1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/hashfunc.h"
16 #include "internal/ssl_unwrap.h"
17 #include "internal/quic_tls.h"
18 #include "internal/quic_rx_depack.h"
19 #include "internal/quic_error.h"
20 #include "internal/quic_engine.h"
21 #include "internal/quic_port.h"
22 #include "internal/quic_reactor_wait_ctx.h"
23 #include "internal/time.h"
24
25 typedef struct qctx_st QCTX;
26
27 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock);
28 static void aon_write_finish(QUIC_XSO *xso);
29 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx);
30 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
31 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch);
32 static int qc_try_create_default_xso_for_write(QCTX *ctx);
33 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek);
34 static void qctx_lock(QCTX *qctx);
35 static void qctx_unlock(QCTX *qctx);
36 static void qctx_lock_for_io(QCTX *ctx);
37 static int quic_do_handshake(QCTX *ctx);
38 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
39 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
40 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
41 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
42 int touch, QUIC_XSO **old_xso);
43 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
44 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
45 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
46 static void qctx_maybe_autotick(QCTX *ctx);
47 static int qctx_should_autotick(QCTX *ctx);
48
49 /*
50 * QCTX is a utility structure which provides information we commonly wish to
51 * unwrap upon an API call being dispatched to us, namely:
52 *
53 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
54 * was passed);
55 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
56 * a QCSO with a default stream was passed);
57 * - whether a QSSO was passed (xso == NULL must not be used to determine this
58 * because it may be non-NULL when a QCSO is passed if that QCSO has a
59 * default stream);
60 * - a pointer to a QUIC_LISTENER object, if one is relevant;
61 * - whether we are in "I/O context", meaning that non-normal errors can
62 * be reported via SSL_get_error() as well as via ERR. Functions such as
63 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
64 * functions which are allowed to change the value returned by
65 * SSL_get_error. However, other functions (including functions which call
66 * SSL_do_handshake() implicitly) are not allowed to change the return value
67 * of SSL_get_error.
68 */
69 struct qctx_st {
70 QUIC_OBJ *obj;
71 QUIC_DOMAIN *qd;
72 QUIC_LISTENER *ql;
73 QUIC_CONNECTION *qc;
74 QUIC_XSO *xso;
75 int is_stream, is_listener, is_domain, in_io;
76 };
77
78 QUIC_NEEDS_LOCK
quic_set_last_error(QCTX * ctx,int last_error)79 static void quic_set_last_error(QCTX *ctx, int last_error)
80 {
81 if (!ctx->in_io)
82 return;
83
84 if (ctx->is_stream && ctx->xso != NULL)
85 ctx->xso->last_error = last_error;
86 else if (!ctx->is_stream && ctx->qc != NULL)
87 ctx->qc->last_error = last_error;
88 }
89
90 /*
91 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
92 * rather than via ERR. Note that normal errors must always be raised while
93 * holding a lock.
94 */
95 QUIC_NEEDS_LOCK
quic_raise_normal_error(QCTX * ctx,int err)96 static int quic_raise_normal_error(QCTX *ctx,
97 int err)
98 {
99 assert(ctx->in_io);
100 quic_set_last_error(ctx, err);
101
102 return 0;
103 }
104
105 /*
106 * Raise a 'non-normal' error, meaning any error that is not reported via
107 * SSL_get_error() and must be reported via ERR.
108 *
109 * qc should be provided if available. In exceptional circumstances when qc is
110 * not known NULL may be passed. This should generally only happen when an
111 * expect_...() function defined below fails, which generally indicates a
112 * dispatch error or caller error.
113 *
114 * ctx should be NULL if the connection lock is not held.
115 */
quic_raise_non_normal_error(QCTX * ctx,const char * file,int line,const char * func,int reason,const char * fmt,...)116 static int quic_raise_non_normal_error(QCTX *ctx,
117 const char *file,
118 int line,
119 const char *func,
120 int reason,
121 const char *fmt,
122 ...)
123 {
124 va_list args;
125
126 if (ctx != NULL) {
127 quic_set_last_error(ctx, SSL_ERROR_SSL);
128
129 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
130 ossl_quic_channel_restore_err_state(ctx->qc->ch);
131 }
132
133 ERR_new();
134 ERR_set_debug(file, line, func);
135
136 va_start(args, fmt);
137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
138 va_end(args);
139
140 return 0;
141 }
142
143 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
144 quic_raise_normal_error((ctx), (err))
145
146 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
147 quic_raise_non_normal_error((ctx), \
148 OPENSSL_FILE, OPENSSL_LINE, \
149 OPENSSL_FUNC, \
150 (reason), \
151 (msg))
152 /*
153 * Flags for expect_quic_as:
154 *
155 * QCTX_C
156 * The input SSL object may be a QCSO.
157 *
158 * QCTX_S
159 * The input SSL object may be a QSSO or a QCSO with a default stream
160 * attached.
161 *
162 * (Note this means there is no current way to require an SSL object with a
163 * QUIC stream which is not a QCSO; a QCSO with a default stream attached
164 * is always considered to satisfy QCTX_S.)
165 *
166 * QCTX_AUTO_S
167 * The input SSL object may be a QSSO or a QCSO with a default stream
168 * attached. If no default stream is currently attached to a QCSO,
169 * one may be auto-created if possible.
170 *
171 * If QCTX_REMOTE_INIT is set, an auto-created default XSO is
172 * initiated by the remote party (i.e., local party reads first).
173 *
174 * If it is not set, an auto-created default XSO is
175 * initiated by the local party (i.e., local party writes first).
176 *
177 * QCTX_L
178 * The input SSL object may be a QLSO.
179 *
180 * QCTX_LOCK
181 * If and only if the function returns successfully, the ctx
182 * is guaranteed to be locked.
183 *
184 * QCTX_IO
185 * Begin an I/O context. If not set, begins a non-I/O context.
186 * This determines whether SSL_get_error() is updated; the value it returns
187 * is modified only by an I/O call.
188 *
189 * QCTX_NO_ERROR
190 * Don't raise an error if the object type is wrong. Should not be used in
191 * conjunction with any flags that may raise errors not related to a wrong
192 * object type.
193 */
194 #define QCTX_C (1U << 0)
195 #define QCTX_S (1U << 1)
196 #define QCTX_L (1U << 2)
197 #define QCTX_AUTO_S (1U << 3)
198 #define QCTX_REMOTE_INIT (1U << 4)
199 #define QCTX_LOCK (1U << 5)
200 #define QCTX_IO (1U << 6)
201 #define QCTX_D (1U << 7)
202 #define QCTX_NO_ERROR (1U << 8)
203
204 /*
205 * Called when expect_quic failed. Used to diagnose why such a call failed and
206 * raise a reasonable error code based on the configured preconditions in flags.
