1 /*
2 * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/hashfunc.h"
16 #include "internal/ssl_unwrap.h"
17 #include "internal/quic_tls.h"
18 #include "internal/quic_rx_depack.h"
19 #include "internal/quic_error.h"
20 #include "internal/quic_engine.h"
21 #include "internal/quic_port.h"
22 #include "internal/quic_reactor_wait_ctx.h"
23 #include "internal/time.h"
24
25 typedef struct qctx_st QCTX;
26
27 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock);
28 static void aon_write_finish(QUIC_XSO *xso);
29 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx);
30 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
31 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch);
32 static int qc_try_create_default_xso_for_write(QCTX *ctx);
33 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
34 static void qctx_lock(QCTX *qctx);
35 static void qctx_unlock(QCTX *qctx);
36 static void qctx_lock_for_io(QCTX *ctx);
37 static int quic_do_handshake(QCTX *ctx);
38 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
39 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
40 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
41 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
42 int touch, QUIC_XSO **old_xso);
43 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
44 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
45 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
46 static void qctx_maybe_autotick(QCTX *ctx);
47 static int qctx_should_autotick(QCTX *ctx);
48
49 /*
50 * QCTX is a utility structure which provides information we commonly wish to
51 * unwrap upon an API call being dispatched to us, namely:
52 *
53 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
54 * was passed);
55 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
56 * a QCSO with a default stream was passed);
57 * - whether a QSSO was passed (xso == NULL must not be used to determine this
58 * because it may be non-NULL when a QCSO is passed if that QCSO has a
59 * default stream);
60 * - a pointer to a QUIC_LISTENER object, if one is relevant;
61 * - whether we are in "I/O context", meaning that non-normal errors can
62 * be reported via SSL_get_error() as well as via ERR. Functions such as
63 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
64 * functions which are allowed to change the value returned by
65 * SSL_get_error. However, other functions (including functions which call
66 * SSL_do_handshake() implicitly) are not allowed to change the return value
67 * of SSL_get_error.
68 */
69 struct qctx_st {
70 QUIC_OBJ *obj;
71 QUIC_DOMAIN *qd;
72 QUIC_LISTENER *ql;
73 QUIC_CONNECTION *qc;
74 QUIC_XSO *xso;
75 int is_stream, is_listener, is_domain, in_io;
76 };
77
78 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)79 static void quic_set_last_error(QCTX *ctx, int last_error)
80 {
81 if (!ctx->in_io)
82 return;
83
84 if (ctx->is_stream && ctx->xso != NULL)
85 ctx->xso->last_error = last_error;
86 else if (!ctx->is_stream && ctx->qc != NULL)
87 ctx->qc->last_error = last_error;
88 }
89
90 /*
91 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
92 * rather than via ERR. Note that normal errors must always be raised while
93 * holding a lock.
94 */
95 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)96 static int quic_raise_normal_error(QCTX *ctx,
97 int err)
98 {
99 assert(ctx->in_io);
100 quic_set_last_error(ctx, err);
101
102 return 0;
103 }
104
105 /*
106 * Raise a 'non-normal' error, meaning any error that is not reported via
107 * SSL_get_error() and must be reported via ERR.
108 *
109 * qc should be provided if available. In exceptional circumstances when qc is
110 * not known NULL may be passed. This should generally only happen when an
111 * expect_...() function defined below fails, which generally indicates a
112 * dispatch error or caller error.
113 *
114 * ctx should be NULL if the connection lock is not held.
115 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)116 static int quic_raise_non_normal_error(QCTX *ctx,
117 const char *file,
118 int line,
119 const char *func,
120 int reason,
121 const char *fmt,
122 ...)
123 {
124 va_list args;
125
126 if (ctx != NULL) {
127 quic_set_last_error(ctx, SSL_ERROR_SSL);
128
129 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
130 ossl_quic_channel_restore_err_state(ctx->qc->ch);
131 }
132
133 ERR_new();
134 ERR_set_debug(file, line, func);
135
136 va_start(args, fmt);
137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
138 va_end(args);
139
140 return 0;
141 }
142
143 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
144 quic_raise_normal_error((ctx), (err))
145
146 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
147 quic_raise_non_normal_error((ctx), \
148 OPENSSL_FILE, OPENSSL_LINE, \
149 OPENSSL_FUNC, \
150 (reason), \
151 (msg))
152 /*
153 * Flags for expect_quic_as:
154 *
155 * QCTX_C
156 * The input SSL object may be a QCSO.
157 *
158 * QCTX_S
159 * The input SSL object may be a QSSO or a QCSO with a default stream
160 * attached.
161 *
162 * (Note this means there is no current way to require an SSL object with a
163 * QUIC stream which is not a QCSO; a QCSO with a default stream attached
164 * is always considered to satisfy QCTX_S.)
165 *
166 * QCTX_AUTO_S
167 * The input SSL object may be a QSSO or a QCSO with a default stream
168 * attached. If no default stream is currently attached to a QCSO,
169 * one may be auto-created if possible.
170 *
171 * If QCTX_REMOTE_INIT is set, an auto-created default XSO is
172 * initiated by the remote party (i.e., local party reads first).
173 *
174 * If it is not set, an auto-created default XSO is
175 * initiated by the local party (i.e., local party writes first).
176 *
177 * QCTX_L
178 * The input SSL object may be a QLSO.
179 *
180 * QCTX_LOCK
181 * If and only if the function returns successfully, the ctx
182 * is guaranteed to be locked.
183 *
184 * QCTX_IO
185 * Begin an I/O context. If not set, begins a non-I/O context.
186 * This determines whether SSL_get_error() is updated; the value it returns
187 * is modified only by an I/O call.
188 *
189 * QCTX_NO_ERROR
190 * Don't raise an error if the object type is wrong. Should not be used in
191 * conjunction with any flags that may raise errors not related to a wrong
192 * object type.
193 */
194 #define QCTX_C (1U << 0)
195 #define QCTX_S (1U << 1)
196 #define QCTX_L (1U << 2)
197 #define QCTX_AUTO_S (1U << 3)
198 #define QCTX_REMOTE_INIT (1U << 4)
199 #define QCTX_LOCK (1U << 5)
200 #define QCTX_IO (1U << 6)
201 #define QCTX_D (1U << 7)
202 #define QCTX_NO_ERROR (1U << 8)
203
204 /*
205 * Called when expect_quic failed. Used to diagnose why such a call failed and
206 * raise a reasonable error code based on the configured preconditions in flags.
207 */
wrong_type(const SSL * s,uint32_t flags)208 static int wrong_type(const SSL *s, uint32_t flags)
209 {
210 const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D;
211 int code = ERR_R_UNSUPPORTED;
212
213 if ((flags & QCTX_NO_ERROR) != 0)
214 return 1;
215 else if ((flags & mask) == QCTX_D)
216 code = SSL_R_DOMAIN_USE_ONLY;
217 else if ((flags & mask) == QCTX_L)
218 code = SSL_R_LISTENER_USE_ONLY;
219 else if ((flags & mask) == QCTX_C)
220 code = SSL_R_CONN_USE_ONLY;
221 else if ((flags & mask) == QCTX_S
222 || (flags & mask) == (QCTX_C | QCTX_S))
223 code = SSL_R_NO_STREAM;
224
225 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, code, NULL);
226 }
227
228 /*
229 * Given a QDSO, QCSO, QSSO or QLSO, initialises a QCTX, determining the
230 * contextually applicable QUIC_LISTENER, QUIC_CONNECTION and QUIC_XSO
231 * pointers.
232 *
233 * After this returns 1, all fields of the passed QCTX are initialised.
234 * Returns 0 on failure. This function is intended to be used to provide API
235 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure
236 * unless the QCTX_NO_ERROR flag is set.
237 *
238 * The flags argument controls the preconditions and postconditions of this
239 * function. See above for the different flags.
240 *
241 * The fields of a QCTX are initialised as follows depending on the identity of
242 * the SSL object, and assuming the preconditions demanded by the flags field as
243 * described above are met:
244 *
245 * QDSO QLSO QCSO QSSO
246 * qd non-NULL maybe maybe maybe
247 * ql NULL non-NULL maybe maybe
248 * qc NULL NULL non-NULL non-NULL
249 * xso NULL NULL maybe non-NULL
250 * is_stream 0 0 0 1
251 * is_listener 0 1 0 0
252 * is_domain 1 0 0 0
253 *
254 */
expect_quic_as(const SSL * s,QCTX * ctx,uint32_t flags)255 static int expect_quic_as(const SSL *s, QCTX *ctx, uint32_t flags)
256 {
257 int ok = 0, locked = 0, lock_requested = ((flags & QCTX_LOCK) != 0);
258 QUIC_DOMAIN *qd;
259 QUIC_LISTENER *ql;
260 QUIC_CONNECTION *qc;
261 QUIC_XSO *xso;
262
263 if ((flags & QCTX_AUTO_S) != 0)
264 flags |= QCTX_S;
265
266 ctx->obj = NULL;
267 ctx->qd = NULL;
268 ctx->ql = NULL;
269 ctx->qc = NULL;
270 ctx->xso = NULL;
271 ctx->is_stream = 0;
272 ctx->is_listener = 0;
273 ctx->is_domain = 0;
274 ctx->in_io = ((flags & QCTX_IO) != 0);
275
276 if (s == NULL) {
277 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
278 goto err;
279 }
280
281 switch (s->type) {
282 case SSL_TYPE_QUIC_DOMAIN:
283 if ((flags & QCTX_D) == 0) {
284 wrong_type(s, flags);
285 goto err;
286 }
287
288 qd = (QUIC_DOMAIN *)s;
289 ctx->obj = &qd->obj;
290 ctx->qd = qd;
291 ctx->is_domain = 1;
292 break;
293
294 case SSL_TYPE_QUIC_LISTENER:
295 if ((flags & QCTX_L) == 0) {
296 wrong_type(s, flags);
297 goto err;
298 }
299
300 ql = (QUIC_LISTENER *)s;
301 ctx->obj = &ql->obj;
302 ctx->qd = ql->domain;
303 ctx->ql = ql;
304 ctx->is_listener = 1;
305 break;
306
307 case SSL_TYPE_QUIC_CONNECTION:
308 qc = (QUIC_CONNECTION *)s;
309 ctx->obj = &qc->obj;
310 ctx->qd = qc->domain;
311 ctx->ql = qc->listener; /* never changes, so can be read without lock */
312 ctx->qc = qc;
313
314 if ((flags & QCTX_AUTO_S) != 0) {
315 if ((flags & QCTX_IO) != 0)
316 qctx_lock_for_io(ctx);
317 else
318 qctx_lock(ctx);
319
320 locked = 1;
321 }
322
323 if ((flags & QCTX_AUTO_S) != 0 && qc->default_xso == NULL) {
324 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
326 goto err;
327 }
328
329 /* If we haven't finished the handshake, try to advance it. */
330 if (quic_do_handshake(ctx) < 1)
331 /* ossl_quic_do_handshake raised error here */
332 goto err;
333
334 if ((flags & QCTX_REMOTE_INIT) != 0) {
335 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
336 goto err;
337 } else {
338 if (!qc_try_create_default_xso_for_write(ctx))
339 goto err;
340 }
341 }
342
343 if ((flags & QCTX_C) == 0
344 && (qc->default_xso == NULL || (flags & QCTX_S) == 0)) {
345 wrong_type(s, flags);
346 goto err;
347 }
348
349 ctx->xso = qc->default_xso;
350 break;
351
352 case SSL_TYPE_QUIC_XSO:
353 if ((flags & QCTX_S) == 0) {
354 wrong_type(s, flags);
355 goto err;
356 }
357
358 xso = (QUIC_XSO *)s;
359 ctx->obj = &xso->obj;
360 ctx->qd = xso->conn->domain;
361 ctx->ql = xso->conn->listener;
362 ctx->qc = xso->conn;
363 ctx->xso = xso;
364 ctx->is_stream = 1;
365 break;
366
367 default:
368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
369 goto err;
370 }
371
372 if (lock_requested && !locked) {
373 if ((flags & QCTX_IO) != 0)
374 qctx_lock_for_io(ctx);
375 else
376 qctx_lock(ctx);
377
378 locked = 1;
379 }
380
381 ok = 1;
382 err:
383 if (locked && (!ok || !lock_requested))
384 qctx_unlock(ctx);
385
386 return ok;
387 }
388
is_quic_c(const SSL * s,QCTX * ctx,int raiseerrs)389 static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs)
390 {
391 uint32_t flags = QCTX_C;
392
393 if (!raiseerrs)
394 flags |= QCTX_NO_ERROR;
395 return expect_quic_as(s, ctx, flags);
396 }
397
398 /* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */
is_quic_cs(const SSL * s,QCTX * ctx,int raiseerrs)399 static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs)
400 {
401 uint32_t flags = QCTX_C | QCTX_S;
402
403 if (!raiseerrs)
404 flags |= QCTX_NO_ERROR;
405 return expect_quic_as(s, ctx, flags);
406 }
407
expect_quic_cs(const SSL * s,QCTX * ctx)408 static int expect_quic_cs(const SSL *s, QCTX *ctx)
409 {
410 return expect_quic_as(s, ctx, QCTX_C | QCTX_S);
411 }
412
expect_quic_csl(const SSL * s,QCTX * ctx)413 static int expect_quic_csl(const SSL *s, QCTX *ctx)
414 {
415 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L);
416 }
417
expect_quic_csld(const SSL * s,QCTX * ctx)418 static int expect_quic_csld(const SSL *s, QCTX *ctx)
419 {
420 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L | QCTX_D);
421 }
422
423 #define expect_quic_any expect_quic_csld
424
expect_quic_listener(const SSL * s,QCTX * ctx)425 static int expect_quic_listener(const SSL *s, QCTX *ctx)
426 {
427 return expect_quic_as(s, ctx, QCTX_L);
428 }
429
expect_quic_domain(const SSL * s,QCTX * ctx)430 static int expect_quic_domain(const SSL *s, QCTX *ctx)
431 {
432 return expect_quic_as(s, ctx, QCTX_D);
433 }
434
435 /*
436 * Like expect_quic_cs(), but requires a QUIC_XSO be contextually available. In
437 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
438 * stream.
439 *
440 * remote_init determines if we expect the default XSO to be remotely created or
441 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
442 *
443 * Channel mutex is acquired and retained on success.
444 */
445 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)446 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
447 int in_io, QCTX *ctx)
448 {
449 uint32_t flags = QCTX_S | QCTX_LOCK;
450
451 if (remote_init >= 0)
452 flags |= QCTX_AUTO_S;
453
454 if (remote_init > 0)
455 flags |= QCTX_REMOTE_INIT;
456
457 if (in_io)
458 flags |= QCTX_IO;
459
460 return expect_quic_as(s, ctx, flags);
461 }
462
463 /*
464 * Like expect_quic_cs(), but fails if called on a QUIC_XSO. ctx->xso may still
465 * be non-NULL if the QCSO has a default stream.
466 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)467 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
468 {
469 return expect_quic_as(s, ctx, QCTX_C);
470 }
471
472 /*
473 * Ensures that the domain mutex is held for a method which touches channel
474 * state.
475 *
476 * Precondition: Domain mutex is not held (unchecked)
477 */
qctx_lock(QCTX * ctx)478 static void qctx_lock(QCTX *ctx)
479 {
480 #if defined(OPENSSL_THREADS)
481 assert(ctx->obj != NULL);
482 ossl_crypto_mutex_lock(ossl_quic_obj_get0_mutex(ctx->obj));
483 #endif
484 }
485
486 /* Precondition: Channel mutex is held (unchecked) */
487 QUIC_NEEDS_LOCK
qctx_unlock(QCTX * ctx)488 static void qctx_unlock(QCTX *ctx)
489 {
490 #if defined(OPENSSL_THREADS)
491 assert(ctx->obj != NULL);
492 ossl_crypto_mutex_unlock(ossl_quic_obj_get0_mutex(ctx->obj));
493 #endif
494 }
495
qctx_lock_for_io(QCTX * ctx)496 static void qctx_lock_for_io(QCTX *ctx)
497 {
498 qctx_lock(ctx);
499 ctx->in_io = 1;
500
501 /*
502 * We are entering an I/O function so we must update the values returned by
503 * SSL_get_error and SSL_want. Set no error. This will be overridden later
504 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
505 * occurs during the API call.
506 */
507 quic_set_last_error(ctx, SSL_ERROR_NONE);
508 }
509
510 /*
511 * This predicate is the criterion which should determine API call rejection for
512 * *most* mutating API calls, particularly stream-related operations for send
513 * parts.
514 *
515 * A call is rejected (this function returns 0) if shutdown is in progress
516 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
517 * req_active=1, the connection must be active (i.e., the IDLE state is also
518 * rejected).
519 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)520 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
521 {
522 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
523 return 0;
524
525 if (req_active && !ossl_quic_channel_is_active(qc->ch))
526 return 0;
527
528 return 1;
529 }
530
qctx_is_top_level(QCTX * ctx)531 static int qctx_is_top_level(QCTX *ctx)
532 {
533 return ctx->obj->parent_obj == NULL;
534 }
535
qctx_blocking(QCTX * ctx)536 static int qctx_blocking(QCTX *ctx)
537 {
538 return ossl_quic_obj_blocking(ctx->obj);
539 }
540
541 /*
542 * Block until a predicate is met.
543 *
544 * Precondition: Must have a channel.
545 * Precondition: Must hold channel lock (unchecked).
546 */
547 QUIC_NEEDS_LOCK
block_until_pred(QCTX * ctx,int (* pred)(void * arg),void * pred_arg,uint32_t flags)548 static int block_until_pred(QCTX *ctx,
549 int (*pred)(void *arg), void *pred_arg,
550 uint32_t flags)
551 {
552 QUIC_ENGINE *qeng;
553 QUIC_REACTOR *rtor;
554
555 qeng = ossl_quic_obj_get0_engine(ctx->obj);
556 assert(qeng != NULL);
557
558 /*
559 * Any attempt to block auto-disables tick inhibition as otherwise we will
560 * hang around forever.
561 */
562 ossl_quic_engine_set_inhibit_tick(qeng, 0);
563
564 rtor = ossl_quic_engine_get0_reactor(qeng);
565 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags);
566 }
567
568 /*
569 * QUIC Front-End I/O API: Initialization
570 * ======================================
571 *
572 * SSL_new => ossl_quic_new
573 * ossl_quic_init
574 * SSL_reset => ossl_quic_reset
575 * SSL_clear => ossl_quic_clear
576 * ossl_quic_deinit
577 * SSL_free => ossl_quic_free
578 *
579 * SSL_set_options => ossl_quic_set_options
580 * SSL_get_options => ossl_quic_get_options
581 * SSL_clear_options => ossl_quic_clear_options
582 *
583 */
584
585 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)586 SSL *ossl_quic_new(SSL_CTX *ctx)
587 {
588 QUIC_CONNECTION *qc = NULL;
589 SSL_CONNECTION *sc = NULL;
590
591 /*
592 * QUIC_server_method should not be used with SSL_new.
593 * It should only be used with SSL_new_listener.
