1 /* 2 * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/macros.h> 11 #include <openssl/objects.h> 12 #include <openssl/sslerr.h> 13 #include <crypto/rand.h> 14 #include "quic_local.h" 15 #include "internal/hashfunc.h" 16 #include "internal/ssl_unwrap.h" 17 #include "internal/quic_tls.h" 18 #include "internal/quic_rx_depack.h" 19 #include "internal/quic_error.h" 20 #include "internal/quic_engine.h" 21 #include "internal/quic_port.h" 22 #include "internal/quic_reactor_wait_ctx.h" 23 #include "internal/time.h" 24 25 typedef struct qctx_st QCTX; 26 27 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock); 28 static void aon_write_finish(QUIC_XSO *xso); 29 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx); 30 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs); 31 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch); 32 static int qc_try_create_default_xso_for_write(QCTX *ctx); 33 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek); 34 static void qctx_lock(QCTX *qctx); 35 static void qctx_unlock(QCTX *qctx); 36 static void qctx_lock_for_io(QCTX *ctx); 37 static int quic_do_handshake(QCTX *ctx); 38 static void qc_update_reject_policy(QUIC_CONNECTION *qc); 39 static void qc_touch_default_xso(QUIC_CONNECTION *qc); 40 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch); 41 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, 42 int touch, QUIC_XSO **old_xso); 43 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock); 44 static int quic_validate_for_write(QUIC_XSO *xso, int *err); 45 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active); 46 static void qctx_maybe_autotick(QCTX *ctx); 47 static int qctx_should_autotick(QCTX *ctx); 48 49 /* 50 * QCTX is a utility structure which provides information we commonly wish to 51 * unwrap upon an API call being dispatched to us, namely: 52 * 53 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO 54 * was passed); 55 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if 56 * a QCSO with a default stream was passed); 57 * - whether a QSSO was passed (xso == NULL must not be used to determine this 58 * because it may be non-NULL when a QCSO is passed if that QCSO has a 59 * default stream); 60 * - a pointer to a QUIC_LISTENER object, if one is relevant; 61 * - whether we are in "I/O context", meaning that non-normal errors can 62 * be reported via SSL_get_error() as well as via ERR. Functions such as 63 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context" 64 * functions which are allowed to change the value returned by 65 * SSL_get_error. However, other functions (including functions which call 66 * SSL_do_handshake() implicitly) are not allowed to change the return value 67 * of SSL_get_error. 68 */ 69 struct qctx_st { 70 QUIC_OBJ *obj; 71 QUIC_DOMAIN *qd; 72 QUIC_LISTENER *ql; 73 QUIC_CONNECTION *qc; 74 QUIC_XSO *xso; 75 int is_stream, is_listener, is_domain, in_io; 76 }; 77 78 QUIC_NEEDS_LOCK 79 static void quic_set_last_error(QCTX *ctx, int last_error) 80 { 81 if (!ctx->in_io) 82 return; 83 84 if (ctx->is_stream && ctx->xso != NULL) 85 ctx->xso->last_error = last_error; 86 else if (!ctx->is_stream && ctx->qc != NULL) 87 ctx->qc->last_error = last_error; 88 } 89 90 /* 91 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error() 92 * rather than via ERR. Note that normal errors must always be raised while 93 * holding a lock. 94 */ 95 QUIC_NEEDS_LOCK 96 static int quic_raise_normal_error(QCTX *ctx, 97 int err) 98 { 99 assert(ctx->in_io); 100 quic_set_last_error(ctx, err); 101 102 return 0; 103 } 104 105 /* 106 * Raise a 'non-normal' error, meaning any error that is not reported via 107 * SSL_get_error() and must be reported via ERR. 108 * 109 * qc should be provided if available. In exceptional circumstances when qc is 110 * not known NULL may be passed. This should generally only happen when an 111 * expect_...() function defined below fails, which generally indicates a 112 * dispatch error or caller error. 113 * 114 * ctx should be NULL if the connection lock is not held. 115 */ 116 static int quic_raise_non_normal_error(QCTX *ctx, 117 const char *file, 118 int line, 119 const char *func, 120 int reason, 121 const char *fmt, 122 ...) 123 { 124 va_list args; 125 126 if (ctx != NULL) { 127 quic_set_last_error(ctx, SSL_ERROR_SSL); 128 129 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL) 130 ossl_quic_channel_restore_err_state(ctx->qc->ch); 131 } 132 133 ERR_new(); 134 ERR_set_debug(file, line, func); 135 136 va_start(args, fmt); 137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args); 138 va_end(args); 139 140 return 0; 141 } 142 143 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \ 144 quic_raise_normal_error((ctx), (err)) 145 146 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \ 147 quic_raise_non_normal_error((ctx), \ 148 OPENSSL_FILE, OPENSSL_LINE, \ 149 OPENSSL_FUNC, \ 150 (reason), \ 151 (msg)) 152 /* 153 * Flags for expect_quic_as: 154 * 155 * QCTX_C 156 * The input SSL object may be a QCSO. 157 * 158 * QCTX_S 159 * The input SSL object may be a QSSO or a QCSO with a default stream 160 * attached. 161 * 162 * (Note this means there is no current way to require an SSL object with a 163 * QUIC stream which is not a QCSO; a QCSO with a default stream attached 164 * is always considered to satisfy QCTX_S.) 165 * 166 * QCTX_AUTO_S 167 * The input SSL object may be a QSSO or a QCSO with a default stream 168 * attached. If no default stream is currently attached to a QCSO, 169 * one may be auto-created if possible. 170 * 171 * If QCTX_REMOTE_INIT is set, an auto-created default XSO is 172 * initiated by the remote party (i.e., local party reads first). 173 * 174 * If it is not set, an auto-created default XSO is 175 * initiated by the local party (i.e., local party writes first). 176 * 177 * QCTX_L 178 * The input SSL object may be a QLSO. 179 * 180 * QCTX_LOCK 181 * If and only if the function returns successfully, the ctx 182 * is guaranteed to be locked. 183 * 184 * QCTX_IO 185 * Begin an I/O context. If not set, begins a non-I/O context. 186 * This determines whether SSL_get_error() is updated; the value it returns 187 * is modified only by an I/O call. 188 * 189 * QCTX_NO_ERROR 190 * Don't raise an error if the object type is wrong. Should not be used in 191 * conjunction with any flags that may raise errors not related to a wrong 192 * object type. 193 */ 194 #define QCTX_C (1U << 0) 195 #define QCTX_S (1U << 1) 196 #define QCTX_L (1U << 2) 197 #define QCTX_AUTO_S (1U << 3) 198 #define QCTX_REMOTE_INIT (1U << 4) 199 #define QCTX_LOCK (1U << 5) 200 #define QCTX_IO (1U << 6) 201 #define QCTX_D (1U << 7) 202 #define QCTX_NO_ERROR (1U << 8) 203 204 /* 205 * Called when expect_quic failed. Used to diagnose why such a call failed and 206 * raise a reasonable error code based on the configured preconditions in flags. 207 */ 208 static int wrong_type(const SSL *s, uint32_t flags) 209 { 210 const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D; 211 int code = ERR_R_UNSUPPORTED; 212 213 if ((flags & QCTX_NO_ERROR) != 0) 214 return 1; 215 else if ((flags & mask) == QCTX_D) 216 code = SSL_R_DOMAIN_USE_ONLY; 217 else if ((flags & mask) == QCTX_L) 218 code = SSL_R_LISTENER_USE_ONLY; 219 else if ((flags & mask) == QCTX_C) 220 code = SSL_R_CONN_USE_ONLY; 221 else if ((flags & mask) == QCTX_S 222 || (flags & mask) == (QCTX_C | QCTX_S)) 223 code = SSL_R_NO_STREAM; 224 225 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, code, NULL); 226 } 227 228 /* 229 * Given a QDSO, QCSO, QSSO or QLSO, initialises a QCTX, determining the 230 * contextually applicable QUIC_LISTENER, QUIC_CONNECTION and QUIC_XSO 231 * pointers. 232 * 233 * After this returns 1, all fields of the passed QCTX are initialised. 234 * Returns 0 on failure. This function is intended to be used to provide API 235 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure 236 * unless the QCTX_NO_ERROR flag is set. 237 * 238 * The flags argument controls the preconditions and postconditions of this 239 * function. See above for the different flags. 240 * 241 * The fields of a QCTX are initialised as follows depending on the identity of 242 * the SSL object, and assuming the preconditions demanded by the flags field as 243 * described above are met: 244 * 245 * QDSO QLSO QCSO QSSO 246 * qd non-NULL maybe maybe maybe 247 * ql NULL non-NULL maybe maybe 248 * qc NULL NULL non-NULL non-NULL 249 * xso NULL NULL maybe non-NULL 250 * is_stream 0 0 0 1 251 * is_listener 0 1 0 0 252 * is_domain 1 0 0 0 253 * 254 */ 255 static int expect_quic_as(const SSL *s, QCTX *ctx, uint32_t flags) 256 { 257 int ok = 0, locked = 0, lock_requested = ((flags & QCTX_LOCK) != 0); 258 QUIC_DOMAIN *qd; 259 QUIC_LISTENER *ql; 260 QUIC_CONNECTION *qc; 261 QUIC_XSO *xso; 262 263 if ((flags & QCTX_AUTO_S) != 0) 264 flags |= QCTX_S; 265 266 ctx->obj = NULL; 267 ctx->qd = NULL; 268 ctx->ql = NULL; 269 ctx->qc = NULL; 270 ctx->xso = NULL; 271 ctx->is_stream = 0; 272 ctx->is_listener = 0; 273 ctx->is_domain = 0; 274 ctx->in_io = ((flags & QCTX_IO) != 0); 275 276 if (s == NULL) { 277 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL); 278 goto err; 279 } 280 281 switch (s->type) { 282 case SSL_TYPE_QUIC_DOMAIN: 283 if ((flags & QCTX_D) == 0) { 284 wrong_type(s, flags); 285 goto err; 286 } 287 288 qd = (QUIC_DOMAIN *)s; 289 ctx->obj = &qd->obj; 290 ctx->qd = qd; 291 ctx->is_domain = 1; 292 break; 293 294 case SSL_TYPE_QUIC_LISTENER: 295 if ((flags & QCTX_L) == 0) { 296 wrong_type(s, flags); 297 goto err; 298 } 299 300 ql = (QUIC_LISTENER *)s; 301 ctx->obj = &ql->obj; 302 ctx->qd = ql->domain; 303 ctx->ql = ql; 304 ctx->is_listener = 1; 305 break; 306 307 case SSL_TYPE_QUIC_CONNECTION: 308 qc = (QUIC_CONNECTION *)s; 309 ctx->obj = &qc->obj; 310 ctx->qd = qc->domain; 311 ctx->ql = qc->listener; /* never changes, so can be read without lock */ 312 ctx->qc = qc; 313 314 if ((flags & QCTX_AUTO_S) != 0) { 315 if ((flags & QCTX_IO) != 0) 316 qctx_lock_for_io(ctx); 317 else 318 qctx_lock(ctx); 319 320 locked = 1; 321 } 322 323 if ((flags & QCTX_AUTO_S) != 0 && qc->default_xso == NULL) { 324 if (!quic_mutation_allowed(qc, /*req_active=*/0)) { 325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 326 goto err; 327 } 328 329 /* If we haven't finished the handshake, try to advance it. */ 330 if (quic_do_handshake(ctx) < 1) 331 /* ossl_quic_do_handshake raised error here */ 332 goto err; 333 334 if ((flags & QCTX_REMOTE_INIT) != 0) { 335 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0)) 336 goto err; 337 } else { 338 if (!qc_try_create_default_xso_for_write(ctx)) 339 goto err; 340 } 341 } 342 343 if ((flags & QCTX_C) == 0 344 && (qc->default_xso == NULL || (flags & QCTX_S) == 0)) { 345 wrong_type(s, flags); 346 goto err; 347 } 348 349 ctx->xso = qc->default_xso; 350 break; 351 352 case SSL_TYPE_QUIC_XSO: 353 if ((flags & QCTX_S) == 0) { 354 wrong_type(s, flags); 355 goto err; 356 } 357 358 xso = (QUIC_XSO *)s; 359 ctx->obj = &xso->obj; 360 ctx->qd = xso->conn->domain; 361 ctx->ql = xso->conn->listener; 362 ctx->qc = xso->conn; 363 ctx->xso = xso; 364 ctx->is_stream = 1; 365 break; 366 367 default: 368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 369 goto err; 370 } 371 372 if (lock_requested && !locked) { 373 if ((flags & QCTX_IO) != 0) 374 qctx_lock_for_io(ctx); 375 else 376 qctx_lock(ctx); 377 378 locked = 1; 379 } 380 381 ok = 1; 382 err: 383 if (locked && (!ok || !lock_requested)) 384 qctx_unlock(ctx); 385 386 return ok; 387 } 388 389 static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs) 390 { 391 uint32_t flags = QCTX_C; 392 393 if (!raiseerrs) 394 flags |= QCTX_NO_ERROR; 395 return expect_quic_as(s, ctx, flags); 396 } 397 398 /* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */ 399 static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs) 400 { 401 uint32_t flags = QCTX_C | QCTX_S; 402 403 if (!raiseerrs) 404 flags |= QCTX_NO_ERROR; 405 return expect_quic_as(s, ctx, flags); 406 } 407 408 static int expect_quic_cs(const SSL *s, QCTX *ctx) 409 { 410 return expect_quic_as(s, ctx, QCTX_C | QCTX_S); 411 } 412 413 static int expect_quic_csl(const SSL *s, QCTX *ctx) 414 { 415 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L); 416 } 417 418 static int expect_quic_csld(const SSL *s, QCTX *ctx) 419 { 420 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L | QCTX_D); 421 } 422 423 #define expect_quic_any expect_quic_csld 424 425 static int expect_quic_listener(const SSL *s, QCTX *ctx) 426 { 427 return expect_quic_as(s, ctx, QCTX_L); 428 } 429 430 static int expect_quic_domain(const SSL *s, QCTX *ctx) 431 { 432 return expect_quic_as(s, ctx, QCTX_D); 433 } 434 435 /* 436 * Like expect_quic_cs(), but requires a QUIC_XSO be contextually available. In 437 * other words, requires that the passed QSO be a QSSO or a QCSO with a default 438 * stream. 439 * 440 * remote_init determines if we expect the default XSO to be remotely created or 441 * not. If it is -1, do not instantiate a default XSO if one does not yet exist. 442 * 443 * Channel mutex is acquired and retained on success. 444 */ 445 QUIC_ACQUIRES_LOCK 446 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init, 447 int in_io, QCTX *ctx) 448 { 449 uint32_t flags = QCTX_S | QCTX_LOCK; 450 451 if (remote_init >= 0) 452 flags |= QCTX_AUTO_S; 453 454 if (remote_init > 0) 455 flags |= QCTX_REMOTE_INIT; 456 457 if (in_io) 458 flags |= QCTX_IO; 459 460 return expect_quic_as(s, ctx, flags); 461 } 462 463 /* 464 * Like expect_quic_cs(), but fails if called on a QUIC_XSO. ctx->xso may still 465 * be non-NULL if the QCSO has a default stream. 466 */ 467 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx) 468 { 469 return expect_quic_as(s, ctx, QCTX_C); 470 } 471 472 /* 473 * Ensures that the domain mutex is held for a method which touches channel 474 * state. 475 * 476 * Precondition: Domain mutex is not held (unchecked) 477 */ 478 static void qctx_lock(QCTX *ctx) 479 { 480 #if defined(OPENSSL_THREADS) 481 assert(ctx->obj != NULL); 482 ossl_crypto_mutex_lock(ossl_quic_obj_get0_mutex(ctx->obj)); 483 #endif 484 } 485 486 /* Precondition: Channel mutex is held (unchecked) */ 487 QUIC_NEEDS_LOCK 488 static void qctx_unlock(QCTX *ctx) 489 { 490 #if defined(OPENSSL_THREADS) 491 assert(ctx->obj != NULL); 492 ossl_crypto_mutex_unlock(ossl_quic_obj_get0_mutex(ctx->obj)); 493 #endif 494 } 495 496 static void qctx_lock_for_io(QCTX *ctx) 497 { 498 qctx_lock(ctx); 499 ctx->in_io = 1; 500 501 /* 502 * We are entering an I/O function so we must update the values returned by 503 * SSL_get_error and SSL_want. Set no error. This will be overridden later 504 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR 505 * occurs during the API call. 506 */ 507 quic_set_last_error(ctx, SSL_ERROR_NONE); 508 } 509 510 /* 511 * This predicate is the criterion which should determine API call rejection for 512 * *most* mutating API calls, particularly stream-related operations for send 513 * parts. 514 * 515 * A call is rejected (this function returns 0) if shutdown is in progress 516 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If 517 * req_active=1, the connection must be active (i.e., the IDLE state is also 518 * rejected). 519 */ 520 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active) 521 { 522 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch)) 523 return 0; 524 525 if (req_active && !ossl_quic_channel_is_active(qc->ch)) 526 return 0; 527 528 return 1; 529 } 530 531 static int qctx_is_top_level(QCTX *ctx) 532 { 533 return ctx->obj->parent_obj == NULL; 534 } 535 536 static int qctx_blocking(QCTX *ctx) 537 { 538 return ossl_quic_obj_blocking(ctx->obj); 539 } 540 541 /* 542 * Block until a predicate is met. 543 * 544 * Precondition: Must have a channel. 545 * Precondition: Must hold channel lock (unchecked). 546 */ 547 QUIC_NEEDS_LOCK 548 static int block_until_pred(QCTX *ctx, 549 int (*pred)(void *arg), void *pred_arg, 550 uint32_t flags) 551 { 552 QUIC_ENGINE *qeng; 553 QUIC_REACTOR *rtor; 554 555 qeng = ossl_quic_obj_get0_engine(ctx->obj); 556 assert(qeng != NULL); 557 558 /* 559 * Any attempt to block auto-disables tick inhibition as otherwise we will 560 * hang around forever. 561 */ 562 ossl_quic_engine_set_inhibit_tick(qeng, 0); 563 564 rtor = ossl_quic_engine_get0_reactor(qeng); 565 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags); 566 } 567 568 /* 569 * QUIC Front-End I/O API: Initialization 570 * ====================================== 571 * 572 * SSL_new => ossl_quic_new 573 * ossl_quic_init 574 * SSL_reset => ossl_quic_reset 575 * SSL_clear => ossl_quic_clear 576 * ossl_quic_deinit 577 * SSL_free => ossl_quic_free 578 * 579 * SSL_set_options => ossl_quic_set_options 580 * SSL_get_options => ossl_quic_get_options 581 * SSL_clear_options => ossl_quic_clear_options 582 * 583 */ 584 585 /* SSL_new */ 586 SSL *ossl_quic_new(SSL_CTX *ctx) 587 { 588 QUIC_CONNECTION *qc = NULL; 589 SSL_CONNECTION *sc = NULL; 590 591 /* 592 * QUIC_server_method should not be used with SSL_new. 593 * It should only be used with SSL_new_listener. 594 */ 595 if (ctx->method == OSSL_QUIC_server_method()) { 596 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 597 return NULL; 598 } 599 600 qc = OPENSSL_zalloc(sizeof(*qc)); 601 if (qc == NULL) { 602 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 603 return NULL; 604 } 605 606 /* Create the QUIC domain mutex. */ 607 #if defined(OPENSSL_THREADS) 608 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) { 609 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 610 goto err; 611 } 612 #endif 613 614 /* Create the handshake layer. */ 615 qc->tls = ossl_ssl_connection_new_int(ctx, &qc->obj.ssl, TLS_method()); 616 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { 617 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 618 goto err; 619 } 620 621 /* override the user_ssl of the inner connection */ 622 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL; 623 624 /* Restrict options derived from the SSL_CTX. */ 625 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN; 626 sc->pha_enabled = 0; 627 628 /* Determine mode of operation. */ 629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 630 qc->is_thread_assisted 631 = ((ctx->domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0); 632 #endif 633 634 qc->as_server = 0; 635 qc->as_server_state = qc->as_server; 636 637 if (!create_channel(qc, ctx)) 638 goto err; 639 640 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, &qc->obj.ssl); 641 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg); 642 643 /* Initialise the QUIC_CONNECTION's QUIC_OBJ base. */ 644 if (!ossl_quic_obj_init(&qc->obj, ctx, SSL_TYPE_QUIC_CONNECTION, NULL, 645 qc->engine, qc->port)) { 646 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 647 goto err; 648 } 649 650 /* Initialise libssl APL-related state. */ 651 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 652 qc->default_ssl_mode = qc->obj.ssl.ctx->mode; 653 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 654 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 655 qc->last_error = SSL_ERROR_NONE; 656 657 qc_update_reject_policy(qc); 658 659 /* 660 * We do not create the default XSO yet. The reason for this is that the 661 * stream ID of the default XSO will depend on whether the stream is client 662 * or server-initiated, which depends on who transmits first. Since we do 663 * not know whether the application will be using a client-transmits-first 664 * or server-transmits-first protocol, we defer default XSO creation until 665 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first, 666 * we take that as a cue that the client is expecting a server-initiated 667 * stream, and vice versa if SSL_write() is called first. 