207 */
wrong_type(const SSL * s,uint32_t flags)208 static int wrong_type(const SSL *s, uint32_t flags)
209 {
210 const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D;
211 int code = ERR_R_UNSUPPORTED;
212
213 if ((flags & QCTX_NO_ERROR) != 0)
214 return 1;
215 else if ((flags & mask) == QCTX_D)
216 code = SSL_R_DOMAIN_USE_ONLY;
217 else if ((flags & mask) == QCTX_L)
218 code = SSL_R_LISTENER_USE_ONLY;
219 else if ((flags & mask) == QCTX_C)
220 code = SSL_R_CONN_USE_ONLY;
221 else if ((flags & mask) == QCTX_S
222 || (flags & mask) == (QCTX_C | QCTX_S))
223 code = SSL_R_NO_STREAM;
224
225 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, code, NULL);
226 }
227
228 /*
229 * Given a QDSO, QCSO, QSSO or QLSO, initialises a QCTX, determining the
230 * contextually applicable QUIC_LISTENER, QUIC_CONNECTION and QUIC_XSO
231 * pointers.
232 *
233 * After this returns 1, all fields of the passed QCTX are initialised.
234 * Returns 0 on failure. This function is intended to be used to provide API
235 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure
236 * unless the QCTX_NO_ERROR flag is set.
237 *
238 * The flags argument controls the preconditions and postconditions of this
239 * function. See above for the different flags.
240 *
241 * The fields of a QCTX are initialised as follows depending on the identity of
242 * the SSL object, and assuming the preconditions demanded by the flags field as
243 * described above are met:
244 *
245 * QDSO QLSO QCSO QSSO
246 * qd non-NULL maybe maybe maybe
247 * ql NULL non-NULL maybe maybe
248 * qc NULL NULL non-NULL non-NULL
249 * xso NULL NULL maybe non-NULL
250 * is_stream 0 0 0 1
251 * is_listener 0 1 0 0
252 * is_domain 1 0 0 0
253 *
254 */
expect_quic_as(const SSL * s,QCTX * ctx,uint32_t flags)255 static int expect_quic_as(const SSL *s, QCTX *ctx, uint32_t flags)
256 {
257 int ok = 0, locked = 0, lock_requested = ((flags & QCTX_LOCK) != 0);
258 QUIC_DOMAIN *qd;
259 QUIC_LISTENER *ql;
260 QUIC_CONNECTION *qc;
261 QUIC_XSO *xso;
262
263 if ((flags & QCTX_AUTO_S) != 0)
264 flags |= QCTX_S;
265
266 ctx->obj = NULL;
267 ctx->qd = NULL;
268 ctx->ql = NULL;
269 ctx->qc = NULL;
270 ctx->xso = NULL;
271 ctx->is_stream = 0;
272 ctx->is_listener = 0;
273 ctx->is_domain = 0;
274 ctx->in_io = ((flags & QCTX_IO) != 0);
275
276 if (s == NULL) {
277 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
278 goto err;
279 }
280
281 switch (s->type) {
282 case SSL_TYPE_QUIC_DOMAIN:
283 if ((flags & QCTX_D) == 0) {
284 wrong_type(s, flags);
285 goto err;
286 }
287
288 qd = (QUIC_DOMAIN *)s;
289 ctx->obj = &qd->obj;
290 ctx->qd = qd;
291 ctx->is_domain = 1;
292 break;
293
294 case SSL_TYPE_QUIC_LISTENER:
295 if ((flags & QCTX_L) == 0) {
296 wrong_type(s, flags);
297 goto err;
298 }
299
300 ql = (QUIC_LISTENER *)s;
301 ctx->obj = &ql->obj;
302 ctx->qd = ql->domain;
303 ctx->ql = ql;
304 ctx->is_listener = 1;
305 break;
306
307 case SSL_TYPE_QUIC_CONNECTION:
308 qc = (QUIC_CONNECTION *)s;
309 ctx->obj = &qc->obj;
310 ctx->qd = qc->domain;
311 ctx->ql = qc->listener; /* never changes, so can be read without lock */
312 ctx->qc = qc;
313
314 if ((flags & QCTX_AUTO_S) != 0) {
315 if ((flags & QCTX_IO) != 0)
316 qctx_lock_for_io(ctx);
317 else
318 qctx_lock(ctx);
319
320 locked = 1;
321 }
322
323 if ((flags & QCTX_AUTO_S) != 0 && qc->default_xso == NULL) {
324 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
326 goto err;
327 }
328
329 /* If we haven't finished the handshake, try to advance it. */
330 if (quic_do_handshake(ctx) < 1)
331 /* ossl_quic_do_handshake raised error here */
332 goto err;
333
334 if ((flags & QCTX_REMOTE_INIT) != 0) {
335 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0))
336 goto err;
337 } else {
338 if (!qc_try_create_default_xso_for_write(ctx))
339 goto err;
340 }
341 }
342
343 if ((flags & QCTX_C) == 0
344 && (qc->default_xso == NULL || (flags & QCTX_S) == 0)) {
345 wrong_type(s, flags);
346 goto err;
347 }
348
349 ctx->xso = qc->default_xso;
350 break;
351
352 case SSL_TYPE_QUIC_XSO:
353 if ((flags & QCTX_S) == 0) {
354 wrong_type(s, flags);
355 goto err;
356 }
357
358 xso = (QUIC_XSO *)s;
359 ctx->obj = &xso->obj;
360 ctx->qd = xso->conn->domain;
361 ctx->ql = xso->conn->listener;
362 ctx->qc = xso->conn;
363 ctx->xso = xso;
364 ctx->is_stream = 1;
365 break;
366
367 default:
368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
369 goto err;
370 }
371
372 if (lock_requested && !locked) {
373 if ((flags & QCTX_IO) != 0)
374 qctx_lock_for_io(ctx);
375 else
376 qctx_lock(ctx);
377
378 locked = 1;
379 }
380
381 ok = 1;
382 err:
383 if (locked && (!ok || !lock_requested))
384 qctx_unlock(ctx);
385
386 return ok;
387 }
388
is_quic_c(const SSL * s,QCTX * ctx,int raiseerrs)389 static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs)
390 {
391 uint32_t flags = QCTX_C;
392
393 if (!raiseerrs)
394 flags |= QCTX_NO_ERROR;
395 return expect_quic_as(s, ctx, flags);
396 }
397
398 /* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */
is_quic_cs(const SSL * s,QCTX * ctx,int raiseerrs)399 static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs)
400 {
401 uint32_t flags = QCTX_C | QCTX_S;
402
403 if (!raiseerrs)
404 flags |= QCTX_NO_ERROR;
405 return expect_quic_as(s, ctx, flags);
406 }
407
expect_quic_cs(const SSL * s,QCTX * ctx)408 static int expect_quic_cs(const SSL *s, QCTX *ctx)
409 {
410 return expect_quic_as(s, ctx, QCTX_C | QCTX_S);
411 }
412
expect_quic_csl(const SSL * s,QCTX * ctx)413 static int expect_quic_csl(const SSL *s, QCTX *ctx)
414 {
415 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L);
416 }
417
expect_quic_csld(const SSL * s,QCTX * ctx)418 static int expect_quic_csld(const SSL *s, QCTX *ctx)
419 {
420 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L | QCTX_D);
421 }
422
423 #define expect_quic_any expect_quic_csld
424
expect_quic_listener(const SSL * s,QCTX * ctx)425 static int expect_quic_listener(const SSL *s, QCTX *ctx)
426 {
427 return expect_quic_as(s, ctx, QCTX_L);
428 }
429
expect_quic_domain(const SSL * s,QCTX * ctx)430 static int expect_quic_domain(const SSL *s, QCTX *ctx)
431 {
432 return expect_quic_as(s, ctx, QCTX_D);
433 }
434
435 /*
436 * Like expect_quic_cs(), but requires a QUIC_XSO be contextually available. In
437 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
438 * stream.