594 */
595 if (ctx->method == OSSL_QUIC_server_method()) {
596 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
597 return NULL;
598 }
599
600 qc = OPENSSL_zalloc(sizeof(*qc));
601 if (qc == NULL) {
602 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
603 return NULL;
604 }
605
606 /* Create the QUIC domain mutex. */
607 #if defined(OPENSSL_THREADS)
608 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
609 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
610 goto err;
611 }
612 #endif
613
614 /* Create the handshake layer. */
615 qc->tls = ossl_ssl_connection_new_int(ctx, &qc->obj.ssl, TLS_method());
616 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
617 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
618 goto err;
619 }
620
621 /* override the user_ssl of the inner connection */
622 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
623
624 /* Restrict options derived from the SSL_CTX. */
625 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
626 sc->pha_enabled = 0;
627
628 /* Determine mode of operation. */
629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
630 qc->is_thread_assisted
631 = ((ctx->domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
632 #endif
633
634 qc->as_server = 0;
635 qc->as_server_state = qc->as_server;
636
637 if (!create_channel(qc, ctx))
638 goto err;
639
640 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, &qc->obj.ssl);
641 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
642
643 /* Initialise the QUIC_CONNECTION's QUIC_OBJ base. */
644 if (!ossl_quic_obj_init(&qc->obj, ctx, SSL_TYPE_QUIC_CONNECTION, NULL,
645 qc->engine, qc->port)) {
646 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
647 goto err;
648 }
649
650 /* Initialise libssl APL-related state. */
651 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
652 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
653 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
654 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
655 qc->last_error = SSL_ERROR_NONE;
656
657 qc_update_reject_policy(qc);
658
659 /*
660 * We do not create the default XSO yet. The reason for this is that the
661 * stream ID of the default XSO will depend on whether the stream is client
662 * or server-initiated, which depends on who transmits first. Since we do
663 * not know whether the application will be using a client-transmits-first
664 * or server-transmits-first protocol, we defer default XSO creation until
665 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
666 * we take that as a cue that the client is expecting a server-initiated
667 * stream, and vice versa if SSL_write() is called first.
668 */
669 return &qc->obj.ssl;
670
671 err:
672 if (qc != NULL) {
673 qc_cleanup(qc, /*have_lock=*/0);
674 OPENSSL_free(qc);
675 }
676 return NULL;
677 }
678
679 QUIC_NEEDS_LOCK
quic_unref_port_bios(QUIC_PORT * port)680 static void quic_unref_port_bios(QUIC_PORT *port)
681 {
682 BIO *b;
683
684 b = ossl_quic_port_get_net_rbio(port);
685 BIO_free_all(b);
686
687 b = ossl_quic_port_get_net_wbio(port);
688 BIO_free_all(b);
689 }
690
691 QUIC_NEEDS_LOCK
qc_cleanup(QUIC_CONNECTION * qc,int have_lock)692 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock)
693 {
694 SSL_free(qc->tls);
695 qc->tls = NULL;
696
697 ossl_quic_channel_free(qc->ch);
698 qc->ch = NULL;
699
700 if (qc->port != NULL && qc->listener == NULL && qc->pending == 0) { /* TODO */
701 quic_unref_port_bios(qc->port);
702 ossl_quic_port_free(qc->port);
703 qc->port = NULL;
704
705 ossl_quic_engine_free(qc->engine);
706 qc->engine = NULL;
707 }
708
709 #if defined(OPENSSL_THREADS)
710 if (have_lock)
711 /* tsan doesn't like freeing locked mutexes */
712 ossl_crypto_mutex_unlock(qc->mutex);
713
714 if (qc->listener == NULL && qc->pending == 0)
715 ossl_crypto_mutex_free(&qc->mutex);
716 #endif
717 }
718
719 /* SSL_free */
720 QUIC_TAKES_LOCK
quic_free_listener(QCTX * ctx)721 static void quic_free_listener(QCTX *ctx)
722 {
723 quic_unref_port_bios(ctx->ql->port);
724 ossl_quic_port_drop_incoming(ctx->ql->port);
725 ossl_quic_port_free(ctx->ql->port);
726
727 if (ctx->ql->domain == NULL) {
728 ossl_quic_engine_free(ctx->ql->engine);
729 #if defined(OPENSSL_THREADS)
730 ossl_crypto_mutex_free(&ctx->ql->mutex);
731 #endif
732 } else {
733 SSL_free(&ctx->ql->domain->obj.ssl);
734 }
735 }
736
737 /* SSL_free */
738 QUIC_TAKES_LOCK
quic_free_domain(QCTX * ctx)739 static void quic_free_domain(QCTX *ctx)
740 {
741 ossl_quic_engine_free(ctx->qd->engine);
742 #if defined(OPENSSL_THREADS)
743 ossl_crypto_mutex_free(&ctx->qd->mutex);
744 #endif
745 }
746
747 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)748 void ossl_quic_free(SSL *s)
749 {
750 QCTX ctx;
751 int is_default;
752
753 /* We should never be called on anything but a QSO. */
754 if (!expect_quic_any(s, &ctx))
755 return;
756
757 if (ctx.is_domain) {
758 quic_free_domain(&ctx);
759 return;
760 }
761
762 if (ctx.is_listener) {
763 quic_free_listener(&ctx);
764 return;
765 }
766
767 qctx_lock(&ctx);
768
769 if (ctx.is_stream) {
770 /*
771 * When a QSSO is freed, the XSO is freed immediately, because the XSO
772 * itself only contains API personality layer data. However the
773 * underlying QUIC_STREAM is not freed immediately but is instead marked
774 * as deleted for later collection.
775 */
776
777 assert(ctx.qc->num_xso > 0);
778 --ctx.qc->num_xso;
779
780 /* If a stream's send part has not been finished, auto-reset it. */
781 if ((ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
782 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
783 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
784 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
785 ctx.xso->stream, 0);
786
787 /* Do STOP_SENDING for the receive part, if applicable. */
788 if (ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
789 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
790 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
791 ctx.xso->stream, 0);
792
793 /* Update stream state. */
794 ctx.xso->stream->deleted = 1;
795 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
796 ctx.xso->stream);
797
798 is_default = (ctx.xso == ctx.qc->default_xso);
799 qctx_unlock(&ctx);
800
801 /*
802 * Unref the connection in most cases; the XSO has a ref to the QC and
803 * not vice versa. But for a default XSO, to avoid circular references,
804 * the QC refs the XSO but the XSO does not ref the QC. If we are the
805 * default XSO, we only get here when the QC is being torn down anyway,
806 * so don't call SSL_free(qc) as we are already in it.
807 */
808 if (!is_default)
809 SSL_free(&ctx.qc->obj.ssl);
810
811 /* Note: SSL_free calls OPENSSL_free(xso) for us */
812 return;
813 }
814
815 /*
816 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
817 * stage, but is freed during the channel free when the whole QSM is freed.
818 */
819 if (ctx.qc->default_xso != NULL) {
820 QUIC_XSO *xso = ctx.qc->default_xso;
821
822 qctx_unlock(&ctx);
823 SSL_free(&xso->obj.ssl);
824 qctx_lock(&ctx);
825 ctx.qc->default_xso = NULL;
826 }
827
828 /* Ensure we have no remaining XSOs. */
829 assert(ctx.qc->num_xso == 0);
830
831 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
832 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
833 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
834 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
835 }
836 #endif
837
838 /*
839 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
840 * us
841 */
842 qc_cleanup(ctx.qc, /*have_lock=*/1);
843 /* Note: SSL_free calls OPENSSL_free(qc) for us */
844
845 if (ctx.qc->listener != NULL)
846 SSL_free(&ctx.qc->listener->obj.ssl);
847 if (ctx.qc->domain != NULL)
848 SSL_free(&ctx.qc->domain->obj.ssl);
849 }
850
851 /* SSL method init */
ossl_quic_init(SSL * s)852 int ossl_quic_init(SSL *s)
853 {
854 /* Same op as SSL_clear, forward the call. */
855 return ossl_quic_clear(s);
856 }
857
858 /* SSL method deinit */
ossl_quic_deinit(SSL * s)859 void ossl_quic_deinit(SSL *s)
860 {
861 /* No-op. */
862 }
863
864 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)865 int ossl_quic_reset(SSL *s)
866 {
867 QCTX ctx;
868
869 if (!expect_quic_any(s, &ctx))
870 return 0;
871
872 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
873 return 0;
874 }
875
876 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)877 int ossl_quic_clear(SSL *s)
878 {
879 QCTX ctx;
880
881 if (!expect_quic_any(s, &ctx))
882 return 0;
883
884 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
885 return 0;
886 }
887
ossl_quic_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)888 int ossl_quic_set_override_now_cb(SSL *s,
889 OSSL_TIME (*now_cb)(void *arg),
890 void *now_cb_arg)
891 {
892 QCTX ctx;
893
894 if (!expect_quic_any(s, &ctx))
895 return 0;
896
897 qctx_lock(&ctx);
898
899 ossl_quic_engine_set_time_cb(ctx.obj->engine, now_cb, now_cb_arg);
900
901 qctx_unlock(&ctx);
902 return 1;
903 }
904
ossl_quic_conn_force_assist_thread_wake(SSL * s)905 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
906 {
907 QCTX ctx;
908
909 if (!expect_quic_conn_only(s, &ctx))
910 return;
911
912 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
913 if (ctx.qc->is_thread_assisted && ctx.qc->started)
914 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
915 #endif
916 }
917
918 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)919 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
920 {
921 qc->default_xso_created = 1;
922 qc_update_reject_policy(qc);
923 }
924
925 /*
926 * Changes default XSO. Allows caller to keep reference to the old default XSO
927 * (if any). Reference to new XSO is transferred from caller.
928 */
929 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)930 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
931 int touch,
932 QUIC_XSO **old_xso)
933 {
934 int refs;
935
936 *old_xso = NULL;
937
938 if (qc->default_xso != xso) {
939 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
940
941 qc->default_xso = xso;
942
943 if (xso == NULL) {
944 /*
945 * Changing to not having a default XSO. XSO becomes standalone and
946 * now has a ref to the QC.
947 */
948 if (!ossl_assert(SSL_up_ref(&qc->obj.ssl)))
949 return;
950 } else {
951 /*
952 * Changing from not having a default XSO to having one. The new XSO
953 * will have had a reference to the QC we need to drop to avoid a
954 * circular reference.
955 *
956 * Currently we never change directly from one default XSO to
957 * another, though this function would also still be correct if this
958 * weren't the case.
959 */
960 assert(*old_xso == NULL);
961
962 CRYPTO_DOWN_REF(&qc->obj.ssl.references, &refs);
963 assert(refs > 0);
964 }
965 }
966
967 if (touch)
968 qc_touch_default_xso(qc);
969 }
970
971 /*
972 * Changes default XSO, releasing the reference to any previous default XSO.
973 * Reference to new XSO is transferred from caller.
974 */
975 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)976 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
977 {
978 QUIC_XSO *old_xso = NULL;
979
980 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
981
982 if (old_xso != NULL)
983 SSL_free(&old_xso->obj.ssl);
984 }
985
986 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)987 static void xso_update_options(QUIC_XSO *xso)
988 {
989 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
990
991 if (xso->stream->rstream != NULL)
992 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
993
994 if (xso->stream->sstream != NULL)
995 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
996 }
997
998 /*
999 * SSL_set_options
1000 * ---------------
1001 *
1002 * Setting options on a QCSO
1003 * - configures the handshake-layer options;
1004 * - configures the default data-plane options for new streams;
1005 * - configures the data-plane options on the default XSO, if there is one.
1006 *
1007 * Setting options on a QSSO
1008 * - configures data-plane options for that stream only.
1009 */
1010 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)1011 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
1012 {
1013 QCTX ctx;
1014 uint64_t hs_mask_value, hs_or_value, ret;
1015
1016 if (!expect_quic_cs(ssl, &ctx))
1017 return 0;
1018
1019 qctx_lock(&ctx);
1020
1021 if (!ctx.is_stream) {
1022 /*
1023 * If we were called on the connection, we apply any handshake option
1024 * changes.
1025 */
1026 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1027 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1028
1029 SSL_clear_options(ctx.qc->tls, hs_mask_value);
1030 SSL_set_options(ctx.qc->tls, hs_or_value);
1031
1032 /* Update defaults for new streams. */
1033 ctx.qc->default_ssl_options
1034 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
1035 & OSSL_QUIC_PERMITTED_OPTIONS;
1036 }
1037
1038 ret = ctx.qc->default_ssl_options;
1039 if (ctx.xso != NULL) {
1040 ctx.xso->ssl_options
1041 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
1042 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1043
1044 xso_update_options(ctx.xso);
1045
1046 if (ctx.is_stream)
1047 ret = ctx.xso->ssl_options;
1048 }
1049
1050 qctx_unlock(&ctx);
1051 return ret;
1052 }
1053
ossl_quic_set_options(SSL * ssl,uint64_t options)1054 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
1055 {
1056 return quic_mask_or_options(ssl, 0, options);
1057 }
1058
1059 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)1060 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
1061 {
1062 return quic_mask_or_options(ssl, options, 0);
1063 }
1064
1065 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)1066 uint64_t ossl_quic_get_options(const SSL *ssl)
1067 {
1068 return quic_mask_or_options((SSL *)ssl, 0, 0);
1069 }
1070
1071 /*
1072 * QUIC Front-End I/O API: Network BIO Configuration
1073 * =================================================
1074 *
1075 * Handling the different BIOs is difficult:
1076 *
1077 * - It is more or less a requirement that we use non-blocking network I/O;
1078 * we need to be able to have timeouts on recv() calls, and make best effort
1079 * (non blocking) send() and recv() calls.
1080 *
1081 * The only sensible way to do this is to configure the socket into
1082 * non-blocking mode. We could try to do select() before calling send() or
1083 * recv() to get a guarantee that the call will not block, but this will
1084 * probably run into issues with buggy OSes which generate spurious socket
1085 * readiness events. In any case, relying on this to work reliably does not
1086 * seem sane.
1087 *
1088 * Timeouts could be handled via setsockopt() socket timeout options, but
1089 * this depends on OS support and adds another syscall to every network I/O
1090 * operation. It also has obvious thread safety concerns if we want to move
1091 * to concurrent use of a single socket at some later date.
1092 *
1093 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
1094 * be made non-blocking. However some OSes (e.g. Windows) do not support
1095 * this, so we cannot rely on this.
1096 *
1097 * As such, we need to configure any FD in non-blocking mode. This may
1098 * confound users who pass a blocking socket to libssl. However, in practice
1099 * it would be extremely strange for a user of QUIC to pass an FD to us,
1100 * then also try and send receive traffic on the same socket(!). Thus the
1101 * impact of this should be limited, and can be documented.
1102 *
1103 * - We support both blocking and non-blocking operation in terms of the API
1104 * presented to the user. One prospect is to set the blocking mode based on
1105 * whether the socket passed to us was already in blocking mode. However,
1106 * Windows has no API for determining if a socket is in blocking mode (!),
1107 * therefore this cannot be done portably. Currently therefore we expose an
1108 * explicit API call to set this, and default to blocking mode.
1109 *
1110 * - We need to determine our initial destination UDP address. The "natural"
1111 * way for a user to do this is to set the peer variable on a BIO_dgram.
1112 * However, this has problems because BIO_dgram's peer variable is used for
1113 * both transmission and reception. This means it can be constantly being
1114 * changed to a malicious value (e.g. if some random unrelated entity on the
1115 * network starts sending traffic to us) on every read call. This is not a
1116 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
1117 * calls only, which do not use this variable. However, we do need to let
1118 * the user specify the peer in a 'normal' manner. The compromise here is
1119 * that we grab the current peer value set at the time the write BIO is set
1120 * and do not read the value again.
1121 *
1122 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
1123 * Currently we do this by only supporting non-blocking mode.
1124 *
1125 */
1126
1127 /*
1128 * Determines what initial destination UDP address we should use, if possible.
1129 * If this fails the client must set the destination address manually, or use a
1130 * BIO which does not need a destination address.
1131 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)1132 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
1133 {
1134 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
1135 return 0;
1136
1137 return 1;
1138 }
1139
1140 static int
quic_set0_net_rbio(QUIC_OBJ * obj,BIO * net_rbio)1141 quic_set0_net_rbio(QUIC_OBJ *obj, BIO *net_rbio)
1142 {
1143 QUIC_PORT *port;
1144 BIO *old_rbio = NULL;
1145
1146 port = ossl_quic_obj_get0_port(obj);
1147 old_rbio = ossl_quic_port_get_net_rbio(port);
1148 if (old_rbio == net_rbio)
1149 return 0;
1150
1151 if (!ossl_quic_port_set_net_rbio(port, net_rbio))
1152 return 0;
1153
1154 BIO_free_all(old_rbio);
1155 if (net_rbio != NULL)
1156 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
1157
1158 return 1;
1159 }
1160
1161 static int
quic_set0_net_wbio(QUIC_OBJ * obj,BIO * net_wbio)1162 quic_set0_net_wbio(QUIC_OBJ *obj, BIO *net_wbio)
1163 {
1164 QUIC_PORT *port;
1165 BIO *old_wbio = NULL;
1166
1167 port = ossl_quic_obj_get0_port(obj);
1168 old_wbio = ossl_quic_port_get_net_wbio(port);
1169 if (old_wbio == net_wbio)
1170 return 0;
1171
1172 if (!ossl_quic_port_set_net_wbio(port, net_wbio))
1173 return 0;
1174
1175 BIO_free_all(old_wbio);
1176 if (net_wbio != NULL)
1177 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
1178
1179 return 1;
1180 }
1181
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)1182 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
1183 {
1184 QCTX ctx;
1185
1186 if (!expect_quic_csl(s, &ctx))
1187 return;
1188
1189 /* Returns 0 if no change. */
1190 if (!quic_set0_net_rbio(ctx.obj, net_rbio))
1191 return;
1192 }
1193
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)1194 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
1195 {
1196 QCTX ctx;
1197
1198 if (!expect_quic_csl(s, &ctx))
1199 return;
1200
1201 /* Returns 0 if no change. */
1202 if (!quic_set0_net_wbio(ctx.obj, net_wbio))
1203 return;
1204 }
1205
ossl_quic_conn_get_net_rbio(const SSL * s)1206 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
1207 {
1208 QCTX ctx;
1209 QUIC_PORT *port;
1210
1211 if (!expect_quic_csl(s, &ctx))
1212 return NULL;
1213
1214 port = ossl_quic_obj_get0_port(ctx.obj);
1215 assert(port != NULL);
1216 return ossl_quic_port_get_net_rbio(port);
1217 }
1218
ossl_quic_conn_get_net_wbio(const SSL * s)1219 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
1220 {
1221 QCTX ctx;
1222 QUIC_PORT *port;
1223
1224 if (!expect_quic_csl(s, &ctx))
1225 return NULL;
1226
1227 port = ossl_quic_obj_get0_port(ctx.obj);
1228 assert(port != NULL);
1229 return ossl_quic_port_get_net_wbio(port);
1230 }
1231
ossl_quic_conn_get_blocking_mode(const SSL * s)1232 int ossl_quic_conn_get_blocking_mode(const SSL *s)
1233 {
1234 QCTX ctx;
1235
1236 if (!expect_quic_csl(s, &ctx))
1237 return 0;
1238
1239 return qctx_blocking(&ctx);
1240 }
1241
1242 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)1243 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
1244 {
1245 int ret = 0;
1246 unsigned int mode;
1247 QCTX ctx;
1248
1249 if (!expect_quic_csl(s, &ctx))
1250 return 0;
1251
1252 qctx_lock(&ctx);
1253
1254 /* Sanity check - can we support the request given the current network BIO? */
1255 if (blocking) {
1256 /*
1257 * If called directly on a top-level object (QCSO or QLSO), update our
1258 * information on network BIO capabilities.