668 */ 669 return &qc->obj.ssl; 670 671 err: 672 if (qc != NULL) { 673 qc_cleanup(qc, /*have_lock=*/0); 674 OPENSSL_free(qc); 675 } 676 return NULL; 677 } 678 679 QUIC_NEEDS_LOCK 680 static void quic_unref_port_bios(QUIC_PORT *port) 681 { 682 BIO *b; 683 684 if (port == NULL) 685 return; 686 687 b = ossl_quic_port_get_net_rbio(port); 688 BIO_free_all(b); 689 690 b = ossl_quic_port_get_net_wbio(port); 691 BIO_free_all(b); 692 } 693 694 QUIC_NEEDS_LOCK 695 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock) 696 { 697 SSL_free(qc->tls); 698 qc->tls = NULL; 699 700 ossl_quic_channel_free(qc->ch); 701 qc->ch = NULL; 702 703 if (qc->port != NULL && qc->listener == NULL && qc->pending == 0) { /* TODO */ 704 quic_unref_port_bios(qc->port); 705 ossl_quic_port_free(qc->port); 706 qc->port = NULL; 707 708 ossl_quic_engine_free(qc->engine); 709 qc->engine = NULL; 710 } 711 712 #if defined(OPENSSL_THREADS) 713 if (have_lock) 714 /* tsan doesn't like freeing locked mutexes */ 715 ossl_crypto_mutex_unlock(qc->mutex); 716 717 if (qc->listener == NULL && qc->pending == 0) 718 ossl_crypto_mutex_free(&qc->mutex); 719 #endif 720 } 721 722 /* SSL_free */ 723 QUIC_TAKES_LOCK 724 static void quic_free_listener(QCTX *ctx) 725 { 726 quic_unref_port_bios(ctx->ql->port); 727 ossl_quic_port_drop_incoming(ctx->ql->port); 728 ossl_quic_port_free(ctx->ql->port); 729 730 if (ctx->ql->domain == NULL) { 731 ossl_quic_engine_free(ctx->ql->engine); 732 #if defined(OPENSSL_THREADS) 733 ossl_crypto_mutex_free(&ctx->ql->mutex); 734 #endif 735 } else { 736 SSL_free(&ctx->ql->domain->obj.ssl); 737 } 738 } 739 740 /* SSL_free */ 741 QUIC_TAKES_LOCK 742 static void quic_free_domain(QCTX *ctx) 743 { 744 ossl_quic_engine_free(ctx->qd->engine); 745 #if defined(OPENSSL_THREADS) 746 ossl_crypto_mutex_free(&ctx->qd->mutex); 747 #endif 748 } 749 750 QUIC_TAKES_LOCK 751 void ossl_quic_free(SSL *s) 752 { 753 QCTX ctx; 754 int is_default; 755 756 /* We should never be called on anything but a QSO. */ 757 if (!expect_quic_any(s, &ctx)) 758 return; 759 760 if (ctx.is_domain) { 761 quic_free_domain(&ctx); 762 return; 763 } 764 765 if (ctx.is_listener) { 766 quic_free_listener(&ctx); 767 return; 768 } 769 770 qctx_lock(&ctx); 771 772 if (ctx.is_stream) { 773 /* 774 * When a QSSO is freed, the XSO is freed immediately, because the XSO 775 * itself only contains API personality layer data. However the 776 * underlying QUIC_STREAM is not freed immediately but is instead marked 777 * as deleted for later collection. 778 */ 779 780 assert(ctx.qc->num_xso > 0); 781 --ctx.qc->num_xso; 782 783 /* If a stream's send part has not been finished, auto-reset it. */ 784 if ((ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY 785 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND) 786 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL)) 787 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch), 788 ctx.xso->stream, 0); 789 790 /* Do STOP_SENDING for the receive part, if applicable. */ 791 if (ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV 792 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN) 793 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch), 794 ctx.xso->stream, 0); 795 796 /* Update stream state. */ 797 ctx.xso->stream->deleted = 1; 798 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch), 799 ctx.xso->stream); 800 801 is_default = (ctx.xso == ctx.qc->default_xso); 802 qctx_unlock(&ctx); 803 804 /* 805 * Unref the connection in most cases; the XSO has a ref to the QC and 806 * not vice versa. But for a default XSO, to avoid circular references, 807 * the QC refs the XSO but the XSO does not ref the QC. If we are the 808 * default XSO, we only get here when the QC is being torn down anyway, 809 * so don't call SSL_free(qc) as we are already in it. 810 */ 811 if (!is_default) 812 SSL_free(&ctx.qc->obj.ssl); 813 814 /* Note: SSL_free calls OPENSSL_free(xso) for us */ 815 return; 816 } 817 818 /* 819 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this 820 * stage, but is freed during the channel free when the whole QSM is freed. 821 */ 822 if (ctx.qc->default_xso != NULL) { 823 QUIC_XSO *xso = ctx.qc->default_xso; 824 825 qctx_unlock(&ctx); 826 SSL_free(&xso->obj.ssl); 827 qctx_lock(&ctx); 828 ctx.qc->default_xso = NULL; 829 } 830 831 /* Ensure we have no remaining XSOs. */ 832 assert(ctx.qc->num_xso == 0); 833 834 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 835 if (ctx.qc->is_thread_assisted && ctx.qc->started) { 836 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist); 837 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist); 838 } 839 #endif 840 841 /* 842 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for 843 * us 844 */ 845 qc_cleanup(ctx.qc, /*have_lock=*/1); 846 /* Note: SSL_free calls OPENSSL_free(qc) for us */ 847 848 if (ctx.qc->listener != NULL) 849 SSL_free(&ctx.qc->listener->obj.ssl); 850 if (ctx.qc->domain != NULL) 851 SSL_free(&ctx.qc->domain->obj.ssl); 852 } 853 854 /* SSL method init */ 855 int ossl_quic_init(SSL *s) 856 { 857 /* Same op as SSL_clear, forward the call. */ 858 return ossl_quic_clear(s); 859 } 860 861 /* SSL method deinit */ 862 void ossl_quic_deinit(SSL *s) 863 { 864 /* No-op. */ 865 } 866 867 /* SSL_clear (ssl_reset method) */ 868 int ossl_quic_reset(SSL *s) 869 { 870 QCTX ctx; 871 872 if (!expect_quic_any(s, &ctx)) 873 return 0; 874 875 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); 876 return 0; 877 } 878 879 /* ssl_clear method (unused) */ 880 int ossl_quic_clear(SSL *s) 881 { 882 QCTX ctx; 883 884 if (!expect_quic_any(s, &ctx)) 885 return 0; 886 887 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); 888 return 0; 889 } 890 891 int ossl_quic_set_override_now_cb(SSL *s, 892 OSSL_TIME (*now_cb)(void *arg), 893 void *now_cb_arg) 894 { 895 QCTX ctx; 896 897 if (!expect_quic_any(s, &ctx)) 898 return 0; 899 900 qctx_lock(&ctx); 901 902 ossl_quic_engine_set_time_cb(ctx.obj->engine, now_cb, now_cb_arg); 903 904 qctx_unlock(&ctx); 905 return 1; 906 } 907 908 void ossl_quic_conn_force_assist_thread_wake(SSL *s) 909 { 910 QCTX ctx; 911 912 if (!expect_quic_conn_only(s, &ctx)) 913 return; 914 915 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 916 if (ctx.qc->is_thread_assisted && ctx.qc->started) 917 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist); 918 #endif 919 } 920 921 QUIC_NEEDS_LOCK 922 static void qc_touch_default_xso(QUIC_CONNECTION *qc) 923 { 924 qc->default_xso_created = 1; 925 qc_update_reject_policy(qc); 926 } 927 928 /* 929 * Changes default XSO. Allows caller to keep reference to the old default XSO 930 * (if any). Reference to new XSO is transferred from caller. 931 */ 932 QUIC_NEEDS_LOCK 933 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, 934 int touch, 935 QUIC_XSO **old_xso) 936 { 937 int refs; 938 939 *old_xso = NULL; 940 941 if (qc->default_xso != xso) { 942 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */ 943 944 qc->default_xso = xso; 945 946 if (xso == NULL) { 947 /* 948 * Changing to not having a default XSO. XSO becomes standalone and 949 * now has a ref to the QC. 950 */ 951 if (!ossl_assert(SSL_up_ref(&qc->obj.ssl))) 952 return; 953 } else { 954 /* 955 * Changing from not having a default XSO to having one. The new XSO 956 * will have had a reference to the QC we need to drop to avoid a 957 * circular reference. 958 * 959 * Currently we never change directly from one default XSO to 960 * another, though this function would also still be correct if this 961 * weren't the case. 962 */ 963 assert(*old_xso == NULL); 964 965 CRYPTO_DOWN_REF(&qc->obj.ssl.references, &refs); 966 assert(refs > 0); 967 } 968 } 969 970 if (touch) 971 qc_touch_default_xso(qc); 972 } 973 974 /* 975 * Changes default XSO, releasing the reference to any previous default XSO. 976 * Reference to new XSO is transferred from caller. 977 */ 978 QUIC_NEEDS_LOCK 979 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch) 980 { 981 QUIC_XSO *old_xso = NULL; 982 983 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso); 984 985 if (old_xso != NULL) 986 SSL_free(&old_xso->obj.ssl); 987 } 988 989 QUIC_NEEDS_LOCK 990 static void xso_update_options(QUIC_XSO *xso) 991 { 992 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0); 993 994 if (xso->stream->rstream != NULL) 995 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse); 996 997 if (xso->stream->sstream != NULL) 998 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse); 999 } 1000 1001 /* 1002 * SSL_set_options 1003 * --------------- 1004 * 1005 * Setting options on a QCSO 1006 * - configures the handshake-layer options; 1007 * - configures the default data-plane options for new streams; 1008 * - configures the data-plane options on the default XSO, if there is one. 1009 * 1010 * Setting options on a QSSO 1011 * - configures data-plane options for that stream only. 1012 */ 1013 QUIC_TAKES_LOCK 1014 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value) 1015 { 1016 QCTX ctx; 1017 uint64_t hs_mask_value, hs_or_value, ret; 1018 1019 if (!expect_quic_cs(ssl, &ctx)) 1020 return 0; 1021 1022 qctx_lock(&ctx); 1023 1024 if (!ctx.is_stream) { 1025 /* 1026 * If we were called on the connection, we apply any handshake option 1027 * changes. 1028 */ 1029 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); 1030 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); 1031 1032 SSL_clear_options(ctx.qc->tls, hs_mask_value); 1033 SSL_set_options(ctx.qc->tls, hs_or_value); 1034 1035 /* Update defaults for new streams. */ 1036 ctx.qc->default_ssl_options 1037 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value) 1038 & OSSL_QUIC_PERMITTED_OPTIONS; 1039 } 1040 1041 ret = ctx.qc->default_ssl_options; 1042 if (ctx.xso != NULL) { 1043 ctx.xso->ssl_options 1044 = ((ctx.xso->ssl_options & ~mask_value) | or_value) 1045 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; 1046 1047 xso_update_options(ctx.xso); 1048 1049 if (ctx.is_stream) 1050 ret = ctx.xso->ssl_options; 1051 } 1052 1053 qctx_unlock(&ctx); 1054 return ret; 1055 } 1056 1057 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options) 1058 { 1059 return quic_mask_or_options(ssl, 0, options); 1060 } 1061 1062 /* SSL_clear_options */ 1063 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options) 1064 { 1065 return quic_mask_or_options(ssl, options, 0); 1066 } 1067 1068 /* SSL_get_options */ 1069 uint64_t ossl_quic_get_options(const SSL *ssl) 1070 { 1071 return quic_mask_or_options((SSL *)ssl, 0, 0); 1072 } 1073 1074 /* 1075 * QUIC Front-End I/O API: Network BIO Configuration 1076 * ================================================= 1077 * 1078 * Handling the different BIOs is difficult: 1079 * 1080 * - It is more or less a requirement that we use non-blocking network I/O; 1081 * we need to be able to have timeouts on recv() calls, and make best effort 1082 * (non blocking) send() and recv() calls. 1083 * 1084 * The only sensible way to do this is to configure the socket into 1085 * non-blocking mode. We could try to do select() before calling send() or 1086 * recv() to get a guarantee that the call will not block, but this will 1087 * probably run into issues with buggy OSes which generate spurious socket 1088 * readiness events. In any case, relying on this to work reliably does not 1089 * seem sane. 1090 * 1091 * Timeouts could be handled via setsockopt() socket timeout options, but 1092 * this depends on OS support and adds another syscall to every network I/O 1093 * operation. It also has obvious thread safety concerns if we want to move 1094 * to concurrent use of a single socket at some later date. 1095 * 1096 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to 1097 * be made non-blocking. However some OSes (e.g. Windows) do not support 1098 * this, so we cannot rely on this. 1099 * 1100 * As such, we need to configure any FD in non-blocking mode. This may 1101 * confound users who pass a blocking socket to libssl. However, in practice 1102 * it would be extremely strange for a user of QUIC to pass an FD to us, 1103 * then also try and send receive traffic on the same socket(!). Thus the 1104 * impact of this should be limited, and can be documented. 1105 * 1106 * - We support both blocking and non-blocking operation in terms of the API 1107 * presented to the user. One prospect is to set the blocking mode based on 1108 * whether the socket passed to us was already in blocking mode. However, 1109 * Windows has no API for determining if a socket is in blocking mode (!), 1110 * therefore this cannot be done portably. Currently therefore we expose an 1111 * explicit API call to set this, and default to blocking mode. 1112 * 1113 * - We need to determine our initial destination UDP address. The "natural" 1114 * way for a user to do this is to set the peer variable on a BIO_dgram. 1115 * However, this has problems because BIO_dgram's peer variable is used for 1116 * both transmission and reception. This means it can be constantly being 1117 * changed to a malicious value (e.g. if some random unrelated entity on the 1118 * network starts sending traffic to us) on every read call. This is not a 1119 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg 1120 * calls only, which do not use this variable. However, we do need to let 1121 * the user specify the peer in a 'normal' manner. The compromise here is 1122 * that we grab the current peer value set at the time the write BIO is set 1123 * and do not read the value again. 1124 * 1125 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs. 1126 * Currently we do this by only supporting non-blocking mode. 1127 * 1128 */ 1129 1130 /* 1131 * Determines what initial destination UDP address we should use, if possible. 1132 * If this fails the client must set the destination address manually, or use a 1133 * BIO which does not need a destination address. 1134 */ 1135 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer) 1136 { 1137 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0) 1138 return 0; 1139 1140 return 1; 1141 } 1142 1143 static int 1144 quic_set0_net_rbio(QUIC_OBJ *obj, BIO *net_rbio) 1145 { 1146 QUIC_PORT *port; 1147 BIO *old_rbio = NULL; 1148 1149 port = ossl_quic_obj_get0_port(obj); 1150 old_rbio = ossl_quic_port_get_net_rbio(port); 1151 if (old_rbio == net_rbio) 1152 return 0; 1153 1154 if (!ossl_quic_port_set_net_rbio(port, net_rbio)) 1155 return 0; 1156 1157 BIO_free_all(old_rbio); 1158 if (net_rbio != NULL) 1159 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */ 1160 1161 return 1; 1162 } 1163 1164 static int 1165 quic_set0_net_wbio(QUIC_OBJ *obj, BIO *net_wbio) 1166 { 1167 QUIC_PORT *port; 1168 BIO *old_wbio = NULL; 1169 1170 port = ossl_quic_obj_get0_port(obj); 1171 old_wbio = ossl_quic_port_get_net_wbio(port); 1172 if (old_wbio == net_wbio) 1173 return 0; 1174 1175 if (!ossl_quic_port_set_net_wbio(port, net_wbio)) 1176 return 0; 1177 1178 BIO_free_all(old_wbio); 1179 if (net_wbio != NULL) 1180 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */ 1181 1182 return 1; 1183 } 1184 1185 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio) 1186 { 1187 QCTX ctx; 1188 1189 if (!expect_quic_csl(s, &ctx)) 1190 return; 1191 1192 /* Returns 0 if no change. */ 1193 if (!quic_set0_net_rbio(ctx.obj, net_rbio)) 1194 return; 1195 } 1196 1197 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio) 1198 { 1199 QCTX ctx; 1200 1201 if (!expect_quic_csl(s, &ctx)) 1202 return; 1203 1204 /* Returns 0 if no change. */ 1205 if (!quic_set0_net_wbio(ctx.obj, net_wbio)) 1206 return; 1207 } 1208 1209 BIO *ossl_quic_conn_get_net_rbio(const SSL *s) 1210 { 1211 QCTX ctx; 1212 QUIC_PORT *port; 1213 1214 if (!expect_quic_csl(s, &ctx)) 1215 return NULL; 1216 1217 port = ossl_quic_obj_get0_port(ctx.obj); 1218 assert(port != NULL); 1219 return ossl_quic_port_get_net_rbio(port); 1220 } 1221 1222 BIO *ossl_quic_conn_get_net_wbio(const SSL *s) 1223 { 1224 QCTX ctx; 1225 QUIC_PORT *port; 1226 1227 if (!expect_quic_csl(s, &ctx)) 1228 return NULL; 1229 1230 port = ossl_quic_obj_get0_port(ctx.obj); 1231 assert(port != NULL); 1232 return ossl_quic_port_get_net_wbio(port); 1233 } 1234 1235 int ossl_quic_conn_get_blocking_mode(const SSL *s) 1236 { 1237 QCTX ctx; 1238 1239 if (!expect_quic_csl(s, &ctx)) 1240 return 0; 1241 1242 return qctx_blocking(&ctx); 1243 } 1244 1245 QUIC_TAKES_LOCK 1246 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking) 1247 { 1248 int ret = 0; 1249 unsigned int mode; 1250 QCTX ctx; 1251 1252 if (!expect_quic_csl(s, &ctx)) 1253 return 0; 1254 1255 qctx_lock(&ctx); 1256 1257 /* Sanity check - can we support the request given the current network BIO? */ 1258 if (blocking) { 1259 /* 1260 * If called directly on a top-level object (QCSO or QLSO), update our 1261 * information on network BIO capabilities. 1262 */ 1263 if (qctx_is_top_level(&ctx)) 1264 ossl_quic_engine_update_poll_descriptors(ctx.obj->engine, /*force=*/1); 1265 1266 /* Cannot enable blocking mode if we do not have pollable FDs. */ 1267 if (!ossl_quic_obj_can_support_blocking(ctx.obj)) { 1268 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1269 goto out; 1270 } 1271 } 1272 1273 mode = (blocking != 0) 1274 ? QUIC_BLOCKING_MODE_BLOCKING 1275 : QUIC_BLOCKING_MODE_NONBLOCKING; 1276 1277 ossl_quic_obj_set_blocking_mode(ctx.obj, mode); 1278 1279 ret = 1; 1280 out: 1281 qctx_unlock(&ctx); 1282 return ret; 1283 } 1284 1285 int ossl_quic_conn_set_initial_peer_addr(SSL *s, 1286 const BIO_ADDR *peer_addr) 1287 { 1288 QCTX ctx; 1289 1290 if (!expect_quic_cs(s, &ctx)) 1291 return 0; 1292 1293 if (ctx.qc->started) 1294 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 1295 NULL); 1296 1297 if (peer_addr == NULL) { 1298 BIO_ADDR_clear(&ctx.qc->init_peer_addr); 1299 return 1; 1300 } 1301 1302 return BIO_ADDR_copy(&ctx.qc->init_peer_addr, peer_addr); 1303 } 1304 1305 /* 1306 * QUIC Front-End I/O API: Asynchronous I/O Management 1307 * =================================================== 1308 * 1309 * (BIO/)SSL_handle_events => ossl_quic_handle_events 1310 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout 1311 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd 1312 * 1313 */ 1314 1315 /* SSL_handle_events; performs QUIC I/O and timeout processing. */ 1316 QUIC_TAKES_LOCK 1317 int ossl_quic_handle_events(SSL *s) 1318 { 1319 QCTX ctx; 1320 1321 if (!expect_quic_any(s, &ctx)) 1322 return 0; 1323 1324 qctx_lock(&ctx); 1325 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0); 1326 qctx_unlock(&ctx); 1327 return 1; 1328 } 1329 1330 /* 1331 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object 1332 * should next have events handled by the application by calling 1333 * SSL_handle_events(). tv is set to 0 if the object should have events handled 1334 * immediately. If no timeout is currently active, *is_infinite is set to 1 and 1335 * the value of *tv is undefined. 