4842 famptr = (int *)new_token->hashkey;
4843 portptr = (unsigned short *)(famptr + 1);
4844 addrptr = (uint8_t *)(portptr + 1);
4845 *famptr = family;
4846 *portptr = port;
4847 if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) {
4848 ossl_quic_free_peer_token(new_token);
4849 return NULL;
4850 }
4851 if (token != NULL)
4852 memcpy(new_token->token, token, token_len);
4853 return new_token;
4854 }
4855
ossl_quic_set_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,const uint8_t * token,size_t token_len)4856 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4857 const uint8_t *token, size_t token_len)
4858 {
4859 SSL_TOKEN_STORE *c = ctx->tokencache;
4860 QUIC_TOKEN *tok, *old = NULL;
4861
4862 if (ctx->tokencache == NULL)
4863 return 0;
4864
4865 tok = ossl_quic_build_new_token(peer, (uint8_t *)token, token_len);
4866 if (tok == NULL)
4867 return 0;
4868
4869 /* we might be sharing this cache, lock it */
4870 ossl_crypto_mutex_lock(c->mutex);
4871
4872 old = lh_QUIC_TOKEN_retrieve(c->cache, tok);
4873 if (old != NULL) {
4874 lh_QUIC_TOKEN_delete(c->cache, old);
4875 ossl_quic_free_peer_token(old);
4876 }
4877 lh_QUIC_TOKEN_insert(c->cache, tok);
4878
4879 ossl_crypto_mutex_unlock(c->mutex);
4880 return 1;
4881 }
4882
ossl_quic_get_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,QUIC_TOKEN ** token)4883 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4884 QUIC_TOKEN **token)
4885 {
4886 SSL_TOKEN_STORE *c = ctx->tokencache;
4887 QUIC_TOKEN *key = NULL;
4888 QUIC_TOKEN *tok = NULL;
4889 int ret;
4890 int rc = 0;
4891
4892 if (c == NULL)
4893 return 0;
4894
4895 key = ossl_quic_build_new_token(peer, NULL, 0);
4896 if (key == NULL)
4897 return 0;
4898
4899 ossl_crypto_mutex_lock(c->mutex);
4900 tok = lh_QUIC_TOKEN_retrieve(c->cache, key);
4901 if (tok != NULL) {
4902 *token = tok;
4903 CRYPTO_UP_REF(&tok->references, &ret);
4904 rc = 1;
4905 }
4906
4907 ossl_crypto_mutex_unlock(c->mutex);
4908 ossl_quic_free_peer_token(key);
4909 return rc;
4910 }
4911
ossl_quic_free_peer_token(QUIC_TOKEN * token)4912 void ossl_quic_free_peer_token(QUIC_TOKEN *token)
4913 {
4914 int refs = 0;
4915
4916 if (!CRYPTO_DOWN_REF(&token->references, &refs))
4917 return;
4918
4919 if (refs > 0)
4920 return;
4921
4922 CRYPTO_FREE_REF(&token->references);
4923 OPENSSL_free(token);
4924 }
4925
4926 /*
4927 * SSL_get_accept_connection_queue_len
4928 * -----------------------------------
4929 */
4930 QUIC_TAKES_LOCK
ossl_quic_get_accept_connection_queue_len(SSL * ssl)4931 size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl)
4932 {
4933 QCTX ctx;
4934 int ret;
4935
4936 if (!expect_quic_listener(ssl, &ctx))
4937 return 0;
4938
4939 qctx_lock(&ctx);
4940
4941 ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port);
4942
4943 qctx_unlock(&ctx);
4944 return ret;
4945 }
4946
4947 /*
4948 * QUIC Front-End I/O API: Domains
4949 * ===============================
4950 */
4951
4952 /*
4953 * SSL_new_domain
4954 * --------------
4955 */
ossl_quic_new_domain(SSL_CTX * ctx,uint64_t flags)4956 SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags)
4957 {
4958 QUIC_DOMAIN *qd = NULL;
4959 QUIC_ENGINE_ARGS engine_args = {0};
4960 uint64_t domain_flags;
4961
4962 domain_flags = ctx->domain_flags;
4963 if ((flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD
4964 | SSL_DOMAIN_FLAG_MULTI_THREAD
4965 | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0)
4966 domain_flags = flags;
4967 else
4968 domain_flags = ctx->domain_flags | flags;
4969
4970 if (!ossl_adjust_domain_flags(domain_flags, &domain_flags))
4971 return NULL;
4972
4973 if ((qd = OPENSSL_zalloc(sizeof(*qd))) == NULL) {
4974 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4975 return NULL;
4976 }
4977
4978 #if defined(OPENSSL_THREADS)
4979 if ((qd->mutex = ossl_crypto_mutex_new()) == NULL) {
4980 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4981 goto err;
4982 }
4983 #endif
4984
4985 engine_args.libctx = ctx->libctx;