439 *
440 * remote_init determines if we expect the default XSO to be remotely created or
441 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
442 *
443 * Channel mutex is acquired and retained on success.
444 */
445 QUIC_ACQUIRES_LOCK
expect_quic_with_stream_lock(const SSL * s,int remote_init,int in_io,QCTX * ctx)446 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
447 int in_io, QCTX *ctx)
448 {
449 uint32_t flags = QCTX_S | QCTX_LOCK;
450
451 if (remote_init >= 0)
452 flags |= QCTX_AUTO_S;
453
454 if (remote_init > 0)
455 flags |= QCTX_REMOTE_INIT;
456
457 if (in_io)
458 flags |= QCTX_IO;
459
460 return expect_quic_as(s, ctx, flags);
461 }
462
463 /*
464 * Like expect_quic_cs(), but fails if called on a QUIC_XSO. ctx->xso may still
465 * be non-NULL if the QCSO has a default stream.
466 */
expect_quic_conn_only(const SSL * s,QCTX * ctx)467 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
468 {
469 return expect_quic_as(s, ctx, QCTX_C);
470 }
471
472 /*
473 * Ensures that the domain mutex is held for a method which touches channel
474 * state.
475 *
476 * Precondition: Domain mutex is not held (unchecked)
477 */
qctx_lock(QCTX * ctx)478 static void qctx_lock(QCTX *ctx)
479 {
480 #if defined(OPENSSL_THREADS)
481 assert(ctx->obj != NULL);
482 ossl_crypto_mutex_lock(ossl_quic_obj_get0_mutex(ctx->obj));
483 #endif
484 }
485
486 /* Precondition: Channel mutex is held (unchecked) */
487 QUIC_NEEDS_LOCK
qctx_unlock(QCTX * ctx)488 static void qctx_unlock(QCTX *ctx)
489 {
490 #if defined(OPENSSL_THREADS)
491 assert(ctx->obj != NULL);
492 ossl_crypto_mutex_unlock(ossl_quic_obj_get0_mutex(ctx->obj));
493 #endif
494 }
495
qctx_lock_for_io(QCTX * ctx)496 static void qctx_lock_for_io(QCTX *ctx)
497 {
498 qctx_lock(ctx);
499 ctx->in_io = 1;
500
501 /*
502 * We are entering an I/O function so we must update the values returned by
503 * SSL_get_error and SSL_want. Set no error. This will be overridden later
504 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
505 * occurs during the API call.
506 */
507 quic_set_last_error(ctx, SSL_ERROR_NONE);
508 }
509
510 /*
511 * This predicate is the criterion which should determine API call rejection for
512 * *most* mutating API calls, particularly stream-related operations for send
513 * parts.
514 *
515 * A call is rejected (this function returns 0) if shutdown is in progress
516 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
517 * req_active=1, the connection must be active (i.e., the IDLE state is also
518 * rejected).
519 */
quic_mutation_allowed(QUIC_CONNECTION * qc,int req_active)520 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
521 {
522 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
523 return 0;
524
525 if (req_active && !ossl_quic_channel_is_active(qc->ch))
526 return 0;
527
528 return 1;
529 }
530
qctx_is_top_level(QCTX * ctx)531 static int qctx_is_top_level(QCTX *ctx)
532 {
533 return ctx->obj->parent_obj == NULL;
534 }
535
qctx_blocking(QCTX * ctx)536 static int qctx_blocking(QCTX *ctx)
537 {
538 return ossl_quic_obj_blocking(ctx->obj);
539 }
540
541 /*
542 * Block until a predicate is met.
543 *
544 * Precondition: Must have a channel.
545 * Precondition: Must hold channel lock (unchecked).
546 */
547 QUIC_NEEDS_LOCK
block_until_pred(QCTX * ctx,int (* pred)(void * arg),void * pred_arg,uint32_t flags)548 static int block_until_pred(QCTX *ctx,
549 int (*pred)(void *arg), void *pred_arg,
550 uint32_t flags)
551 {
552 QUIC_ENGINE *qeng;
553 QUIC_REACTOR *rtor;
554
555 qeng = ossl_quic_obj_get0_engine(ctx->obj);
556 assert(qeng != NULL);
557
558 /*
559 * Any attempt to block auto-disables tick inhibition as otherwise we will
560 * hang around forever.
561 */
562 ossl_quic_engine_set_inhibit_tick(qeng, 0);
563
564 rtor = ossl_quic_engine_get0_reactor(qeng);
565 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags);
566 }
567
568 /*
569 * QUIC Front-End I/O API: Initialization
570 * ======================================
571 *
572 * SSL_new => ossl_quic_new
573 * ossl_quic_init
574 * SSL_reset => ossl_quic_reset
575 * SSL_clear => ossl_quic_clear
576 * ossl_quic_deinit
577 * SSL_free => ossl_quic_free
578 *
579 * SSL_set_options => ossl_quic_set_options
580 * SSL_get_options => ossl_quic_get_options
581 * SSL_clear_options => ossl_quic_clear_options
582 *
583 */
584
585 /* SSL_new */
ossl_quic_new(SSL_CTX * ctx)586 SSL *ossl_quic_new(SSL_CTX *ctx)
587 {
588 QUIC_CONNECTION *qc = NULL;
589 SSL_CONNECTION *sc = NULL;
590
591 /*
592 * QUIC_server_method should not be used with SSL_new.
593 * It should only be used with SSL_new_listener.