1336 */ 1337 QUIC_TAKES_LOCK 1338 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite) 1339 { 1340 QCTX ctx; 1341 QUIC_REACTOR *reactor; 1342 OSSL_TIME deadline; 1343 OSSL_TIME basetime; 1344 1345 if (!expect_quic_any(s, &ctx)) 1346 return 0; 1347 1348 qctx_lock(&ctx); 1349 1350 reactor = ossl_quic_obj_get0_reactor(ctx.obj); 1351 deadline = ossl_quic_reactor_get_tick_deadline(reactor); 1352 1353 if (ossl_time_is_infinite(deadline)) { 1354 qctx_unlock(&ctx); 1355 *is_infinite = 1; 1356 1357 /* 1358 * Robustness against faulty applications that don't check *is_infinite; 1359 * harmless long timeout. 1360 */ 1361 tv->tv_sec = 1000000; 1362 tv->tv_usec = 0; 1363 return 1; 1364 } 1365 1366 basetime = ossl_quic_engine_get_time(ctx.obj->engine); 1367 1368 qctx_unlock(&ctx); 1369 1370 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, basetime)); 1371 *is_infinite = 0; 1372 1373 return 1; 1374 } 1375 1376 /* SSL_get_rpoll_descriptor */ 1377 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) 1378 { 1379 QCTX ctx; 1380 QUIC_PORT *port = NULL; 1381 BIO *net_rbio; 1382 1383 if (!expect_quic_csl(s, &ctx)) 1384 return 0; 1385 1386 port = ossl_quic_obj_get0_port(ctx.obj); 1387 net_rbio = ossl_quic_port_get_net_rbio(port); 1388 if (desc == NULL || net_rbio == NULL) 1389 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 1390 NULL); 1391 1392 return BIO_get_rpoll_descriptor(net_rbio, desc); 1393 } 1394 1395 /* SSL_get_wpoll_descriptor */ 1396 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) 1397 { 1398 QCTX ctx; 1399 QUIC_PORT *port = NULL; 1400 BIO *net_wbio; 1401 1402 if (!expect_quic_csl(s, &ctx)) 1403 return 0; 1404 1405 port = ossl_quic_obj_get0_port(ctx.obj); 1406 net_wbio = ossl_quic_port_get_net_wbio(port); 1407 if (desc == NULL || net_wbio == NULL) 1408 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 1409 NULL); 1410 1411 return BIO_get_wpoll_descriptor(net_wbio, desc); 1412 } 1413 1414 /* SSL_net_read_desired */ 1415 QUIC_TAKES_LOCK 1416 int ossl_quic_get_net_read_desired(SSL *s) 1417 { 1418 QCTX ctx; 1419 int ret; 1420 1421 if (!expect_quic_csl(s, &ctx)) 1422 return 0; 1423 1424 qctx_lock(&ctx); 1425 ret = ossl_quic_reactor_net_read_desired(ossl_quic_obj_get0_reactor(ctx.obj)); 1426 qctx_unlock(&ctx); 1427 return ret; 1428 } 1429 1430 /* SSL_net_write_desired */ 1431 QUIC_TAKES_LOCK 1432 int ossl_quic_get_net_write_desired(SSL *s) 1433 { 1434 int ret; 1435 QCTX ctx; 1436 1437 if (!expect_quic_csl(s, &ctx)) 1438 return 0; 1439 1440 qctx_lock(&ctx); 1441 ret = ossl_quic_reactor_net_write_desired(ossl_quic_obj_get0_reactor(ctx.obj)); 1442 qctx_unlock(&ctx); 1443 return ret; 1444 } 1445 1446 /* 1447 * QUIC Front-End I/O API: Connection Lifecycle Operations 1448 * ======================================================= 1449 * 1450 * SSL_do_handshake => ossl_quic_do_handshake 1451 * SSL_set_connect_state => ossl_quic_set_connect_state 1452 * SSL_set_accept_state => ossl_quic_set_accept_state 1453 * SSL_shutdown => ossl_quic_shutdown 1454 * SSL_ctrl => ossl_quic_ctrl 1455 * (BIO/)SSL_connect => ossl_quic_connect 1456 * (BIO/)SSL_accept => ossl_quic_accept 1457 * 1458 */ 1459 1460 QUIC_NEEDS_LOCK 1461 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc) 1462 { 1463 QUIC_STREAM_MAP *qsm; 1464 1465 if (qc->shutting_down) 1466 return; 1467 1468 qsm = ossl_quic_channel_get_qsm(qc->ch); 1469 1470 ossl_quic_stream_map_begin_shutdown_flush(qsm); 1471 qc->shutting_down = 1; 1472 } 1473 1474 /* Returns 1 if all shutdown-flush streams have been done with. */ 1475 QUIC_NEEDS_LOCK 1476 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc) 1477 { 1478 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); 1479 1480 return qc->shutting_down 1481 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm); 1482 } 1483 1484 /* SSL_shutdown */ 1485 static int quic_shutdown_wait(void *arg) 1486 { 1487 QUIC_CONNECTION *qc = arg; 1488 1489 return ossl_quic_channel_is_terminated(qc->ch); 1490 } 1491 1492 /* Returns 1 if shutdown flush process has finished or is inapplicable. */ 1493 static int quic_shutdown_flush_wait(void *arg) 1494 { 1495 QUIC_CONNECTION *qc = arg; 1496 1497 return ossl_quic_channel_is_term_any(qc->ch) 1498 || qc_shutdown_flush_finished(qc); 1499 } 1500 1501 static int quic_shutdown_peer_wait(void *arg) 1502 { 1503 QUIC_CONNECTION *qc = arg; 1504 return ossl_quic_channel_is_term_any(qc->ch); 1505 } 1506 1507 QUIC_TAKES_LOCK 1508 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, 1509 const SSL_SHUTDOWN_EX_ARGS *args, 1510 size_t args_len) 1511 { 1512 int ret; 1513 QCTX ctx; 1514 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0); 1515 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0); 1516 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0); 1517 1518 if (!expect_quic_cs(s, &ctx)) 1519 return -1; 1520 1521 if (ctx.is_stream) { 1522 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL); 1523 return -1; 1524 } 1525 1526 qctx_lock(&ctx); 1527 1528 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { 1529 qctx_unlock(&ctx); 1530 return 1; 1531 } 1532 1533 /* Phase 1: Stream Flushing */ 1534 if (!wait_peer && stream_flush) { 1535 qc_shutdown_flush_init(ctx.qc); 1536 1537 if (!qc_shutdown_flush_finished(ctx.qc)) { 1538 if (!no_block && qctx_blocking(&ctx)) { 1539 ret = block_until_pred(&ctx, quic_shutdown_flush_wait, ctx.qc, 0); 1540 if (ret < 1) { 1541 ret = 0; 1542 goto err; 1543 } 1544 } else { 1545 qctx_maybe_autotick(&ctx); 1546 } 1547 } 1548 1549 if (!qc_shutdown_flush_finished(ctx.qc)) { 1550 qctx_unlock(&ctx); 1551 return 0; /* ongoing */ 1552 } 1553 } 1554 1555 /* Phase 2: Connection Closure */ 1556 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) { 1557 if (!no_block && qctx_blocking(&ctx)) { 1558 ret = block_until_pred(&ctx, quic_shutdown_peer_wait, ctx.qc, 0); 1559 if (ret < 1) { 1560 ret = 0; 1561 goto err; 1562 } 1563 } else { 1564 qctx_maybe_autotick(&ctx); 1565 } 1566 1567 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) { 1568 ret = 0; /* peer hasn't closed yet - still not done */ 1569 goto err; 1570 } 1571 1572 /* 1573 * We are at least terminating - go through the normal process of 1574 * waiting until we are in the TERMINATED state. 1575 */ 1576 } 1577 1578 /* Block mutation ops regardless of if we did stream flush. */ 1579 ctx.qc->shutting_down = 1; 1580 1581 /* 1582 * This call is a no-op if we are already terminating, so it doesn't 1583 * affect the wait_peer case. 1584 */ 1585 ossl_quic_channel_local_close(ctx.qc->ch, 1586 args != NULL ? args->quic_error_code : 0, 1587 args != NULL ? args->quic_reason : NULL); 1588 1589 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN); 1590 1591 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { 1592 qctx_unlock(&ctx); 1593 return 1; 1594 } 1595 1596 /* Phase 3: Terminating Wait Time */ 1597 if (!no_block && qctx_blocking(&ctx) 1598 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) { 1599 ret = block_until_pred(&ctx, quic_shutdown_wait, ctx.qc, 0); 1600 if (ret < 1) { 1601 ret = 0; 1602 goto err; 1603 } 1604 } else { 1605 qctx_maybe_autotick(&ctx); 1606 } 1607 1608 ret = ossl_quic_channel_is_terminated(ctx.qc->ch); 1609 err: 1610 qctx_unlock(&ctx); 1611 return ret; 1612 } 1613 1614 /* SSL_ctrl */ 1615 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) 1616 { 1617 QCTX ctx; 1618 1619 if (!expect_quic_csl(s, &ctx)) 1620 return 0; 1621 1622 switch (cmd) { 1623 case SSL_CTRL_MODE: 1624 if (ctx.is_listener) 1625 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1626 1627 /* If called on a QCSO, update the default mode. */ 1628 if (!ctx.is_stream) 1629 ctx.qc->default_ssl_mode |= (uint32_t)larg; 1630 1631 /* 1632 * If we were called on a QSSO or have a default stream, we also update 1633 * that. 1634 */ 1635 if (ctx.xso != NULL) { 1636 /* Cannot enable EPW while AON write in progress. */ 1637 if (ctx.xso->aon_write_in_progress) 1638 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; 1639 1640 ctx.xso->ssl_mode |= (uint32_t)larg; 1641 return ctx.xso->ssl_mode; 1642 } 1643 1644 return ctx.qc->default_ssl_mode; 1645 case SSL_CTRL_CLEAR_MODE: 1646 if (ctx.is_listener) 1647 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1648 1649 if (!ctx.is_stream) 1650 ctx.qc->default_ssl_mode &= ~(uint32_t)larg; 1651 1652 if (ctx.xso != NULL) { 1653 ctx.xso->ssl_mode &= ~(uint32_t)larg; 1654 return ctx.xso->ssl_mode; 1655 } 1656 1657 return ctx.qc->default_ssl_mode; 1658 1659 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1660 if (ctx.is_listener) 1661 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1662 1663 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg); 1664 /* This ctrl also needs to be passed to the internal SSL object */ 1665 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg); 1666 1667 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */ 1668 { 1669 int is_infinite; 1670 1671 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite)) 1672 return 0; 1673 1674 return !is_infinite; 1675 } 1676 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */ 1677 /* For legacy compatibility with DTLS calls. */ 1678 return ossl_quic_handle_events(s) == 1 ? 1 : -1; 1679 1680 /* Mask ctrls we shouldn't support for QUIC. */ 1681 case SSL_CTRL_GET_READ_AHEAD: 1682 case SSL_CTRL_SET_READ_AHEAD: 1683 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1684 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 1685 case SSL_CTRL_SET_MAX_PIPELINES: 1686 return 0; 1687 1688 default: 1689 /* 1690 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl 1691 * implementation. Either SSL_ctrl will handle it itself by direct 1692 * access into handshake layer state, or failing that, it will be passed 1693 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not 1694 * supported by anything, the handshake layer's ctrl method will finally 1695 * return 0. 1696 */ 1697 if (ctx.is_listener) 1698 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1699 1700 return ossl_ctrl_internal(&ctx.qc->obj.ssl, cmd, larg, parg, /*no_quic=*/1); 1701 } 1702 } 1703 1704 /* SSL_set_connect_state */ 1705 int ossl_quic_set_connect_state(SSL *s, int raiseerrs) 1706 { 1707 QCTX ctx; 1708 1709 if (!is_quic_c(s, &ctx, raiseerrs)) 1710 return 0; 1711 1712 if (ctx.qc->as_server_state == 0) 1713 return 1; 1714 1715 /* Cannot be changed after handshake started */ 1716 if (ctx.qc->started) { 1717 if (raiseerrs) 1718 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL); 1719 return 0; 1720 } 1721 1722 ctx.qc->as_server_state = 0; 1723 return 1; 1724 } 1725 1726 /* SSL_set_accept_state */ 1727 int ossl_quic_set_accept_state(SSL *s, int raiseerrs) 1728 { 1729 QCTX ctx; 1730 1731 if (!is_quic_c(s, &ctx, raiseerrs)) 1732 return 0; 1733 1734 if (ctx.qc->as_server_state == 1) 1735 return 1; 1736 1737 /* Cannot be changed after handshake started */ 1738 if (ctx.qc->started) { 1739 if (raiseerrs) 1740 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL); 1741 return 0; 1742 } 1743 1744 ctx.qc->as_server_state = 1; 1745 return 1; 1746 } 1747 1748 /* SSL_do_handshake */ 1749 struct quic_handshake_wait_args { 1750 QUIC_CONNECTION *qc; 1751 }; 1752 1753 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc) 1754 { 1755 int want = SSL_want(qc->tls); 1756 1757 if (want == SSL_X509_LOOKUP 1758 || want == SSL_CLIENT_HELLO_CB 1759 || want == SSL_RETRY_VERIFY) 1760 return 1; 1761 1762 return 0; 1763 } 1764 1765 static int quic_handshake_wait(void *arg) 1766 { 1767 struct quic_handshake_wait_args *args = arg; 1768 1769 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) 1770 return -1; 1771 1772 if (ossl_quic_channel_is_handshake_complete(args->qc->ch)) 1773 return 1; 1774 1775 if (tls_wants_non_io_retry(args->qc)) 1776 return 1; 1777 1778 return 0; 1779 } 1780 1781 static int configure_channel(QUIC_CONNECTION *qc) 1782 { 1783 assert(qc->ch != NULL); 1784 1785 if (!ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr)) 1786 return 0; 1787 1788 return 1; 1789 } 1790 1791 static int need_notifier_for_domain_flags(uint64_t domain_flags) 1792 { 1793 return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0 1794 || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0 1795 && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0); 1796 } 1797 1798 QUIC_NEEDS_LOCK 1799 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx) 1800 { 1801 QUIC_ENGINE_ARGS engine_args = { 0 }; 1802 QUIC_PORT_ARGS port_args = { 0 }; 1803 1804 engine_args.libctx = ctx->libctx; 1805 engine_args.propq = ctx->propq; 1806 #if defined(OPENSSL_THREADS) 1807 engine_args.mutex = qc->mutex; 1808 #endif 1809 1810 if (need_notifier_for_domain_flags(ctx->domain_flags)) 1811 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 1812 1813 qc->engine = ossl_quic_engine_new(&engine_args); 1814 if (qc->engine == NULL) { 1815 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1816 return 0; 1817 } 1818 1819 port_args.channel_ctx = ctx; 1820 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args); 1821 if (qc->port == NULL) { 1822 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1823 ossl_quic_engine_free(qc->engine); 1824 qc->engine = NULL; 1825 return 0; 1826 } 1827 1828 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); 1829 if (qc->ch == NULL) { 1830 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1831 ossl_quic_port_free(qc->port); 1832 qc->port = NULL; 1833 ossl_quic_engine_free(qc->engine); 1834 qc->engine = NULL; 1835 return 0; 1836 } 1837 1838 return 1; 1839 } 1840 1841 /* 1842 * Configures a channel with the information we have accumulated via calls made 1843 * to us from the application prior to starting a handshake attempt. 1844 */ 1845 QUIC_NEEDS_LOCK 1846 static int ensure_channel_started(QCTX *ctx) 1847 { 1848 QUIC_CONNECTION *qc = ctx->qc; 1849 1850 if (!qc->started) { 1851 if (!configure_channel(qc)) { 1852 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1853 "failed to configure channel"); 1854 return 0; 1855 } 1856 1857 if (!ossl_quic_channel_start(qc->ch)) { 1858 ossl_quic_channel_restore_err_state(qc->ch); 1859 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1860 "failed to start channel"); 1861 return 0; 1862 } 1863 1864 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 1865 if (qc->is_thread_assisted) 1866 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) { 1867 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1868 "failed to start assist thread"); 1869 return 0; 1870 } 1871 #endif 1872 } 1873 1874 qc->started = 1; 1875 return 1; 1876 } 1877 1878 QUIC_NEEDS_LOCK 1879 static int quic_do_handshake(QCTX *ctx) 1880 { 1881 int ret; 1882 QUIC_CONNECTION *qc = ctx->qc; 1883 QUIC_PORT *port; 1884 BIO *net_rbio, *net_wbio; 1885 1886 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1887 /* Handshake already completed. */ 1888 return 1; 1889 1890 if (!quic_mutation_allowed(qc, /*req_active=*/0)) 1891 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1892 1893 if (qc->as_server != qc->as_server_state) { 1894 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 1895 return -1; /* Non-protocol error */ 1896 } 1897 1898 port = ossl_quic_obj_get0_port(ctx->obj); 1899 net_rbio = ossl_quic_port_get_net_rbio(port); 1900 net_wbio = ossl_quic_port_get_net_wbio(port); 1901 if (net_rbio == NULL || net_wbio == NULL) { 1902 /* Need read and write BIOs. */ 1903 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL); 1904 return -1; /* Non-protocol error */ 1905 } 1906 1907 if (!qc->started && ossl_quic_port_is_addressed_w(port) 1908 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { 1909 /* 1910 * We are trying to connect and are using addressed mode, which means we 1911 * need an initial peer address; if we do not have a peer address yet, 1912 * we should try to autodetect one. 1913 * 1914 * We do this as late as possible because some BIOs (e.g. BIO_s_connect) 1915 * may not be able to provide us with a peer address until they have 1916 * finished their own processing. They may not be able to perform this 1917 * processing until an application has finished configuring that BIO 1918 * (e.g. with setter calls), which might happen after SSL_set_bio is 1919 * called. 1920 */ 1921 if (!csm_analyse_init_peer_addr(net_wbio, &qc->init_peer_addr)) 1922 /* best effort */ 1923 BIO_ADDR_clear(&qc->init_peer_addr); 1924 else 1925 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr); 1926 } 1927 1928 if (!qc->started 1929 && ossl_quic_port_is_addressed_w(port) 1930 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { 1931 /* 1932 * If we still don't have a peer address in addressed mode, we can't do 1933 * anything. 1934 */ 1935 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL); 1936 return -1; /* Non-protocol error */ 1937 } 1938 1939 /* 1940 * Start connection process. Note we may come here multiple times in 1941 * non-blocking mode, which is fine. 1942 */ 1943 if (!ensure_channel_started(ctx)) /* raises on failure */ 1944 return -1; /* Non-protocol error */ 1945 1946 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1947 /* The handshake is now done. */ 1948 return 1; 1949 1950 if (!qctx_blocking(ctx)) { 1951 /* Try to advance the reactor. */ 1952 qctx_maybe_autotick(ctx); 1953 1954 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1955 /* The handshake is now done. */ 1956 return 1; 1957 1958 if (ossl_quic_channel_is_term_any(qc->ch)) { 1959 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1960 return 0; 1961 } else if (ossl_quic_obj_desires_blocking(&qc->obj)) { 1962 /* 1963 * As a special case when doing a handshake when blocking mode is 1964 * desired yet not available, see if the network BIOs have become 1965 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect 1966 * which do late creation of socket FDs and therefore cannot expose 1967 * a poll descriptor until after a network BIO is set on the QCSO. 1968 */ 1969 ossl_quic_engine_update_poll_descriptors(qc->obj.engine, /*force=*/1); 1970 } 1971 } 1972 1973 /* 1974 * We are either in blocking mode or just entered it due to the code above. 