4986 engine_args.propq = ctx->propq;
4987 #if defined(OPENSSL_THREADS)
4988 engine_args.mutex = qd->mutex;
4989 #endif
4990
4991 if (need_notifier_for_domain_flags(domain_flags))
4992 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
4993
4994 if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
4995 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4996 goto err;
4997 }
4998
4999 /* Initialise the QUIC_DOMAIN's object header. */
5000 if (!ossl_quic_obj_init(&qd->obj, ctx, SSL_TYPE_QUIC_DOMAIN, NULL,
5001 qd->engine, NULL))
5002 goto err;
5003
5004 ossl_quic_obj_set_domain_flags(&qd->obj, domain_flags);
5005 return &qd->obj.ssl;
5006
5007 err:
5008 ossl_quic_engine_free(qd->engine);
5009 #if defined(OPENSSL_THREADS)
5010 ossl_crypto_mutex_free(&qd->mutex);
5011 #endif
5012 OPENSSL_free(qd);
5013 return NULL;
5014 }
5015
5016 /*
5017 * QUIC Front-End I/O API: SSL_CTX Management
5018 * ==========================================
5019 */
5020
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)5021 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
5022 {
5023 switch (cmd) {
5024 default:
5025 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
5026 }
5027 }
5028
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))5029 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
5030 {
5031 QCTX ctx;
5032
5033 if (!expect_quic_conn_only(s, &ctx))
5034 return 0;
5035
5036 switch (cmd) {
5037 case SSL_CTRL_SET_MSG_CALLBACK:
5038 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
5039 &ctx.qc->obj.ssl);
5040 /* This callback also needs to be set on the internal SSL object */
5041 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
5042
5043 default:
5044 /* Probably a TLS related ctrl. Defer to our internal SSL object */
5045 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
5046 }
5047 }
5048
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))5049 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
5050 {
5051 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
5052 }
5053
ossl_quic_renegotiate_check(SSL * ssl,int initok)5054 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
5055 {
5056 /* We never do renegotiation. */
5057 return 0;
5058 }
5059
ossl_quic_get_cipher_by_char(const unsigned char * p)5060 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
5061 {
5062 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
5063
5064 if ((ciph->algorithm2 & SSL_QUIC) == 0)
5065 return NULL;
5066
5067 return ciph;
5068 }
5069
5070 /*
5071 * These functions define the TLSv1.2 (and below) ciphers that are supported by
5072 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
5073 */
5074
ossl_quic_num_ciphers(void)5075 int ossl_quic_num_ciphers(void)
5076 {
5077 return 0;
5078 }
5079
ossl_quic_get_cipher(unsigned int u)5080 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
5081 {
5082 return NULL;
5083 }
5084
5085 /*
5086 * SSL_get_shutdown()
5087 * ------------------
5088 */
ossl_quic_get_shutdown(const SSL * s)5089 int ossl_quic_get_shutdown(const SSL *s)
5090 {
5091 QCTX ctx;
5092 int shut = 0;
5093
5094 if (!expect_quic_conn_only(s, &ctx))
5095 return 0;
5096
5097 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
5098 shut |= SSL_SENT_SHUTDOWN;
5099 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
5100 shut |= SSL_RECEIVED_SHUTDOWN;
5101 }
5102
5103 return shut;
5104 }
5105
5106 /*
5107 * QUIC Polling Support APIs
5108 * =========================
5109 */
5110
5111 /* Do we have the R (read) condition? */
5112 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)5113 static int test_poll_event_r(QUIC_XSO *xso)
5114 {
5115 int fin = 0;
5116 size_t avail = 0;
5117
5118 /*
5119 * If a stream has had the fin bit set on the last packet
5120 * received, then we need to return a 1 here to raise
5121 * SSL_POLL_EVENT_R, so that the stream can have its completion
5122 * detected and closed gracefully by an application.