1259 */
1260 if (qctx_is_top_level(&ctx))
1261 ossl_quic_engine_update_poll_descriptors(ctx.obj->engine, /*force=*/1);
1262
1263 /* Cannot enable blocking mode if we do not have pollable FDs. */
1264 if (!ossl_quic_obj_can_support_blocking(ctx.obj)) {
1265 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1266 goto out;
1267 }
1268 }
1269
1270 mode = (blocking != 0)
1271 ? QUIC_BLOCKING_MODE_BLOCKING
1272 : QUIC_BLOCKING_MODE_NONBLOCKING;
1273
1274 ossl_quic_obj_set_blocking_mode(ctx.obj, mode);
1275
1276 ret = 1;
1277 out:
1278 qctx_unlock(&ctx);
1279 return ret;
1280 }
1281
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1282 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1283 const BIO_ADDR *peer_addr)
1284 {
1285 QCTX ctx;
1286
1287 if (!expect_quic_cs(s, &ctx))
1288 return 0;
1289
1290 if (ctx.qc->started)
1291 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1292 NULL);
1293
1294 if (peer_addr == NULL) {
1295 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1296 return 1;
1297 }
1298
1299 return BIO_ADDR_copy(&ctx.qc->init_peer_addr, peer_addr);
1300 }
1301
1302 /*
1303 * QUIC Front-End I/O API: Asynchronous I/O Management
1304 * ===================================================
1305 *
1306 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1307 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1308 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1309 *
1310 */
1311
1312 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1313 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1314 int ossl_quic_handle_events(SSL *s)
1315 {
1316 QCTX ctx;
1317
1318 if (!expect_quic_any(s, &ctx))
1319 return 0;
1320
1321 qctx_lock(&ctx);
1322 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
1323 qctx_unlock(&ctx);
1324 return 1;
1325 }
1326
1327 /*
1328 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1329 * should next have events handled by the application by calling
1330 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1331 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1332 * the value of *tv is undefined.
1333 */
1334 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1335 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1336 {
1337 QCTX ctx;
1338 QUIC_REACTOR *reactor;
1339 OSSL_TIME deadline;
1340 OSSL_TIME basetime;
1341
1342 if (!expect_quic_any(s, &ctx))
1343 return 0;
1344
1345 qctx_lock(&ctx);
1346
1347 reactor = ossl_quic_obj_get0_reactor(ctx.obj);
1348 deadline = ossl_quic_reactor_get_tick_deadline(reactor);
1349
1350 if (ossl_time_is_infinite(deadline)) {
1351 qctx_unlock(&ctx);
1352 *is_infinite = 1;
1353
1354 /*
1355 * Robustness against faulty applications that don't check *is_infinite;
1356 * harmless long timeout.
1357 */
1358 tv->tv_sec = 1000000;
1359 tv->tv_usec = 0;
1360 return 1;
1361 }
1362
1363 basetime = ossl_quic_engine_get_time(ctx.obj->engine);
1364
1365 qctx_unlock(&ctx);
1366
1367 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, basetime));
1368 *is_infinite = 0;
1369
1370 return 1;
1371 }
1372
1373 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1374 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1375 {
1376 QCTX ctx;
1377 QUIC_PORT *port = NULL;
1378 BIO *net_rbio;
1379
1380 if (!expect_quic_csl(s, &ctx))
1381 return 0;
1382
1383 port = ossl_quic_obj_get0_port(ctx.obj);
1384 net_rbio = ossl_quic_port_get_net_rbio(port);
1385 if (desc == NULL || net_rbio == NULL)
1386 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1387 NULL);
1388
1389 return BIO_get_rpoll_descriptor(net_rbio, desc);
1390 }
1391
1392 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1393 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1394 {
1395 QCTX ctx;
1396 QUIC_PORT *port = NULL;
1397 BIO *net_wbio;
1398
1399 if (!expect_quic_csl(s, &ctx))
1400 return 0;
1401
1402 port = ossl_quic_obj_get0_port(ctx.obj);
1403 net_wbio = ossl_quic_port_get_net_wbio(port);
1404 if (desc == NULL || net_wbio == NULL)
1405 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1406 NULL);
1407
1408 return BIO_get_wpoll_descriptor(net_wbio, desc);
1409 }
1410
1411 /* SSL_net_read_desired */
1412 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1413 int ossl_quic_get_net_read_desired(SSL *s)
1414 {
1415 QCTX ctx;
1416 int ret;
1417
1418 if (!expect_quic_csl(s, &ctx))
1419 return 0;
1420
1421 qctx_lock(&ctx);
1422 ret = ossl_quic_reactor_net_read_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1423 qctx_unlock(&ctx);
1424 return ret;
1425 }
1426
1427 /* SSL_net_write_desired */
1428 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1429 int ossl_quic_get_net_write_desired(SSL *s)
1430 {
1431 int ret;
1432 QCTX ctx;
1433
1434 if (!expect_quic_csl(s, &ctx))
1435 return 0;
1436
1437 qctx_lock(&ctx);
1438 ret = ossl_quic_reactor_net_write_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1439 qctx_unlock(&ctx);
1440 return ret;
1441 }
1442
1443 /*
1444 * QUIC Front-End I/O API: Connection Lifecycle Operations
1445 * =======================================================
1446 *
1447 * SSL_do_handshake => ossl_quic_do_handshake
1448 * SSL_set_connect_state => ossl_quic_set_connect_state
1449 * SSL_set_accept_state => ossl_quic_set_accept_state
1450 * SSL_shutdown => ossl_quic_shutdown
1451 * SSL_ctrl => ossl_quic_ctrl
1452 * (BIO/)SSL_connect => ossl_quic_connect
1453 * (BIO/)SSL_accept => ossl_quic_accept
1454 *
1455 */
1456
1457 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1458 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1459 {
1460 QUIC_STREAM_MAP *qsm;
1461
1462 if (qc->shutting_down)
1463 return;
1464
1465 qsm = ossl_quic_channel_get_qsm(qc->ch);
1466
1467 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1468 qc->shutting_down = 1;
1469 }
1470
1471 /* Returns 1 if all shutdown-flush streams have been done with. */
1472 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1473 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1474 {
1475 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1476
1477 return qc->shutting_down
1478 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1479 }
1480
1481 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1482 static int quic_shutdown_wait(void *arg)
1483 {
1484 QUIC_CONNECTION *qc = arg;
1485
1486 return ossl_quic_channel_is_terminated(qc->ch);
1487 }
1488
1489 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1490 static int quic_shutdown_flush_wait(void *arg)
1491 {
1492 QUIC_CONNECTION *qc = arg;
1493
1494 return ossl_quic_channel_is_term_any(qc->ch)
1495 || qc_shutdown_flush_finished(qc);
1496 }
1497
quic_shutdown_peer_wait(void * arg)1498 static int quic_shutdown_peer_wait(void *arg)
1499 {
1500 QUIC_CONNECTION *qc = arg;
1501 return ossl_quic_channel_is_term_any(qc->ch);
1502 }
1503
1504 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1505 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1506 const SSL_SHUTDOWN_EX_ARGS *args,
1507 size_t args_len)
1508 {
1509 int ret;
1510 QCTX ctx;
1511 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1512 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1513 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1514
1515 if (!expect_quic_cs(s, &ctx))
1516 return -1;
1517
1518 if (ctx.is_stream) {
1519 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1520 return -1;
1521 }
1522
1523 qctx_lock(&ctx);
1524
1525 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1526 qctx_unlock(&ctx);
1527 return 1;
1528 }
1529
1530 /* Phase 1: Stream Flushing */
1531 if (!wait_peer && stream_flush) {
1532 qc_shutdown_flush_init(ctx.qc);
1533
1534 if (!qc_shutdown_flush_finished(ctx.qc)) {
1535 if (!no_block && qctx_blocking(&ctx)) {
1536 ret = block_until_pred(&ctx, quic_shutdown_flush_wait, ctx.qc, 0);
1537 if (ret < 1) {
1538 ret = 0;
1539 goto err;
1540 }
1541 } else {
1542 qctx_maybe_autotick(&ctx);
1543 }
1544 }
1545
1546 if (!qc_shutdown_flush_finished(ctx.qc)) {
1547 qctx_unlock(&ctx);
1548 return 0; /* ongoing */
1549 }
1550 }
1551
1552 /* Phase 2: Connection Closure */
1553 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1554 if (!no_block && qctx_blocking(&ctx)) {
1555 ret = block_until_pred(&ctx, quic_shutdown_peer_wait, ctx.qc, 0);
1556 if (ret < 1) {
1557 ret = 0;
1558 goto err;
1559 }
1560 } else {
1561 qctx_maybe_autotick(&ctx);
1562 }
1563
1564 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1565 ret = 0; /* peer hasn't closed yet - still not done */
1566 goto err;
1567 }
1568
1569 /*
1570 * We are at least terminating - go through the normal process of
1571 * waiting until we are in the TERMINATED state.
1572 */
1573 }
1574
1575 /* Block mutation ops regardless of if we did stream flush. */
1576 ctx.qc->shutting_down = 1;
1577
1578 /*
1579 * This call is a no-op if we are already terminating, so it doesn't
1580 * affect the wait_peer case.
1581 */
1582 ossl_quic_channel_local_close(ctx.qc->ch,
1583 args != NULL ? args->quic_error_code : 0,
1584 args != NULL ? args->quic_reason : NULL);
1585
1586 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1587
1588 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1589 qctx_unlock(&ctx);
1590 return 1;
1591 }
1592
1593 /* Phase 3: Terminating Wait Time */
1594 if (!no_block && qctx_blocking(&ctx)
1595 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1596 ret = block_until_pred(&ctx, quic_shutdown_wait, ctx.qc, 0);
1597 if (ret < 1) {
1598 ret = 0;
1599 goto err;
1600 }
1601 } else {
1602 qctx_maybe_autotick(&ctx);
1603 }
1604
1605 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1606 err:
1607 qctx_unlock(&ctx);
1608 return ret;
1609 }
1610
1611 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1612 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1613 {
1614 QCTX ctx;
1615
1616 if (!expect_quic_csl(s, &ctx))
1617 return 0;
1618
1619 switch (cmd) {
1620 case SSL_CTRL_MODE:
1621 if (ctx.is_listener)
1622 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1623
1624 /* If called on a QCSO, update the default mode. */
1625 if (!ctx.is_stream)
1626 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1627
1628 /*
1629 * If we were called on a QSSO or have a default stream, we also update
1630 * that.
1631 */
1632 if (ctx.xso != NULL) {
1633 /* Cannot enable EPW while AON write in progress. */
1634 if (ctx.xso->aon_write_in_progress)
1635 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1636
1637 ctx.xso->ssl_mode |= (uint32_t)larg;
1638 return ctx.xso->ssl_mode;
1639 }
1640
1641 return ctx.qc->default_ssl_mode;
1642 case SSL_CTRL_CLEAR_MODE:
1643 if (ctx.is_listener)
1644 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1645
1646 if (!ctx.is_stream)
1647 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1648
1649 if (ctx.xso != NULL) {
1650 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1651 return ctx.xso->ssl_mode;
1652 }
1653
1654 return ctx.qc->default_ssl_mode;
1655
1656 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1657 if (ctx.is_listener)
1658 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1659
1660 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1661 /* This ctrl also needs to be passed to the internal SSL object */
1662 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1663
1664 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1665 {
1666 int is_infinite;
1667
1668 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1669 return 0;
1670
1671 return !is_infinite;
1672 }
1673 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1674 /* For legacy compatibility with DTLS calls. */
1675 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1676
1677 /* Mask ctrls we shouldn't support for QUIC. */
1678 case SSL_CTRL_GET_READ_AHEAD:
1679 case SSL_CTRL_SET_READ_AHEAD:
1680 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1681 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1682 case SSL_CTRL_SET_MAX_PIPELINES:
1683 return 0;
1684
1685 default:
1686 /*
1687 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1688 * implementation. Either SSL_ctrl will handle it itself by direct
1689 * access into handshake layer state, or failing that, it will be passed
1690 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1691 * supported by anything, the handshake layer's ctrl method will finally
1692 * return 0.
1693 */
1694 if (ctx.is_listener)
1695 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1696
1697 return ossl_ctrl_internal(&ctx.qc->obj.ssl, cmd, larg, parg, /*no_quic=*/1);
1698 }
1699 }
1700
1701 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s,int raiseerrs)1702 int ossl_quic_set_connect_state(SSL *s, int raiseerrs)
1703 {
1704 QCTX ctx;
1705
1706 if (!is_quic_c(s, &ctx, raiseerrs))
1707 return 0;
1708
1709 if (ctx.qc->as_server_state == 0)
1710 return 1;
1711
1712 /* Cannot be changed after handshake started */
1713 if (ctx.qc->started) {
1714 if (raiseerrs)
1715 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1716 return 0;
1717 }
1718
1719 ctx.qc->as_server_state = 0;
1720 return 1;
1721 }
1722
1723 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s,int raiseerrs)1724 int ossl_quic_set_accept_state(SSL *s, int raiseerrs)
1725 {
1726 QCTX ctx;
1727
1728 if (!is_quic_c(s, &ctx, raiseerrs))
1729 return 0;
1730
1731 if (ctx.qc->as_server_state == 1)
1732 return 1;
1733
1734 /* Cannot be changed after handshake started */
1735 if (ctx.qc->started) {
1736 if (raiseerrs)
1737 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1738 return 0;
1739 }
1740
1741 ctx.qc->as_server_state = 1;
1742 return 1;
1743 }
1744
1745 /* SSL_do_handshake */
1746 struct quic_handshake_wait_args {
1747 QUIC_CONNECTION *qc;
1748 };
1749
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1750 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1751 {
1752 int want = SSL_want(qc->tls);
1753
1754 if (want == SSL_X509_LOOKUP
1755 || want == SSL_CLIENT_HELLO_CB
1756 || want == SSL_RETRY_VERIFY)
1757 return 1;
1758
1759 return 0;
1760 }
1761
quic_handshake_wait(void * arg)1762 static int quic_handshake_wait(void *arg)
1763 {
1764 struct quic_handshake_wait_args *args = arg;
1765
1766 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1767 return -1;
1768
1769 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1770 return 1;
1771
1772 if (tls_wants_non_io_retry(args->qc))
1773 return 1;
1774
1775 return 0;
1776 }
1777
configure_channel(QUIC_CONNECTION * qc)1778 static int configure_channel(QUIC_CONNECTION *qc)
1779 {
1780 assert(qc->ch != NULL);
1781
1782 if (!ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1783 return 0;
1784
1785 return 1;
1786 }
1787
need_notifier_for_domain_flags(uint64_t domain_flags)1788 static int need_notifier_for_domain_flags(uint64_t domain_flags)
1789 {
1790 return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0
1791 || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0
1792 && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0);
1793 }
1794
1795 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc,SSL_CTX * ctx)1796 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx)
1797 {
1798 QUIC_ENGINE_ARGS engine_args = { 0 };
1799 QUIC_PORT_ARGS port_args = { 0 };
1800
1801 engine_args.libctx = ctx->libctx;
1802 engine_args.propq = ctx->propq;
1803 #if defined(OPENSSL_THREADS)
1804 engine_args.mutex = qc->mutex;
1805 #endif
1806
1807 if (need_notifier_for_domain_flags(ctx->domain_flags))
1808 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
1809
1810 qc->engine = ossl_quic_engine_new(&engine_args);
1811 if (qc->engine == NULL) {
1812 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1813 return 0;
1814 }
1815
1816 port_args.channel_ctx = ctx;
1817 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1818 if (qc->port == NULL) {
1819 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1820 ossl_quic_engine_free(qc->engine);
1821 return 0;
1822 }
1823
1824 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1825 if (qc->ch == NULL) {
1826 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1827 ossl_quic_port_free(qc->port);
1828 ossl_quic_engine_free(qc->engine);
1829 return 0;
1830 }
1831
1832 return 1;
1833 }
1834
1835 /*
1836 * Configures a channel with the information we have accumulated via calls made
1837 * to us from the application prior to starting a handshake attempt.
1838 */
1839 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1840 static int ensure_channel_started(QCTX *ctx)
1841 {
1842 QUIC_CONNECTION *qc = ctx->qc;
1843
1844 if (!qc->started) {
1845 if (!configure_channel(qc)) {
1846 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1847 "failed to configure channel");
1848 return 0;
1849 }
1850
1851 if (!ossl_quic_channel_start(qc->ch)) {
1852 ossl_quic_channel_restore_err_state(qc->ch);
1853 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1854 "failed to start channel");
1855 return 0;
1856 }
1857
1858 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1859 if (qc->is_thread_assisted)
1860 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) {
1861 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1862 "failed to start assist thread");
1863 return 0;
1864 }
1865 #endif
1866 }
1867
1868 qc->started = 1;
1869 return 1;
1870 }
1871
1872 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1873 static int quic_do_handshake(QCTX *ctx)
1874 {
1875 int ret;
1876 QUIC_CONNECTION *qc = ctx->qc;
1877 QUIC_PORT *port;
1878 BIO *net_rbio, *net_wbio;
1879
1880 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1881 /* Handshake already completed. */
1882 return 1;
1883
1884 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1885 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1886
1887 if (qc->as_server != qc->as_server_state) {
1888 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1889 return -1; /* Non-protocol error */
1890 }
1891
1892 port = ossl_quic_obj_get0_port(ctx->obj);
1893 net_rbio = ossl_quic_port_get_net_rbio(port);
1894 net_wbio = ossl_quic_port_get_net_wbio(port);
1895 if (net_rbio == NULL || net_wbio == NULL) {
1896 /* Need read and write BIOs. */
1897 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1898 return -1; /* Non-protocol error */
1899 }
1900
1901 if (!qc->started && ossl_quic_port_is_addressed_w(port)
1902 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1903 /*
1904 * We are trying to connect and are using addressed mode, which means we
1905 * need an initial peer address; if we do not have a peer address yet,
1906 * we should try to autodetect one.
1907 *
1908 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1909 * may not be able to provide us with a peer address until they have
1910 * finished their own processing. They may not be able to perform this
1911 * processing until an application has finished configuring that BIO
1912 * (e.g. with setter calls), which might happen after SSL_set_bio is
1913 * called.
1914 */
1915 if (!csm_analyse_init_peer_addr(net_wbio, &qc->init_peer_addr))
1916 /* best effort */
1917 BIO_ADDR_clear(&qc->init_peer_addr);
1918 else
1919 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1920 }
1921
1922 if (!qc->started
1923 && ossl_quic_port_is_addressed_w(port)
1924 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1925 /*
1926 * If we still don't have a peer address in addressed mode, we can't do
1927 * anything.
1928 */
1929 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1930 return -1; /* Non-protocol error */
1931 }
1932
1933 /*
1934 * Start connection process. Note we may come here multiple times in
1935 * non-blocking mode, which is fine.