1975 */ 1976 if (qctx_blocking(ctx)) { 1977 /* In blocking mode, wait for the handshake to complete. */ 1978 struct quic_handshake_wait_args args; 1979 1980 args.qc = qc; 1981 1982 ret = block_until_pred(ctx, quic_handshake_wait, &args, 0); 1983 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 1984 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1985 return 0; /* Shutdown before completion */ 1986 } else if (ret <= 0) { 1987 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 1988 return -1; /* Non-protocol error */ 1989 } 1990 1991 if (tls_wants_non_io_retry(qc)) { 1992 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); 1993 return -1; 1994 } 1995 1996 assert(ossl_quic_channel_is_handshake_complete(qc->ch)); 1997 return 1; 1998 } 1999 2000 if (tls_wants_non_io_retry(qc)) { 2001 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); 2002 return -1; 2003 } 2004 2005 /* 2006 * Otherwise, indicate that the handshake isn't done yet. 2007 * We can only get here in non-blocking mode. 2008 */ 2009 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); 2010 return -1; /* Non-protocol error */ 2011 } 2012 2013 QUIC_TAKES_LOCK 2014 int ossl_quic_do_handshake(SSL *s) 2015 { 2016 int ret; 2017 QCTX ctx; 2018 2019 if (!expect_quic_cs(s, &ctx)) 2020 return 0; 2021 2022 qctx_lock_for_io(&ctx); 2023 2024 ret = quic_do_handshake(&ctx); 2025 qctx_unlock(&ctx); 2026 return ret; 2027 } 2028 2029 /* SSL_connect */ 2030 int ossl_quic_connect(SSL *s) 2031 { 2032 /* Ensure we are in connect state (no-op if non-idle). */ 2033 if (!ossl_quic_set_connect_state(s, 1)) 2034 return -1; 2035 2036 /* Begin or continue the handshake */ 2037 return ossl_quic_do_handshake(s); 2038 } 2039 2040 /* SSL_accept */ 2041 int ossl_quic_accept(SSL *s) 2042 { 2043 /* Ensure we are in accept state (no-op if non-idle). */ 2044 if (!ossl_quic_set_accept_state(s, 1)) 2045 return -1; 2046 2047 /* Begin or continue the handshake */ 2048 return ossl_quic_do_handshake(s); 2049 } 2050 2051 /* 2052 * QUIC Front-End I/O API: Stream Lifecycle Operations 2053 * =================================================== 2054 * 2055 * SSL_stream_new => ossl_quic_conn_stream_new 2056 * 2057 */ 2058 2059 /* 2060 * Try to create the default XSO if it doesn't already exist. Returns 1 if the 2061 * default XSO was created. Returns 0 if it was not (e.g. because it already 2062 * exists). Note that this is NOT an error condition. 2063 */ 2064 QUIC_NEEDS_LOCK 2065 static int qc_try_create_default_xso_for_write(QCTX *ctx) 2066 { 2067 uint64_t flags = 0; 2068 QUIC_CONNECTION *qc = ctx->qc; 2069 2070 if (qc->default_xso_created 2071 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 2072 /* 2073 * We only do this once. If the user detaches a previously created 2074 * default XSO we don't auto-create another one. 2075 */ 2076 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 2077 2078 /* Create a locally-initiated stream. */ 2079 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2080 flags |= SSL_STREAM_FLAG_UNI; 2081 2082 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags, 2083 /*needs_lock=*/0), 2084 /*touch=*/0); 2085 if (qc->default_xso == NULL) 2086 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2087 2088 qc_touch_default_xso(qc); 2089 return 1; 2090 } 2091 2092 struct quic_wait_for_stream_args { 2093 QUIC_CONNECTION *qc; 2094 QUIC_STREAM *qs; 2095 QCTX *ctx; 2096 uint64_t expect_id; 2097 }; 2098 2099 QUIC_NEEDS_LOCK 2100 static int quic_wait_for_stream(void *arg) 2101 { 2102 struct quic_wait_for_stream_args *args = arg; 2103 2104 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) { 2105 /* If connection is torn down due to an error while blocking, stop. */ 2106 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2107 return -1; 2108 } 2109 2110 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), 2111 args->expect_id | QUIC_STREAM_DIR_BIDI); 2112 if (args->qs == NULL) 2113 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), 2114 args->expect_id | QUIC_STREAM_DIR_UNI); 2115 2116 if (args->qs != NULL) 2117 return 1; /* stream now exists */ 2118 2119 return 0; /* did not get a stream, keep trying */ 2120 } 2121 2122 QUIC_NEEDS_LOCK 2123 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek) 2124 { 2125 /* Called on a QCSO and we don't currently have a default stream. */ 2126 uint64_t expect_id; 2127 QUIC_CONNECTION *qc = ctx->qc; 2128 QUIC_STREAM *qs; 2129 int res; 2130 struct quic_wait_for_stream_args wargs; 2131 OSSL_RTT_INFO rtt_info; 2132 2133 /* 2134 * If default stream functionality is disabled or we already detached 2135 * one, don't make another default stream and just fail. 2136 */ 2137 if (qc->default_xso_created 2138 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 2139 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 2140 2141 /* 2142 * The peer may have opened a stream since we last ticked. So tick and 2143 * see if the stream with ordinal 0 (remote, bidi/uni based on stream 2144 * mode) exists yet. QUIC stream IDs must be allocated in order, so the 2145 * first stream created by a peer must have an ordinal of 0. 2146 */ 2147 expect_id = qc->as_server 2148 ? QUIC_STREAM_INITIATOR_CLIENT 2149 : QUIC_STREAM_INITIATOR_SERVER; 2150 2151 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2152 expect_id | QUIC_STREAM_DIR_BIDI); 2153 if (qs == NULL) 2154 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2155 expect_id | QUIC_STREAM_DIR_UNI); 2156 2157 if (qs == NULL) { 2158 qctx_maybe_autotick(ctx); 2159 2160 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2161 expect_id); 2162 } 2163 2164 if (qs == NULL) { 2165 if (peek) 2166 return 0; 2167 2168 if (ossl_quic_channel_is_term_any(qc->ch)) { 2169 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2170 } else if (!qctx_blocking(ctx)) { 2171 /* Non-blocking mode, so just bail immediately. */ 2172 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); 2173 } 2174 2175 /* Block until we have a stream. */ 2176 wargs.qc = qc; 2177 wargs.qs = NULL; 2178 wargs.ctx = ctx; 2179 wargs.expect_id = expect_id; 2180 2181 res = block_until_pred(ctx, quic_wait_for_stream, &wargs, 0); 2182 if (res == 0) 2183 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2184 else if (res < 0 || wargs.qs == NULL) 2185 /* quic_wait_for_stream raised error here */ 2186 return 0; 2187 2188 qs = wargs.qs; 2189 } 2190 2191 /* 2192 * We now have qs != NULL. Remove it from the incoming stream queue so that 2193 * it isn't also returned by any future SSL_accept_stream calls. 2194 */ 2195 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); 2196 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch), 2197 qs, rtt_info.smoothed_rtt); 2198 2199 /* 2200 * Now make qs the default stream, creating the necessary XSO. 2201 */ 2202 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0); 2203 if (qc->default_xso == NULL) 2204 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2205 2206 qc_touch_default_xso(qc); /* inhibits default XSO */ 2207 return 1; 2208 } 2209 2210 QUIC_NEEDS_LOCK 2211 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs) 2212 { 2213 QUIC_XSO *xso = NULL; 2214 2215 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) { 2216 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 2217 goto err; 2218 } 2219 2220 if (!ossl_quic_obj_init(&xso->obj, qc->obj.ssl.ctx, SSL_TYPE_QUIC_XSO, 2221 &qc->obj.ssl, NULL, NULL)) { 2222 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 2223 goto err; 2224 } 2225 2226 /* XSO refs QC */ 2227 if (!SSL_up_ref(&qc->obj.ssl)) { 2228 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL); 2229 goto err; 2230 } 2231 2232 xso->conn = qc; 2233 xso->ssl_mode = qc->default_ssl_mode; 2234 xso->ssl_options 2235 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; 2236 xso->last_error = SSL_ERROR_NONE; 2237 2238 xso->stream = qs; 2239 2240 ++qc->num_xso; 2241 xso_update_options(xso); 2242 return xso; 2243 2244 err: 2245 OPENSSL_free(xso); 2246 return NULL; 2247 } 2248 2249 struct quic_new_stream_wait_args { 2250 QUIC_CONNECTION *qc; 2251 int is_uni; 2252 }; 2253 2254 static int quic_new_stream_wait(void *arg) 2255 { 2256 struct quic_new_stream_wait_args *args = arg; 2257 QUIC_CONNECTION *qc = args->qc; 2258 2259 if (!quic_mutation_allowed(qc, /*req_active=*/1)) 2260 return -1; 2261 2262 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni)) 2263 return 1; 2264 2265 return 0; 2266 } 2267 2268 /* locking depends on need_lock */ 2269 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock) 2270 { 2271 int ret; 2272 QUIC_CONNECTION *qc = ctx->qc; 2273 QUIC_XSO *xso = NULL; 2274 QUIC_STREAM *qs = NULL; 2275 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0); 2276 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0); 2277 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0); 2278 2279 if (need_lock) 2280 qctx_lock(ctx); 2281 2282 if (!quic_mutation_allowed(qc, /*req_active=*/0)) { 2283 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2284 goto err; 2285 } 2286 2287 if (!advance 2288 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) { 2289 struct quic_new_stream_wait_args args; 2290 2291 /* 2292 * Stream count flow control currently doesn't permit this stream to be 2293 * opened. 2294 */ 2295 if (no_blocking || !qctx_blocking(ctx)) { 2296 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL); 2297 goto err; 2298 } 2299 2300 args.qc = qc; 2301 args.is_uni = is_uni; 2302 2303 /* Blocking mode - wait until we can get a stream. */ 2304 ret = block_until_pred(ctx, quic_new_stream_wait, &args, 0); 2305 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 2306 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2307 goto err; /* Shutdown before completion */ 2308 } else if (ret <= 0) { 2309 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2310 goto err; /* Non-protocol error */ 2311 } 2312 } 2313 2314 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni); 2315 if (qs == NULL) { 2316 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2317 goto err; 2318 } 2319 2320 xso = create_xso_from_stream(qc, qs); 2321 if (xso == NULL) 2322 goto err; 2323 2324 qc_touch_default_xso(qc); /* inhibits default XSO */ 2325 if (need_lock) 2326 qctx_unlock(ctx); 2327 2328 return &xso->obj.ssl; 2329 2330 err: 2331 OPENSSL_free(xso); 2332 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs); 2333 if (need_lock) 2334 qctx_unlock(ctx); 2335 2336 return NULL; 2337 } 2338 2339 QUIC_TAKES_LOCK 2340 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags) 2341 { 2342 QCTX ctx; 2343 2344 if (!expect_quic_conn_only(s, &ctx)) 2345 return NULL; 2346 2347 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1); 2348 } 2349 2350 /* 2351 * QUIC Front-End I/O API: Steady-State Operations 2352 * =============================================== 2353 * 2354 * Here we dispatch calls to the steady-state front-end I/O API functions; that 2355 * is, the functions used during the established phase of a QUIC connection 2356 * (e.g. SSL_read, SSL_write). 2357 * 2358 * Each function must handle both blocking and non-blocking modes. As discussed 2359 * above, all QUIC I/O is implemented using non-blocking mode internally. 2360 * 2361 * SSL_get_error => partially implemented by ossl_quic_get_error 2362 * SSL_want => ossl_quic_want 2363 * (BIO/)SSL_read => ossl_quic_read 2364 * (BIO/)SSL_write => ossl_quic_write 2365 * SSL_pending => ossl_quic_pending 2366 * SSL_stream_conclude => ossl_quic_conn_stream_conclude 2367 * SSL_key_update => ossl_quic_key_update 2368 */ 2369 2370 /* SSL_get_error */ 2371 int ossl_quic_get_error(const SSL *s, int i) 2372 { 2373 QCTX ctx; 2374 int net_error, last_error; 2375 2376 /* SSL_get_errors() should not raise new errors */ 2377 if (!is_quic_cs(s, &ctx, 0 /* suppress errors */)) 2378 return SSL_ERROR_SSL; 2379 2380 qctx_lock(&ctx); 2381 net_error = ossl_quic_channel_net_error(ctx.qc->ch); 2382 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error; 2383 qctx_unlock(&ctx); 2384 2385 if (net_error) 2386 return SSL_ERROR_SYSCALL; 2387 2388 return last_error; 2389 } 2390 2391 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */ 2392 static int error_to_want(int error) 2393 { 2394 switch (error) { 2395 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */ 2396 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */ 2397 case SSL_ERROR_ZERO_RETURN: 2398 default: 2399 return SSL_NOTHING; 2400 2401 case SSL_ERROR_WANT_READ: 2402 return SSL_READING; 2403 2404 case SSL_ERROR_WANT_WRITE: 2405 return SSL_WRITING; 2406 2407 case SSL_ERROR_WANT_RETRY_VERIFY: 2408 return SSL_RETRY_VERIFY; 2409 2410 case SSL_ERROR_WANT_CLIENT_HELLO_CB: 2411 return SSL_CLIENT_HELLO_CB; 2412 2413 case SSL_ERROR_WANT_X509_LOOKUP: 2414 return SSL_X509_LOOKUP; 2415 } 2416 } 2417 2418 /* SSL_want */ 2419 int ossl_quic_want(const SSL *s) 2420 { 2421 QCTX ctx; 2422 int w; 2423 2424 if (!expect_quic_cs(s, &ctx)) 2425 return SSL_NOTHING; 2426 2427 qctx_lock(&ctx); 2428 2429 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error); 2430 2431 qctx_unlock(&ctx); 2432 return w; 2433 } 2434 2435 /* 2436 * SSL_write 2437 * --------- 2438 * 2439 * The set of functions below provide the implementation of the public SSL_write 2440 * function. We must handle: 2441 * 2442 * - both blocking and non-blocking operation at the application level, 2443 * depending on how we are configured; 2444 * 2445 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off; 2446 * 2447 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. 2448 * 2449 */ 2450 QUIC_NEEDS_LOCK 2451 static void quic_post_write(QUIC_XSO *xso, int did_append, 2452 int did_append_all, uint64_t flags, 2453 int do_tick) 2454 { 2455 /* 2456 * We have appended at least one byte to the stream. 2457 * Potentially mark stream as active, depending on FC. 2458 */ 2459 if (did_append) 2460 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch), 2461 xso->stream); 2462 2463 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0) 2464 ossl_quic_sstream_fin(xso->stream->sstream); 2465 2466 /* 2467 * Try and send. 2468 * 2469 * TODO(QUIC FUTURE): It is probably inefficient to try and do this 2470 * immediately, plus we should eventually consider Nagle's algorithm. 2471 */ 2472 if (do_tick) 2473 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0); 2474 } 2475 2476 struct quic_write_again_args { 2477 QUIC_XSO *xso; 2478 const unsigned char *buf; 2479 size_t len; 2480 size_t total_written; 2481 int err; 2482 uint64_t flags; 2483 }; 2484 2485 /* 2486 * Absolute maximum write buffer size, enforced to prevent a rogue peer from 2487 * deliberately inducing DoS. This has been chosen based on the optimal buffer 2488 * size for an RTT of 500ms and a bandwidth of 100 Mb/s. 2489 */ 2490 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024) 2491 2492 /* 2493 * Ensure spare buffer space available (up until a limit, at least). 2494 */ 2495 QUIC_NEEDS_LOCK 2496 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare) 2497 { 2498 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream); 2499 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream); 2500 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare; 2501 size_t new_sz, growth; 2502 2503 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE) 2504 return 1; 2505 2506 growth = spare_ - avail; 2507 if (cur_sz + growth > MAX_WRITE_BUF_SIZE) 2508 new_sz = MAX_WRITE_BUF_SIZE; 2509 else 2510 new_sz = cur_sz + growth; 2511 2512 return ossl_quic_sstream_set_buffer_size(sstream, new_sz); 2513 } 2514 2515 /* 2516 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded 2517 * as needed according to flow control. 2518 */ 2519 QUIC_NEEDS_LOCK 2520 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf, 2521 size_t len, size_t *actual_written) 2522 { 2523 QUIC_SSTREAM *sstream = xso->stream->sstream; 2524 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream); 2525 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc); 2526 uint64_t permitted = (cwm >= cur ? cwm - cur : 0); 2527 2528 if (len > permitted) 2529 len = (size_t)permitted; 2530 2531 if (!sstream_ensure_spare(sstream, len)) 2532 return 0; 2533 2534 return ossl_quic_sstream_append(sstream, buf, len, actual_written); 2535 } 2536 2537 QUIC_NEEDS_LOCK 2538 static int quic_write_again(void *arg) 2539 { 2540 struct quic_write_again_args *args = arg; 2541 size_t actual_written = 0; 2542 2543 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1)) 2544 /* If connection is torn down due to an error while blocking, stop. */ 2545 return -2; 2546 2547 if (!quic_validate_for_write(args->xso, &args->err)) 2548 /* 2549 * Stream may have become invalid for write due to connection events 2550 * while we blocked. 2551 */ 2552 return -2; 2553 2554 args->err = ERR_R_INTERNAL_ERROR; 2555 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written)) 2556 return -2; 2557 2558 quic_post_write(args->xso, actual_written > 0, 2559 args->len == actual_written, args->flags, 0); 2560 2561 args->buf += actual_written; 2562 args->len -= actual_written; 2563 args->total_written += actual_written; 2564 2565 if (args->len == 0) 2566 /* Written everything, done. */ 2567 return 1; 2568 2569 /* Not written everything yet, keep trying. */ 2570 return 0; 2571 } 2572 2573 QUIC_NEEDS_LOCK 2574 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, 2575 uint64_t flags, size_t *written) 2576 { 2577 int res; 2578 QUIC_XSO *xso = ctx->xso; 2579 struct quic_write_again_args args; 2580 size_t actual_written = 0; 2581 2582 /* First make a best effort to append as much of the data as possible. */ 2583 if (!xso_sstream_append(xso, buf, len, &actual_written)) { 2584 /* Stream already finished or allocation error. */ 2585 *written = 0; 2586 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2587 } 2588 2589 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1); 2590 2591 /* 2592 * Record however much data we wrote 2593 */ 2594 *written = actual_written; 2595 2596 if (actual_written == len) { 2597 /* Managed to append everything on the first try. */ 2598 return 1; 2599 } 2600 2601 /* 2602 * We did not manage to append all of the data immediately, so the stream 2603 * buffer has probably filled up. This means we need to block until some of 2604 * it is freed up. 2605 */ 2606 args.xso = xso; 2607 args.buf = (const unsigned char *)buf + actual_written; 2608 args.len = len - actual_written; 2609 args.total_written = 0; 2610 args.err = ERR_R_INTERNAL_ERROR; 2611 args.flags = flags; 2612 2613 res = block_until_pred(ctx, quic_write_again, &args, 0); 2614 if (res <= 0) { 2615 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1)) 2616 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2617 else 2618 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL); 2619 } 2620 2621 /* 2622 * When waiting on extra buffer space to be available, args.total_written 2623 * holds the amount of remaining data we requested to write, which will be 2624 * something less than the len parameter passed in, however much we wrote 2625 * here, add it to the value that we wrote when we initially called 2626 * xso_sstream_append 2627 */ 2628 *written += args.total_written; 2629 return 1; 2630 } 2631 2632 /* 2633 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE) 2634 * write semantics. 