594 */
595 if (ctx->method == OSSL_QUIC_server_method()) {
596 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
597 return NULL;
598 }
599
600 qc = OPENSSL_zalloc(sizeof(*qc));
601 if (qc == NULL) {
602 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
603 return NULL;
604 }
605
606 /* Create the QUIC domain mutex. */
607 #if defined(OPENSSL_THREADS)
608 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
609 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
610 goto err;
611 }
612 #endif
613
614 /* Create the handshake layer. */
615 qc->tls = ossl_ssl_connection_new_int(ctx, &qc->obj.ssl, TLS_method());
616 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
617 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
618 goto err;
619 }
620
621 /* override the user_ssl of the inner connection */
622 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
623
624 /* Restrict options derived from the SSL_CTX. */
625 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
626 sc->pha_enabled = 0;
627
628 /* Determine mode of operation. */
629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
630 qc->is_thread_assisted
631 = ((ctx->domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
632 #endif
633
634 qc->as_server = 0;
635 qc->as_server_state = qc->as_server;
636
637 if (!create_channel(qc, ctx))
638 goto err;
639
640 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, &qc->obj.ssl);
641 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
642
643 /* Initialise the QUIC_CONNECTION's QUIC_OBJ base. */
644 if (!ossl_quic_obj_init(&qc->obj, ctx, SSL_TYPE_QUIC_CONNECTION, NULL,
645 qc->engine, qc->port)) {
646 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
647 goto err;
648 }
649
650 /* Initialise libssl APL-related state. */
651 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
652 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
653 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
654 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
655 qc->last_error = SSL_ERROR_NONE;
656
657 qc_update_reject_policy(qc);
658
659 /*
660 * We do not create the default XSO yet. The reason for this is that the
661 * stream ID of the default XSO will depend on whether the stream is client
662 * or server-initiated, which depends on who transmits first. Since we do
663 * not know whether the application will be using a client-transmits-first
664 * or server-transmits-first protocol, we defer default XSO creation until
665 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
666 * we take that as a cue that the client is expecting a server-initiated
667 * stream, and vice versa if SSL_write() is called first.
668 */
669 return &qc->obj.ssl;
670
671 err:
672 if (qc != NULL) {
673 qc_cleanup(qc, /*have_lock=*/0);
674 OPENSSL_free(qc);
675 }
676 return NULL;
677 }
678
679 QUIC_NEEDS_LOCK
quic_unref_port_bios(QUIC_PORT * port)680 static void quic_unref_port_bios(QUIC_PORT *port)
681 {
682 BIO *b;
683
684 b = ossl_quic_port_get_net_rbio(port);
685 BIO_free_all(b);
686
687 b = ossl_quic_port_get_net_wbio(port);
688 BIO_free_all(b);
689 }
690
691 QUIC_NEEDS_LOCK
qc_cleanup(QUIC_CONNECTION * qc,int have_lock)692 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock)
693 {
694 SSL_free(qc->tls);
695 qc->tls = NULL;
696
697 ossl_quic_channel_free(qc->ch);
698 qc->ch = NULL;
699
700 if (qc->port != NULL && qc->listener == NULL && qc->pending == 0) { /* TODO */
701 quic_unref_port_bios(qc->port);
702 ossl_quic_port_free(qc->port);
703 qc->port = NULL;
704
705 ossl_quic_engine_free(qc->engine);
706 qc->engine = NULL;
707 }
708
709 #if defined(OPENSSL_THREADS)
710 if (have_lock)
711 /* tsan doesn't like freeing locked mutexes */
712 ossl_crypto_mutex_unlock(qc->mutex);
713
714 if (qc->listener == NULL && qc->pending == 0)
715 ossl_crypto_mutex_free(&qc->mutex);
716 #endif
717 }
718
719 /* SSL_free */
720 QUIC_TAKES_LOCK
quic_free_listener(QCTX * ctx)721 static void quic_free_listener(QCTX *ctx)
722 {
723 quic_unref_port_bios(ctx->ql->port);
724 ossl_quic_port_drop_incoming(ctx->ql->port);
725 ossl_quic_port_free(ctx->ql->port);
726
727 if (ctx->ql->domain == NULL) {
728 ossl_quic_engine_free(ctx->ql->engine);
729 #if defined(OPENSSL_THREADS)
730 ossl_crypto_mutex_free(&ctx->ql->mutex);
731 #endif
732 } else {
733 SSL_free(&ctx->ql->domain->obj.ssl);
734 }
735 }
736
737 /* SSL_free */
738 QUIC_TAKES_LOCK
quic_free_domain(QCTX * ctx)739 static void quic_free_domain(QCTX *ctx)
740 {
741 ossl_quic_engine_free(ctx->qd->engine);
742 #if defined(OPENSSL_THREADS)
743 ossl_crypto_mutex_free(&ctx->qd->mutex);
744 #endif
745 }
746
747 QUIC_TAKES_LOCK
ossl_quic_free(SSL * s)748 void ossl_quic_free(SSL *s)
749 {
750 QCTX ctx;
751 int is_default;
752
753 /* We should never be called on anything but a QSO. */
754 if (!expect_quic_any(s, &ctx))
755 return;
756
757 if (ctx.is_domain) {
758 quic_free_domain(&ctx);
759 return;
760 }
761
762 if (ctx.is_listener) {
763 quic_free_listener(&ctx);
764 return;
765 }
766
767 qctx_lock(&ctx);
768
769 if (ctx.is_stream) {
770 /*
771 * When a QSSO is freed, the XSO is freed immediately, because the XSO
772 * itself only contains API personality layer data. However the
773 * underlying QUIC_STREAM is not freed immediately but is instead marked
774 * as deleted for later collection.
775 */
776
777 assert(ctx.qc->num_xso > 0);
778 --ctx.qc->num_xso;
779
780 /* If a stream's send part has not been finished, auto-reset it. */
781 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
782 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
783 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
784 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
785 ctx.xso->stream, 0);
786
787 /* Do STOP_SENDING for the receive part, if applicable. */
788 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
789 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
790 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
791 ctx.xso->stream, 0);
792
793 /* Update stream state. */
794 ctx.xso->stream->deleted = 1;
795 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
796 ctx.xso->stream);
797
798 is_default = (ctx.xso == ctx.qc->default_xso);
799 qctx_unlock(&ctx);
800
801 /*
802 * Unref the connection in most cases; the XSO has a ref to the QC and
803 * not vice versa. But for a default XSO, to avoid circular references,
804 * the QC refs the XSO but the XSO does not ref the QC. If we are the
805 * default XSO, we only get here when the QC is being torn down anyway,
806 * so don't call SSL_free(qc) as we are already in it.
807 */
808 if (!is_default)
809 SSL_free(&ctx.qc->obj.ssl);
810
811 /* Note: SSL_free calls OPENSSL_free(xso) for us */
812 return;
813 }
814
815 /*
816 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
817 * stage, but is freed during the channel free when the whole QSM is freed.