1936 */
1937 if (!ensure_channel_started(ctx)) /* raises on failure */
1938 return -1; /* Non-protocol error */
1939
1940 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1941 /* The handshake is now done. */
1942 return 1;
1943
1944 if (!qctx_blocking(ctx)) {
1945 /* Try to advance the reactor. */
1946 qctx_maybe_autotick(ctx);
1947
1948 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1949 /* The handshake is now done. */
1950 return 1;
1951
1952 if (ossl_quic_channel_is_term_any(qc->ch)) {
1953 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1954 return 0;
1955 } else if (ossl_quic_obj_desires_blocking(&qc->obj)) {
1956 /*
1957 * As a special case when doing a handshake when blocking mode is
1958 * desired yet not available, see if the network BIOs have become
1959 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1960 * which do late creation of socket FDs and therefore cannot expose
1961 * a poll descriptor until after a network BIO is set on the QCSO.
1962 */
1963 ossl_quic_engine_update_poll_descriptors(qc->obj.engine, /*force=*/1);
1964 }
1965 }
1966
1967 /*
1968 * We are either in blocking mode or just entered it due to the code above.
1969 */
1970 if (qctx_blocking(ctx)) {
1971 /* In blocking mode, wait for the handshake to complete. */
1972 struct quic_handshake_wait_args args;
1973
1974 args.qc = qc;
1975
1976 ret = block_until_pred(ctx, quic_handshake_wait, &args, 0);
1977 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1978 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1979 return 0; /* Shutdown before completion */
1980 } else if (ret <= 0) {
1981 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1982 return -1; /* Non-protocol error */
1983 }
1984
1985 if (tls_wants_non_io_retry(qc)) {
1986 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1987 return -1;
1988 }
1989
1990 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1991 return 1;
1992 }
1993
1994 if (tls_wants_non_io_retry(qc)) {
1995 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1996 return -1;
1997 }
1998
1999 /*
2000 * Otherwise, indicate that the handshake isn't done yet.
2001 * We can only get here in non-blocking mode.
2002 */
2003 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2004 return -1; /* Non-protocol error */
2005 }
2006
2007 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)2008 int ossl_quic_do_handshake(SSL *s)
2009 {
2010 int ret;
2011 QCTX ctx;
2012
2013 if (!expect_quic_cs(s, &ctx))
2014 return 0;
2015
2016 qctx_lock_for_io(&ctx);
2017
2018 ret = quic_do_handshake(&ctx);
2019 qctx_unlock(&ctx);
2020 return ret;
2021 }
2022
2023 /* SSL_connect */
ossl_quic_connect(SSL * s)2024 int ossl_quic_connect(SSL *s)
2025 {
2026 /* Ensure we are in connect state (no-op if non-idle). */
2027 if (!ossl_quic_set_connect_state(s, 1))
2028 return -1;
2029
2030 /* Begin or continue the handshake */
2031 return ossl_quic_do_handshake(s);
2032 }
2033
2034 /* SSL_accept */
ossl_quic_accept(SSL * s)2035 int ossl_quic_accept(SSL *s)
2036 {
2037 /* Ensure we are in accept state (no-op if non-idle). */
2038 if (!ossl_quic_set_accept_state(s, 1))
2039 return -1;
2040
2041 /* Begin or continue the handshake */
2042 return ossl_quic_do_handshake(s);
2043 }
2044
2045 /*
2046 * QUIC Front-End I/O API: Stream Lifecycle Operations
2047 * ===================================================
2048 *
2049 * SSL_stream_new => ossl_quic_conn_stream_new
2050 *
2051 */
2052
2053 /*
2054 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
2055 * default XSO was created. Returns 0 if it was not (e.g. because it already
2056 * exists). Note that this is NOT an error condition.
2057 */
2058 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)2059 static int qc_try_create_default_xso_for_write(QCTX *ctx)
2060 {
2061 uint64_t flags = 0;
2062 QUIC_CONNECTION *qc = ctx->qc;
2063
2064 if (qc->default_xso_created
2065 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2066 /*
2067 * We only do this once. If the user detaches a previously created
2068 * default XSO we don't auto-create another one.
2069 */
2070 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2071
2072 /* Create a locally-initiated stream. */
2073 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2074 flags |= SSL_STREAM_FLAG_UNI;
2075
2076 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
2077 /*needs_lock=*/0),
2078 /*touch=*/0);
2079 if (qc->default_xso == NULL)
2080 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2081
2082 qc_touch_default_xso(qc);
2083 return 1;
2084 }
2085
2086 struct quic_wait_for_stream_args {
2087 QUIC_CONNECTION *qc;
2088 QUIC_STREAM *qs;
2089 QCTX *ctx;
2090 uint64_t expect_id;
2091 };
2092
2093 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)2094 static int quic_wait_for_stream(void *arg)
2095 {
2096 struct quic_wait_for_stream_args *args = arg;
2097
2098 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
2099 /* If connection is torn down due to an error while blocking, stop. */
2100 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2101 return -1;
2102 }
2103
2104 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2105 args->expect_id | QUIC_STREAM_DIR_BIDI);
2106 if (args->qs == NULL)
2107 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2108 args->expect_id | QUIC_STREAM_DIR_UNI);
2109
2110 if (args->qs != NULL)
2111 return 1; /* stream now exists */
2112
2113 return 0; /* did not get a stream, keep trying */
2114 }
2115
2116 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)2117 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
2118 {
2119 /* Called on a QCSO and we don't currently have a default stream. */
2120 uint64_t expect_id;
2121 QUIC_CONNECTION *qc = ctx->qc;
2122 QUIC_STREAM *qs;
2123 int res;
2124 struct quic_wait_for_stream_args wargs;
2125 OSSL_RTT_INFO rtt_info;
2126
2127 /*
2128 * If default stream functionality is disabled or we already detached
2129 * one, don't make another default stream and just fail.
2130 */
2131 if (qc->default_xso_created
2132 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2133 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2134
2135 /*
2136 * The peer may have opened a stream since we last ticked. So tick and
2137 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
2138 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
2139 * first stream created by a peer must have an ordinal of 0.
2140 */
2141 expect_id = qc->as_server
2142 ? QUIC_STREAM_INITIATOR_CLIENT
2143 : QUIC_STREAM_INITIATOR_SERVER;
2144
2145 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2146 expect_id | QUIC_STREAM_DIR_BIDI);
2147 if (qs == NULL)
2148 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2149 expect_id | QUIC_STREAM_DIR_UNI);
2150
2151 if (qs == NULL) {
2152 qctx_maybe_autotick(ctx);
2153
2154 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2155 expect_id);
2156 }
2157
2158 if (qs == NULL) {
2159 if (peek)
2160 return 0;
2161
2162 if (ossl_quic_channel_is_term_any(qc->ch)) {
2163 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2164 } else if (!qctx_blocking(ctx)) {
2165 /* Non-blocking mode, so just bail immediately. */
2166 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2167 }
2168
2169 /* Block until we have a stream. */
2170 wargs.qc = qc;
2171 wargs.qs = NULL;
2172 wargs.ctx = ctx;
2173 wargs.expect_id = expect_id;
2174
2175 res = block_until_pred(ctx, quic_wait_for_stream, &wargs, 0);
2176 if (res == 0)
2177 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2178 else if (res < 0 || wargs.qs == NULL)
2179 /* quic_wait_for_stream raised error here */
2180 return 0;
2181
2182 qs = wargs.qs;
2183 }
2184
2185 /*
2186 * We now have qs != NULL. Remove it from the incoming stream queue so that
2187 * it isn't also returned by any future SSL_accept_stream calls.
2188 */
2189 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2190 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
2191 qs, rtt_info.smoothed_rtt);
2192
2193 /*
2194 * Now make qs the default stream, creating the necessary XSO.
2195 */
2196 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
2197 if (qc->default_xso == NULL)
2198 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2199
2200 qc_touch_default_xso(qc); /* inhibits default XSO */
2201 return 1;
2202 }
2203
2204 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)2205 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
2206 {
2207 QUIC_XSO *xso = NULL;
2208
2209 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
2210 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
2211 goto err;
2212 }
2213
2214 if (!ossl_quic_obj_init(&xso->obj, qc->obj.ssl.ctx, SSL_TYPE_QUIC_XSO,
2215 &qc->obj.ssl, NULL, NULL)) {
2216 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
2217 goto err;
2218 }
2219
2220 /* XSO refs QC */
2221 if (!SSL_up_ref(&qc->obj.ssl)) {
2222 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
2223 goto err;
2224 }
2225
2226 xso->conn = qc;
2227 xso->ssl_mode = qc->default_ssl_mode;
2228 xso->ssl_options
2229 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
2230 xso->last_error = SSL_ERROR_NONE;
2231
2232 xso->stream = qs;
2233
2234 ++qc->num_xso;
2235 xso_update_options(xso);
2236 return xso;
2237
2238 err:
2239 OPENSSL_free(xso);
2240 return NULL;
2241 }
2242
2243 struct quic_new_stream_wait_args {
2244 QUIC_CONNECTION *qc;
2245 int is_uni;
2246 };
2247
quic_new_stream_wait(void * arg)2248 static int quic_new_stream_wait(void *arg)
2249 {
2250 struct quic_new_stream_wait_args *args = arg;
2251 QUIC_CONNECTION *qc = args->qc;
2252
2253 if (!quic_mutation_allowed(qc, /*req_active=*/1))
2254 return -1;
2255
2256 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
2257 return 1;
2258
2259 return 0;
2260 }
2261
2262 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)2263 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
2264 {
2265 int ret;
2266 QUIC_CONNECTION *qc = ctx->qc;
2267 QUIC_XSO *xso = NULL;
2268 QUIC_STREAM *qs = NULL;
2269 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2270 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2271 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2272
2273 if (need_lock)
2274 qctx_lock(ctx);
2275
2276 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2278 goto err;
2279 }
2280
2281 if (!advance
2282 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2283 struct quic_new_stream_wait_args args;
2284
2285 /*
2286 * Stream count flow control currently doesn't permit this stream to be
2287 * opened.
2288 */
2289 if (no_blocking || !qctx_blocking(ctx)) {
2290 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2291 goto err;
2292 }
2293
2294 args.qc = qc;
2295 args.is_uni = is_uni;
2296
2297 /* Blocking mode - wait until we can get a stream. */
2298 ret = block_until_pred(ctx, quic_new_stream_wait, &args, 0);
2299 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2300 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2301 goto err; /* Shutdown before completion */
2302 } else if (ret <= 0) {
2303 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2304 goto err; /* Non-protocol error */
2305 }
2306 }
2307
2308 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2309 if (qs == NULL) {
2310 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2311 goto err;
2312 }
2313
2314 xso = create_xso_from_stream(qc, qs);
2315 if (xso == NULL)
2316 goto err;
2317
2318 qc_touch_default_xso(qc); /* inhibits default XSO */
2319 if (need_lock)
2320 qctx_unlock(ctx);
2321
2322 return &xso->obj.ssl;
2323
2324 err:
2325 OPENSSL_free(xso);
2326 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2327 if (need_lock)
2328 qctx_unlock(ctx);
2329
2330 return NULL;
2331 }
2332
2333 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2334 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2335 {
2336 QCTX ctx;
2337
2338 if (!expect_quic_conn_only(s, &ctx))
2339 return NULL;
2340
2341 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2342 }
2343
2344 /*
2345 * QUIC Front-End I/O API: Steady-State Operations
2346 * ===============================================
2347 *
2348 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2349 * is, the functions used during the established phase of a QUIC connection
2350 * (e.g. SSL_read, SSL_write).
2351 *
2352 * Each function must handle both blocking and non-blocking modes. As discussed
2353 * above, all QUIC I/O is implemented using non-blocking mode internally.
2354 *
2355 * SSL_get_error => partially implemented by ossl_quic_get_error
2356 * SSL_want => ossl_quic_want
2357 * (BIO/)SSL_read => ossl_quic_read
2358 * (BIO/)SSL_write => ossl_quic_write
2359 * SSL_pending => ossl_quic_pending
2360 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2361 * SSL_key_update => ossl_quic_key_update
2362 */
2363
2364 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2365 int ossl_quic_get_error(const SSL *s, int i)
2366 {
2367 QCTX ctx;
2368 int net_error, last_error;
2369
2370 /* SSL_get_errors() should not raise new errors */
2371 if (!is_quic_cs(s, &ctx, 0 /* suppress errors */))
2372 return SSL_ERROR_SSL;
2373
2374 qctx_lock(&ctx);
2375 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2376 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2377 qctx_unlock(&ctx);
2378
2379 if (net_error)
2380 return SSL_ERROR_SYSCALL;
2381
2382 return last_error;
2383 }
2384
2385 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2386 static int error_to_want(int error)
2387 {
2388 switch (error) {
2389 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2390 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2391 case SSL_ERROR_ZERO_RETURN:
2392 default:
2393 return SSL_NOTHING;
2394
2395 case SSL_ERROR_WANT_READ:
2396 return SSL_READING;
2397
2398 case SSL_ERROR_WANT_WRITE:
2399 return SSL_WRITING;
2400
2401 case SSL_ERROR_WANT_RETRY_VERIFY:
2402 return SSL_RETRY_VERIFY;
2403
2404 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2405 return SSL_CLIENT_HELLO_CB;
2406
2407 case SSL_ERROR_WANT_X509_LOOKUP:
2408 return SSL_X509_LOOKUP;
2409 }
2410 }
2411
2412 /* SSL_want */
ossl_quic_want(const SSL * s)2413 int ossl_quic_want(const SSL *s)
2414 {
2415 QCTX ctx;
2416 int w;
2417
2418 if (!expect_quic_cs(s, &ctx))
2419 return SSL_NOTHING;
2420
2421 qctx_lock(&ctx);
2422
2423 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2424
2425 qctx_unlock(&ctx);
2426 return w;
2427 }
2428
2429 /*
2430 * SSL_write
2431 * ---------
2432 *
2433 * The set of functions below provide the implementation of the public SSL_write
2434 * function. We must handle:
2435 *
2436 * - both blocking and non-blocking operation at the application level,
2437 * depending on how we are configured;
2438 *
2439 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2440 *
2441 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2442 *
2443 */
2444 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2445 static void quic_post_write(QUIC_XSO *xso, int did_append,
2446 int did_append_all, uint64_t flags,
2447 int do_tick)
2448 {
2449 /*
2450 * We have appended at least one byte to the stream.
2451 * Potentially mark stream as active, depending on FC.
2452 */
2453 if (did_append)
2454 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2455 xso->stream);
2456
2457 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2458 ossl_quic_sstream_fin(xso->stream->sstream);
2459
2460 /*
2461 * Try and send.
2462 *
2463 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2464 * immediately, plus we should eventually consider Nagle's algorithm.
2465 */
2466 if (do_tick)
2467 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2468 }
2469
2470 struct quic_write_again_args {
2471 QUIC_XSO *xso;
2472 const unsigned char *buf;
2473 size_t len;
2474 size_t total_written;
2475 int err;
2476 uint64_t flags;
2477 };
2478
2479 /*
2480 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2481 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2482 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2483 */
2484 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2485
2486 /*
2487 * Ensure spare buffer space available (up until a limit, at least).
2488 */
2489 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2490 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2491 {
2492 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2493 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2494 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2495 size_t new_sz, growth;
2496
2497 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2498 return 1;
2499
2500 growth = spare_ - avail;
2501 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2502 new_sz = MAX_WRITE_BUF_SIZE;
2503 else
2504 new_sz = cur_sz + growth;
2505
2506 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2507 }
2508
2509 /*
2510 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2511 * as needed according to flow control.
2512 */
2513 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2514 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2515 size_t len, size_t *actual_written)
2516 {
2517 QUIC_SSTREAM *sstream = xso->stream->sstream;
2518 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2519 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2520 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2521
2522 if (len > permitted)
2523 len = (size_t)permitted;
2524
2525 if (!sstream_ensure_spare(sstream, len))
2526 return 0;
2527
2528 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2529 }
2530
2531 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2532 static int quic_write_again(void *arg)
2533 {
2534 struct quic_write_again_args *args = arg;
2535 size_t actual_written = 0;
2536
2537 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2538 /* If connection is torn down due to an error while blocking, stop. */
2539 return -2;
2540
2541 if (!quic_validate_for_write(args->xso, &args->err))
2542 /*
2543 * Stream may have become invalid for write due to connection events
2544 * while we blocked.
2545 */
2546 return -2;
2547
2548 args->err = ERR_R_INTERNAL_ERROR;
2549 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2550 return -2;
2551
2552 quic_post_write(args->xso, actual_written > 0,
2553 args->len == actual_written, args->flags, 0);
2554
2555 args->buf += actual_written;
2556 args->len -= actual_written;
2557 args->total_written += actual_written;
2558
2559 if (args->len == 0)
2560 /* Written everything, done. */
2561 return 1;
2562
2563 /* Not written everything yet, keep trying. */
2564 return 0;
2565 }
2566
2567 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2568 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2569 uint64_t flags, size_t *written)
2570 {
2571 int res;
2572 QUIC_XSO *xso = ctx->xso;
2573 struct quic_write_again_args args;
2574 size_t actual_written = 0;
2575
2576 /* First make a best effort to append as much of the data as possible. */
2577 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2578 /* Stream already finished or allocation error. */
2579 *written = 0;
2580 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2581 }
2582
2583 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2584
2585 /*
2586 * Record however much data we wrote
2587 */
2588 *written = actual_written;
2589
2590 if (actual_written == len) {
2591 /* Managed to append everything on the first try. */
2592 return 1;
2593 }
2594
2595 /*
2596 * We did not manage to append all of the data immediately, so the stream
2597 * buffer has probably filled up. This means we need to block until some of
2598 * it is freed up.
2599 */
2600 args.xso = xso;
2601 args.buf = (const unsigned char *)buf + actual_written;
2602 args.len = len - actual_written;
2603 args.total_written = 0;
2604 args.err = ERR_R_INTERNAL_ERROR;
2605 args.flags = flags;
2606
2607 res = block_until_pred(ctx, quic_write_again, &args, 0);
2608 if (res <= 0) {
2609 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2610 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2611 else
2612 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2613 }
2614
2615 /*
2616 * When waiting on extra buffer space to be available, args.total_written
2617 * holds the amount of remaining data we requested to write, which will be
2618 * something less than the len parameter passed in, however much we wrote
2619 * here, add it to the value that we wrote when we initially called
2620 * xso_sstream_append
2621 */
2622 *written += args.total_written;
2623 return 1;
2624 }
2625
2626 /*
2627 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2628 * write semantics.
2629 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2630 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2631 size_t buf_len, size_t already_sent)
2632 {
2633 assert(!xso->aon_write_in_progress);
2634
2635 xso->aon_write_in_progress = 1;
2636 xso->aon_buf_base = buf;
2637 xso->aon_buf_pos = already_sent;
2638 xso->aon_buf_len = buf_len;
2639 }
2640
aon_write_finish(QUIC_XSO * xso)2641 static void aon_write_finish(QUIC_XSO *xso)
2642 {
2643 xso->aon_write_in_progress = 0;
2644 xso->aon_buf_base = NULL;
2645 xso->aon_buf_pos = 0;
2646 xso->aon_buf_len = 0;
2647 }
2648
2649 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2650 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2651 size_t len, uint64_t flags,
2652 size_t *written)
2653 {
2654 QUIC_XSO *xso = ctx->xso;
2655 const void *actual_buf;
2656 size_t actual_len, actual_written = 0;
2657 int accept_moving_buffer
2658 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2659
2660 if (xso->aon_write_in_progress) {
2661 /*
2662 * We are in the middle of an AON write (i.e., a previous write did not
2663 * manage to append all data to the SSTREAM and we have Enable Partial
2664 * Write (EPW) mode disabled.)