2635 */ 2636 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf, 2637 size_t buf_len, size_t already_sent) 2638 { 2639 assert(!xso->aon_write_in_progress); 2640 2641 xso->aon_write_in_progress = 1; 2642 xso->aon_buf_base = buf; 2643 xso->aon_buf_pos = already_sent; 2644 xso->aon_buf_len = buf_len; 2645 } 2646 2647 static void aon_write_finish(QUIC_XSO *xso) 2648 { 2649 xso->aon_write_in_progress = 0; 2650 xso->aon_buf_base = NULL; 2651 xso->aon_buf_pos = 0; 2652 xso->aon_buf_len = 0; 2653 } 2654 2655 QUIC_NEEDS_LOCK 2656 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf, 2657 size_t len, uint64_t flags, 2658 size_t *written) 2659 { 2660 QUIC_XSO *xso = ctx->xso; 2661 const void *actual_buf; 2662 size_t actual_len, actual_written = 0; 2663 int accept_moving_buffer 2664 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0); 2665 2666 if (xso->aon_write_in_progress) { 2667 /* 2668 * We are in the middle of an AON write (i.e., a previous write did not 2669 * manage to append all data to the SSTREAM and we have Enable Partial 2670 * Write (EPW) mode disabled.) 2671 */ 2672 if ((!accept_moving_buffer && xso->aon_buf_base != buf) 2673 || len != xso->aon_buf_len) 2674 /* 2675 * Pointer must not have changed if we are not in accept moving 2676 * buffer mode. Length must never change. 2677 */ 2678 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL); 2679 2680 actual_buf = (unsigned char *)buf + xso->aon_buf_pos; 2681 actual_len = len - xso->aon_buf_pos; 2682 assert(actual_len > 0); 2683 } else { 2684 actual_buf = buf; 2685 actual_len = len; 2686 } 2687 2688 /* First make a best effort to append as much of the data as possible. */ 2689 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) { 2690 /* Stream already finished or allocation error. */ 2691 *written = 0; 2692 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2693 } 2694 2695 quic_post_write(xso, actual_written > 0, actual_written == actual_len, 2696 flags, qctx_should_autotick(ctx)); 2697 2698 if (actual_written == actual_len) { 2699 /* We have sent everything. */ 2700 if (xso->aon_write_in_progress) { 2701 /* 2702 * We have sent everything, and we were in the middle of an AON 2703 * write. The output write length is the total length of the AON 2704 * buffer, not however many bytes we managed to write to the stream 2705 * in this call. 2706 */ 2707 *written = xso->aon_buf_len; 2708 aon_write_finish(xso); 2709 } else { 2710 *written = actual_written; 2711 } 2712 2713 return 1; 2714 } 2715 2716 if (xso->aon_write_in_progress) { 2717 /* 2718 * AON write is in progress but we have not written everything yet. We 2719 * may have managed to send zero bytes, or some number of bytes less 2720 * than the total remaining which need to be appended during this 2721 * AON operation. 2722 */ 2723 xso->aon_buf_pos += actual_written; 2724 assert(xso->aon_buf_pos < xso->aon_buf_len); 2725 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2726 } 2727 2728 /* 2729 * Not in an existing AON operation but partial write is not enabled, so we 2730 * need to begin a new AON operation. However we needn't bother if we didn't 2731 * actually append anything. 2732 */ 2733 if (actual_written > 0) 2734 aon_write_begin(xso, buf, len, actual_written); 2735 2736 /* 2737 * AON - We do not publicly admit to having appended anything until AON 2738 * completes. 2739 */ 2740 *written = 0; 2741 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2742 } 2743 2744 QUIC_NEEDS_LOCK 2745 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len, 2746 uint64_t flags, size_t *written) 2747 { 2748 QUIC_XSO *xso = ctx->xso; 2749 2750 /* Simple best effort operation. */ 2751 if (!xso_sstream_append(xso, buf, len, written)) { 2752 /* Stream already finished or allocation error. */ 2753 *written = 0; 2754 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2755 } 2756 2757 quic_post_write(xso, *written > 0, *written == len, flags, 2758 qctx_should_autotick(ctx)); 2759 2760 if (*written == 0) 2761 /* SSL_write_ex returns 0 if it didn't write anything. */ 2762 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2763 2764 return 1; 2765 } 2766 2767 QUIC_NEEDS_LOCK 2768 static int quic_validate_for_write(QUIC_XSO *xso, int *err) 2769 { 2770 QUIC_STREAM_MAP *qsm; 2771 2772 if (xso == NULL || xso->stream == NULL) { 2773 *err = ERR_R_INTERNAL_ERROR; 2774 return 0; 2775 } 2776 2777 switch (xso->stream->send_state) { 2778 default: 2779 case QUIC_SSTREAM_STATE_NONE: 2780 *err = SSL_R_STREAM_RECV_ONLY; 2781 return 0; 2782 2783 case QUIC_SSTREAM_STATE_READY: 2784 qsm = ossl_quic_channel_get_qsm(xso->conn->ch); 2785 2786 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) { 2787 *err = ERR_R_INTERNAL_ERROR; 2788 return 0; 2789 } 2790 2791 /* FALLTHROUGH */ 2792 case QUIC_SSTREAM_STATE_SEND: 2793 case QUIC_SSTREAM_STATE_DATA_SENT: 2794 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) { 2795 *err = SSL_R_STREAM_FINISHED; 2796 return 0; 2797 } 2798 return 1; 2799 2800 case QUIC_SSTREAM_STATE_DATA_RECVD: 2801 *err = SSL_R_STREAM_FINISHED; 2802 return 0; 2803 2804 case QUIC_SSTREAM_STATE_RESET_SENT: 2805 case QUIC_SSTREAM_STATE_RESET_RECVD: 2806 *err = SSL_R_STREAM_RESET; 2807 return 0; 2808 } 2809 } 2810 2811 QUIC_TAKES_LOCK 2812 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, 2813 uint64_t flags, size_t *written) 2814 { 2815 int ret; 2816 QCTX ctx; 2817 int partial_write, err; 2818 2819 *written = 0; 2820 2821 if (len == 0) { 2822 /* Do not autocreate default XSO for zero-length writes. */ 2823 if (!expect_quic_cs(s, &ctx)) 2824 return 0; 2825 2826 qctx_lock_for_io(&ctx); 2827 } else { 2828 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx)) 2829 return 0; 2830 } 2831 2832 partial_write = ((ctx.xso != NULL) 2833 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) 2834 : 0); 2835 2836 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) { 2837 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL); 2838 goto out; 2839 } 2840 2841 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { 2842 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2843 goto out; 2844 } 2845 2846 /* 2847 * If we haven't finished the handshake, try to advance it. 2848 * We don't accept writes until the handshake is completed. 2849 */ 2850 if (quic_do_handshake(&ctx) < 1) { 2851 ret = 0; 2852 goto out; 2853 } 2854 2855 /* Ensure correct stream state, stream send part not concluded, etc. */ 2856 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) { 2857 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 2858 goto out; 2859 } 2860 2861 if (len == 0) { 2862 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0) 2863 quic_post_write(ctx.xso, 0, 1, flags, 2864 qctx_should_autotick(&ctx)); 2865 2866 ret = 1; 2867 goto out; 2868 } 2869 2870 if (qctx_blocking(&ctx)) 2871 ret = quic_write_blocking(&ctx, buf, len, flags, written); 2872 else if (partial_write) 2873 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written); 2874 else 2875 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written); 2876 2877 out: 2878 qctx_unlock(&ctx); 2879 return ret; 2880 } 2881 2882 QUIC_TAKES_LOCK 2883 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) 2884 { 2885 return ossl_quic_write_flags(s, buf, len, 0, written); 2886 } 2887 2888 /* 2889 * SSL_read 2890 * -------- 2891 */ 2892 struct quic_read_again_args { 2893 QCTX *ctx; 2894 QUIC_STREAM *stream; 2895 void *buf; 2896 size_t len; 2897 size_t *bytes_read; 2898 int peek; 2899 }; 2900 2901 QUIC_NEEDS_LOCK 2902 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos) 2903 { 2904 QUIC_STREAM_MAP *qsm; 2905 2906 *eos = 0; 2907 2908 if (xso == NULL || xso->stream == NULL) { 2909 *err = ERR_R_INTERNAL_ERROR; 2910 return 0; 2911 } 2912 2913 switch (xso->stream->recv_state) { 2914 default: 2915 case QUIC_RSTREAM_STATE_NONE: 2916 *err = SSL_R_STREAM_SEND_ONLY; 2917 return 0; 2918 2919 case QUIC_RSTREAM_STATE_RECV: 2920 case QUIC_RSTREAM_STATE_SIZE_KNOWN: 2921 case QUIC_RSTREAM_STATE_DATA_RECVD: 2922 return 1; 2923 2924 case QUIC_RSTREAM_STATE_DATA_READ: 2925 *eos = 1; 2926 return 0; 2927 2928 case QUIC_RSTREAM_STATE_RESET_RECVD: 2929 qsm = ossl_quic_channel_get_qsm(xso->conn->ch); 2930 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream); 2931 2932 /* FALLTHROUGH */ 2933 case QUIC_RSTREAM_STATE_RESET_READ: 2934 *err = SSL_R_STREAM_RESET; 2935 return 0; 2936 } 2937 } 2938 2939 QUIC_NEEDS_LOCK 2940 static int quic_read_actual(QCTX *ctx, 2941 QUIC_STREAM *stream, 2942 void *buf, size_t buf_len, 2943 size_t *bytes_read, 2944 int peek) 2945 { 2946 int is_fin = 0, err, eos; 2947 QUIC_CONNECTION *qc = ctx->qc; 2948 2949 if (!quic_validate_for_read(ctx->xso, &err, &eos)) { 2950 if (eos) { 2951 ctx->xso->retired_fin = 1; 2952 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); 2953 } else { 2954 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL); 2955 } 2956 } 2957 2958 if (peek) { 2959 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len, 2960 bytes_read, &is_fin)) 2961 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2962 2963 } else { 2964 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len, 2965 bytes_read, &is_fin)) 2966 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2967 } 2968 2969 if (!peek) { 2970 if (*bytes_read > 0) { 2971 /* 2972 * We have read at least one byte from the stream. Inform stream-level 2973 * RXFC of the retirement of controlled bytes. Update the active stream 2974 * status (the RXFC may now want to emit a frame granting more credit to 2975 * the peer). 2976 */ 2977 OSSL_RTT_INFO rtt_info; 2978 2979 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); 2980 2981 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read, 2982 rtt_info.smoothed_rtt)) 2983 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2984 } 2985 2986 if (is_fin && !peek) { 2987 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch); 2988 2989 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream); 2990 } 2991 2992 if (*bytes_read > 0) 2993 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch), 2994 stream); 2995 } 2996 2997 if (*bytes_read == 0 && is_fin) { 2998 ctx->xso->retired_fin = 1; 2999 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); 3000 } 3001 3002 return 1; 3003 } 3004 3005 QUIC_NEEDS_LOCK 3006 static int quic_read_again(void *arg) 3007 { 3008 struct quic_read_again_args *args = arg; 3009 3010 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) { 3011 /* If connection is torn down due to an error while blocking, stop. */ 3012 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3013 return -1; 3014 } 3015 3016 if (!quic_read_actual(args->ctx, args->stream, 3017 args->buf, args->len, args->bytes_read, 3018 args->peek)) 3019 return -1; 3020 3021 if (*args->bytes_read > 0) 3022 /* got at least one byte, the SSL_read op can finish now */ 3023 return 1; 3024 3025 return 0; /* did not read anything, keep trying */ 3026 } 3027 3028 QUIC_TAKES_LOCK 3029 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek) 3030 { 3031 int ret, res; 3032 QCTX ctx; 3033 struct quic_read_again_args args; 3034 3035 *bytes_read = 0; 3036 3037 if (!expect_quic_cs(s, &ctx)) 3038 return 0; 3039 3040 qctx_lock_for_io(&ctx); 3041 3042 /* If we haven't finished the handshake, try to advance it. */ 3043 if (quic_do_handshake(&ctx) < 1) { 3044 ret = 0; /* ossl_quic_do_handshake raised error here */ 3045 goto out; 3046 } 3047 3048 if (ctx.xso == NULL) { 3049 /* 3050 * Called on a QCSO and we don't currently have a default stream. 3051 * 3052 * Wait until we get a stream initiated by the peer (blocking mode) or 3053 * fail if we don't have one yet (non-blocking mode). 3054 */ 3055 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) { 3056 ret = 0; /* error already raised here */ 3057 goto out; 3058 } 3059 3060 ctx.xso = ctx.qc->default_xso; 3061 } 3062 3063 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { 3064 ret = 0; /* quic_read_actual raised error here */ 3065 goto out; 3066 } 3067 3068 if (*bytes_read > 0) { 3069 /* 3070 * Even though we succeeded, tick the reactor here to ensure we are 3071 * handling other aspects of the QUIC connection. 3072 */ 3073 if (quic_mutation_allowed(ctx.qc, /*req_active=*/0)) 3074 qctx_maybe_autotick(&ctx); 3075 3076 ret = 1; 3077 } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { 3078 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3079 goto out; 3080 } else if (qctx_blocking(&ctx)) { 3081 /* 3082 * We were not able to read anything immediately, so our stream 3083 * buffer is empty. This means we need to block until we get 3084 * at least one byte. 3085 */ 3086 args.ctx = &ctx; 3087 args.stream = ctx.xso->stream; 3088 args.buf = buf; 3089 args.len = len; 3090 args.bytes_read = bytes_read; 3091 args.peek = peek; 3092 3093 res = block_until_pred(&ctx, quic_read_again, &args, 0); 3094 if (res == 0) { 3095 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3096 goto out; 3097 } else if (res < 0) { 3098 ret = 0; /* quic_read_again raised error here */ 3099 goto out; 3100 } 3101 3102 ret = 1; 3103 } else { 3104 /* 3105 * We did not get any bytes and are not in blocking mode. 3106 * Tick to see if this delivers any more. 3107 */ 3108 qctx_maybe_autotick(&ctx); 3109 3110 /* Try the read again. */ 3111 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { 3112 ret = 0; /* quic_read_actual raised error here */ 3113 goto out; 3114 } 3115 3116 if (*bytes_read > 0) 3117 ret = 1; /* Succeeded this time. */ 3118 else 3119 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ); 3120 } 3121 3122 out: 3123 qctx_unlock(&ctx); 3124 return ret; 3125 } 3126 3127 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read) 3128 { 3129 return quic_read(s, buf, len, bytes_read, 0); 3130 } 3131 3132 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read) 3133 { 3134 return quic_read(s, buf, len, bytes_read, 1); 3135 } 3136 3137 /* 3138 * SSL_pending 3139 * ----------- 3140 */ 3141 3142 QUIC_TAKES_LOCK 3143 static size_t ossl_quic_pending_int(const SSL *s, int check_channel) 3144 { 3145 QCTX ctx; 3146 size_t avail = 0; 3147 3148 if (!expect_quic_cs(s, &ctx)) 3149 return 0; 3150 3151 qctx_lock(&ctx); 3152 3153 if (!ctx.qc->started) 3154 goto out; 3155 3156 if (ctx.xso == NULL) { 3157 /* No XSO yet, but there might be a default XSO eligible to be created. */ 3158 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) { 3159 ctx.xso = ctx.qc->default_xso; 3160 } else { 3161 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL); 3162 goto out; 3163 } 3164 } 3165 3166 if (ctx.xso->stream == NULL) { 3167 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3168 goto out; 3169 } 3170 3171 if (check_channel) 3172 avail = ossl_quic_stream_recv_pending(ctx.xso->stream, 3173 /*include_fin=*/1) 3174 || ossl_quic_channel_has_pending(ctx.qc->ch) 3175 || ossl_quic_channel_is_term_any(ctx.qc->ch); 3176 else 3177 avail = ossl_quic_stream_recv_pending(ctx.xso->stream, 3178 /*include_fin=*/0); 3179 3180 out: 3181 qctx_unlock(&ctx); 3182 return avail; 3183 } 3184 3185 size_t ossl_quic_pending(const SSL *s) 3186 { 3187 return ossl_quic_pending_int(s, /*check_channel=*/0); 3188 } 3189 3190 int ossl_quic_has_pending(const SSL *s) 3191 { 3192 /* Do we have app-side pending data or pending URXEs or RXEs? */ 3193 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0; 3194 } 3195 3196 /* 3197 * SSL_stream_conclude 3198 * ------------------- 3199 */ 3200 QUIC_TAKES_LOCK 3201 int ossl_quic_conn_stream_conclude(SSL *s) 3202 { 3203 QCTX ctx; 3204 QUIC_STREAM *qs; 3205 int err; 3206 int ret; 3207 3208 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx)) 3209 return 0; 3210 3211 qs = ctx.xso->stream; 3212 3213 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) { 3214 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3215 qctx_unlock(&ctx); 3216 return ret; 3217 } 3218 3219 if (!quic_validate_for_write(ctx.xso, &err)) { 3220 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 3221 qctx_unlock(&ctx); 3222 return ret; 3223 } 3224 3225 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) { 3226 qctx_unlock(&ctx); 3227 return 1; 3228 } 3229 3230 ossl_quic_sstream_fin(qs->sstream); 3231 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx)); 3232 qctx_unlock(&ctx); 3233 return 1; 3234 } 3235 3236 /* 3237 * SSL_inject_net_dgram 3238 * -------------------- 3239 */ 3240 QUIC_TAKES_LOCK 3241 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, 3242 size_t buf_len, 3243 const BIO_ADDR *peer, 3244 const BIO_ADDR *local) 3245 { 3246 int ret = 0; 3247 QCTX ctx; 3248 QUIC_DEMUX *demux; 3249 QUIC_PORT *port; 3250 3251 if (!expect_quic_csl(s, &ctx)) 3252 return 0; 3253 3254 qctx_lock(&ctx); 3255 3256 port = ossl_quic_obj_get0_port(ctx.obj); 3257 if (port == NULL) { 3258 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 3259 goto err; 3260 } 3261 3262 demux = ossl_quic_port_get0_demux(port); 3263 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local); 3264 3265 err: 3266 qctx_unlock(&ctx); 3267 return ret; 3268 } 3269 3270 /* 3271 * SSL_get0_connection 3272 * ------------------- 3273 */ 3274 SSL *ossl_quic_get0_connection(SSL *s) 3275 { 3276 QCTX ctx; 3277 3278 if (!expect_quic_cs(s, &ctx)) 3279 return NULL; 3280 3281 return &ctx.qc->obj.ssl; 3282 } 3283 3284 /* 3285 * SSL_get0_listener 3286 * ----------------- 3287 */ 3288 SSL *ossl_quic_get0_listener(SSL *s) 3289 { 3290 QCTX ctx; 3291 3292 if (!expect_quic_csl(s, &ctx)) 3293 return NULL; 3294 3295 return ctx.ql != NULL ? &ctx.ql->obj.ssl : NULL; 3296 } 3297 3298 /* 3299 * SSL_get0_domain 3300 * --------------- 3301 */ 3302 SSL *ossl_quic_get0_domain(SSL *s) 3303 { 3304 QCTX ctx; 3305 3306 if (!expect_quic_any(s, &ctx)) 3307 return NULL; 3308 3309 return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL; 3310 } 3311 3312 /* 3313 * SSL_get_domain_flags 3314 * -------------------- 3315 */ 3316 int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags) 3317 { 3318 QCTX ctx; 3319 3320 if (!expect_quic_any(ssl, &ctx)) 3321 return 0; 3322 3323 if (domain_flags != NULL) 3324 *domain_flags = ctx.obj->domain_flags; 3325 3326 return 1; 3327 } 3328 3329 /* 3330 * SSL_get_stream_type 3331 * ------------------- 3332 */ 3333 int ossl_quic_get_stream_type(SSL *s) 3334 { 3335 QCTX ctx; 3336 3337 if (!expect_quic_cs(s, &ctx)) 3338 return SSL_STREAM_TYPE_BIDI; 3339 3340 if (ctx.xso == NULL) { 3341 /* 3342 * If deferred XSO creation has yet to occur, proceed according to the 3343 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know 3344 * what kind of stream will be created yet, so return BIDI on the basis 3345 * that at this time, the client still has the option of calling 3346 * SSL_read() or SSL_write() first. 