818 */
819 if (ctx.qc->default_xso != NULL) {
820 QUIC_XSO *xso = ctx.qc->default_xso;
821
822 qctx_unlock(&ctx);
823 SSL_free(&xso->obj.ssl);
824 qctx_lock(&ctx);
825 ctx.qc->default_xso = NULL;
826 }
827
828 /* Ensure we have no remaining XSOs. */
829 assert(ctx.qc->num_xso == 0);
830
831 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
832 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
833 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
834 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
835 }
836 #endif
837
838 /*
839 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
840 * us
841 */
842 qc_cleanup(ctx.qc, /*have_lock=*/1);
843 /* Note: SSL_free calls OPENSSL_free(qc) for us */
844
845 if (ctx.qc->listener != NULL)
846 SSL_free(&ctx.qc->listener->obj.ssl);
847 if (ctx.qc->domain != NULL)
848 SSL_free(&ctx.qc->domain->obj.ssl);
849 }
850
851 /* SSL method init */
ossl_quic_init(SSL * s)852 int ossl_quic_init(SSL *s)
853 {
854 /* Same op as SSL_clear, forward the call. */
855 return ossl_quic_clear(s);
856 }
857
858 /* SSL method deinit */
ossl_quic_deinit(SSL * s)859 void ossl_quic_deinit(SSL *s)
860 {
861 /* No-op. */
862 }
863
864 /* SSL_clear (ssl_reset method) */
ossl_quic_reset(SSL * s)865 int ossl_quic_reset(SSL *s)
866 {
867 QCTX ctx;
868
869 if (!expect_quic_any(s, &ctx))
870 return 0;
871
872 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
873 return 0;
874 }
875
876 /* ssl_clear method (unused) */
ossl_quic_clear(SSL * s)877 int ossl_quic_clear(SSL *s)
878 {
879 QCTX ctx;
880
881 if (!expect_quic_any(s, &ctx))
882 return 0;
883
884 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
885 return 0;
886 }
887
ossl_quic_set_override_now_cb(SSL * s,OSSL_TIME (* now_cb)(void * arg),void * now_cb_arg)888 int ossl_quic_set_override_now_cb(SSL *s,
889 OSSL_TIME (*now_cb)(void *arg),
890 void *now_cb_arg)
891 {
892 QCTX ctx;
893
894 if (!expect_quic_any(s, &ctx))
895 return 0;
896
897 qctx_lock(&ctx);
898
899 ossl_quic_engine_set_time_cb(ctx.obj->engine, now_cb, now_cb_arg);
900
901 qctx_unlock(&ctx);
902 return 1;
903 }
904
ossl_quic_conn_force_assist_thread_wake(SSL * s)905 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
906 {
907 QCTX ctx;
908
909 if (!expect_quic_conn_only(s, &ctx))
910 return;
911
912 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
913 if (ctx.qc->is_thread_assisted && ctx.qc->started)
914 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
915 #endif
916 }
917
918 QUIC_NEEDS_LOCK
qc_touch_default_xso(QUIC_CONNECTION * qc)919 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
920 {
921 qc->default_xso_created = 1;
922 qc_update_reject_policy(qc);
923 }
924
925 /*
926 * Changes default XSO. Allows caller to keep reference to the old default XSO
927 * (if any). Reference to new XSO is transferred from caller.
928 */
929 QUIC_NEEDS_LOCK
qc_set_default_xso_keep_ref(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch,QUIC_XSO ** old_xso)930 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
931 int touch,
932 QUIC_XSO **old_xso)
933 {
934 int refs;
935
936 *old_xso = NULL;
937
938 if (qc->default_xso != xso) {
939 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
940
941 qc->default_xso = xso;
942
943 if (xso == NULL) {
944 /*
945 * Changing to not having a default XSO. XSO becomes standalone and
946 * now has a ref to the QC.
947 */
948 if (!ossl_assert(SSL_up_ref(&qc->obj.ssl)))
949 return;
950 } else {
951 /*
952 * Changing from not having a default XSO to having one. The new XSO
953 * will have had a reference to the QC we need to drop to avoid a
954 * circular reference.
955 *
956 * Currently we never change directly from one default XSO to
957 * another, though this function would also still be correct if this
958 * weren't the case.
959 */
960 assert(*old_xso == NULL);
961
962 CRYPTO_DOWN_REF(&qc->obj.ssl.references, &refs);
963 assert(refs > 0);
964 }
965 }
966
967 if (touch)
968 qc_touch_default_xso(qc);
969 }
970
971 /*
972 * Changes default XSO, releasing the reference to any previous default XSO.
973 * Reference to new XSO is transferred from caller.
974 */
975 QUIC_NEEDS_LOCK
qc_set_default_xso(QUIC_CONNECTION * qc,QUIC_XSO * xso,int touch)976 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
977 {
978 QUIC_XSO *old_xso = NULL;
979
980 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
981
982 if (old_xso != NULL)
983 SSL_free(&old_xso->obj.ssl);
984 }
985
986 QUIC_NEEDS_LOCK
xso_update_options(QUIC_XSO * xso)987 static void xso_update_options(QUIC_XSO *xso)
988 {
989 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
990
991 if (xso->stream->rstream != NULL)
992 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
993
994 if (xso->stream->sstream != NULL)
995 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
996 }
997
998 /*
999 * SSL_set_options
1000 * ---------------
1001 *
1002 * Setting options on a QCSO
1003 * - configures the handshake-layer options;
1004 * - configures the default data-plane options for new streams;
1005 * - configures the data-plane options on the default XSO, if there is one.
1006 *
1007 * Setting options on a QSSO
1008 * - configures data-plane options for that stream only.
1009 */
1010 QUIC_TAKES_LOCK
quic_mask_or_options(SSL * ssl,uint64_t mask_value,uint64_t or_value)1011 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
1012 {
1013 QCTX ctx;
1014 uint64_t hs_mask_value, hs_or_value, ret;
1015
1016 if (!expect_quic_cs(ssl, &ctx))
1017 return 0;
1018
1019 qctx_lock(&ctx);
1020
1021 if (!ctx.is_stream) {
1022 /*
1023 * If we were called on the connection, we apply any handshake option
1024 * changes.