2665 */
2666 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2667 || len != xso->aon_buf_len)
2668 /*
2669 * Pointer must not have changed if we are not in accept moving
2670 * buffer mode. Length must never change.
2671 */
2672 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2673
2674 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2675 actual_len = len - xso->aon_buf_pos;
2676 assert(actual_len > 0);
2677 } else {
2678 actual_buf = buf;
2679 actual_len = len;
2680 }
2681
2682 /* First make a best effort to append as much of the data as possible. */
2683 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2684 /* Stream already finished or allocation error. */
2685 *written = 0;
2686 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2687 }
2688
2689 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2690 flags, qctx_should_autotick(ctx));
2691
2692 if (actual_written == actual_len) {
2693 /* We have sent everything. */
2694 if (xso->aon_write_in_progress) {
2695 /*
2696 * We have sent everything, and we were in the middle of an AON
2697 * write. The output write length is the total length of the AON
2698 * buffer, not however many bytes we managed to write to the stream
2699 * in this call.
2700 */
2701 *written = xso->aon_buf_len;
2702 aon_write_finish(xso);
2703 } else {
2704 *written = actual_written;
2705 }
2706
2707 return 1;
2708 }
2709
2710 if (xso->aon_write_in_progress) {
2711 /*
2712 * AON write is in progress but we have not written everything yet. We
2713 * may have managed to send zero bytes, or some number of bytes less
2714 * than the total remaining which need to be appended during this
2715 * AON operation.
2716 */
2717 xso->aon_buf_pos += actual_written;
2718 assert(xso->aon_buf_pos < xso->aon_buf_len);
2719 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2720 }
2721
2722 /*
2723 * Not in an existing AON operation but partial write is not enabled, so we
2724 * need to begin a new AON operation. However we needn't bother if we didn't
2725 * actually append anything.
2726 */
2727 if (actual_written > 0)
2728 aon_write_begin(xso, buf, len, actual_written);
2729
2730 /*
2731 * AON - We do not publicly admit to having appended anything until AON
2732 * completes.
2733 */
2734 *written = 0;
2735 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2736 }
2737
2738 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2739 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2740 uint64_t flags, size_t *written)
2741 {
2742 QUIC_XSO *xso = ctx->xso;
2743
2744 /* Simple best effort operation. */
2745 if (!xso_sstream_append(xso, buf, len, written)) {
2746 /* Stream already finished or allocation error. */
2747 *written = 0;
2748 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2749 }
2750
2751 quic_post_write(xso, *written > 0, *written == len, flags,
2752 qctx_should_autotick(ctx));
2753
2754 if (*written == 0)
2755 /* SSL_write_ex returns 0 if it didn't write anything. */
2756 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2757
2758 return 1;
2759 }
2760
2761 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2762 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2763 {
2764 QUIC_STREAM_MAP *qsm;
2765
2766 if (xso == NULL || xso->stream == NULL) {
2767 *err = ERR_R_INTERNAL_ERROR;
2768 return 0;
2769 }
2770
2771 switch (xso->stream->send_state) {
2772 default:
2773 case QUIC_SSTREAM_STATE_NONE:
2774 *err = SSL_R_STREAM_RECV_ONLY;
2775 return 0;
2776
2777 case QUIC_SSTREAM_STATE_READY:
2778 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2779
2780 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2781 *err = ERR_R_INTERNAL_ERROR;
2782 return 0;
2783 }
2784
2785 /* FALLTHROUGH */
2786 case QUIC_SSTREAM_STATE_SEND:
2787 case QUIC_SSTREAM_STATE_DATA_SENT:
2788 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2789 *err = SSL_R_STREAM_FINISHED;
2790 return 0;
2791 }
2792 return 1;
2793
2794 case QUIC_SSTREAM_STATE_DATA_RECVD:
2795 *err = SSL_R_STREAM_FINISHED;
2796 return 0;
2797
2798 case QUIC_SSTREAM_STATE_RESET_SENT:
2799 case QUIC_SSTREAM_STATE_RESET_RECVD:
2800 *err = SSL_R_STREAM_RESET;
2801 return 0;
2802 }
2803 }
2804
2805 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2806 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2807 uint64_t flags, size_t *written)
2808 {
2809 int ret;
2810 QCTX ctx;
2811 int partial_write, err;
2812
2813 *written = 0;
2814
2815 if (len == 0) {
2816 /* Do not autocreate default XSO for zero-length writes. */
2817 if (!expect_quic_cs(s, &ctx))
2818 return 0;
2819
2820 qctx_lock_for_io(&ctx);
2821 } else {
2822 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2823 return 0;
2824 }
2825
2826 partial_write = ((ctx.xso != NULL)
2827 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0)
2828 : 0);
2829
2830 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2831 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2832 goto out;
2833 }
2834
2835 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2836 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2837 goto out;
2838 }
2839
2840 /*
2841 * If we haven't finished the handshake, try to advance it.
2842 * We don't accept writes until the handshake is completed.
2843 */
2844 if (quic_do_handshake(&ctx) < 1) {
2845 ret = 0;
2846 goto out;
2847 }
2848
2849 /* Ensure correct stream state, stream send part not concluded, etc. */
2850 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2851 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2852 goto out;
2853 }
2854
2855 if (len == 0) {
2856 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2857 quic_post_write(ctx.xso, 0, 1, flags,
2858 qctx_should_autotick(&ctx));
2859
2860 ret = 1;
2861 goto out;
2862 }
2863
2864 if (qctx_blocking(&ctx))
2865 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2866 else if (partial_write)
2867 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2868 else
2869 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2870
2871 out:
2872 qctx_unlock(&ctx);
2873 return ret;
2874 }
2875
2876 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2877 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2878 {
2879 return ossl_quic_write_flags(s, buf, len, 0, written);
2880 }
2881
2882 /*
2883 * SSL_read
2884 * --------
2885 */
2886 struct quic_read_again_args {
2887 QCTX *ctx;
2888 QUIC_STREAM *stream;
2889 void *buf;
2890 size_t len;
2891 size_t *bytes_read;
2892 int peek;
2893 };
2894
2895 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2896 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2897 {
2898 QUIC_STREAM_MAP *qsm;
2899
2900 *eos = 0;
2901
2902 if (xso == NULL || xso->stream == NULL) {
2903 *err = ERR_R_INTERNAL_ERROR;
2904 return 0;
2905 }
2906
2907 switch (xso->stream->recv_state) {
2908 default:
2909 case QUIC_RSTREAM_STATE_NONE:
2910 *err = SSL_R_STREAM_SEND_ONLY;
2911 return 0;
2912
2913 case QUIC_RSTREAM_STATE_RECV:
2914 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2915 case QUIC_RSTREAM_STATE_DATA_RECVD:
2916 return 1;
2917
2918 case QUIC_RSTREAM_STATE_DATA_READ:
2919 *eos = 1;
2920 return 0;
2921
2922 case QUIC_RSTREAM_STATE_RESET_RECVD:
2923 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2924 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2925
2926 /* FALLTHROUGH */
2927 case QUIC_RSTREAM_STATE_RESET_READ:
2928 *err = SSL_R_STREAM_RESET;
2929 return 0;
2930 }
2931 }
2932
2933 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2934 static int quic_read_actual(QCTX *ctx,
2935 QUIC_STREAM *stream,
2936 void *buf, size_t buf_len,
2937 size_t *bytes_read,
2938 int peek)
2939 {
2940 int is_fin = 0, err, eos;
2941 QUIC_CONNECTION *qc = ctx->qc;
2942
2943 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2944 if (eos) {
2945 ctx->xso->retired_fin = 1;
2946 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2947 } else {
2948 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2949 }
2950 }
2951
2952 if (peek) {
2953 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2954 bytes_read, &is_fin))
2955 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2956
2957 } else {
2958 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2959 bytes_read, &is_fin))
2960 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2961 }
2962
2963 if (!peek) {
2964 if (*bytes_read > 0) {
2965 /*
2966 * We have read at least one byte from the stream. Inform stream-level
2967 * RXFC of the retirement of controlled bytes. Update the active stream
2968 * status (the RXFC may now want to emit a frame granting more credit to
2969 * the peer).
2970 */
2971 OSSL_RTT_INFO rtt_info;
2972
2973 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2974
2975 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2976 rtt_info.smoothed_rtt))
2977 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2978 }
2979
2980 if (is_fin && !peek) {
2981 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2982
2983 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2984 }
2985
2986 if (*bytes_read > 0)
2987 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2988 stream);
2989 }
2990
2991 if (*bytes_read == 0 && is_fin) {
2992 ctx->xso->retired_fin = 1;
2993 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2994 }
2995
2996 return 1;
2997 }
2998
2999 QUIC_NEEDS_LOCK
quic_read_again(void * arg)3000 static int quic_read_again(void *arg)
3001 {
3002 struct quic_read_again_args *args = arg;
3003
3004 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
3005 /* If connection is torn down due to an error while blocking, stop. */
3006 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3007 return -1;
3008 }
3009
3010 if (!quic_read_actual(args->ctx, args->stream,
3011 args->buf, args->len, args->bytes_read,
3012 args->peek))
3013 return -1;
3014
3015 if (*args->bytes_read > 0)
3016 /* got at least one byte, the SSL_read op can finish now */
3017 return 1;
3018
3019 return 0; /* did not read anything, keep trying */
3020 }
3021
3022 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)3023 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
3024 {
3025 int ret, res;
3026 QCTX ctx;
3027 struct quic_read_again_args args;
3028
3029 *bytes_read = 0;
3030
3031 if (!expect_quic_cs(s, &ctx))
3032 return 0;
3033
3034 qctx_lock_for_io(&ctx);
3035
3036 /* If we haven't finished the handshake, try to advance it. */
3037 if (quic_do_handshake(&ctx) < 1) {
3038 ret = 0; /* ossl_quic_do_handshake raised error here */
3039 goto out;
3040 }
3041
3042 if (ctx.xso == NULL) {
3043 /*
3044 * Called on a QCSO and we don't currently have a default stream.
3045 *
3046 * Wait until we get a stream initiated by the peer (blocking mode) or
3047 * fail if we don't have one yet (non-blocking mode).
3048 */
3049 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
3050 ret = 0; /* error already raised here */
3051 goto out;
3052 }
3053
3054 ctx.xso = ctx.qc->default_xso;
3055 }
3056
3057 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3058 ret = 0; /* quic_read_actual raised error here */
3059 goto out;
3060 }
3061
3062 if (*bytes_read > 0) {
3063 /*
3064 * Even though we succeeded, tick the reactor here to ensure we are
3065 * handling other aspects of the QUIC connection.
3066 */
3067 if (quic_mutation_allowed(ctx.qc, /*req_active=*/0))
3068 qctx_maybe_autotick(&ctx);
3069
3070 ret = 1;
3071 } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
3072 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3073 goto out;
3074 } else if (qctx_blocking(&ctx)) {
3075 /*
3076 * We were not able to read anything immediately, so our stream
3077 * buffer is empty. This means we need to block until we get
3078 * at least one byte.
3079 */
3080 args.ctx = &ctx;
3081 args.stream = ctx.xso->stream;
3082 args.buf = buf;
3083 args.len = len;
3084 args.bytes_read = bytes_read;
3085 args.peek = peek;
3086
3087 res = block_until_pred(&ctx, quic_read_again, &args, 0);
3088 if (res == 0) {
3089 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3090 goto out;
3091 } else if (res < 0) {
3092 ret = 0; /* quic_read_again raised error here */
3093 goto out;
3094 }
3095
3096 ret = 1;
3097 } else {
3098 /*
3099 * We did not get any bytes and are not in blocking mode.
3100 * Tick to see if this delivers any more.
3101 */
3102 qctx_maybe_autotick(&ctx);
3103
3104 /* Try the read again. */
3105 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3106 ret = 0; /* quic_read_actual raised error here */
3107 goto out;
3108 }
3109
3110 if (*bytes_read > 0)
3111 ret = 1; /* Succeeded this time. */
3112 else
3113 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
3114 }
3115
3116 out:
3117 qctx_unlock(&ctx);
3118 return ret;
3119 }
3120
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)3121 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
3122 {
3123 return quic_read(s, buf, len, bytes_read, 0);
3124 }
3125
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)3126 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
3127 {
3128 return quic_read(s, buf, len, bytes_read, 1);
3129 }
3130
3131 /*
3132 * SSL_pending
3133 * -----------
3134 */
3135
3136 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)3137 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
3138 {
3139 QCTX ctx;
3140 size_t avail = 0;
3141
3142 if (!expect_quic_cs(s, &ctx))
3143 return 0;
3144
3145 qctx_lock(&ctx);
3146
3147 if (!ctx.qc->started)
3148 goto out;
3149
3150 if (ctx.xso == NULL) {
3151 /* No XSO yet, but there might be a default XSO eligible to be created. */
3152 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
3153 ctx.xso = ctx.qc->default_xso;
3154 } else {
3155 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
3156 goto out;
3157 }
3158 }
3159
3160 if (ctx.xso->stream == NULL) {
3161 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3162 goto out;
3163 }
3164
3165 if (check_channel)
3166 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3167 /*include_fin=*/1)
3168 || ossl_quic_channel_has_pending(ctx.qc->ch)
3169 || ossl_quic_channel_is_term_any(ctx.qc->ch);
3170 else
3171 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3172 /*include_fin=*/0);
3173
3174 out:
3175 qctx_unlock(&ctx);
3176 return avail;
3177 }
3178
ossl_quic_pending(const SSL * s)3179 size_t ossl_quic_pending(const SSL *s)
3180 {
3181 return ossl_quic_pending_int(s, /*check_channel=*/0);
3182 }
3183
ossl_quic_has_pending(const SSL * s)3184 int ossl_quic_has_pending(const SSL *s)
3185 {
3186 /* Do we have app-side pending data or pending URXEs or RXEs? */
3187 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
3188 }
3189
3190 /*
3191 * SSL_stream_conclude
3192 * -------------------
3193 */
3194 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)3195 int ossl_quic_conn_stream_conclude(SSL *s)
3196 {
3197 QCTX ctx;
3198 QUIC_STREAM *qs;
3199 int err;
3200 int ret;
3201
3202 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
3203 return 0;
3204
3205 qs = ctx.xso->stream;
3206
3207 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
3208 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3209 qctx_unlock(&ctx);
3210 return ret;
3211 }
3212
3213 if (!quic_validate_for_write(ctx.xso, &err)) {
3214 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3215 qctx_unlock(&ctx);
3216 return ret;
3217 }
3218
3219 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
3220 qctx_unlock(&ctx);
3221 return 1;
3222 }
3223
3224 ossl_quic_sstream_fin(qs->sstream);
3225 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
3226 qctx_unlock(&ctx);
3227 return 1;
3228 }
3229
3230 /*
3231 * SSL_inject_net_dgram
3232 * --------------------
3233 */
3234 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)3235 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
3236 size_t buf_len,
3237 const BIO_ADDR *peer,
3238 const BIO_ADDR *local)
3239 {
3240 int ret = 0;
3241 QCTX ctx;
3242 QUIC_DEMUX *demux;
3243 QUIC_PORT *port;
3244
3245 if (!expect_quic_csl(s, &ctx))
3246 return 0;
3247
3248 qctx_lock(&ctx);
3249
3250 port = ossl_quic_obj_get0_port(ctx.obj);
3251 if (port == NULL) {
3252 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
3253 goto err;
3254 }
3255
3256 demux = ossl_quic_port_get0_demux(port);
3257 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
3258
3259 err:
3260 qctx_unlock(&ctx);
3261 return ret;
3262 }
3263
3264 /*
3265 * SSL_get0_connection
3266 * -------------------
3267 */
ossl_quic_get0_connection(SSL * s)3268 SSL *ossl_quic_get0_connection(SSL *s)
3269 {
3270 QCTX ctx;
3271
3272 if (!expect_quic_cs(s, &ctx))
3273 return NULL;
3274
3275 return &ctx.qc->obj.ssl;
3276 }
3277
3278 /*
3279 * SSL_get0_listener
3280 * -----------------
3281 */
ossl_quic_get0_listener(SSL * s)3282 SSL *ossl_quic_get0_listener(SSL *s)
3283 {
3284 QCTX ctx;
3285
3286 if (!expect_quic_csl(s, &ctx))
3287 return NULL;
3288
3289 return ctx.ql != NULL ? &ctx.ql->obj.ssl : NULL;
3290 }
3291
3292 /*
3293 * SSL_get0_domain
3294 * ---------------
3295 */
ossl_quic_get0_domain(SSL * s)3296 SSL *ossl_quic_get0_domain(SSL *s)
3297 {
3298 QCTX ctx;
3299
3300 if (!expect_quic_any(s, &ctx))
3301 return NULL;
3302
3303 return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL;
3304 }
3305
3306 /*
3307 * SSL_get_domain_flags
3308 * --------------------
3309 */
ossl_quic_get_domain_flags(const SSL * ssl,uint64_t * domain_flags)3310 int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags)
3311 {
3312 QCTX ctx;
3313
3314 if (!expect_quic_any(ssl, &ctx))
3315 return 0;
3316
3317 if (domain_flags != NULL)
3318 *domain_flags = ctx.obj->domain_flags;
3319
3320 return 1;
3321 }
3322
3323 /*
3324 * SSL_get_stream_type
3325 * -------------------
3326 */
ossl_quic_get_stream_type(SSL * s)3327 int ossl_quic_get_stream_type(SSL *s)
3328 {
3329 QCTX ctx;
3330
3331 if (!expect_quic_cs(s, &ctx))
3332 return SSL_STREAM_TYPE_BIDI;
3333
3334 if (ctx.xso == NULL) {
3335 /*
3336 * If deferred XSO creation has yet to occur, proceed according to the
3337 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
3338 * what kind of stream will be created yet, so return BIDI on the basis
3339 * that at this time, the client still has the option of calling
3340 * SSL_read() or SSL_write() first.