3347 */ 3348 if (ctx.qc->default_xso_created 3349 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 3350 return SSL_STREAM_TYPE_NONE; 3351 else 3352 return SSL_STREAM_TYPE_BIDI; 3353 } 3354 3355 if (ossl_quic_stream_is_bidi(ctx.xso->stream)) 3356 return SSL_STREAM_TYPE_BIDI; 3357 3358 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server) 3359 return SSL_STREAM_TYPE_READ; 3360 else 3361 return SSL_STREAM_TYPE_WRITE; 3362 } 3363 3364 /* 3365 * SSL_get_stream_id 3366 * ----------------- 3367 */ 3368 QUIC_TAKES_LOCK 3369 uint64_t ossl_quic_get_stream_id(SSL *s) 3370 { 3371 QCTX ctx; 3372 uint64_t id; 3373 3374 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) 3375 return UINT64_MAX; 3376 3377 id = ctx.xso->stream->id; 3378 qctx_unlock(&ctx); 3379 3380 return id; 3381 } 3382 3383 /* 3384 * SSL_is_stream_local 3385 * ------------------- 3386 */ 3387 QUIC_TAKES_LOCK 3388 int ossl_quic_is_stream_local(SSL *s) 3389 { 3390 QCTX ctx; 3391 int is_local; 3392 3393 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) 3394 return -1; 3395 3396 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream); 3397 qctx_unlock(&ctx); 3398 3399 return is_local; 3400 } 3401 3402 /* 3403 * SSL_set_default_stream_mode 3404 * --------------------------- 3405 */ 3406 QUIC_TAKES_LOCK 3407 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode) 3408 { 3409 QCTX ctx; 3410 3411 if (!expect_quic_conn_only(s, &ctx)) 3412 return 0; 3413 3414 qctx_lock(&ctx); 3415 3416 if (ctx.qc->default_xso_created) { 3417 qctx_unlock(&ctx); 3418 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 3419 "too late to change default stream mode"); 3420 } 3421 3422 switch (mode) { 3423 case SSL_DEFAULT_STREAM_MODE_NONE: 3424 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI: 3425 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI: 3426 ctx.qc->default_stream_mode = mode; 3427 break; 3428 default: 3429 qctx_unlock(&ctx); 3430 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3431 "bad default stream type"); 3432 } 3433 3434 qctx_unlock(&ctx); 3435 return 1; 3436 } 3437 3438 /* 3439 * SSL_detach_stream 3440 * ----------------- 3441 */ 3442 QUIC_TAKES_LOCK 3443 SSL *ossl_quic_detach_stream(SSL *s) 3444 { 3445 QCTX ctx; 3446 QUIC_XSO *xso = NULL; 3447 3448 if (!expect_quic_conn_only(s, &ctx)) 3449 return NULL; 3450 3451 qctx_lock(&ctx); 3452 3453 /* Calling this function inhibits default XSO autocreation. */ 3454 /* QC ref to any default XSO is transferred to us and to caller. */ 3455 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso); 3456 3457 qctx_unlock(&ctx); 3458 3459 return xso != NULL ? &xso->obj.ssl : NULL; 3460 } 3461 3462 /* 3463 * SSL_attach_stream 3464 * ----------------- 3465 */ 3466 QUIC_TAKES_LOCK 3467 int ossl_quic_attach_stream(SSL *conn, SSL *stream) 3468 { 3469 QCTX ctx; 3470 QUIC_XSO *xso; 3471 int nref; 3472 3473 if (!expect_quic_conn_only(conn, &ctx)) 3474 return 0; 3475 3476 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO) 3477 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER, 3478 "stream to attach must be a valid QUIC stream"); 3479 3480 xso = (QUIC_XSO *)stream; 3481 3482 qctx_lock(&ctx); 3483 3484 if (ctx.qc->default_xso != NULL) { 3485 qctx_unlock(&ctx); 3486 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 3487 "connection already has a default stream"); 3488 } 3489 3490 /* 3491 * It is a caller error for the XSO being attached as a default XSO to have 3492 * more than one ref. 3493 */ 3494 if (!CRYPTO_GET_REF(&xso->obj.ssl.references, &nref)) { 3495 qctx_unlock(&ctx); 3496 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, 3497 "ref"); 3498 } 3499 3500 if (nref != 1) { 3501 qctx_unlock(&ctx); 3502 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3503 "stream being attached must have " 3504 "only 1 reference"); 3505 } 3506 3507 /* Caller's reference to the XSO is transferred to us. */ 3508 /* Calling this function inhibits default XSO autocreation. */ 3509 qc_set_default_xso(ctx.qc, xso, /*touch=*/1); 3510 3511 qctx_unlock(&ctx); 3512 return 1; 3513 } 3514 3515 /* 3516 * SSL_set_incoming_stream_policy 3517 * ------------------------------ 3518 */ 3519 QUIC_NEEDS_LOCK 3520 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc) 3521 { 3522 switch (qc->incoming_stream_policy) { 3523 case SSL_INCOMING_STREAM_POLICY_AUTO: 3524 if ((qc->default_xso == NULL && !qc->default_xso_created) 3525 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 3526 return SSL_INCOMING_STREAM_POLICY_ACCEPT; 3527 else 3528 return SSL_INCOMING_STREAM_POLICY_REJECT; 3529 3530 default: 3531 return qc->incoming_stream_policy; 3532 } 3533 } 3534 3535 QUIC_NEEDS_LOCK 3536 static void qc_update_reject_policy(QUIC_CONNECTION *qc) 3537 { 3538 int policy = qc_get_effective_incoming_stream_policy(qc); 3539 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT); 3540 3541 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch, 3542 enable_reject, 3543 qc->incoming_stream_aec); 3544 } 3545 3546 QUIC_TAKES_LOCK 3547 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, 3548 uint64_t aec) 3549 { 3550 int ret = 1; 3551 QCTX ctx; 3552 3553 if (!expect_quic_conn_only(s, &ctx)) 3554 return 0; 3555 3556 qctx_lock(&ctx); 3557 3558 switch (policy) { 3559 case SSL_INCOMING_STREAM_POLICY_AUTO: 3560 case SSL_INCOMING_STREAM_POLICY_ACCEPT: 3561 case SSL_INCOMING_STREAM_POLICY_REJECT: 3562 ctx.qc->incoming_stream_policy = policy; 3563 ctx.qc->incoming_stream_aec = aec; 3564 break; 3565 3566 default: 3567 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 3568 ret = 0; 3569 break; 3570 } 3571 3572 qc_update_reject_policy(ctx.qc); 3573 qctx_unlock(&ctx); 3574 return ret; 3575 } 3576 3577 /* 3578 * SSL_get_value, SSL_set_value 3579 * ---------------------------- 3580 */ 3581 QUIC_TAKES_LOCK 3582 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_, 3583 uint64_t *p_value_out, uint64_t *p_value_in) 3584 { 3585 int ret = 0; 3586 uint64_t value_out = 0, value_in; 3587 3588 qctx_lock(ctx); 3589 3590 switch (class_) { 3591 case SSL_VALUE_CLASS_FEATURE_REQUEST: 3592 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch); 3593 3594 if (p_value_in != NULL) { 3595 value_in = *p_value_in; 3596 if (value_in > OSSL_QUIC_VLINT_MAX) { 3597 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3598 NULL); 3599 goto err; 3600 } 3601 3602 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) { 3603 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE, 3604 NULL); 3605 goto err; 3606 } 3607 3608 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in); 3609 } 3610 break; 3611 3612 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: 3613 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED: 3614 if (p_value_in != NULL) { 3615 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP, 3616 NULL); 3617 goto err; 3618 } 3619 3620 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) { 3621 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE, 3622 NULL); 3623 goto err; 3624 } 3625 3626 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED) 3627 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch) 3628 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch); 3629 break; 3630 3631 default: 3632 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3633 NULL); 3634 goto err; 3635 } 3636 3637 ret = 1; 3638 err: 3639 qctx_unlock(ctx); 3640 if (ret && p_value_out != NULL) 3641 *p_value_out = value_out; 3642 3643 return ret; 3644 } 3645 3646 QUIC_TAKES_LOCK 3647 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_, 3648 int is_uni, int is_remote, 3649 uint64_t *value) 3650 { 3651 int ret = 0; 3652 3653 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3654 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3655 NULL); 3656 return 0; 3657 } 3658 3659 qctx_lock(ctx); 3660 3661 *value = is_remote 3662 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni) 3663 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni); 3664 3665 ret = 1; 3666 qctx_unlock(ctx); 3667 return ret; 3668 } 3669 3670 QUIC_NEEDS_LOCK 3671 static int qctx_should_autotick(QCTX *ctx) 3672 { 3673 int event_handling_mode; 3674 QUIC_OBJ *obj = ctx->obj; 3675 3676 for (; (event_handling_mode = obj->event_handling_mode) == SSL_VALUE_EVENT_HANDLING_MODE_INHERIT 3677 && obj->parent_obj != NULL; 3678 obj = obj->parent_obj) 3679 ; 3680 3681 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT; 3682 } 3683 3684 QUIC_NEEDS_LOCK 3685 static void qctx_maybe_autotick(QCTX *ctx) 3686 { 3687 if (!qctx_should_autotick(ctx)) 3688 return; 3689 3690 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx->obj), 0); 3691 } 3692 3693 QUIC_TAKES_LOCK 3694 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_, 3695 uint64_t *p_value_out, 3696 uint64_t *p_value_in) 3697 { 3698 int ret = 0; 3699 uint64_t value_out = 0; 3700 3701 qctx_lock(ctx); 3702 3703 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3704 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3705 NULL); 3706 goto err; 3707 } 3708 3709 if (p_value_in != NULL) { 3710 switch (*p_value_in) { 3711 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: 3712 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: 3713 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: 3714 break; 3715 default: 3716 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3717 NULL); 3718 goto err; 3719 } 3720 3721 value_out = *p_value_in; 3722 ctx->obj->event_handling_mode = (int)value_out; 3723 } else { 3724 value_out = ctx->obj->event_handling_mode; 3725 } 3726 3727 ret = 1; 3728 err: 3729 qctx_unlock(ctx); 3730 if (ret && p_value_out != NULL) 3731 *p_value_out = value_out; 3732 3733 return ret; 3734 } 3735 3736 QUIC_TAKES_LOCK 3737 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_, 3738 uint64_t *p_value_out, 3739 size_t (*getter)(QUIC_SSTREAM *sstream)) 3740 { 3741 int ret = 0; 3742 size_t value = 0; 3743 3744 qctx_lock(ctx); 3745 3746 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3747 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3748 NULL); 3749 goto err; 3750 } 3751 3752 if (ctx->xso == NULL) { 3753 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 3754 goto err; 3755 } 3756 3757 if (!ossl_quic_stream_has_send(ctx->xso->stream)) { 3758 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL); 3759 goto err; 3760 } 3761 3762 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream)) 3763 value = getter(ctx->xso->stream->sstream); 3764 3765 ret = 1; 3766 err: 3767 qctx_unlock(ctx); 3768 *p_value_out = (uint64_t)value; 3769 return ret; 3770 } 3771 3772 QUIC_NEEDS_LOCK 3773 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id) 3774 { 3775 switch (id) { 3776 case SSL_VALUE_EVENT_HANDLING_MODE: 3777 case SSL_VALUE_STREAM_WRITE_BUF_SIZE: 3778 case SSL_VALUE_STREAM_WRITE_BUF_USED: 3779 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: 3780 return expect_quic_cs(s, ctx); 3781 default: 3782 return expect_quic_conn_only(s, ctx); 3783 } 3784 } 3785 3786 QUIC_TAKES_LOCK 3787 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id, 3788 uint64_t *value) 3789 { 3790 QCTX ctx; 3791 3792 if (!expect_quic_for_value(s, &ctx, id)) 3793 return 0; 3794 3795 if (value == NULL) 3796 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3797 ERR_R_PASSED_INVALID_ARGUMENT, NULL); 3798 3799 switch (id) { 3800 case SSL_VALUE_QUIC_IDLE_TIMEOUT: 3801 return qc_getset_idle_timeout(&ctx, class_, value, NULL); 3802 3803 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: 3804 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value); 3805 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: 3806 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value); 3807 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: 3808 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value); 3809 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: 3810 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value); 3811 3812 case SSL_VALUE_EVENT_HANDLING_MODE: 3813 return qc_getset_event_handling(&ctx, class_, value, NULL); 3814 3815 case SSL_VALUE_STREAM_WRITE_BUF_SIZE: 3816 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3817 ossl_quic_sstream_get_buffer_size); 3818 case SSL_VALUE_STREAM_WRITE_BUF_USED: 3819 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3820 ossl_quic_sstream_get_buffer_used); 3821 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: 3822 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3823 ossl_quic_sstream_get_buffer_avail); 3824 3825 default: 3826 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3827 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); 3828 } 3829 3830 return 1; 3831 } 3832 3833 QUIC_TAKES_LOCK 3834 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id, 3835 uint64_t value) 3836 { 3837 QCTX ctx; 3838 3839 if (!expect_quic_for_value(s, &ctx, id)) 3840 return 0; 3841 3842 switch (id) { 3843 case SSL_VALUE_QUIC_IDLE_TIMEOUT: 3844 return qc_getset_idle_timeout(&ctx, class_, NULL, &value); 3845 3846 case SSL_VALUE_EVENT_HANDLING_MODE: 3847 return qc_getset_event_handling(&ctx, class_, NULL, &value); 3848 3849 default: 3850 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3851 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); 3852 } 3853 3854 return 1; 3855 } 3856 3857 /* 3858 * SSL_accept_stream 3859 * ----------------- 3860 */ 3861 struct wait_for_incoming_stream_args { 3862 QCTX *ctx; 3863 QUIC_STREAM *qs; 3864 }; 3865 3866 QUIC_NEEDS_LOCK 3867 static int wait_for_incoming_stream(void *arg) 3868 { 3869 struct wait_for_incoming_stream_args *args = arg; 3870 QUIC_CONNECTION *qc = args->ctx->qc; 3871 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); 3872 3873 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 3874 /* If connection is torn down due to an error while blocking, stop. */ 3875 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3876 return -1; 3877 } 3878 3879 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm); 3880 if (args->qs != NULL) 3881 return 1; /* got a stream */ 3882 3883 return 0; /* did not get a stream, keep trying */ 3884 } 3885 3886 QUIC_TAKES_LOCK 3887 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags) 3888 { 3889 QCTX ctx; 3890 int ret; 3891 SSL *new_s = NULL; 3892 QUIC_STREAM_MAP *qsm; 3893 QUIC_STREAM *qs; 3894 QUIC_XSO *xso; 3895 OSSL_RTT_INFO rtt_info; 3896 3897 if (!expect_quic_conn_only(s, &ctx)) 3898 return NULL; 3899 3900 qctx_lock(&ctx); 3901 3902 if (qc_get_effective_incoming_stream_policy(ctx.qc) 3903 == SSL_INCOMING_STREAM_POLICY_REJECT) { 3904 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 3905 goto out; 3906 } 3907 3908 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); 3909 3910 qs = ossl_quic_stream_map_peek_accept_queue(qsm); 3911 if (qs == NULL) { 3912 if (qctx_blocking(&ctx) 3913 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) { 3914 struct wait_for_incoming_stream_args args; 3915 3916 args.ctx = &ctx; 3917 args.qs = NULL; 3918 3919 ret = block_until_pred(&ctx, wait_for_incoming_stream, &args, 0); 3920 if (ret == 0) { 3921 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3922 goto out; 3923 } else if (ret < 0 || args.qs == NULL) { 3924 goto out; 3925 } 3926 3927 qs = args.qs; 3928 } else { 3929 goto out; 3930 } 3931 } 3932 3933 xso = create_xso_from_stream(ctx.qc, qs); 3934 if (xso == NULL) 3935 goto out; 3936 3937 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info); 3938 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs, 3939 rtt_info.smoothed_rtt); 3940 new_s = &xso->obj.ssl; 3941 3942 /* Calling this function inhibits default XSO autocreation. */ 3943 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */ 3944 3945 out: 3946 qctx_unlock(&ctx); 3947 return new_s; 3948 } 3949 3950 /* 3951 * SSL_get_accept_stream_queue_len 3952 * ------------------------------- 3953 */ 3954 QUIC_TAKES_LOCK 3955 size_t ossl_quic_get_accept_stream_queue_len(SSL *s) 3956 { 3957 QCTX ctx; 3958 size_t v; 3959 3960 if (!expect_quic_conn_only(s, &ctx)) 3961 return 0; 3962 3963 qctx_lock(&ctx); 3964 3965 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch)); 3966 3967 qctx_unlock(&ctx); 3968 return v; 3969 } 3970 3971 /* 3972 * SSL_stream_reset 3973 * ---------------- 3974 */ 3975 int ossl_quic_stream_reset(SSL *ssl, 3976 const SSL_STREAM_RESET_ARGS *args, 3977 size_t args_len) 3978 { 3979 QCTX ctx; 3980 QUIC_STREAM_MAP *qsm; 3981 QUIC_STREAM *qs; 3982 uint64_t error_code; 3983 int ok, err; 3984 3985 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx)) 3986 return 0; 3987 3988 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); 3989 qs = ctx.xso->stream; 3990 error_code = (args != NULL ? args->quic_error_code : 0); 3991 3992 if (!quic_validate_for_write(ctx.xso, &err)) { 3993 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 3994 goto err; 3995 } 3996 3997 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code); 3998 if (ok) 3999 ctx.xso->requested_reset = 1; 4000 4001 err: 4002 qctx_unlock(&ctx); 4003 return ok; 4004 } 4005 4006 /* 4007 * SSL_get_stream_read_state 4008 * ------------------------- 4009 */ 4010 static void quic_classify_stream(QUIC_CONNECTION *qc, 4011 QUIC_STREAM *qs, 4012 int is_write, 4013 int *state, 4014 uint64_t *app_error_code) 4015 { 4016 int local_init; 4017 uint64_t scratch_pad; /* throw away value */ 4018 4019 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server); 4020 4021 if (app_error_code != NULL) 4022 *app_error_code = UINT64_MAX; 4023 else 4024 app_error_code = &scratch_pad; 4025 4026 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) { 4027 /* 4028 * Unidirectional stream and this direction of transmission doesn't 4029 * exist. 4030 */ 4031 *state = SSL_STREAM_STATE_WRONG_DIR; 4032 } else if (ossl_quic_channel_is_term_any(qc->ch)) { 4033 /* Connection already closed. */ 4034 *state = SSL_STREAM_STATE_CONN_CLOSED; 4035 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) { 4036 /* Application has read a FIN. */ 4037 *state = SSL_STREAM_STATE_FINISHED; 4038 } else if ((!is_write && qs->stop_sending) 4039 || (is_write && ossl_quic_stream_send_is_reset(qs))) { 4040 /* 4041 * Stream has been reset locally. FIN takes precedence over this for the 4042 * read case as the application need not care if the stream is reset 4043 * after a FIN has been successfully processed. 