1025 */
1026 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1027 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
1028
1029 SSL_clear_options(ctx.qc->tls, hs_mask_value);
1030 SSL_set_options(ctx.qc->tls, hs_or_value);
1031
1032 /* Update defaults for new streams. */
1033 ctx.qc->default_ssl_options
1034 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
1035 & OSSL_QUIC_PERMITTED_OPTIONS;
1036 }
1037
1038 ret = ctx.qc->default_ssl_options;
1039 if (ctx.xso != NULL) {
1040 ctx.xso->ssl_options
1041 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
1042 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1043
1044 xso_update_options(ctx.xso);
1045
1046 if (ctx.is_stream)
1047 ret = ctx.xso->ssl_options;
1048 }
1049
1050 qctx_unlock(&ctx);
1051 return ret;
1052 }
1053
ossl_quic_set_options(SSL * ssl,uint64_t options)1054 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
1055 {
1056 return quic_mask_or_options(ssl, 0, options);
1057 }
1058
1059 /* SSL_clear_options */
ossl_quic_clear_options(SSL * ssl,uint64_t options)1060 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
1061 {
1062 return quic_mask_or_options(ssl, options, 0);
1063 }
1064
1065 /* SSL_get_options */
ossl_quic_get_options(const SSL * ssl)1066 uint64_t ossl_quic_get_options(const SSL *ssl)
1067 {
1068 return quic_mask_or_options((SSL *)ssl, 0, 0);
1069 }
1070
1071 /*
1072 * QUIC Front-End I/O API: Network BIO Configuration
1073 * =================================================
1074 *
1075 * Handling the different BIOs is difficult:
1076 *
1077 * - It is more or less a requirement that we use non-blocking network I/O;
1078 * we need to be able to have timeouts on recv() calls, and make best effort
1079 * (non blocking) send() and recv() calls.
1080 *
1081 * The only sensible way to do this is to configure the socket into
1082 * non-blocking mode. We could try to do select() before calling send() or
1083 * recv() to get a guarantee that the call will not block, but this will
1084 * probably run into issues with buggy OSes which generate spurious socket
1085 * readiness events. In any case, relying on this to work reliably does not
1086 * seem sane.
1087 *
1088 * Timeouts could be handled via setsockopt() socket timeout options, but
1089 * this depends on OS support and adds another syscall to every network I/O
1090 * operation. It also has obvious thread safety concerns if we want to move
1091 * to concurrent use of a single socket at some later date.
1092 *
1093 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
1094 * be made non-blocking. However some OSes (e.g. Windows) do not support
1095 * this, so we cannot rely on this.
1096 *
1097 * As such, we need to configure any FD in non-blocking mode. This may
1098 * confound users who pass a blocking socket to libssl. However, in practice
1099 * it would be extremely strange for a user of QUIC to pass an FD to us,
1100 * then also try and send receive traffic on the same socket(!). Thus the
1101 * impact of this should be limited, and can be documented.
1102 *
1103 * - We support both blocking and non-blocking operation in terms of the API
1104 * presented to the user. One prospect is to set the blocking mode based on
1105 * whether the socket passed to us was already in blocking mode. However,
1106 * Windows has no API for determining if a socket is in blocking mode (!),
1107 * therefore this cannot be done portably. Currently therefore we expose an
1108 * explicit API call to set this, and default to blocking mode.
1109 *
1110 * - We need to determine our initial destination UDP address. The "natural"
1111 * way for a user to do this is to set the peer variable on a BIO_dgram.
1112 * However, this has problems because BIO_dgram's peer variable is used for
1113 * both transmission and reception. This means it can be constantly being
1114 * changed to a malicious value (e.g. if some random unrelated entity on the
1115 * network starts sending traffic to us) on every read call. This is not a
1116 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
1117 * calls only, which do not use this variable. However, we do need to let
1118 * the user specify the peer in a 'normal' manner. The compromise here is
1119 * that we grab the current peer value set at the time the write BIO is set
1120 * and do not read the value again.
1121 *
1122 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
1123 * Currently we do this by only supporting non-blocking mode.
1124 *
1125 */
1126
1127 /*
1128 * Determines what initial destination UDP address we should use, if possible.
1129 * If this fails the client must set the destination address manually, or use a
1130 * BIO which does not need a destination address.
1131 */
csm_analyse_init_peer_addr(BIO * net_wbio,BIO_ADDR * peer)1132 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
1133 {
1134 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
1135 return 0;
1136
1137 return 1;
1138 }
1139
1140 static int
quic_set0_net_rbio(QUIC_OBJ * obj,BIO * net_rbio)1141 quic_set0_net_rbio(QUIC_OBJ *obj, BIO *net_rbio)
1142 {
1143 QUIC_PORT *port;
1144 BIO *old_rbio = NULL;
1145
1146 port = ossl_quic_obj_get0_port(obj);
1147 old_rbio = ossl_quic_port_get_net_rbio(port);
1148 if (old_rbio == net_rbio)
1149 return 0;
1150
1151 if (!ossl_quic_port_set_net_rbio(port, net_rbio))
1152 return 0;
1153
1154 BIO_free_all(old_rbio);
1155 if (net_rbio != NULL)
1156 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
1157
1158 return 1;
1159 }
1160
1161 static int
quic_set0_net_wbio(QUIC_OBJ * obj,BIO * net_wbio)1162 quic_set0_net_wbio(QUIC_OBJ *obj, BIO *net_wbio)
1163 {
1164 QUIC_PORT *port;
1165 BIO *old_wbio = NULL;
1166
1167 port = ossl_quic_obj_get0_port(obj);
1168 old_wbio = ossl_quic_port_get_net_wbio(port);
1169 if (old_wbio == net_wbio)
1170 return 0;
1171
1172 if (!ossl_quic_port_set_net_wbio(port, net_wbio))
1173 return 0;
1174
1175 BIO_free_all(old_wbio);
1176 if (net_wbio != NULL)
1177 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
1178
1179 return 1;
1180 }
1181
ossl_quic_conn_set0_net_rbio(SSL * s,BIO * net_rbio)1182 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
1183 {
1184 QCTX ctx;
1185
1186 if (!expect_quic_csl(s, &ctx))
1187 return;
1188
1189 /* Returns 0 if no change. */
1190 if (!quic_set0_net_rbio(ctx.obj, net_rbio))
1191 return;
1192 }
1193
ossl_quic_conn_set0_net_wbio(SSL * s,BIO * net_wbio)1194 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
1195 {
1196 QCTX ctx;
1197
1198 if (!expect_quic_csl(s, &ctx))
1199 return;
1200
1201 /* Returns 0 if no change. */
1202 if (!quic_set0_net_wbio(ctx.obj, net_wbio))
1203 return;
1204 }
1205
ossl_quic_conn_get_net_rbio(const SSL * s)1206 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
1207 {
1208 QCTX ctx;
1209 QUIC_PORT *port;
1210
1211 if (!expect_quic_csl(s, &ctx))
1212 return NULL;
1213
1214 port = ossl_quic_obj_get0_port(ctx.obj);
1215 assert(port != NULL);
1216 return ossl_quic_port_get_net_rbio(port);
1217 }
1218
ossl_quic_conn_get_net_wbio(const SSL * s)1219 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
1220 {
1221 QCTX ctx;
1222 QUIC_PORT *port;
1223
1224 if (!expect_quic_csl(s, &ctx))
1225 return NULL;
1226
1227 port = ossl_quic_obj_get0_port(ctx.obj);
1228 assert(port != NULL);
1229 return ossl_quic_port_get_net_wbio(port);
1230 }
1231
ossl_quic_conn_get_blocking_mode(const SSL * s)1232 int ossl_quic_conn_get_blocking_mode(const SSL *s)
1233 {
1234 QCTX ctx;
1235
1236 if (!expect_quic_csl(s, &ctx))
1237 return 0;
1238
1239 return qctx_blocking(&ctx);
1240 }
1241
1242 QUIC_TAKES_LOCK
ossl_quic_conn_set_blocking_mode(SSL * s,int blocking)1243 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
1244 {
1245 int ret = 0;
1246 unsigned int mode;
1247 QCTX ctx;
1248
1249 if (!expect_quic_csl(s, &ctx))
1250 return 0;
1251
1252 qctx_lock(&ctx);
1253
1254 /* Sanity check - can we support the request given the current network BIO? */
1255 if (blocking) {
1256 /*
1257 * If called directly on a top-level object (QCSO or QLSO), update our
1258 * information on network BIO capabilities.