3341 */
3342 if (ctx.qc->default_xso_created
3343 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3344 return SSL_STREAM_TYPE_NONE;
3345 else
3346 return SSL_STREAM_TYPE_BIDI;
3347 }
3348
3349 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3350 return SSL_STREAM_TYPE_BIDI;
3351
3352 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3353 return SSL_STREAM_TYPE_READ;
3354 else
3355 return SSL_STREAM_TYPE_WRITE;
3356 }
3357
3358 /*
3359 * SSL_get_stream_id
3360 * -----------------
3361 */
3362 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3363 uint64_t ossl_quic_get_stream_id(SSL *s)
3364 {
3365 QCTX ctx;
3366 uint64_t id;
3367
3368 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3369 return UINT64_MAX;
3370
3371 id = ctx.xso->stream->id;
3372 qctx_unlock(&ctx);
3373
3374 return id;
3375 }
3376
3377 /*
3378 * SSL_is_stream_local
3379 * -------------------
3380 */
3381 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3382 int ossl_quic_is_stream_local(SSL *s)
3383 {
3384 QCTX ctx;
3385 int is_local;
3386
3387 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3388 return -1;
3389
3390 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3391 qctx_unlock(&ctx);
3392
3393 return is_local;
3394 }
3395
3396 /*
3397 * SSL_set_default_stream_mode
3398 * ---------------------------
3399 */
3400 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3401 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3402 {
3403 QCTX ctx;
3404
3405 if (!expect_quic_conn_only(s, &ctx))
3406 return 0;
3407
3408 qctx_lock(&ctx);
3409
3410 if (ctx.qc->default_xso_created) {
3411 qctx_unlock(&ctx);
3412 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3413 "too late to change default stream mode");
3414 }
3415
3416 switch (mode) {
3417 case SSL_DEFAULT_STREAM_MODE_NONE:
3418 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3419 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3420 ctx.qc->default_stream_mode = mode;
3421 break;
3422 default:
3423 qctx_unlock(&ctx);
3424 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3425 "bad default stream type");
3426 }
3427
3428 qctx_unlock(&ctx);
3429 return 1;
3430 }
3431
3432 /*
3433 * SSL_detach_stream
3434 * -----------------
3435 */
3436 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3437 SSL *ossl_quic_detach_stream(SSL *s)
3438 {
3439 QCTX ctx;
3440 QUIC_XSO *xso = NULL;
3441
3442 if (!expect_quic_conn_only(s, &ctx))
3443 return NULL;
3444
3445 qctx_lock(&ctx);
3446
3447 /* Calling this function inhibits default XSO autocreation. */
3448 /* QC ref to any default XSO is transferred to us and to caller. */
3449 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3450
3451 qctx_unlock(&ctx);
3452
3453 return xso != NULL ? &xso->obj.ssl : NULL;
3454 }
3455
3456 /*
3457 * SSL_attach_stream
3458 * -----------------
3459 */
3460 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3461 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3462 {
3463 QCTX ctx;
3464 QUIC_XSO *xso;
3465 int nref;
3466
3467 if (!expect_quic_conn_only(conn, &ctx))
3468 return 0;
3469
3470 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3471 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3472 "stream to attach must be a valid QUIC stream");
3473
3474 xso = (QUIC_XSO *)stream;
3475
3476 qctx_lock(&ctx);
3477
3478 if (ctx.qc->default_xso != NULL) {
3479 qctx_unlock(&ctx);
3480 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3481 "connection already has a default stream");
3482 }
3483
3484 /*
3485 * It is a caller error for the XSO being attached as a default XSO to have
3486 * more than one ref.
3487 */
3488 if (!CRYPTO_GET_REF(&xso->obj.ssl.references, &nref)) {
3489 qctx_unlock(&ctx);
3490 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3491 "ref");
3492 }
3493
3494 if (nref != 1) {
3495 qctx_unlock(&ctx);
3496 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3497 "stream being attached must have "
3498 "only 1 reference");
3499 }
3500
3501 /* Caller's reference to the XSO is transferred to us. */
3502 /* Calling this function inhibits default XSO autocreation. */
3503 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3504
3505 qctx_unlock(&ctx);
3506 return 1;
3507 }
3508
3509 /*
3510 * SSL_set_incoming_stream_policy
3511 * ------------------------------
3512 */
3513 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3514 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3515 {
3516 switch (qc->incoming_stream_policy) {
3517 case SSL_INCOMING_STREAM_POLICY_AUTO:
3518 if ((qc->default_xso == NULL && !qc->default_xso_created)
3519 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3520 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3521 else
3522 return SSL_INCOMING_STREAM_POLICY_REJECT;
3523
3524 default:
3525 return qc->incoming_stream_policy;
3526 }
3527 }
3528
3529 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3530 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3531 {
3532 int policy = qc_get_effective_incoming_stream_policy(qc);
3533 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3534
3535 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3536 enable_reject,
3537 qc->incoming_stream_aec);
3538 }
3539
3540 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3541 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3542 uint64_t aec)
3543 {
3544 int ret = 1;
3545 QCTX ctx;
3546
3547 if (!expect_quic_conn_only(s, &ctx))
3548 return 0;
3549
3550 qctx_lock(&ctx);
3551
3552 switch (policy) {
3553 case SSL_INCOMING_STREAM_POLICY_AUTO:
3554 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3555 case SSL_INCOMING_STREAM_POLICY_REJECT:
3556 ctx.qc->incoming_stream_policy = policy;
3557 ctx.qc->incoming_stream_aec = aec;
3558 break;
3559
3560 default:
3561 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3562 ret = 0;
3563 break;
3564 }
3565
3566 qc_update_reject_policy(ctx.qc);
3567 qctx_unlock(&ctx);
3568 return ret;
3569 }
3570
3571 /*
3572 * SSL_get_value, SSL_set_value
3573 * ----------------------------
3574 */
3575 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3576 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3577 uint64_t *p_value_out, uint64_t *p_value_in)
3578 {
3579 int ret = 0;
3580 uint64_t value_out = 0, value_in;
3581
3582 qctx_lock(ctx);
3583
3584 switch (class_) {
3585 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3586 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3587
3588 if (p_value_in != NULL) {
3589 value_in = *p_value_in;
3590 if (value_in > OSSL_QUIC_VLINT_MAX) {
3591 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3592 NULL);
3593 goto err;
3594 }
3595
3596 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3597 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3598 NULL);
3599 goto err;
3600 }
3601
3602 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3603 }
3604 break;
3605
3606 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3607 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3608 if (p_value_in != NULL) {
3609 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3610 NULL);
3611 goto err;
3612 }
3613
3614 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3615 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3616 NULL);
3617 goto err;
3618 }
3619
3620 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3621 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3622 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3623 break;
3624
3625 default:
3626 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3627 NULL);
3628 goto err;
3629 }
3630
3631 ret = 1;
3632 err:
3633 qctx_unlock(ctx);
3634 if (ret && p_value_out != NULL)
3635 *p_value_out = value_out;
3636
3637 return ret;
3638 }
3639
3640 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3641 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3642 int is_uni, int is_remote,
3643 uint64_t *value)
3644 {
3645 int ret = 0;
3646
3647 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3648 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3649 NULL);
3650 return 0;
3651 }
3652
3653 qctx_lock(ctx);
3654
3655 *value = is_remote
3656 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3657 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3658
3659 ret = 1;
3660 qctx_unlock(ctx);
3661 return ret;
3662 }
3663
3664 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3665 static int qctx_should_autotick(QCTX *ctx)
3666 {
3667 int event_handling_mode;
3668 QUIC_OBJ *obj = ctx->obj;
3669
3670 for (; (event_handling_mode = obj->event_handling_mode) == SSL_VALUE_EVENT_HANDLING_MODE_INHERIT
3671 && obj->parent_obj != NULL;
3672 obj = obj->parent_obj)
3673 ;
3674
3675 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3676 }
3677
3678 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3679 static void qctx_maybe_autotick(QCTX *ctx)
3680 {
3681 if (!qctx_should_autotick(ctx))
3682 return;
3683
3684 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx->obj), 0);
3685 }
3686
3687 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3688 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3689 uint64_t *p_value_out,
3690 uint64_t *p_value_in)
3691 {
3692 int ret = 0;
3693 uint64_t value_out = 0;
3694
3695 qctx_lock(ctx);
3696
3697 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3698 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3699 NULL);
3700 goto err;
3701 }
3702
3703 if (p_value_in != NULL) {
3704 switch (*p_value_in) {
3705 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3706 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3707 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3708 break;
3709 default:
3710 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3711 NULL);
3712 goto err;
3713 }
3714
3715 value_out = *p_value_in;
3716 ctx->obj->event_handling_mode = (int)value_out;
3717 } else {
3718 value_out = ctx->obj->event_handling_mode;
3719 }
3720
3721 ret = 1;
3722 err:
3723 qctx_unlock(ctx);
3724 if (ret && p_value_out != NULL)
3725 *p_value_out = value_out;
3726
3727 return ret;
3728 }
3729
3730 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3731 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3732 uint64_t *p_value_out,
3733 size_t (*getter)(QUIC_SSTREAM *sstream))
3734 {
3735 int ret = 0;
3736 size_t value = 0;
3737
3738 qctx_lock(ctx);
3739
3740 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3741 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3742 NULL);
3743 goto err;
3744 }
3745
3746 if (ctx->xso == NULL) {
3747 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3748 goto err;
3749 }
3750
3751 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3752 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3753 goto err;
3754 }
3755
3756 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3757 value = getter(ctx->xso->stream->sstream);
3758
3759 ret = 1;
3760 err:
3761 qctx_unlock(ctx);
3762 *p_value_out = (uint64_t)value;
3763 return ret;
3764 }
3765
3766 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3767 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3768 {
3769 switch (id) {
3770 case SSL_VALUE_EVENT_HANDLING_MODE:
3771 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3772 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3773 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3774 return expect_quic_cs(s, ctx);
3775 default:
3776 return expect_quic_conn_only(s, ctx);
3777 }
3778 }
3779
3780 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3781 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3782 uint64_t *value)
3783 {
3784 QCTX ctx;
3785
3786 if (!expect_quic_for_value(s, &ctx, id))
3787 return 0;
3788
3789 if (value == NULL)
3790 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3791 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3792
3793 switch (id) {
3794 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3795 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3796
3797 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3798 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3799 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3800 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3801 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3802 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3803 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3804 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3805
3806 case SSL_VALUE_EVENT_HANDLING_MODE:
3807 return qc_getset_event_handling(&ctx, class_, value, NULL);
3808
3809 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3810 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3811 ossl_quic_sstream_get_buffer_size);
3812 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3813 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3814 ossl_quic_sstream_get_buffer_used);
3815 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3816 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3817 ossl_quic_sstream_get_buffer_avail);
3818
3819 default:
3820 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3821 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3822 }
3823
3824 return 1;
3825 }
3826
3827 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3828 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3829 uint64_t value)
3830 {
3831 QCTX ctx;
3832
3833 if (!expect_quic_for_value(s, &ctx, id))
3834 return 0;
3835
3836 switch (id) {
3837 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3838 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3839
3840 case SSL_VALUE_EVENT_HANDLING_MODE:
3841 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3842
3843 default:
3844 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3845 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3846 }
3847
3848 return 1;
3849 }
3850
3851 /*
3852 * SSL_accept_stream
3853 * -----------------
3854 */
3855 struct wait_for_incoming_stream_args {
3856 QCTX *ctx;
3857 QUIC_STREAM *qs;
3858 };
3859
3860 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3861 static int wait_for_incoming_stream(void *arg)
3862 {
3863 struct wait_for_incoming_stream_args *args = arg;
3864 QUIC_CONNECTION *qc = args->ctx->qc;
3865 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3866
3867 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3868 /* If connection is torn down due to an error while blocking, stop. */
3869 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3870 return -1;
3871 }
3872
3873 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3874 if (args->qs != NULL)
3875 return 1; /* got a stream */
3876
3877 return 0; /* did not get a stream, keep trying */
3878 }
3879
3880 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3881 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3882 {
3883 QCTX ctx;
3884 int ret;
3885 SSL *new_s = NULL;
3886 QUIC_STREAM_MAP *qsm;
3887 QUIC_STREAM *qs;
3888 QUIC_XSO *xso;
3889 OSSL_RTT_INFO rtt_info;
3890
3891 if (!expect_quic_conn_only(s, &ctx))
3892 return NULL;
3893
3894 qctx_lock(&ctx);
3895
3896 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3897 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3898 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3899 goto out;
3900 }
3901
3902 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3903
3904 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3905 if (qs == NULL) {
3906 if (qctx_blocking(&ctx)
3907 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3908 struct wait_for_incoming_stream_args args;
3909
3910 args.ctx = &ctx;
3911 args.qs = NULL;
3912
3913 ret = block_until_pred(&ctx, wait_for_incoming_stream, &args, 0);
3914 if (ret == 0) {
3915 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3916 goto out;
3917 } else if (ret < 0 || args.qs == NULL) {
3918 goto out;
3919 }
3920
3921 qs = args.qs;
3922 } else {
3923 goto out;
3924 }
3925 }
3926
3927 xso = create_xso_from_stream(ctx.qc, qs);
3928 if (xso == NULL)
3929 goto out;
3930
3931 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3932 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3933 rtt_info.smoothed_rtt);
3934 new_s = &xso->obj.ssl;
3935
3936 /* Calling this function inhibits default XSO autocreation. */
3937 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3938
3939 out:
3940 qctx_unlock(&ctx);
3941 return new_s;
3942 }
3943
3944 /*
3945 * SSL_get_accept_stream_queue_len
3946 * -------------------------------
3947 */
3948 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3949 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3950 {
3951 QCTX ctx;
3952 size_t v;
3953
3954 if (!expect_quic_conn_only(s, &ctx))
3955 return 0;
3956
3957 qctx_lock(&ctx);
3958
3959 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3960
3961 qctx_unlock(&ctx);
3962 return v;
3963 }
3964
3965 /*
3966 * SSL_stream_reset
3967 * ----------------
3968 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3969 int ossl_quic_stream_reset(SSL *ssl,
3970 const SSL_STREAM_RESET_ARGS *args,
3971 size_t args_len)
3972 {
3973 QCTX ctx;
3974 QUIC_STREAM_MAP *qsm;
3975 QUIC_STREAM *qs;
3976 uint64_t error_code;
3977 int ok, err;
3978
3979 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3980 return 0;
3981
3982 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3983 qs = ctx.xso->stream;
3984 error_code = (args != NULL ? args->quic_error_code : 0);
3985
3986 if (!quic_validate_for_write(ctx.xso, &err)) {
3987 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3988 goto err;
3989 }
3990
3991 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3992 if (ok)
3993 ctx.xso->requested_reset = 1;
3994
3995 err:
3996 qctx_unlock(&ctx);
3997 return ok;
3998 }
3999
4000 /*
4001 * SSL_get_stream_read_state
4002 * -------------------------
4003 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)4004 static void quic_classify_stream(QUIC_CONNECTION *qc,
4005 QUIC_STREAM *qs,
4006 int is_write,
4007 int *state,
4008 uint64_t *app_error_code)
4009 {
4010 int local_init;
4011 uint64_t final_size;
4012
4013 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
4014
4015 if (app_error_code != NULL)
4016 *app_error_code = UINT64_MAX;
4017 else
4018 app_error_code = &final_size; /* throw away value */
4019
4020 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
4021 /*
4022 * Unidirectional stream and this direction of transmission doesn't
4023 * exist.
4024 */
4025 *state = SSL_STREAM_STATE_WRONG_DIR;
4026 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
4027 /* Connection already closed. */
4028 *state = SSL_STREAM_STATE_CONN_CLOSED;
4029 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
4030 /* Application has read a FIN. */
4031 *state = SSL_STREAM_STATE_FINISHED;
4032 } else if ((!is_write && qs->stop_sending)
4033 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
4034 /*
4035 * Stream has been reset locally. FIN takes precedence over this for the
4036 * read case as the application need not care if the stream is reset
4037 * after a FIN has been successfully processed.
4038 */
4039 *state = SSL_STREAM_STATE_RESET_LOCAL;
4040 *app_error_code = !is_write
4041 ? qs->stop_sending_aec
4042 : qs->reset_stream_aec;
4043 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
4044 || (is_write && qs->peer_stop_sending)) {
4045 /*
4046 * Stream has been reset remotely. */
4047 *state = SSL_STREAM_STATE_RESET_REMOTE;
4048 *app_error_code = !is_write
4049 ? qs->peer_reset_stream_aec
4050 : qs->peer_stop_sending_aec;
4051 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream, &final_size)) {
4052 /*
4053 * Stream has been finished. Stream reset takes precedence over this for
4054 * the write case as peer may not have received all data.
4055 */
4056 *state = SSL_STREAM_STATE_FINISHED;
4057 } else {
4058 /* Stream still healthy. */
4059 *state = SSL_STREAM_STATE_OK;
4060 }
4061 }
4062
quic_get_stream_state(SSL * ssl,int is_write)4063 static int quic_get_stream_state(SSL *ssl, int is_write)
4064 {
4065 QCTX ctx;
4066 int state;
4067
4068 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4069 return SSL_STREAM_STATE_NONE;
4070
4071 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
4072 qctx_unlock(&ctx);
4073 return state;
4074 }
4075
ossl_quic_get_stream_read_state(SSL * ssl)4076 int ossl_quic_get_stream_read_state(SSL *ssl)
4077 {
4078 return quic_get_stream_state(ssl, /*is_write=*/0);
4079 }
4080
4081 /*
4082 * SSL_get_stream_write_state
4083 * --------------------------
4084 */
ossl_quic_get_stream_write_state(SSL * ssl)4085 int ossl_quic_get_stream_write_state(SSL *ssl)
4086 {
4087 return quic_get_stream_state(ssl, /*is_write=*/1);
4088 }
4089
4090 /*
4091 * SSL_get_stream_read_error_code
4092 * ------------------------------
4093 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)4094 static int quic_get_stream_error_code(SSL *ssl, int is_write,
4095 uint64_t *app_error_code)
4096 {
4097 QCTX ctx;
4098 int state;
4099
4100 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4101 return -1;
4102
4103 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write,
4104 &state, app_error_code);
4105
4106 qctx_unlock(&ctx);
4107 switch (state) {
4108 case SSL_STREAM_STATE_FINISHED:
4109 return 0;
4110 case SSL_STREAM_STATE_RESET_LOCAL:
4111 case SSL_STREAM_STATE_RESET_REMOTE:
4112 return 1;
4113 default:
4114 return -1;
4115 }
4116 }
4117
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)4118 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
4119 {
4120 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
4121 }
4122
4123 /*
4124 * SSL_get_stream_write_error_code
4125 * -------------------------------
4126 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)4127 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
4128 {
4129 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
4130 }
4131
4132 /*
4133 * Write buffer size mutation
4134 * --------------------------
4135 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)4136 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
4137 {
4138 int ret = 0;
4139 QCTX ctx;
4140
4141 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4142 return 0;
4143
4144 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
4145 /* Called on a unidirectional receive-only stream - error. */
4146 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
4147 goto out;
4148 }
4149
4150 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
4151 /*
4152 * If the stream has a send part but we have disposed of it because we
4153 * no longer need it, this is a no-op.
4154 */
4155 ret = 1;
4156 goto out;
4157 }
4158
4159 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
4160 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
4161 goto out;
4162 }
4163
4164 ret = 1;
4165
4166 out:
4167 qctx_unlock(&ctx);
4168 return ret;
4169 }
4170
4171 /*
4172 * SSL_get_conn_close_info
4173 * -----------------------
4174 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)4175 int ossl_quic_get_conn_close_info(SSL *ssl,
4176 SSL_CONN_CLOSE_INFO *info,
4177 size_t info_len)
4178 {
4179 QCTX ctx;
4180 const QUIC_TERMINATE_CAUSE *tc;
4181
4182 if (!expect_quic_conn_only(ssl, &ctx))
4183 return -1;
4184
4185 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
4186 if (tc == NULL)
4187 return 0;
4188
4189 info->error_code = tc->error_code;
4190 info->frame_type = tc->frame_type;
4191 info->reason = tc->reason;
4192 info->reason_len = tc->reason_len;
4193 info->flags = 0;
4194 if (!tc->remote)
4195 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
4196 if (!tc->app)
4197 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
4198 return 1;
4199 }
4200
4201 /*
4202 * SSL_key_update
4203 * --------------
4204 */
ossl_quic_key_update(SSL * ssl,int update_type)4205 int ossl_quic_key_update(SSL *ssl, int update_type)
4206 {
4207 QCTX ctx;
4208
4209 if (!expect_quic_conn_only(ssl, &ctx))
4210 return 0;
4211
4212 switch (update_type) {
4213 case SSL_KEY_UPDATE_NOT_REQUESTED:
4214 /*
4215 * QUIC signals peer key update implicily by triggering a local
4216 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
4217 */
4218 case SSL_KEY_UPDATE_REQUESTED:
4219 break;
4220
4221 default:
4222 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4223 return 0;
4224 }
4225
4226 qctx_lock(&ctx);
4227
4228 /* Attempt to perform a TXKU. */
4229 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
4230 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
4231 qctx_unlock(&ctx);
4232 return 0;
4233 }
4234
4235 qctx_unlock(&ctx);
4236 return 1;
4237 }
4238
4239 /*
4240 * SSL_get_key_update_type
4241 * -----------------------
4242 */
ossl_quic_get_key_update_type(const SSL * s)4243 int ossl_quic_get_key_update_type(const SSL *s)
4244 {
4245 /*
4246 * We always handle key updates immediately so a key update is never
4247 * pending.