5123 * However, if the client reads the data via SSL_read[_ex], that api
5124 * provides no stream status, and as a result the stream state moves to
5125 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which
5126 * stored the fin state, so its not directly know-able here. Instead
5127 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which
5128 * is only set if the last stream frame received had the fin bit set, and
5129 * the client read the data. This catches our poll/read/poll case
5130 */
5131 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ)
5132 return 1;
5133
5134 return ossl_quic_stream_has_recv_buffer(xso->stream)
5135 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
5136 && (avail > 0 || (fin && !xso->retired_fin));
5137 }
5138
5139 /* Do we have the ER (exception: read) condition? */
5140 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)5141 static int test_poll_event_er(QUIC_XSO *xso)
5142 {
5143 return ossl_quic_stream_has_recv(xso->stream)
5144 && ossl_quic_stream_recv_is_reset(xso->stream)
5145 && !xso->retired_fin;
5146 }
5147
5148 /* Do we have the W (write) condition? */
5149 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)5150 static int test_poll_event_w(QUIC_XSO *xso)
5151 {
5152 return !xso->conn->shutting_down
5153 && ossl_quic_stream_has_send_buffer(xso->stream)
5154 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
5155 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
5156 && ossl_quic_txfc_get_cwm(&xso->stream->txfc)
5157 > ossl_quic_sstream_get_cur_size(xso->stream->sstream)
5158 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
5159 }
5160
5161 /* Do we have the EW (exception: write) condition? */
5162 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)5163 static int test_poll_event_ew(QUIC_XSO *xso)
5164 {
5165 return ossl_quic_stream_has_send(xso->stream)
5166 && xso->stream->peer_stop_sending
5167 && !xso->requested_reset
5168 && !xso->conn->shutting_down;
5169 }
5170
5171 /* Do we have the EC (exception: connection) condition? */
5172 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)5173 static int test_poll_event_ec(QUIC_CONNECTION *qc)
5174 {
5175 return ossl_quic_channel_is_term_any(qc->ch);
5176 }
5177
5178 /* Do we have the ECD (exception: connection drained) condition? */
5179 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)5180 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
5181 {
5182 return ossl_quic_channel_is_terminated(qc->ch);
5183 }
5184
5185 /* Do we have the IS (incoming: stream) condition? */
5186 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)5187 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
5188 {
5189 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
5190 is_uni);
5191 }
5192
5193 /* Do we have the OS (outgoing: stream) condition? */
5194 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)5195 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
5196 {
5197 /* Is it currently possible for us to make an outgoing stream? */
5198 return quic_mutation_allowed(qc, /*req_active=*/1)
5199 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
5200 }
5201
5202 /* Do we have the EL (exception: listener) condition? */
5203 QUIC_NEEDS_LOCK
test_poll_event_el(QUIC_LISTENER * ql)5204 static int test_poll_event_el(QUIC_LISTENER *ql)
5205 {
5206 return !ossl_quic_port_is_running(ql->port);
5207 }
5208
5209 /* Do we have the IC (incoming: connection) condition? */
5210 QUIC_NEEDS_LOCK
test_poll_event_ic(QUIC_LISTENER * ql)5211 static int test_poll_event_ic(QUIC_LISTENER *ql)
5212 {
5213 return ossl_quic_port_get_num_incoming_channels(ql->port) > 0;
5214 }
5215
5216 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)5217 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
5218 uint64_t *p_revents)
5219 {
5220 QCTX ctx;
5221 uint64_t revents = 0;
5222
5223 if (!expect_quic_csl(ssl, &ctx))
5224 return 0;
5225
5226 qctx_lock(&ctx);
5227
5228 if (ctx.qc != NULL && !ctx.qc->started) {
5229 /* We can only try to write on non-started connection. */