1259 */
1260 if (qctx_is_top_level(&ctx))
1261 ossl_quic_engine_update_poll_descriptors(ctx.obj->engine, /*force=*/1);
1262
1263 /* Cannot enable blocking mode if we do not have pollable FDs. */
1264 if (!ossl_quic_obj_can_support_blocking(ctx.obj)) {
1265 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1266 goto out;
1267 }
1268 }
1269
1270 mode = (blocking != 0)
1271 ? QUIC_BLOCKING_MODE_BLOCKING
1272 : QUIC_BLOCKING_MODE_NONBLOCKING;
1273
1274 ossl_quic_obj_set_blocking_mode(ctx.obj, mode);
1275
1276 ret = 1;
1277 out:
1278 qctx_unlock(&ctx);
1279 return ret;
1280 }
1281
ossl_quic_conn_set_initial_peer_addr(SSL * s,const BIO_ADDR * peer_addr)1282 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1283 const BIO_ADDR *peer_addr)
1284 {
1285 QCTX ctx;
1286
1287 if (!expect_quic_cs(s, &ctx))
1288 return 0;
1289
1290 if (ctx.qc->started)
1291 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1292 NULL);
1293
1294 if (peer_addr == NULL) {
1295 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1296 return 1;
1297 }
1298
1299 return BIO_ADDR_copy(&ctx.qc->init_peer_addr, peer_addr);
1300 }
1301
1302 /*
1303 * QUIC Front-End I/O API: Asynchronous I/O Management
1304 * ===================================================
1305 *
1306 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1307 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1308 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1309 *
1310 */
1311
1312 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1313 QUIC_TAKES_LOCK
ossl_quic_handle_events(SSL * s)1314 int ossl_quic_handle_events(SSL *s)
1315 {
1316 QCTX ctx;
1317
1318 if (!expect_quic_any(s, &ctx))
1319 return 0;
1320
1321 qctx_lock(&ctx);
1322 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
1323 qctx_unlock(&ctx);
1324 return 1;
1325 }
1326
1327 /*
1328 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1329 * should next have events handled by the application by calling
1330 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1331 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1332 * the value of *tv is undefined.
1333 */
1334 QUIC_TAKES_LOCK
ossl_quic_get_event_timeout(SSL * s,struct timeval * tv,int * is_infinite)1335 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1336 {
1337 QCTX ctx;
1338 QUIC_REACTOR *reactor;
1339 OSSL_TIME deadline;
1340 OSSL_TIME basetime;
1341
1342 if (!expect_quic_any(s, &ctx))
1343 return 0;
1344
1345 qctx_lock(&ctx);
1346
1347 reactor = ossl_quic_obj_get0_reactor(ctx.obj);
1348 deadline = ossl_quic_reactor_get_tick_deadline(reactor);
1349
1350 if (ossl_time_is_infinite(deadline)) {
1351 qctx_unlock(&ctx);
1352 *is_infinite = 1;
1353
1354 /*
1355 * Robustness against faulty applications that don't check *is_infinite;
1356 * harmless long timeout.
1357 */
1358 tv->tv_sec = 1000000;
1359 tv->tv_usec = 0;
1360 return 1;
1361 }
1362
1363 basetime = ossl_quic_engine_get_time(ctx.obj->engine);
1364
1365 qctx_unlock(&ctx);
1366
1367 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, basetime));
1368 *is_infinite = 0;
1369
1370 return 1;
1371 }
1372
1373 /* SSL_get_rpoll_descriptor */
ossl_quic_get_rpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1374 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1375 {
1376 QCTX ctx;
1377 QUIC_PORT *port = NULL;
1378 BIO *net_rbio;
1379
1380 if (!expect_quic_csl(s, &ctx))
1381 return 0;
1382
1383 port = ossl_quic_obj_get0_port(ctx.obj);
1384 net_rbio = ossl_quic_port_get_net_rbio(port);
1385 if (desc == NULL || net_rbio == NULL)
1386 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1387 NULL);
1388
1389 return BIO_get_rpoll_descriptor(net_rbio, desc);
1390 }
1391
1392 /* SSL_get_wpoll_descriptor */
ossl_quic_get_wpoll_descriptor(SSL * s,BIO_POLL_DESCRIPTOR * desc)1393 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1394 {
1395 QCTX ctx;
1396 QUIC_PORT *port = NULL;
1397 BIO *net_wbio;
1398
1399 if (!expect_quic_csl(s, &ctx))
1400 return 0;
1401
1402 port = ossl_quic_obj_get0_port(ctx.obj);
1403 net_wbio = ossl_quic_port_get_net_wbio(port);
1404 if (desc == NULL || net_wbio == NULL)
1405 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1406 NULL);
1407
1408 return BIO_get_wpoll_descriptor(net_wbio, desc);
1409 }
1410
1411 /* SSL_net_read_desired */
1412 QUIC_TAKES_LOCK
ossl_quic_get_net_read_desired(SSL * s)1413 int ossl_quic_get_net_read_desired(SSL *s)
1414 {
1415 QCTX ctx;
1416 int ret;
1417
1418 if (!expect_quic_csl(s, &ctx))
1419 return 0;
1420
1421 qctx_lock(&ctx);
1422 ret = ossl_quic_reactor_net_read_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1423 qctx_unlock(&ctx);
1424 return ret;
1425 }
1426
1427 /* SSL_net_write_desired */
1428 QUIC_TAKES_LOCK
ossl_quic_get_net_write_desired(SSL * s)1429 int ossl_quic_get_net_write_desired(SSL *s)
1430 {
1431 int ret;
1432 QCTX ctx;
1433
1434 if (!expect_quic_csl(s, &ctx))
1435 return 0;
1436
1437 qctx_lock(&ctx);
1438 ret = ossl_quic_reactor_net_write_desired(ossl_quic_obj_get0_reactor(ctx.obj));
1439 qctx_unlock(&ctx);
1440 return ret;
1441 }
1442
1443 /*
1444 * QUIC Front-End I/O API: Connection Lifecycle Operations
1445 * =======================================================
1446 *
1447 * SSL_do_handshake => ossl_quic_do_handshake
1448 * SSL_set_connect_state => ossl_quic_set_connect_state
1449 * SSL_set_accept_state => ossl_quic_set_accept_state
1450 * SSL_shutdown => ossl_quic_shutdown
1451 * SSL_ctrl => ossl_quic_ctrl
1452 * (BIO/)SSL_connect => ossl_quic_connect