4044 */ 4045 *state = SSL_STREAM_STATE_RESET_LOCAL; 4046 *app_error_code = !is_write 4047 ? qs->stop_sending_aec 4048 : qs->reset_stream_aec; 4049 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs)) 4050 || (is_write && qs->peer_stop_sending)) { 4051 /* 4052 * Stream has been reset remotely. */ 4053 *state = SSL_STREAM_STATE_RESET_REMOTE; 4054 *app_error_code = !is_write 4055 ? qs->peer_reset_stream_aec 4056 : qs->peer_stop_sending_aec; 4057 } else if (is_write && qs->have_final_size) { 4058 /* 4059 * Stream has been finished. Stream reset takes precedence over this for 4060 * the write case as peer may not have received all data. 4061 */ 4062 *state = SSL_STREAM_STATE_FINISHED; 4063 } else { 4064 /* Stream still healthy. */ 4065 *state = SSL_STREAM_STATE_OK; 4066 } 4067 } 4068 4069 static int quic_get_stream_state(SSL *ssl, int is_write) 4070 { 4071 QCTX ctx; 4072 int state; 4073 4074 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4075 return SSL_STREAM_STATE_NONE; 4076 4077 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL); 4078 qctx_unlock(&ctx); 4079 return state; 4080 } 4081 4082 int ossl_quic_get_stream_read_state(SSL *ssl) 4083 { 4084 return quic_get_stream_state(ssl, /*is_write=*/0); 4085 } 4086 4087 /* 4088 * SSL_get_stream_write_state 4089 * -------------------------- 4090 */ 4091 int ossl_quic_get_stream_write_state(SSL *ssl) 4092 { 4093 return quic_get_stream_state(ssl, /*is_write=*/1); 4094 } 4095 4096 /* 4097 * SSL_get_stream_read_error_code 4098 * ------------------------------ 4099 */ 4100 static int quic_get_stream_error_code(SSL *ssl, int is_write, 4101 uint64_t *app_error_code) 4102 { 4103 QCTX ctx; 4104 int state; 4105 4106 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4107 return -1; 4108 4109 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, 4110 &state, app_error_code); 4111 4112 qctx_unlock(&ctx); 4113 switch (state) { 4114 case SSL_STREAM_STATE_FINISHED: 4115 return 0; 4116 case SSL_STREAM_STATE_RESET_LOCAL: 4117 case SSL_STREAM_STATE_RESET_REMOTE: 4118 return 1; 4119 default: 4120 return -1; 4121 } 4122 } 4123 4124 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code) 4125 { 4126 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code); 4127 } 4128 4129 /* 4130 * SSL_get_stream_write_error_code 4131 * ------------------------------- 4132 */ 4133 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code) 4134 { 4135 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code); 4136 } 4137 4138 /* 4139 * Write buffer size mutation 4140 * -------------------------- 4141 */ 4142 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size) 4143 { 4144 int ret = 0; 4145 QCTX ctx; 4146 4147 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4148 return 0; 4149 4150 if (!ossl_quic_stream_has_send(ctx.xso->stream)) { 4151 /* Called on a unidirectional receive-only stream - error. */ 4152 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 4153 goto out; 4154 } 4155 4156 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) { 4157 /* 4158 * If the stream has a send part but we have disposed of it because we 4159 * no longer need it, this is a no-op. 4160 */ 4161 ret = 1; 4162 goto out; 4163 } 4164 4165 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) { 4166 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 4167 goto out; 4168 } 4169 4170 ret = 1; 4171 4172 out: 4173 qctx_unlock(&ctx); 4174 return ret; 4175 } 4176 4177 /* 4178 * SSL_get_conn_close_info 4179 * ----------------------- 4180 */ 4181 int ossl_quic_get_conn_close_info(SSL *ssl, 4182 SSL_CONN_CLOSE_INFO *info, 4183 size_t info_len) 4184 { 4185 QCTX ctx; 4186 const QUIC_TERMINATE_CAUSE *tc; 4187 4188 if (!expect_quic_conn_only(ssl, &ctx)) 4189 return -1; 4190 4191 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch); 4192 if (tc == NULL) 4193 return 0; 4194 4195 info->error_code = tc->error_code; 4196 info->frame_type = tc->frame_type; 4197 info->reason = tc->reason; 4198 info->reason_len = tc->reason_len; 4199 info->flags = 0; 4200 if (!tc->remote) 4201 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL; 4202 if (!tc->app) 4203 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT; 4204 return 1; 4205 } 4206 4207 /* 4208 * SSL_key_update 4209 * -------------- 4210 */ 4211 int ossl_quic_key_update(SSL *ssl, int update_type) 4212 { 4213 QCTX ctx; 4214 4215 if (!expect_quic_conn_only(ssl, &ctx)) 4216 return 0; 4217 4218 switch (update_type) { 4219 case SSL_KEY_UPDATE_NOT_REQUESTED: 4220 /* 4221 * QUIC signals peer key update implicily by triggering a local 4222 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED. 4223 */ 4224 case SSL_KEY_UPDATE_REQUESTED: 4225 break; 4226 4227 default: 4228 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 4229 return 0; 4230 } 4231 4232 qctx_lock(&ctx); 4233 4234 /* Attempt to perform a TXKU. */ 4235 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) { 4236 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL); 4237 qctx_unlock(&ctx); 4238 return 0; 4239 } 4240 4241 qctx_unlock(&ctx); 4242 return 1; 4243 } 4244 4245 /* 4246 * SSL_get_key_update_type 4247 * ----------------------- 4248 */ 4249 int ossl_quic_get_key_update_type(const SSL *s) 4250 { 4251 /* 4252 * We always handle key updates immediately so a key update is never 4253 * pending. 4254 */ 4255 return SSL_KEY_UPDATE_NONE; 4256 } 4257 4258 /** 4259 * @brief Allocates an SSL object for a user from a QUIC channel. 4260 * 4261 * This function creates a new QUIC_CONNECTION object based on an incoming 4262 * connection associated with the provided QUIC_LISTENER. If the connection 4263 * creation fails, the function returns NULL. Otherwise, it returns a pointer 4264 * to the SSL object associated with the newly created connection. 4265 * 4266 * Note: This function is a registered port callback made from 4267 * ossl_quic_new_listener and ossl_quic_new_listener_from, and allows for 4268 * pre-allocation of the user_ssl object when a channel is created, rather than 4269 * when it is accepted 4270 * 4271 * @param ch Pointer to the QUIC_CHANNEL representing the incoming connection. 4272 * @param arg Pointer to a QUIC_LISTENER used to create the connection. 4273 * 4274 * @return Pointer to the SSL object on success, or NULL on failure. 4275 */ 4276 static SSL *alloc_port_user_ssl(QUIC_CHANNEL *ch, void *arg) 4277 { 4278 QUIC_LISTENER *ql = arg; 4279 QUIC_CONNECTION *qc = create_qc_from_incoming_conn(ql, ch); 4280 4281 return (qc == NULL) ? NULL : &qc->obj.ssl; 4282 } 4283 4284 /* 4285 * QUIC Front-End I/O API: Listeners 4286 * ================================= 4287 */ 4288 4289 /* 4290 * SSL_new_listener 4291 * ---------------- 4292 */ 4293 SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags) 4294 { 4295 QUIC_LISTENER *ql = NULL; 4296 QUIC_ENGINE_ARGS engine_args = { 0 }; 4297 QUIC_PORT_ARGS port_args = { 0 }; 4298 4299 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) { 4300 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4301 return NULL; 4302 } 4303 4304 #if defined(OPENSSL_THREADS) 4305 if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) { 4306 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4307 goto err; 4308 } 4309 #endif 4310 4311 engine_args.libctx = ctx->libctx; 4312 engine_args.propq = ctx->propq; 4313 #if defined(OPENSSL_THREADS) 4314 engine_args.mutex = ql->mutex; 4315 #endif 4316 4317 if (need_notifier_for_domain_flags(ctx->domain_flags)) 4318 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 4319 4320 if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) { 4321 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4322 goto err; 4323 } 4324 4325 port_args.channel_ctx = ctx; 4326 port_args.is_multi_conn = 1; 4327 port_args.get_conn_user_ssl = alloc_port_user_ssl; 4328 port_args.user_ssl_arg = ql; 4329 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0) 4330 port_args.do_addr_validation = 1; 4331 ql->port = ossl_quic_engine_create_port(ql->engine, &port_args); 4332 if (ql->port == NULL) { 4333 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4334 goto err; 4335 } 4336 4337 /* TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT */ 4338 4339 ossl_quic_port_set_allow_incoming(ql->port, 1); 4340 4341 /* Initialise the QUIC_LISTENER's object header. */ 4342 if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL, 4343 ql->engine, ql->port)) 4344 goto err; 4345 4346 return &ql->obj.ssl; 4347 4348 err: 4349 ossl_quic_port_free(ql->port); 4350 ossl_quic_engine_free(ql->engine); 4351 4352 #if defined(OPENSSL_THREADS) 4353 ossl_crypto_mutex_free(&ql->mutex); 4354 #endif 4355 OPENSSL_free(ql); 4356 return NULL; 4357 } 4358 4359 /* 4360 * SSL_new_listener_from 4361 * --------------------- 4362 */ 4363 SSL *ossl_quic_new_listener_from(SSL *ssl, uint64_t flags) 4364 { 4365 QCTX ctx; 4366 QUIC_LISTENER *ql = NULL; 4367 QUIC_PORT_ARGS port_args = { 0 }; 4368 4369 if (!expect_quic_domain(ssl, &ctx)) 4370 return NULL; 4371 4372 if (!SSL_up_ref(&ctx.qd->obj.ssl)) 4373 return NULL; 4374 4375 qctx_lock(&ctx); 4376 4377 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) { 4378 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4379 goto err; 4380 } 4381 4382 port_args.channel_ctx = ssl->ctx; 4383 port_args.is_multi_conn = 1; 4384 port_args.get_conn_user_ssl = alloc_port_user_ssl; 4385 port_args.user_ssl_arg = ql; 4386 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0) 4387 port_args.do_addr_validation = 1; 4388 ql->port = ossl_quic_engine_create_port(ctx.qd->engine, &port_args); 4389 if (ql->port == NULL) { 4390 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4391 goto err; 4392 } 4393 4394 ql->domain = ctx.qd; 4395 ql->engine = ctx.qd->engine; 4396 #if defined(OPENSSL_THREADS) 4397 ql->mutex = ctx.qd->mutex; 4398 #endif 4399 4400 /* 4401 * TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT 4402 * Given that we have apis to create client SSL objects from 4403 * server SSL objects (see SSL_new_from_listener), we have aspirations 4404 * to enable a flag that allows for the creation of the latter, but not 4405 * be used to do accept any connections. This is a placeholder for the 4406 * implementation of that flag 4407 */ 4408 4409 ossl_quic_port_set_allow_incoming(ql->port, 1); 4410 4411 /* Initialise the QUIC_LISTENER's object header. */ 4412 if (!ossl_quic_obj_init(&ql->obj, ssl->ctx, SSL_TYPE_QUIC_LISTENER, 4413 &ctx.qd->obj.ssl, NULL, ql->port)) 4414 goto err; 4415 4416 qctx_unlock(&ctx); 4417 return &ql->obj.ssl; 4418 4419 err: 4420 if (ql != NULL) 4421 ossl_quic_port_free(ql->port); 4422 4423 OPENSSL_free(ql); 4424 qctx_unlock(&ctx); 4425 SSL_free(&ctx.qd->obj.ssl); 4426 4427 return NULL; 4428 } 4429 4430 /* 4431 * SSL_new_from_listener 4432 * --------------------- 4433 * code here is derived from ossl_quic_new(). The `ssl` argument is 4434 * a listener object which already comes with QUIC port/engine. The newly 4435 * created QUIC connection object (QCSO) is going to share the port/engine 4436 * with listener (`ssl`). The `ssl` also becomes a parent of QCSO created 4437 * by this function. The caller uses QCSO instance to connect to 4438 * remote QUIC server. 4439 * 4440 * The QCSO created here requires us to also create a channel so we 4441 * can connect to remote server. 4442 */ 4443 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags) 4444 { 4445 QCTX ctx; 4446 QUIC_CONNECTION *qc = NULL; 4447 QUIC_LISTENER *ql; 4448 SSL_CONNECTION *sc = NULL; 4449 4450 if (flags != 0) 4451 return NULL; 4452 4453 if (!expect_quic_listener(ssl, &ctx)) 4454 return NULL; 4455 4456 if (!SSL_up_ref(&ctx.ql->obj.ssl)) 4457 return NULL; 4458 4459 qctx_lock(&ctx); 4460 4461 ql = ctx.ql; 4462 4463 /* 4464 * listeners (server) contexts don't typically 4465 * allocate a token cache because they don't need 4466 * to store them, but here we are using a server side 4467 * ctx as a client, so we should allocate one now 4468 */ 4469 if (ssl->ctx->tokencache == NULL) 4470 if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL) 4471 goto err; 4472 4473 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) { 4474 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4475 goto err; 4476 } 4477 4478 /* 4479 * NOTE: setting a listener here is needed so `qc_cleanup()` does the right 4480 * thing. Setting listener to ql avoids premature destruction of port in 4481 * qc_cleanup() 4482 */ 4483 qc->listener = ql; 4484 qc->engine = ql->engine; 4485 qc->port = ql->port; 4486 /* create channel */ 4487 #if defined(OPENSSL_THREADS) 4488 /* this is the engine mutex */ 4489 qc->mutex = ql->mutex; 4490 #endif 4491 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 4492 qc->is_thread_assisted 4493 = ((ql->obj.domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0); 4494 #endif 4495 4496 /* Create the handshake layer. */ 4497 qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, &qc->obj.ssl, TLS_method()); 4498 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { 4499 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4500 goto err; 4501 } 4502 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL; 4503 4504 qc->default_ssl_options = OSSL_QUIC_PERMITTED_OPTIONS; 4505 qc->last_error = SSL_ERROR_NONE; 4506 4507 /* 4508 * This is QCSO, we don't expect to accept connections 4509 * on success the channel assumes ownership of tls, we need 4510 * to grab reference for qc. 4511 */ 4512 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); 4513 if (qc->ch == NULL) { 4514 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4515 goto err; 4516 } 4517 4518 ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl); 4519 ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg); 4520 4521 /* 4522 * We deliberately pass NULL for engine and port, because we don't want to 4523 * to turn QCSO we create here into an event leader, nor port leader. 4524 * Both those roles are occupied already by listener (`ssl`) we use 4525 * to create a new QCSO here. 4526 */ 4527 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx, 4528 SSL_TYPE_QUIC_CONNECTION, 4529 &ql->obj.ssl, NULL, NULL)) { 4530 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4531 goto err; 4532 } 4533 4534 /* Initialise libssl APL-related state. */ 4535 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 4536 qc->default_ssl_mode = qc->obj.ssl.ctx->mode; 4537 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 4538 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 4539 qc->last_error = SSL_ERROR_NONE; 4540 4541 qc_update_reject_policy(qc); 4542 4543 qctx_unlock(&ctx); 4544 4545 return &qc->obj.ssl; 4546 4547 err: 4548 if (qc != NULL) { 4549 qc_cleanup(qc, /* have_lock= */ 0); 4550 OPENSSL_free(qc); 4551 } 4552 qctx_unlock(&ctx); 4553 SSL_free(&ctx.ql->obj.ssl); 4554 4555 return NULL; 4556 } 4557 4558 /* 4559 * SSL_listen 4560 * ---------- 4561 */ 4562 QUIC_NEEDS_LOCK 4563 static int ql_listen(QUIC_LISTENER *ql) 4564 { 4565 if (ql->listening) 4566 return 1; 4567 4568 ossl_quic_port_set_allow_incoming(ql->port, 1); 4569 ql->listening = 1; 4570 return 1; 4571 } 4572 4573 QUIC_TAKES_LOCK 4574 int ossl_quic_listen(SSL *ssl) 4575 { 4576 QCTX ctx; 4577 int ret; 4578 4579 if (!expect_quic_listener(ssl, &ctx)) 4580 return 0; 4581 4582 qctx_lock_for_io(&ctx); 4583 4584 ret = ql_listen(ctx.ql); 4585 4586 qctx_unlock(&ctx); 4587 return ret; 4588 } 4589 4590 /* 4591 * SSL_accept_connection 4592 * --------------------- 4593 */ 4594 static int quic_accept_connection_wait(void *arg) 4595 { 4596 QUIC_PORT *port = arg; 4597 4598 if (!ossl_quic_port_is_running(port)) 4599 return -1; 4600 4601 if (ossl_quic_port_have_incoming(port)) 4602 return 1; 4603 4604 return 0; 4605 } 4606 4607 QUIC_TAKES_LOCK 4608 SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags) 4609 { 4610 int ret; 4611 QCTX ctx; 4612 SSL *conn_ssl = NULL; 4613 SSL *conn_ssl_tmp = NULL; 4614 SSL_CONNECTION *conn = NULL; 4615 QUIC_CHANNEL *new_ch = NULL; 4616 QUIC_CONNECTION *qc = NULL; 4617 int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0); 4618 4619 if (!expect_quic_listener(ssl, &ctx)) 4620 return NULL; 4621 4622 qctx_lock_for_io(&ctx); 4623 4624 if (!ql_listen(ctx.ql)) 4625 goto out; 4626 4627 /* Wait for an incoming connection if needed. */ 4628 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4629 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) { 4630 if (!no_block && qctx_blocking(&ctx)) { 4631 ret = block_until_pred(&ctx, quic_accept_connection_wait, 4632 ctx.ql->port, 0); 4633 if (ret < 1) 4634 goto out; 4635 } else { 4636 qctx_maybe_autotick(&ctx); 4637 } 4638 4639 if (!ossl_quic_port_is_running(ctx.ql->port)) 4640 goto out; 4641 4642 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4643 } 4644 4645 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) { 4646 /* No connections already queued. */ 4647 ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0); 4648 4649 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4650 } 4651 4652 /* 4653 * port_make_channel pre-allocates our user_ssl for us for each newly 4654 * created channel, so once we pop the new channel from the port above 4655 * we just need to extract it 4656 */ 4657 if (new_ch == NULL) 4658 goto out; 4659 4660 /* 4661 * All objects below must exist, because new_ch != NULL. The objects are 4662 * bound to new_ch. If channel constructor fails to create any item here 4663 * it just fails to create channel. 4664 */ 4665 if (!ossl_assert((conn_ssl_tmp = ossl_quic_channel_get0_tls(new_ch)) != NULL) 4666 || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl_tmp)) != NULL) 4667 || !ossl_assert((conn_ssl_tmp = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL)) 4668 goto out; 4669 4670 qc = (QUIC_CONNECTION *)conn_ssl_tmp; 4671 if (SSL_up_ref(&ctx.ql->obj.ssl)) { 4672 qc->listener = ctx.ql; 4673 conn_ssl = conn_ssl_tmp; 4674 conn_ssl_tmp = NULL; 4675 qc->pending = 0; 4676 } 4677 4678 out: 4679 4680 qctx_unlock(&ctx); 4681 /* 4682 * You might expect ossl_quic_channel_free() to be called here. Be 4683 * assured it happens, The process goes as follows: 4684 * - The SSL_free() here is being handled by ossl_quic_free(). 4685 * - The very last step of ossl_quic_free() is call to qc_cleanup() 4686 * where channel gets freed. 4687 * NOTE: We defer this SSL_free until after the call to qctx_unlock above 4688 * to avoid the deadlock that would occur when ossl_quic_free attempts to 4689 * re-acquire this mutex. We also do the gymnastics with conn_ssl and 4690 * conn_ssl_tmp above so that we only actually do the free on the SSL 4691 * object if the up-ref above fails, in such a way that we don't unbalance 4692 * the listener refcount (i.e. if the up-ref fails above, we don't set the 4693 * listener pointer so that we don't then drop the ref-count erroneously 4694 * during the free operation. 