5230 if ((events & SSL_POLL_EVENT_W) != 0)
5231 revents |= SSL_POLL_EVENT_W;
5232 goto end;
5233 }
5234
5235 if (do_tick)
5236 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
5237
5238 if (ctx.xso != NULL) {
5239 /* SSL object has a stream component. */
5240
5241 if ((events & SSL_POLL_EVENT_R) != 0
5242 && test_poll_event_r(ctx.xso))
5243 revents |= SSL_POLL_EVENT_R;
5244
5245 if ((events & SSL_POLL_EVENT_ER) != 0
5246 && test_poll_event_er(ctx.xso))
5247 revents |= SSL_POLL_EVENT_ER;
5248
5249 if ((events & SSL_POLL_EVENT_W) != 0
5250 && test_poll_event_w(ctx.xso))
5251 revents |= SSL_POLL_EVENT_W;
5252
5253 if ((events & SSL_POLL_EVENT_EW) != 0
5254 && test_poll_event_ew(ctx.xso))
5255 revents |= SSL_POLL_EVENT_EW;
5256 }
5257
5258 if (ctx.qc != NULL && !ctx.is_stream) {
5259 if ((events & SSL_POLL_EVENT_EC) != 0
5260 && test_poll_event_ec(ctx.qc))
5261 revents |= SSL_POLL_EVENT_EC;
5262
5263 if ((events & SSL_POLL_EVENT_ECD) != 0
5264 && test_poll_event_ecd(ctx.qc))
5265 revents |= SSL_POLL_EVENT_ECD;
5266
5267 if ((events & SSL_POLL_EVENT_ISB) != 0
5268 && test_poll_event_is(ctx.qc, /*uni=*/0))
5269 revents |= SSL_POLL_EVENT_ISB;
5270
5271 if ((events & SSL_POLL_EVENT_ISU) != 0
5272 && test_poll_event_is(ctx.qc, /*uni=*/1))
5273 revents |= SSL_POLL_EVENT_ISU;
5274
5275 if ((events & SSL_POLL_EVENT_OSB) != 0
5276 && test_poll_event_os(ctx.qc, /*uni=*/0))
5277 revents |= SSL_POLL_EVENT_OSB;
5278
5279 if ((events & SSL_POLL_EVENT_OSU) != 0
5280 && test_poll_event_os(ctx.qc, /*uni=*/1))
5281 revents |= SSL_POLL_EVENT_OSU;
5282 }
5283
5284 if (ctx.is_listener) {
5285 if ((events & SSL_POLL_EVENT_EL) != 0
5286 && test_poll_event_el(ctx.ql))
5287 revents |= SSL_POLL_EVENT_EL;
5288
5289 if ((events & SSL_POLL_EVENT_IC) != 0
5290 && test_poll_event_ic(ctx.ql))
5291 revents |= SSL_POLL_EVENT_IC;
5292 }
5293
5294 end:
5295 qctx_unlock(&ctx);
5296 *p_revents = revents;
5297 return 1;
5298 }
5299
5300 QUIC_TAKES_LOCK
ossl_quic_get_notifier_fd(SSL * ssl)5301 int ossl_quic_get_notifier_fd(SSL *ssl)
5302 {
5303 QCTX ctx;
5304 QUIC_REACTOR *rtor;
5305 RIO_NOTIFIER *nfy;
5306 int nfd = -1;
5307
5308 if (!expect_quic_any(ssl, &ctx))
5309 return -1;
5310
5311 qctx_lock(&ctx);
5312 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5313 nfy = ossl_quic_reactor_get0_notifier(rtor);
5314 if (nfy == NULL)
5315 goto end;
5316 nfd = ossl_rio_notifier_as_fd(nfy);
5317
5318 end:
5319 qctx_unlock(&ctx);
5320 return nfd;
5321 }
5322
5323 QUIC_TAKES_LOCK
ossl_quic_enter_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5324 void ossl_quic_enter_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5325 {
5326 QCTX ctx;
5327 QUIC_REACTOR *rtor;
5328
5329 if (!expect_quic_any(ssl, &ctx))
5330 return;
5331
5332 qctx_lock(&ctx);
5333 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5334 ossl_quic_reactor_wait_ctx_enter(wctx, rtor);
5335 qctx_unlock(&ctx);
5336 }
5337
5338 QUIC_TAKES_LOCK
ossl_quic_leave_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5339 void ossl_quic_leave_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5340 {
5341 QCTX ctx;
5342 QUIC_REACTOR *rtor;
5343
5344 if (!expect_quic_any(ssl, &ctx))
5345 return;
5346
5347 qctx_lock(&ctx);
5348 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5349 ossl_quic_reactor_wait_ctx_leave(wctx, rtor);
5350 qctx_unlock(&ctx);
5351 }
5352
5353 /*
5354 * Internal Testing APIs
5355 * =====================
5356 */
5357
ossl_quic_conn_get_channel(SSL * s)5358 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
5359 {
5360 QCTX ctx;
5361
5362 if (!expect_quic_conn_only(s, &ctx))
5363 return NULL;
5364
5365 return ctx.qc->ch;
5366 }
5367
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)5368 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
5369 {
5370 #ifndef OPENSSL_NO_QLOG
5371 OPENSSL_free(ctx->qlog_title);
5372 ctx->qlog_title = NULL;
5373
5374 if (title == NULL)
5375 return 1;
5376
5377 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
5378 return 0;
5379 #endif
5380
5381 return 1;
5382 }
5383