4248 */
4249 return SSL_KEY_UPDATE_NONE;
4250 }
4251
4252 /**
4253 * @brief Allocates an SSL object for a user from a QUIC channel.
4254 *
4255 * This function creates a new QUIC_CONNECTION object based on an incoming
4256 * connection associated with the provided QUIC_LISTENER. If the connection
4257 * creation fails, the function returns NULL. Otherwise, it returns a pointer
4258 * to the SSL object associated with the newly created connection.
4259 *
4260 * Note: This function is a registered port callback made from
4261 * ossl_quic_new_listener and ossl_quic_new_listener_from, and allows for
4262 * pre-allocation of the user_ssl object when a channel is created, rather than
4263 * when it is accepted
4264 *
4265 * @param ch Pointer to the QUIC_CHANNEL representing the incoming connection.
4266 * @param arg Pointer to a QUIC_LISTENER used to create the connection.
4267 *
4268 * @return Pointer to the SSL object on success, or NULL on failure.
4269 */
alloc_port_user_ssl(QUIC_CHANNEL * ch,void * arg)4270 static SSL *alloc_port_user_ssl(QUIC_CHANNEL *ch, void *arg)
4271 {
4272 QUIC_LISTENER *ql = arg;
4273 QUIC_CONNECTION *qc = create_qc_from_incoming_conn(ql, ch);
4274
4275 return (qc == NULL) ? NULL : &qc->obj.ssl;
4276 }
4277
4278 /*
4279 * QUIC Front-End I/O API: Listeners
4280 * =================================
4281 */
4282
4283 /*
4284 * SSL_new_listener
4285 * ----------------
4286 */
ossl_quic_new_listener(SSL_CTX * ctx,uint64_t flags)4287 SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags)
4288 {
4289 QUIC_LISTENER *ql = NULL;
4290 QUIC_ENGINE_ARGS engine_args = { 0 };
4291 QUIC_PORT_ARGS port_args = { 0 };
4292
4293 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4294 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4295 goto err;
4296 }
4297
4298 #if defined(OPENSSL_THREADS)
4299 if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) {
4300 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4301 goto err;
4302 }
4303 #endif
4304
4305 engine_args.libctx = ctx->libctx;
4306 engine_args.propq = ctx->propq;
4307 #if defined(OPENSSL_THREADS)
4308 engine_args.mutex = ql->mutex;
4309 #endif
4310
4311 if (need_notifier_for_domain_flags(ctx->domain_flags))
4312 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
4313
4314 if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
4315 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4316 goto err;
4317 }
4318
4319 port_args.channel_ctx = ctx;
4320 port_args.is_multi_conn = 1;
4321 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4322 port_args.user_ssl_arg = ql;
4323 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4324 port_args.do_addr_validation = 1;
4325 ql->port = ossl_quic_engine_create_port(ql->engine, &port_args);
4326 if (ql->port == NULL) {
4327 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4328 goto err;
4329 }
4330
4331 /* TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT */
4332
4333 ossl_quic_port_set_allow_incoming(ql->port, 1);
4334
4335 /* Initialise the QUIC_LISTENER's object header. */
4336 if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL,
4337 ql->engine, ql->port))
4338 goto err;
4339
4340 return &ql->obj.ssl;
4341
4342 err:
4343 if (ql != NULL)
4344 ossl_quic_engine_free(ql->engine);
4345
4346 #if defined(OPENSSL_THREADS)
4347 ossl_crypto_mutex_free(&ql->mutex);
4348 #endif
4349 OPENSSL_free(ql);
4350 return NULL;
4351 }
4352
4353 /*
4354 * SSL_new_listener_from
4355 * ---------------------
4356 */
ossl_quic_new_listener_from(SSL * ssl,uint64_t flags)4357 SSL *ossl_quic_new_listener_from(SSL *ssl, uint64_t flags)
4358 {
4359 QCTX ctx;
4360 QUIC_LISTENER *ql = NULL;
4361 QUIC_PORT_ARGS port_args = { 0 };
4362
4363 if (!expect_quic_domain(ssl, &ctx))
4364 return NULL;
4365
4366 if (!SSL_up_ref(&ctx.qd->obj.ssl))
4367 return NULL;
4368
4369 qctx_lock(&ctx);
4370
4371 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4372 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4373 goto err;
4374 }
4375
4376 port_args.channel_ctx = ssl->ctx;
4377 port_args.is_multi_conn = 1;
4378 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4379 port_args.user_ssl_arg = ql;
4380 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4381 port_args.do_addr_validation = 1;
4382 ql->port = ossl_quic_engine_create_port(ctx.qd->engine, &port_args);
4383 if (ql->port == NULL) {
4384 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4385 goto err;
4386 }
4387
4388 ql->domain = ctx.qd;
4389 ql->engine = ctx.qd->engine;
4390 #if defined(OPENSSL_THREADS)
4391 ql->mutex = ctx.qd->mutex;
4392 #endif
4393
4394 /*
4395 * TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT
4396 * Given that we have apis to create client SSL objects from
4397 * server SSL objects (see SSL_new_from_listener), we have aspirations
4398 * to enable a flag that allows for the creation of the latter, but not
4399 * be used to do accept any connections. This is a placeholder for the
4400 * implementation of that flag
4401 */
4402
4403 ossl_quic_port_set_allow_incoming(ql->port, 1);
4404
4405 /* Initialise the QUIC_LISTENER's object header. */
4406 if (!ossl_quic_obj_init(&ql->obj, ssl->ctx, SSL_TYPE_QUIC_LISTENER,
4407 &ctx.qd->obj.ssl, NULL, ql->port))
4408 goto err;
4409
4410 qctx_unlock(&ctx);
4411 return &ql->obj.ssl;
4412
4413 err:
4414 if (ql != NULL)
4415 ossl_quic_port_free(ql->port);
4416
4417 OPENSSL_free(ql);
4418 qctx_unlock(&ctx);
4419 SSL_free(&ctx.qd->obj.ssl);
4420
4421 return NULL;
4422 }
4423
4424 /*
4425 * SSL_new_from_listener
4426 * ---------------------
4427 * code here is derived from ossl_quic_new(). The `ssl` argument is
4428 * a listener object which already comes with QUIC port/engine. The newly
4429 * created QUIC connection object (QCSO) is going to share the port/engine
4430 * with listener (`ssl`). The `ssl` also becomes a parent of QCSO created
4431 * by this function. The caller uses QCSO instance to connect to
4432 * remote QUIC server.
4433 *
4434 * The QCSO created here requires us to also create a channel so we
4435 * can connect to remote server.
4436 */
ossl_quic_new_from_listener(SSL * ssl,uint64_t flags)4437 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
4438 {
4439 QCTX ctx;
4440 QUIC_CONNECTION *qc = NULL;
4441 QUIC_LISTENER *ql;
4442 SSL_CONNECTION *sc = NULL;
4443
4444 if (flags != 0)
4445 return NULL;
4446
4447 if (!expect_quic_listener(ssl, &ctx))
4448 return NULL;
4449
4450 if (!SSL_up_ref(&ctx.ql->obj.ssl))
4451 return NULL;
4452
4453 qctx_lock(&ctx);
4454
4455 ql = ctx.ql;
4456
4457 /*
4458 * listeners (server) contexts don't typically
4459 * allocate a token cache because they don't need
4460 * to store them, but here we are using a server side
4461 * ctx as a client, so we should allocate one now
4462 */
4463 if (ssl->ctx->tokencache == NULL)
4464 if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL)
4465 goto err;
4466
4467 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4468 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4469 goto err;
4470 }
4471
4472 /*
4473 * NOTE: setting a listener here is needed so `qc_cleanup()` does the right
4474 * thing. Setting listener to ql avoids premature destruction of port in
4475 * qc_cleanup()
4476 */
4477 qc->listener = ql;
4478 qc->engine = ql->engine;
4479 qc->port = ql->port;
4480 /* create channel */
4481 #if defined(OPENSSL_THREADS)
4482 /* this is the engine mutex */
4483 qc->mutex = ql->mutex;
4484 #endif
4485 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
4486 qc->is_thread_assisted
4487 = ((ql->obj.domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
4488 #endif
4489
4490 /* Create the handshake layer. */
4491 qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, NULL, TLS_method());
4492 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
4493 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4494 goto err;
4495 }
4496 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
4497
4498 qc->default_ssl_options = OSSL_QUIC_PERMITTED_OPTIONS;
4499 qc->last_error = SSL_ERROR_NONE;
4500
4501 /*
4502 * This is QCSO, we don't expect to accept connections
4503 * on success the channel assumes ownership of tls, we need
4504 * to grab reference for qc.
4505 */
4506 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
4507
4508 ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl);
4509 ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg);
4510
4511 /*
4512 * We deliberately pass NULL for engine and port, because we don't want to
4513 * to turn QCSO we create here into an event leader, nor port leader.
4514 * Both those roles are occupied already by listener (`ssl`) we use
4515 * to create a new QCSO here.
4516 */
4517 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4518 SSL_TYPE_QUIC_CONNECTION,
4519 &ql->obj.ssl, NULL, NULL)) {
4520 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4521 goto err;
4522 }
4523
4524 /* Initialise libssl APL-related state. */
4525 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4526 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
4527 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4528 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4529 qc->last_error = SSL_ERROR_NONE;
4530
4531 qc_update_reject_policy(qc);
4532
4533 qctx_unlock(&ctx);
4534
4535 return &qc->obj.ssl;
4536
4537 err:
4538 if (qc != NULL) {
4539 qc_cleanup(qc, /* have_lock= */ 0);
4540 OPENSSL_free(qc);
4541 }
4542 qctx_unlock(&ctx);
4543 SSL_free(&ctx.ql->obj.ssl);
4544
4545 return NULL;
4546 }
4547
4548 /*
4549 * SSL_listen
4550 * ----------
4551 */
4552 QUIC_NEEDS_LOCK
ql_listen(QUIC_LISTENER * ql)4553 static int ql_listen(QUIC_LISTENER *ql)
4554 {
4555 if (ql->listening)
4556 return 1;
4557
4558 ossl_quic_port_set_allow_incoming(ql->port, 1);
4559 ql->listening = 1;
4560 return 1;
4561 }
4562
4563 QUIC_TAKES_LOCK
ossl_quic_listen(SSL * ssl)4564 int ossl_quic_listen(SSL *ssl)
4565 {
4566 QCTX ctx;
4567 int ret;
4568
4569 if (!expect_quic_listener(ssl, &ctx))
4570 return 0;
4571
4572 qctx_lock_for_io(&ctx);
4573
4574 ret = ql_listen(ctx.ql);
4575
4576 qctx_unlock(&ctx);
4577 return ret;
4578 }
4579
4580 /*
4581 * SSL_accept_connection
4582 * ---------------------
4583 */
quic_accept_connection_wait(void * arg)4584 static int quic_accept_connection_wait(void *arg)
4585 {
4586 QUIC_PORT *port = arg;
4587
4588 if (!ossl_quic_port_is_running(port))
4589 return -1;
4590
4591 if (ossl_quic_port_have_incoming(port))
4592 return 1;
4593
4594 return 0;
4595 }
4596
4597 QUIC_TAKES_LOCK
ossl_quic_accept_connection(SSL * ssl,uint64_t flags)4598 SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
4599 {
4600 int ret;
4601 QCTX ctx;
4602 SSL *conn_ssl = NULL;
4603 SSL_CONNECTION *conn = NULL;
4604 QUIC_CHANNEL *new_ch = NULL;
4605 QUIC_CONNECTION *qc;
4606 int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
4607
4608 if (!expect_quic_listener(ssl, &ctx))
4609 return NULL;
4610
4611 qctx_lock_for_io(&ctx);
4612
4613 if (!ql_listen(ctx.ql))
4614 goto out;
4615
4616 /* Wait for an incoming connection if needed. */
4617 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4618 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4619 if (!no_block && qctx_blocking(&ctx)) {
4620 ret = block_until_pred(&ctx, quic_accept_connection_wait,
4621 ctx.ql->port, 0);
4622 if (ret < 1)
4623 goto out;
4624 } else {
4625 qctx_maybe_autotick(&ctx);
4626 }
4627
4628 if (!ossl_quic_port_is_running(ctx.ql->port))
4629 goto out;
4630
4631 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4632 }
4633
4634 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4635 /* No connections already queued. */
4636 ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0);
4637
4638 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4639 }
4640
4641 /*
4642 * port_make_channel pre-allocates our user_ssl for us for each newly
4643 * created channel, so once we pop the new channel from the port above
4644 * we just need to extract it
4645 */
4646 if (new_ch == NULL)
4647 goto out;
4648
4649 /*
4650 * All objects below must exist, because new_ch != NULL. The objects are
4651 * bound to new_ch. If channel constructor fails to create any item here
4652 * it just fails to create channel.
4653 */
4654 if (!ossl_assert((conn_ssl = ossl_quic_channel_get0_tls(new_ch)) != NULL)
4655 || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) != NULL)
4656 || !ossl_assert((conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL))
4657 goto out;
4658
4659 qc = (QUIC_CONNECTION *)conn_ssl;
4660 qc->pending = 0;
4661 if (!SSL_up_ref(&ctx.ql->obj.ssl)) {
4662 /*
4663 * You might expect ossl_quic_channel_free() to be called here. Be
4664 * assured it happens, The process goes as follows:
4665 * - The SSL_free() here is being handled by ossl_quic_free().
4666 * - The very last step of ossl_quic_free() is call to qc_cleanup()
4667 * where channel gets freed.