4695 */ 4696 SSL_free(conn_ssl_tmp); 4697 return conn_ssl; 4698 } 4699 4700 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch) 4701 { 4702 QUIC_CONNECTION *qc = NULL; 4703 4704 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) { 4705 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4706 goto err; 4707 } 4708 4709 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx, 4710 SSL_TYPE_QUIC_CONNECTION, 4711 &ql->obj.ssl, NULL, NULL)) { 4712 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4713 goto err; 4714 } 4715 4716 ossl_quic_channel_get_peer_addr(ch, &qc->init_peer_addr); /* best effort */ 4717 qc->pending = 1; 4718 qc->engine = ql->engine; 4719 qc->port = ql->port; 4720 qc->ch = ch; 4721 #if defined(OPENSSL_THREADS) 4722 qc->mutex = ql->mutex; 4723 #endif 4724 qc->tls = ossl_quic_channel_get0_tls(ch); 4725 qc->started = 1; 4726 qc->as_server = 1; 4727 qc->as_server_state = 1; 4728 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 4729 qc->default_ssl_options = ql->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 4730 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 4731 qc->last_error = SSL_ERROR_NONE; 4732 qc_update_reject_policy(qc); 4733 return qc; 4734 4735 err: 4736 OPENSSL_free(qc); 4737 return NULL; 4738 } 4739 4740 DEFINE_LHASH_OF_EX(QUIC_TOKEN); 4741 4742 struct ssl_token_store_st { 4743 LHASH_OF(QUIC_TOKEN) *cache; 4744 CRYPTO_REF_COUNT references; 4745 CRYPTO_MUTEX *mutex; 4746 }; 4747 4748 static unsigned long quic_token_hash(const QUIC_TOKEN *item) 4749 { 4750 return (unsigned long)ossl_fnv1a_hash(item->hashkey, item->hashkey_len); 4751 } 4752 4753 static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b) 4754 { 4755 if (a->hashkey_len != b->hashkey_len) 4756 return 1; 4757 return memcmp(a->hashkey, b->hashkey, a->hashkey_len); 4758 } 4759 4760 SSL_TOKEN_STORE *ossl_quic_new_token_store(void) 4761 { 4762 int ok = 0; 4763 SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE)); 4764 4765 if (newcache == NULL) 4766 goto out; 4767 4768 newcache->cache = lh_QUIC_TOKEN_new(quic_token_hash, quic_token_cmp); 4769 if (newcache->cache == NULL) 4770 goto out; 4771 4772 #if defined(OPENSSL_THREADS) 4773 if ((newcache->mutex = ossl_crypto_mutex_new()) == NULL) 4774 goto out; 4775 #endif 4776 4777 if (!CRYPTO_NEW_REF(&newcache->references, 1)) 4778 goto out; 4779 4780 ok = 1; 4781 out: 4782 if (!ok) { 4783 ossl_quic_free_token_store(newcache); 4784 newcache = NULL; 4785 } 4786 return newcache; 4787 } 4788 4789 static void free_this_token(QUIC_TOKEN *tok) 4790 { 4791 ossl_quic_free_peer_token(tok); 4792 } 4793 4794 void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl) 4795 { 4796 int refs; 4797 4798 if (hdl == NULL) 4799 return; 4800 4801 if (!CRYPTO_DOWN_REF(&hdl->references, &refs)) 4802 return; 4803 4804 if (refs > 0) 4805 return; 4806 4807 /* last reference, we can clean up */ 4808 ossl_crypto_mutex_free(&hdl->mutex); 4809 lh_QUIC_TOKEN_doall(hdl->cache, free_this_token); 4810 lh_QUIC_TOKEN_free(hdl->cache); 4811 CRYPTO_FREE_REF(&hdl->references); 4812 OPENSSL_free(hdl); 4813 return; 4814 } 4815 4816 /** 4817 * @brief build a new QUIC_TOKEN 4818 * 4819 * This function creates a new token storage structure for saving in our 4820 * tokencache 4821 * 4822 * In an effort to make allocation and freeing of these tokens a bit faster 4823 * We do them in a single allocation in this format 4824 * +---------------+ --\ 4825 * | hashkey * |---| | 4826 * | hashkey_len | | | QUIC_TOKEN 4827 * | token * |---|--| | 4828 * | token_len | | | | 4829 * +---------------+<--| | --/ 4830 * | hashkey buf | | 4831 * | | | 4832 * |---------------|<-----| 4833 * | token buf | 4834 * | | 4835 * +---------------+ 4836 * 4837 * @param peer - the peer address that sent the token 4838 * @param token - the buffer holding the token 4839 * @param token_len - the size of token 4840 * 4841 * @returns a QUIC_TOKEN pointer or NULL on error 4842 */ 4843 static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token, 4844 size_t token_len) 4845 { 4846 QUIC_TOKEN *new_token; 4847 size_t hashkey_len = 0; 4848 size_t addr_len = 0; 4849 int family; 4850 unsigned short port; 4851 int *famptr; 4852 unsigned short *portptr; 4853 uint8_t *addrptr; 4854 4855 if ((token != NULL && token_len == 0) || (token == NULL && token_len != 0)) 4856 return NULL; 4857 4858 if (!BIO_ADDR_rawaddress(peer, NULL, &addr_len)) 4859 return NULL; 4860 family = BIO_ADDR_family(peer); 4861 port = BIO_ADDR_rawport(peer); 4862 4863 hashkey_len += sizeof(int); /* hashkey(family) */ 4864 hashkey_len += sizeof(unsigned short); /* hashkey(port) */ 4865 hashkey_len += addr_len; /* hashkey(address) */ 4866 4867 new_token = OPENSSL_zalloc(sizeof(QUIC_TOKEN) + hashkey_len + token_len); 4868 if (new_token == NULL) 4869 return NULL; 4870 4871 if (!CRYPTO_NEW_REF(&new_token->references, 1)) { 4872 OPENSSL_free(new_token); 4873 return NULL; 4874 } 4875 4876 new_token->hashkey_len = hashkey_len; 4877 /* hashkey is allocated inline, immediately after the QUIC_TOKEN struct */ 4878 new_token->hashkey = (uint8_t *)(new_token + 1); 4879 /* token buffer follows the hashkey in the inline allocation */ 4880 new_token->token = new_token->hashkey + hashkey_len; 4881 new_token->token_len = token_len; 4882 famptr = (int *)new_token->hashkey; 4883 portptr = (unsigned short *)(famptr + 1); 4884 addrptr = (uint8_t *)(portptr + 1); 4885 *famptr = family; 4886 *portptr = port; 4887 if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) { 4888 ossl_quic_free_peer_token(new_token); 4889 return NULL; 4890 } 4891 if (token != NULL) 4892 memcpy(new_token->token, token, token_len); 4893 return new_token; 4894 } 4895 4896 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer, 4897 const uint8_t *token, size_t token_len) 4898 { 4899 SSL_TOKEN_STORE *c = ctx->tokencache; 4900 QUIC_TOKEN *tok, *old = NULL; 4901 4902 if (ctx->tokencache == NULL) 4903 return 0; 4904 4905 tok = ossl_quic_build_new_token(peer, (uint8_t *)token, token_len); 4906 if (tok == NULL) 4907 return 0; 4908 4909 /* we might be sharing this cache, lock it */ 4910 ossl_crypto_mutex_lock(c->mutex); 4911 4912 old = lh_QUIC_TOKEN_retrieve(c->cache, tok); 4913 if (old != NULL) { 4914 lh_QUIC_TOKEN_delete(c->cache, old); 4915 ossl_quic_free_peer_token(old); 4916 } 4917 lh_QUIC_TOKEN_insert(c->cache, tok); 4918 4919 ossl_crypto_mutex_unlock(c->mutex); 4920 return 1; 4921 } 4922 4923 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer, 4924 QUIC_TOKEN **token) 4925 { 4926 SSL_TOKEN_STORE *c = ctx->tokencache; 4927 QUIC_TOKEN *key = NULL; 4928 QUIC_TOKEN *tok = NULL; 4929 int ret; 4930 int rc = 0; 4931 4932 if (c == NULL) 4933 return 0; 4934 4935 key = ossl_quic_build_new_token(peer, NULL, 0); 4936 if (key == NULL) 4937 return 0; 4938 4939 ossl_crypto_mutex_lock(c->mutex); 4940 tok = lh_QUIC_TOKEN_retrieve(c->cache, key); 4941 if (tok != NULL) { 4942 *token = tok; 4943 CRYPTO_UP_REF(&tok->references, &ret); 4944 rc = 1; 4945 } 4946 4947 ossl_crypto_mutex_unlock(c->mutex); 4948 ossl_quic_free_peer_token(key); 4949 return rc; 4950 } 4951 4952 void ossl_quic_free_peer_token(QUIC_TOKEN *token) 4953 { 4954 int refs = 0; 4955 4956 if (!CRYPTO_DOWN_REF(&token->references, &refs)) 4957 return; 4958 4959 if (refs > 0) 4960 return; 4961 4962 CRYPTO_FREE_REF(&token->references); 4963 OPENSSL_free(token); 4964 } 4965 4966 /* 4967 * SSL_get_accept_connection_queue_len 4968 * ----------------------------------- 4969 */ 4970 QUIC_TAKES_LOCK 4971 size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl) 4972 { 4973 QCTX ctx; 4974 int ret; 4975 4976 if (!expect_quic_listener(ssl, &ctx)) 4977 return 0; 4978 4979 qctx_lock(&ctx); 4980 4981 ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port); 4982 4983 qctx_unlock(&ctx); 4984 return ret; 4985 } 4986 4987 /* 4988 * QUIC Front-End I/O API: Domains 4989 * =============================== 4990 */ 4991 4992 /* 4993 * SSL_new_domain 4994 * -------------- 4995 */ 4996 SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags) 4997 { 4998 QUIC_DOMAIN *qd = NULL; 4999 QUIC_ENGINE_ARGS engine_args = { 0 }; 5000 uint64_t domain_flags; 5001 5002 domain_flags = ctx->domain_flags; 5003 if ((flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD | SSL_DOMAIN_FLAG_MULTI_THREAD | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0) 5004 domain_flags = flags; 5005 else 5006 domain_flags = ctx->domain_flags | flags; 5007 5008 if (!ossl_adjust_domain_flags(domain_flags, &domain_flags)) 5009 return NULL; 5010 5011 if ((qd = OPENSSL_zalloc(sizeof(*qd))) == NULL) { 5012 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 5013 return NULL; 5014 } 5015 5016 #if defined(OPENSSL_THREADS) 5017 if ((qd->mutex = ossl_crypto_mutex_new()) == NULL) { 5018 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 5019 goto err; 5020 } 5021 #endif 5022 5023 engine_args.libctx = ctx->libctx; 5024 engine_args.propq = ctx->propq; 5025 #if defined(OPENSSL_THREADS) 5026 engine_args.mutex = qd->mutex; 5027 #endif 5028 5029 if (need_notifier_for_domain_flags(domain_flags)) 5030 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 5031 5032 if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) { 5033 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 5034 goto err; 5035 } 5036 5037 /* Initialise the QUIC_DOMAIN's object header. */ 5038 if (!ossl_quic_obj_init(&qd->obj, ctx, SSL_TYPE_QUIC_DOMAIN, NULL, 5039 qd->engine, NULL)) 5040 goto err; 5041 5042 ossl_quic_obj_set_domain_flags(&qd->obj, domain_flags); 5043 return &qd->obj.ssl; 5044 5045 err: 5046 ossl_quic_engine_free(qd->engine); 5047 #if defined(OPENSSL_THREADS) 5048 ossl_crypto_mutex_free(&qd->mutex); 5049 #endif 5050 OPENSSL_free(qd); 5051 return NULL; 5052 } 5053 5054 /* 5055 * QUIC Front-End I/O API: SSL_CTX Management 5056 * ========================================== 5057 */ 5058 5059 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 5060 { 5061 switch (cmd) { 5062 default: 5063 return ssl3_ctx_ctrl(ctx, cmd, larg, parg); 5064 } 5065 } 5066 5067 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 5068 { 5069 QCTX ctx; 5070 5071 if (!expect_quic_conn_only(s, &ctx)) 5072 return 0; 5073 5074 switch (cmd) { 5075 case SSL_CTRL_SET_MSG_CALLBACK: 5076 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp, 5077 &ctx.qc->obj.ssl); 5078 /* This callback also needs to be set on the internal SSL object */ 5079 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp); 5080 ; 5081 5082 default: 5083 /* Probably a TLS related ctrl. Defer to our internal SSL object */ 5084 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp); 5085 } 5086 } 5087 5088 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 5089 { 5090 return ssl3_ctx_callback_ctrl(ctx, cmd, fp); 5091 } 5092 5093 int ossl_quic_renegotiate_check(SSL *ssl, int initok) 5094 { 5095 /* We never do renegotiation. */ 5096 return 0; 5097 } 5098 5099 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) 5100 { 5101 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); 5102 5103 if (ciph == NULL) 5104 return NULL; 5105 if ((ciph->algorithm2 & SSL_QUIC) == 0) 5106 return NULL; 5107 5108 return ciph; 5109 } 5110 5111 /* 5112 * These functions define the TLSv1.2 (and below) ciphers that are supported by 5113 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any. 5114 */ 5115 5116 int ossl_quic_num_ciphers(void) 5117 { 5118 return 0; 5119 } 5120 5121 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u) 5122 { 5123 return NULL; 5124 } 5125 5126 /* 5127 * SSL_get_shutdown() 5128 * ------------------ 5129 */ 5130 int ossl_quic_get_shutdown(const SSL *s) 5131 { 5132 QCTX ctx; 5133 int shut = 0; 5134 5135 if (!expect_quic_conn_only(s, &ctx)) 5136 return 0; 5137 5138 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) { 5139 shut |= SSL_SENT_SHUTDOWN; 5140 if (!ossl_quic_channel_is_closing(ctx.qc->ch)) 5141 shut |= SSL_RECEIVED_SHUTDOWN; 5142 } 5143 5144 return shut; 5145 } 5146 5147 /* 5148 * QUIC Polling Support APIs 5149 * ========================= 5150 */ 5151 5152 /* Do we have the R (read) condition? */ 5153 QUIC_NEEDS_LOCK 5154 static int test_poll_event_r(QUIC_XSO *xso) 5155 { 5156 int fin = 0; 5157 size_t avail = 0; 5158 5159 /* 5160 * If a stream has had the fin bit set on the last packet 5161 * received, then we need to return a 1 here to raise 5162 * SSL_POLL_EVENT_R, so that the stream can have its completion 5163 * detected and closed gracefully by an application. 5164 * However, if the client reads the data via SSL_read[_ex], that api 5165 * provides no stream status, and as a result the stream state moves to 5166 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which 5167 * stored the fin state, so its not directly know-able here. Instead 5168 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which 5169 * is only set if the last stream frame received had the fin bit set, and 5170 * the client read the data. This catches our poll/read/poll case 5171 */ 5172 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ) 5173 return 1; 5174 5175 return ossl_quic_stream_has_recv_buffer(xso->stream) 5176 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin) 5177 && (avail > 0 || (fin && !xso->retired_fin)); 5178 } 5179 5180 /* Do we have the ER (exception: read) condition? */ 5181 QUIC_NEEDS_LOCK 5182 static int test_poll_event_er(QUIC_XSO *xso) 5183 { 5184 return ossl_quic_stream_has_recv(xso->stream) 5185 && ossl_quic_stream_recv_is_reset(xso->stream) 5186 && !xso->retired_fin; 5187 } 5188 5189 /* Do we have the W (write) condition? */ 5190 QUIC_NEEDS_LOCK 5191 static int test_poll_event_w(QUIC_XSO *xso) 5192 { 5193 return !xso->conn->shutting_down 5194 && ossl_quic_stream_has_send_buffer(xso->stream) 5195 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream) 5196 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL) 5197 && ossl_quic_txfc_get_cwm(&xso->stream->txfc) 5198 > ossl_quic_sstream_get_cur_size(xso->stream->sstream) 5199 && quic_mutation_allowed(xso->conn, /*req_active=*/1); 5200 } 5201 5202 /* Do we have the EW (exception: write) condition? */ 5203 QUIC_NEEDS_LOCK 5204 static int test_poll_event_ew(QUIC_XSO *xso) 5205 { 5206 return ossl_quic_stream_has_send(xso->stream) 5207 && xso->stream->peer_stop_sending 5208 && !xso->requested_reset 5209 && !xso->conn->shutting_down; 5210 } 5211 5212 /* Do we have the EC (exception: connection) condition? */ 5213 QUIC_NEEDS_LOCK 5214 static int test_poll_event_ec(QUIC_CONNECTION *qc) 5215 { 5216 return ossl_quic_channel_is_term_any(qc->ch); 5217 } 5218 5219 /* Do we have the ECD (exception: connection drained) condition? */ 5220 QUIC_NEEDS_LOCK 5221 static int test_poll_event_ecd(QUIC_CONNECTION *qc) 5222 { 5223 return ossl_quic_channel_is_terminated(qc->ch); 5224 } 5225 5226 /* Do we have the IS (incoming: stream) condition? */ 5227 QUIC_NEEDS_LOCK 5228 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni) 5229 { 5230 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch), 5231 is_uni); 5232 } 5233 5234 /* Do we have the OS (outgoing: stream) condition? */ 5235 QUIC_NEEDS_LOCK 5236 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni) 5237 { 5238 /* Is it currently possible for us to make an outgoing stream? */ 5239 return quic_mutation_allowed(qc, /*req_active=*/1) 5240 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0; 5241 } 5242 5243 /* Do we have the EL (exception: listener) condition? */ 5244 QUIC_NEEDS_LOCK 5245 static int test_poll_event_el(QUIC_LISTENER *ql) 5246 { 5247 return !ossl_quic_port_is_running(ql->port); 5248 } 5249 5250 /* Do we have the IC (incoming: connection) condition? */ 5251 QUIC_NEEDS_LOCK 5252 static int test_poll_event_ic(QUIC_LISTENER *ql) 5253 { 5254 return ossl_quic_port_get_num_incoming_channels(ql->port) > 0; 5255 } 5256 5257 QUIC_TAKES_LOCK 5258 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, 5259 uint64_t *p_revents) 5260 { 5261 QCTX ctx; 5262 uint64_t revents = 0; 5263 5264 if (!expect_quic_csl(ssl, &ctx)) 5265 return 0; 5266 5267 qctx_lock(&ctx); 5268 5269 if (ctx.qc != NULL && !ctx.qc->started) { 5270 /* We can only try to write on non-started connection. */ 5271 if ((events & SSL_POLL_EVENT_W) != 0) 5272 revents |= SSL_POLL_EVENT_W; 5273 goto end; 5274 } 5275 5276 if (do_tick) 5277 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0); 5278 5279 if (ctx.xso != NULL) { 5280 /* SSL object has a stream component. */ 5281 5282 if ((events & SSL_POLL_EVENT_R) != 0 5283 && test_poll_event_r(ctx.xso)) 5284 revents |= SSL_POLL_EVENT_R; 5285 5286 if ((events & SSL_POLL_EVENT_ER) != 0 5287 && test_poll_event_er(ctx.xso)) 5288 revents |= SSL_POLL_EVENT_ER; 5289 5290 if ((events & SSL_POLL_EVENT_W) != 0 5291 && test_poll_event_w(ctx.xso)) 5292 revents |= SSL_POLL_EVENT_W; 5293 5294 if ((events & SSL_POLL_EVENT_EW) != 0 5295 && test_poll_event_ew(ctx.xso)) 5296 revents |= SSL_POLL_EVENT_EW; 5297 } 5298 5299 if (ctx.qc != NULL && !ctx.is_stream) { 5300 if ((events & SSL_POLL_EVENT_EC) != 0 5301 && test_poll_event_ec(ctx.qc)) 5302 revents |= SSL_POLL_EVENT_EC; 5303 5304 if ((events & SSL_POLL_EVENT_ECD) != 0 5305 && test_poll_event_ecd(ctx.qc)) 5306 revents |= SSL_POLL_EVENT_ECD; 5307 5308 if ((events & SSL_POLL_EVENT_ISB) != 0 5309 && test_poll_event_is(ctx.qc, /*uni=*/0)) 5310 revents |= SSL_POLL_EVENT_ISB; 5311 5312 if ((events & SSL_POLL_EVENT_ISU) != 0 5313 && test_poll_event_is(ctx.qc, /*uni=*/1)) 5314 revents |= SSL_POLL_EVENT_ISU; 5315 5316 if ((events & SSL_POLL_EVENT_OSB) != 0 5317 && test_poll_event_os(ctx.qc, /*uni=*/0)) 5318 revents |= SSL_POLL_EVENT_OSB; 5319 5320 if ((events & SSL_POLL_EVENT_OSU) != 0 5321 && test_poll_event_os(ctx.qc, /*uni=*/1)) 5322 revents |= SSL_POLL_EVENT_OSU; 5323 } 5324 5325 if (ctx.is_listener) { 5326 if ((events & SSL_POLL_EVENT_EL) != 0 5327 && test_poll_event_el(ctx.ql)) 5328 revents |= SSL_POLL_EVENT_EL; 5329 5330 if ((events & SSL_POLL_EVENT_IC) != 0 5331 && test_poll_event_ic(ctx.ql)) 5332 revents |= SSL_POLL_EVENT_IC; 5333 } 5334 5335 end: 5336 qctx_unlock(&ctx); 5337 *p_revents = revents; 5338 return 1; 5339 } 5340 5341 QUIC_TAKES_LOCK 5342 int ossl_quic_get_notifier_fd(SSL *ssl) 5343 { 5344 QCTX ctx; 5345 QUIC_REACTOR *rtor; 5346 RIO_NOTIFIER *nfy; 5347 int nfd = -1; 5348 5349 if (!expect_quic_any(ssl, &ctx)) 5350 return -1; 5351 5352 qctx_lock(&ctx); 5353 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5354 nfy = ossl_quic_reactor_get0_notifier(rtor); 5355 if (nfy == NULL) 5356 goto end; 5357 nfd = ossl_rio_notifier_as_fd(nfy); 5358 5359 end: 5360 qctx_unlock(&ctx); 5361 return nfd; 5362 } 5363 5364 QUIC_TAKES_LOCK 5365 void ossl_quic_enter_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx) 5366 { 5367 QCTX ctx; 5368 QUIC_REACTOR *rtor; 5369 5370 if (!expect_quic_any(ssl, &ctx)) 5371 return; 5372 5373 qctx_lock(&ctx); 5374 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5375 ossl_quic_reactor_wait_ctx_enter(wctx, rtor); 5376 qctx_unlock(&ctx); 5377 } 5378 5379 QUIC_TAKES_LOCK 5380 void ossl_quic_leave_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx) 5381 { 5382 QCTX ctx; 5383 QUIC_REACTOR *rtor; 5384 5385 if (!expect_quic_any(ssl, &ctx)) 5386 return; 5387 5388 qctx_lock(&ctx); 5389 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5390 ossl_quic_reactor_wait_ctx_leave(wctx, rtor); 5391 qctx_unlock(&ctx); 5392 } 5393 5394 /* 5395 * Internal Testing APIs 5396 * ===================== 5397 */ 5398 5399 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s) 5400 { 5401 QCTX ctx; 5402 5403 if (!expect_quic_conn_only(s, &ctx)) 5404 return NULL; 5405 5406 return ctx.qc->ch; 5407 } 5408 5409 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title) 5410 { 5411 #ifndef OPENSSL_NO_QLOG 5412 OPENSSL_free(ctx->qlog_title); 5413 ctx->qlog_title = NULL; 5414 5415 if (title == NULL) 5416 return 1; 5417 5418 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL) 5419 return 0; 5420 #endif 5421 5422 return 1; 5423 } 5424