4668 */
4669 SSL_free(conn_ssl);
4670 }
4671 qc->listener = ctx.ql;
4672
4673 out:
4674
4675 qctx_unlock(&ctx);
4676 return conn_ssl;
4677 }
4678
create_qc_from_incoming_conn(QUIC_LISTENER * ql,QUIC_CHANNEL * ch)4679 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch)
4680 {
4681 QUIC_CONNECTION *qc = NULL;
4682
4683 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4684 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4685 goto err;
4686 }
4687
4688 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4689 SSL_TYPE_QUIC_CONNECTION,
4690 &ql->obj.ssl, NULL, NULL)) {
4691 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4692 goto err;
4693 }
4694
4695 ossl_quic_channel_get_peer_addr(ch, &qc->init_peer_addr); /* best effort */
4696 qc->pending = 1;
4697 qc->engine = ql->engine;
4698 qc->port = ql->port;
4699 qc->ch = ch;
4700 #if defined(OPENSSL_THREADS)
4701 qc->mutex = ql->mutex;
4702 #endif
4703 qc->tls = ossl_quic_channel_get0_tls(ch);
4704 qc->started = 1;
4705 qc->as_server = 1;
4706 qc->as_server_state = 1;
4707 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4708 qc->default_ssl_options = ql->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4709 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4710 qc->last_error = SSL_ERROR_NONE;
4711 qc_update_reject_policy(qc);
4712 return qc;
4713
4714 err:
4715 OPENSSL_free(qc);
4716 return NULL;
4717 }
4718
4719 DEFINE_LHASH_OF_EX(QUIC_TOKEN);
4720
4721 struct ssl_token_store_st {
4722 LHASH_OF(QUIC_TOKEN) *cache;
4723 CRYPTO_REF_COUNT references;
4724 CRYPTO_MUTEX *mutex;
4725 };
4726
quic_token_hash(const QUIC_TOKEN * item)4727 static unsigned long quic_token_hash(const QUIC_TOKEN *item)
4728 {
4729 return (unsigned long)ossl_fnv1a_hash(item->hashkey, item->hashkey_len);
4730 }
4731
quic_token_cmp(const QUIC_TOKEN * a,const QUIC_TOKEN * b)4732 static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b)
4733 {
4734 if (a->hashkey_len != b->hashkey_len)
4735 return 1;
4736 return memcmp(a->hashkey, b->hashkey, a->hashkey_len);
4737 }
4738
ossl_quic_new_token_store(void)4739 SSL_TOKEN_STORE *ossl_quic_new_token_store(void)
4740 {
4741 int ok = 0;
4742 SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE));
4743
4744 if (newcache == NULL)
4745 goto out;
4746
4747 newcache->cache = lh_QUIC_TOKEN_new(quic_token_hash, quic_token_cmp);
4748 if (newcache->cache == NULL)
4749 goto out;
4750
4751 #if defined(OPENSSL_THREADS)
4752 if ((newcache->mutex = ossl_crypto_mutex_new()) == NULL)
4753 goto out;
4754 #endif
4755
4756 if (!CRYPTO_NEW_REF(&newcache->references, 1))
4757 goto out;
4758
4759 ok = 1;
4760 out:
4761 if (!ok) {
4762 ossl_quic_free_token_store(newcache);
4763 newcache = NULL;
4764 }
4765 return newcache;
4766 }
4767
free_this_token(QUIC_TOKEN * tok)4768 static void free_this_token(QUIC_TOKEN *tok)
4769 {
4770 ossl_quic_free_peer_token(tok);
4771 }
4772
ossl_quic_free_token_store(SSL_TOKEN_STORE * hdl)4773 void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl)
4774 {
4775 int refs;
4776
4777 if (hdl == NULL)
4778 return;
4779
4780 if (!CRYPTO_DOWN_REF(&hdl->references, &refs))
4781 return;
4782
4783 if (refs > 0)
4784 return;
4785
4786 /* last reference, we can clean up */
4787 ossl_crypto_mutex_free(&hdl->mutex);
4788 lh_QUIC_TOKEN_doall(hdl->cache, free_this_token);
4789 lh_QUIC_TOKEN_free(hdl->cache);
4790 CRYPTO_FREE_REF(&hdl->references);
4791 OPENSSL_free(hdl);
4792 return;
4793 }
4794
4795 /**
4796 * @brief build a new QUIC_TOKEN
4797 *
4798 * This function creates a new token storage structure for saving in our
4799 * tokencache
4800 *
4801 * In an effort to make allocation and freeing of these tokens a bit faster
4802 * We do them in a single allocation in this format
4803 * +---------------+ --\
4804 * | hashkey * |---| |
4805 * | hashkey_len | | | QUIC_TOKEN
4806 * | token * |---|--| |
4807 * | token_len | | | |
4808 * +---------------+<--| | --/
4809 * | hashkey buf | |
4810 * | | |
4811 * |---------------|<-----|
4812 * | token buf |
4813 * | |
4814 * +---------------+
4815 *
4816 * @param peer - the peer address that sent the token
4817 * @param token - the buffer holding the token
4818 * @param token_len - the size of token
4819 *
4820 * @returns a QUIC_TOKEN pointer or NULL on error
4821 */
ossl_quic_build_new_token(BIO_ADDR * peer,uint8_t * token,size_t token_len)4822 static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token,
4823 size_t token_len)
4824 {
4825 QUIC_TOKEN *new_token;
4826 size_t hashkey_len = 0;
4827 size_t addr_len = 0;
4828 int family;
4829 unsigned short port;
4830 int *famptr;
4831 unsigned short *portptr;
4832 uint8_t *addrptr;
4833
4834 if ((token != NULL && token_len == 0) || (token == NULL && token_len != 0))
4835 return NULL;
4836
4837 if (!BIO_ADDR_rawaddress(peer, NULL, &addr_len))
4838 return NULL;
4839 family = BIO_ADDR_family(peer);
4840 port = BIO_ADDR_rawport(peer);
4841
4842 hashkey_len += sizeof(int); /* hashkey(family) */
4843 hashkey_len += sizeof(unsigned short); /* hashkey(port) */
4844 hashkey_len += addr_len; /* hashkey(address) */
4845
4846 new_token = OPENSSL_zalloc(sizeof(QUIC_TOKEN) + hashkey_len + token_len);
4847 if (new_token == NULL)
4848 return NULL;
4849
4850 if (!CRYPTO_NEW_REF(&new_token->references, 1)) {
4851 OPENSSL_free(new_token);
4852 return NULL;
4853 }
4854
4855 new_token->hashkey_len = hashkey_len;
4856 /* hashkey is allocated inline, immediately after the QUIC_TOKEN struct */
4857 new_token->hashkey = (uint8_t *)(new_token + 1);
4858 /* token buffer follows the hashkey in the inline allocation */
4859 new_token->token = new_token->hashkey + hashkey_len;
4860 new_token->token_len = token_len;
4861 famptr = (int *)new_token->hashkey;
4862 portptr = (unsigned short *)(famptr + 1);
4863 addrptr = (uint8_t *)(portptr + 1);
4864 *famptr = family;
4865 *portptr = port;
4866 if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) {
4867 ossl_quic_free_peer_token(new_token);
4868 return NULL;
4869 }
4870 if (token != NULL)
4871 memcpy(new_token->token, token, token_len);
4872 return new_token;
4873 }
4874
ossl_quic_set_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,const uint8_t * token,size_t token_len)4875 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4876 const uint8_t *token, size_t token_len)
4877 {
4878 SSL_TOKEN_STORE *c = ctx->tokencache;
4879 QUIC_TOKEN *tok, *old = NULL;
4880
4881 if (ctx->tokencache == NULL)
4882 return 0;
4883
4884 tok = ossl_quic_build_new_token(peer, (uint8_t *)token, token_len);
4885 if (tok == NULL)
4886 return 0;
4887
4888 /* we might be sharing this cache, lock it */
4889 ossl_crypto_mutex_lock(c->mutex);
4890
4891 old = lh_QUIC_TOKEN_retrieve(c->cache, tok);
4892 if (old != NULL) {
4893 lh_QUIC_TOKEN_delete(c->cache, old);
4894 ossl_quic_free_peer_token(old);
4895 }
4896 lh_QUIC_TOKEN_insert(c->cache, tok);
4897
4898 ossl_crypto_mutex_unlock(c->mutex);
4899 return 1;
4900 }
4901
ossl_quic_get_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,QUIC_TOKEN ** token)4902 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4903 QUIC_TOKEN **token)
4904 {
4905 SSL_TOKEN_STORE *c = ctx->tokencache;
4906 QUIC_TOKEN *key = NULL;
4907 QUIC_TOKEN *tok = NULL;
4908 int ret;
4909 int rc = 0;
4910
4911 if (c == NULL)
4912 return 0;
4913
4914 key = ossl_quic_build_new_token(peer, NULL, 0);
4915 if (key == NULL)
4916 return 0;
4917
4918 ossl_crypto_mutex_lock(c->mutex);
4919 tok = lh_QUIC_TOKEN_retrieve(c->cache, key);
4920 if (tok != NULL) {
4921 *token = tok;
4922 CRYPTO_UP_REF(&tok->references, &ret);
4923 rc = 1;
4924 }
4925
4926 ossl_crypto_mutex_unlock(c->mutex);
4927 ossl_quic_free_peer_token(key);
4928 return rc;
4929 }
4930
ossl_quic_free_peer_token(QUIC_TOKEN * token)4931 void ossl_quic_free_peer_token(QUIC_TOKEN *token)
4932 {
4933 int refs = 0;
4934
4935 if (!CRYPTO_DOWN_REF(&token->references, &refs))
4936 return;
4937
4938 if (refs > 0)
4939 return;
4940
4941 CRYPTO_FREE_REF(&token->references);
4942 OPENSSL_free(token);
4943 }
4944
4945 /*
4946 * SSL_get_accept_connection_queue_len
4947 * -----------------------------------
4948 */
4949 QUIC_TAKES_LOCK
ossl_quic_get_accept_connection_queue_len(SSL * ssl)4950 size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl)
4951 {
4952 QCTX ctx;
4953 int ret;
4954
4955 if (!expect_quic_listener(ssl, &ctx))
4956 return 0;
4957
4958 qctx_lock(&ctx);
4959
4960 ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port);
4961
4962 qctx_unlock(&ctx);
4963 return ret;
4964 }
4965
4966 /*
4967 * QUIC Front-End I/O API: Domains
4968 * ===============================
4969 */
4970
4971 /*
4972 * SSL_new_domain
4973 * --------------
4974 */
ossl_quic_new_domain(SSL_CTX * ctx,uint64_t flags)4975 SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags)
4976 {
4977 QUIC_DOMAIN *qd = NULL;
4978 QUIC_ENGINE_ARGS engine_args = { 0 };
4979 uint64_t domain_flags;
4980
4981 domain_flags = ctx->domain_flags;
4982 if ((flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD | SSL_DOMAIN_FLAG_MULTI_THREAD | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0)
4983 domain_flags = flags;
4984 else
4985 domain_flags = ctx->domain_flags | flags;
4986
4987 if (!ossl_adjust_domain_flags(domain_flags, &domain_flags))
4988 return NULL;
4989
4990 if ((qd = OPENSSL_zalloc(sizeof(*qd))) == NULL) {
4991 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4992 return NULL;
4993 }
4994
4995 #if defined(OPENSSL_THREADS)
4996 if ((qd->mutex = ossl_crypto_mutex_new()) == NULL) {
4997 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4998 goto err;
4999 }
5000 #endif
5001
5002 engine_args.libctx = ctx->libctx;
5003 engine_args.propq = ctx->propq;
5004 #if defined(OPENSSL_THREADS)
5005 engine_args.mutex = qd->mutex;
5006 #endif
5007
5008 if (need_notifier_for_domain_flags(domain_flags))
5009 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
5010
5011 if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
5012 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
5013 goto err;
5014 }
5015
5016 /* Initialise the QUIC_DOMAIN's object header. */
5017 if (!ossl_quic_obj_init(&qd->obj, ctx, SSL_TYPE_QUIC_DOMAIN, NULL,
5018 qd->engine, NULL))
5019 goto err;
5020
5021 ossl_quic_obj_set_domain_flags(&qd->obj, domain_flags);
5022 return &qd->obj.ssl;
5023
5024 err:
5025 ossl_quic_engine_free(qd->engine);
5026 #if defined(OPENSSL_THREADS)
5027 ossl_crypto_mutex_free(&qd->mutex);
5028 #endif
5029 OPENSSL_free(qd);
5030 return NULL;
5031 }
5032
5033 /*
5034 * QUIC Front-End I/O API: SSL_CTX Management
5035 * ==========================================
5036 */
5037
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)5038 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
5039 {
5040 switch (cmd) {
5041 default:
5042 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
5043 }
5044 }
5045
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))5046 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
5047 {
5048 QCTX ctx;
5049
5050 if (!expect_quic_conn_only(s, &ctx))
5051 return 0;
5052
5053 switch (cmd) {
5054 case SSL_CTRL_SET_MSG_CALLBACK:
5055 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
5056 &ctx.qc->obj.ssl);
5057 /* This callback also needs to be set on the internal SSL object */
5058 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
5059 ;
5060
5061 default:
5062 /* Probably a TLS related ctrl. Defer to our internal SSL object */
5063 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
5064 }
5065 }
5066
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))5067 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
5068 {
5069 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
5070 }
5071
ossl_quic_renegotiate_check(SSL * ssl,int initok)5072 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
5073 {
5074 /* We never do renegotiation. */
5075 return 0;
5076 }
5077
ossl_quic_get_cipher_by_char(const unsigned char * p)5078 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
5079 {
5080 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
5081
5082 if (ciph == NULL)
5083 return NULL;
5084 if ((ciph->algorithm2 & SSL_QUIC) == 0)
5085 return NULL;
5086
5087 return ciph;
5088 }
5089
5090 /*
5091 * These functions define the TLSv1.2 (and below) ciphers that are supported by
5092 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
5093 */
5094
ossl_quic_num_ciphers(void)5095 int ossl_quic_num_ciphers(void)
5096 {
5097 return 0;
5098 }
5099
ossl_quic_get_cipher(unsigned int u)5100 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
5101 {
5102 return NULL;
5103 }
5104
5105 /*
5106 * SSL_get_shutdown()
5107 * ------------------
5108 */
ossl_quic_get_shutdown(const SSL * s)5109 int ossl_quic_get_shutdown(const SSL *s)
5110 {
5111 QCTX ctx;
5112 int shut = 0;
5113
5114 if (!expect_quic_conn_only(s, &ctx))
5115 return 0;
5116
5117 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
5118 shut |= SSL_SENT_SHUTDOWN;
5119 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
5120 shut |= SSL_RECEIVED_SHUTDOWN;
5121 }
5122
5123 return shut;
5124 }
5125
5126 /*
5127 * QUIC Polling Support APIs
5128 * =========================
5129 */
5130
5131 /* Do we have the R (read) condition? */
5132 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)5133 static int test_poll_event_r(QUIC_XSO *xso)
5134 {
5135 int fin = 0;
5136 size_t avail = 0;
5137
5138 /*
5139 * If a stream has had the fin bit set on the last packet
5140 * received, then we need to return a 1 here to raise
5141 * SSL_POLL_EVENT_R, so that the stream can have its completion
5142 * detected and closed gracefully by an application.
5143 * However, if the client reads the data via SSL_read[_ex], that api
5144 * provides no stream status, and as a result the stream state moves to
5145 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which
5146 * stored the fin state, so its not directly know-able here. Instead
5147 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which
5148 * is only set if the last stream frame received had the fin bit set, and
5149 * the client read the data. This catches our poll/read/poll case
5150 */
5151 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ)
5152 return 1;
5153
5154 return ossl_quic_stream_has_recv_buffer(xso->stream)
5155 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
5156 && (avail > 0 || (fin && !xso->retired_fin));
5157 }
5158
5159 /* Do we have the ER (exception: read) condition? */
5160 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)5161 static int test_poll_event_er(QUIC_XSO *xso)
5162 {
5163 return ossl_quic_stream_has_recv(xso->stream)
5164 && ossl_quic_stream_recv_is_reset(xso->stream)
5165 && !xso->retired_fin;
5166 }
5167
5168 /* Do we have the W (write) condition? */
5169 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)5170 static int test_poll_event_w(QUIC_XSO *xso)
5171 {
5172 return !xso->conn->shutting_down
5173 && ossl_quic_stream_has_send_buffer(xso->stream)
5174 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
5175 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
5176 && ossl_quic_txfc_get_cwm(&xso->stream->txfc)
5177 > ossl_quic_sstream_get_cur_size(xso->stream->sstream)
5178 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
5179 }
5180
5181 /* Do we have the EW (exception: write) condition? */
5182 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)5183 static int test_poll_event_ew(QUIC_XSO *xso)
5184 {
5185 return ossl_quic_stream_has_send(xso->stream)
5186 && xso->stream->peer_stop_sending
5187 && !xso->requested_reset
5188 && !xso->conn->shutting_down;
5189 }
5190
5191 /* Do we have the EC (exception: connection) condition? */
5192 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)5193 static int test_poll_event_ec(QUIC_CONNECTION *qc)
5194 {
5195 return ossl_quic_channel_is_term_any(qc->ch);
5196 }
5197
5198 /* Do we have the ECD (exception: connection drained) condition? */
5199 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)5200 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
5201 {
5202 return ossl_quic_channel_is_terminated(qc->ch);
5203 }
5204
5205 /* Do we have the IS (incoming: stream) condition? */
5206 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)5207 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
5208 {
5209 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
5210 is_uni);
5211 }
5212
5213 /* Do we have the OS (outgoing: stream) condition? */
5214 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)5215 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
5216 {
5217 /* Is it currently possible for us to make an outgoing stream? */
5218 return quic_mutation_allowed(qc, /*req_active=*/1)
5219 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
5220 }
5221
5222 /* Do we have the EL (exception: listener) condition? */
5223 QUIC_NEEDS_LOCK
test_poll_event_el(QUIC_LISTENER * ql)5224 static int test_poll_event_el(QUIC_LISTENER *ql)
5225 {
5226 return !ossl_quic_port_is_running(ql->port);
5227 }
5228
5229 /* Do we have the IC (incoming: connection) condition? */
5230 QUIC_NEEDS_LOCK
test_poll_event_ic(QUIC_LISTENER * ql)5231 static int test_poll_event_ic(QUIC_LISTENER *ql)
5232 {
5233 return ossl_quic_port_get_num_incoming_channels(ql->port) > 0;
5234 }
5235
5236 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)5237 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
5238 uint64_t *p_revents)
5239 {
5240 QCTX ctx;
5241 uint64_t revents = 0;
5242
5243 if (!expect_quic_csl(ssl, &ctx))
5244 return 0;
5245
5246 qctx_lock(&ctx);
5247
5248 if (ctx.qc != NULL && !ctx.qc->started) {
5249 /* We can only try to write on non-started connection. */
5250 if ((events & SSL_POLL_EVENT_W) != 0)
5251 revents |= SSL_POLL_EVENT_W;
5252 goto end;
5253 }
5254
5255 if (do_tick)
5256 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
5257
5258 if (ctx.xso != NULL) {
5259 /* SSL object has a stream component. */
5260
5261 if ((events & SSL_POLL_EVENT_R) != 0
5262 && test_poll_event_r(ctx.xso))
5263 revents |= SSL_POLL_EVENT_R;
5264
5265 if ((events & SSL_POLL_EVENT_ER) != 0
5266 && test_poll_event_er(ctx.xso))
5267 revents |= SSL_POLL_EVENT_ER;
5268
5269 if ((events & SSL_POLL_EVENT_W) != 0
5270 && test_poll_event_w(ctx.xso))
5271 revents |= SSL_POLL_EVENT_W;
5272
5273 if ((events & SSL_POLL_EVENT_EW) != 0
5274 && test_poll_event_ew(ctx.xso))
5275 revents |= SSL_POLL_EVENT_EW;
5276 }
5277
5278 if (ctx.qc != NULL && !ctx.is_stream) {
5279 if ((events & SSL_POLL_EVENT_EC) != 0
5280 && test_poll_event_ec(ctx.qc))
5281 revents |= SSL_POLL_EVENT_EC;
5282
5283 if ((events & SSL_POLL_EVENT_ECD) != 0
5284 && test_poll_event_ecd(ctx.qc))
5285 revents |= SSL_POLL_EVENT_ECD;
5286
5287 if ((events & SSL_POLL_EVENT_ISB) != 0
5288 && test_poll_event_is(ctx.qc, /*uni=*/0))
5289 revents |= SSL_POLL_EVENT_ISB;
5290
5291 if ((events & SSL_POLL_EVENT_ISU) != 0
5292 && test_poll_event_is(ctx.qc, /*uni=*/1))
5293 revents |= SSL_POLL_EVENT_ISU;
5294
5295 if ((events & SSL_POLL_EVENT_OSB) != 0
5296 && test_poll_event_os(ctx.qc, /*uni=*/0))
5297 revents |= SSL_POLL_EVENT_OSB;
5298
5299 if ((events & SSL_POLL_EVENT_OSU) != 0
5300 && test_poll_event_os(ctx.qc, /*uni=*/1))
5301 revents |= SSL_POLL_EVENT_OSU;
5302 }
5303
5304 if (ctx.is_listener) {
5305 if ((events & SSL_POLL_EVENT_EL) != 0
5306 && test_poll_event_el(ctx.ql))
5307 revents |= SSL_POLL_EVENT_EL;
5308
5309 if ((events & SSL_POLL_EVENT_IC) != 0
5310 && test_poll_event_ic(ctx.ql))
5311 revents |= SSL_POLL_EVENT_IC;
5312 }
5313
5314 end:
5315 qctx_unlock(&ctx);
5316 *p_revents = revents;
5317 return 1;
5318 }
5319
5320 QUIC_TAKES_LOCK
ossl_quic_get_notifier_fd(SSL * ssl)5321 int ossl_quic_get_notifier_fd(SSL *ssl)
5322 {
5323 QCTX ctx;
5324 QUIC_REACTOR *rtor;
5325 RIO_NOTIFIER *nfy;
5326 int nfd = -1;
5327
5328 if (!expect_quic_any(ssl, &ctx))
5329 return -1;
5330
5331 qctx_lock(&ctx);
5332 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5333 nfy = ossl_quic_reactor_get0_notifier(rtor);
5334 if (nfy == NULL)
5335 goto end;
5336 nfd = ossl_rio_notifier_as_fd(nfy);
5337
5338 end:
5339 qctx_unlock(&ctx);
5340 return nfd;
5341 }
5342
5343 QUIC_TAKES_LOCK
ossl_quic_enter_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5344 void ossl_quic_enter_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5345 {
5346 QCTX ctx;
5347 QUIC_REACTOR *rtor;
5348
5349 if (!expect_quic_any(ssl, &ctx))
5350 return;
5351
5352 qctx_lock(&ctx);
5353 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5354 ossl_quic_reactor_wait_ctx_enter(wctx, rtor);
5355 qctx_unlock(&ctx);
5356 }
5357
5358 QUIC_TAKES_LOCK
ossl_quic_leave_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5359 void ossl_quic_leave_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5360 {
5361 QCTX ctx;
5362 QUIC_REACTOR *rtor;
5363
5364 if (!expect_quic_any(ssl, &ctx))
5365 return;
5366
5367 qctx_lock(&ctx);
5368 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5369 ossl_quic_reactor_wait_ctx_leave(wctx, rtor);
5370 qctx_unlock(&ctx);
5371 }
5372
5373 /*
5374 * Internal Testing APIs
5375 * =====================
5376 */
5377
ossl_quic_conn_get_channel(SSL * s)5378 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
5379 {
5380 QCTX ctx;
5381
5382 if (!expect_quic_conn_only(s, &ctx))
5383 return NULL;
5384
5385 return ctx.qc->ch;
5386 }
5387
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)5388 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
5389 {
5390 #ifndef OPENSSL_NO_QLOG
5391 OPENSSL_free(ctx->qlog_title);
5392 ctx->qlog_title = NULL;
5393
5394 if (title == NULL)
5395 return 1;
5396
5397 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
5398 return 0;
5399 #endif
5400
5401 return 1;
5402 }
5403