1453 * (BIO/)SSL_accept => ossl_quic_accept
1454 *
1455 */
1456
1457 QUIC_NEEDS_LOCK
qc_shutdown_flush_init(QUIC_CONNECTION * qc)1458 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1459 {
1460 QUIC_STREAM_MAP *qsm;
1461
1462 if (qc->shutting_down)
1463 return;
1464
1465 qsm = ossl_quic_channel_get_qsm(qc->ch);
1466
1467 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1468 qc->shutting_down = 1;
1469 }
1470
1471 /* Returns 1 if all shutdown-flush streams have been done with. */
1472 QUIC_NEEDS_LOCK
qc_shutdown_flush_finished(QUIC_CONNECTION * qc)1473 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1474 {
1475 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1476
1477 return qc->shutting_down
1478 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1479 }
1480
1481 /* SSL_shutdown */
quic_shutdown_wait(void * arg)1482 static int quic_shutdown_wait(void *arg)
1483 {
1484 QUIC_CONNECTION *qc = arg;
1485
1486 return ossl_quic_channel_is_terminated(qc->ch);
1487 }
1488
1489 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
quic_shutdown_flush_wait(void * arg)1490 static int quic_shutdown_flush_wait(void *arg)
1491 {
1492 QUIC_CONNECTION *qc = arg;
1493
1494 return ossl_quic_channel_is_term_any(qc->ch)
1495 || qc_shutdown_flush_finished(qc);
1496 }
1497
quic_shutdown_peer_wait(void * arg)1498 static int quic_shutdown_peer_wait(void *arg)
1499 {
1500 QUIC_CONNECTION *qc = arg;
1501 return ossl_quic_channel_is_term_any(qc->ch);
1502 }
1503
1504 QUIC_TAKES_LOCK
ossl_quic_conn_shutdown(SSL * s,uint64_t flags,const SSL_SHUTDOWN_EX_ARGS * args,size_t args_len)1505 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1506 const SSL_SHUTDOWN_EX_ARGS *args,
1507 size_t args_len)
1508 {
1509 int ret;
1510 QCTX ctx;
1511 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1512 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1513 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1514
1515 if (!expect_quic_cs(s, &ctx))
1516 return -1;
1517
1518 if (ctx.is_stream) {
1519 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1520 return -1;
1521 }
1522
1523 qctx_lock(&ctx);
1524
1525 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1526 qctx_unlock(&ctx);
1527 return 1;
1528 }
1529
1530 /* Phase 1: Stream Flushing */
1531 if (!wait_peer && stream_flush) {
1532 qc_shutdown_flush_init(ctx.qc);
1533
1534 if (!qc_shutdown_flush_finished(ctx.qc)) {
1535 if (!no_block && qctx_blocking(&ctx)) {
1536 ret = block_until_pred(&ctx, quic_shutdown_flush_wait, ctx.qc, 0);
1537 if (ret < 1) {
1538 ret = 0;
1539 goto err;
1540 }
1541 } else {
1542 qctx_maybe_autotick(&ctx);
1543 }
1544 }
1545
1546 if (!qc_shutdown_flush_finished(ctx.qc)) {
1547 qctx_unlock(&ctx);
1548 return 0; /* ongoing */
1549 }
1550 }
1551
1552 /* Phase 2: Connection Closure */
1553 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1554 if (!no_block && qctx_blocking(&ctx)) {
1555 ret = block_until_pred(&ctx, quic_shutdown_peer_wait, ctx.qc, 0);
1556 if (ret < 1) {
1557 ret = 0;
1558 goto err;
1559 }
1560 } else {
1561 qctx_maybe_autotick(&ctx);
1562 }
1563
1564 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1565 ret = 0; /* peer hasn't closed yet - still not done */
1566 goto err;
1567 }
1568
1569 /*
1570 * We are at least terminating - go through the normal process of
1571 * waiting until we are in the TERMINATED state.
1572 */
1573 }
1574
1575 /* Block mutation ops regardless of if we did stream flush. */
1576 ctx.qc->shutting_down = 1;
1577
1578 /*
1579 * This call is a no-op if we are already terminating, so it doesn't
1580 * affect the wait_peer case.
1581 */
1582 ossl_quic_channel_local_close(ctx.qc->ch,
1583 args != NULL ? args->quic_error_code : 0,
1584 args != NULL ? args->quic_reason : NULL);
1585
1586 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1587
1588 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1589 qctx_unlock(&ctx);
1590 return 1;
1591 }
1592
1593 /* Phase 3: Terminating Wait Time */
1594 if (!no_block && qctx_blocking(&ctx)
1595 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1596 ret = block_until_pred(&ctx, quic_shutdown_wait, ctx.qc, 0);
1597 if (ret < 1) {
1598 ret = 0;
1599 goto err;
1600 }
1601 } else {
1602 qctx_maybe_autotick(&ctx);
1603 }
1604
1605 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1606 err:
1607 qctx_unlock(&ctx);
1608 return ret;
1609 }
1610
1611 /* SSL_ctrl */
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)1612 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1613 {
1614 QCTX ctx;
1615
1616 if (!expect_quic_csl(s, &ctx))
1617 return 0;
1618
1619 switch (cmd) {
1620 case SSL_CTRL_MODE:
1621 if (ctx.is_listener)
1622 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1623
1624 /* If called on a QCSO, update the default mode. */
1625 if (!ctx.is_stream)
1626 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1627
1628 /*
1629 * If we were called on a QSSO or have a default stream, we also update
1630 * that.
1631 */
1632 if (ctx.xso != NULL) {
1633 /* Cannot enable EPW while AON write in progress. */
1634 if (ctx.xso->aon_write_in_progress)
1635 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1636
1637 ctx.xso->ssl_mode |= (uint32_t)larg;
1638 return ctx.xso->ssl_mode;
1639 }
1640
1641 return ctx.qc->default_ssl_mode;
1642 case SSL_CTRL_CLEAR_MODE:
1643 if (ctx.is_listener)
1644 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1645
1646 if (!ctx.is_stream)
1647 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1648
1649 if (ctx.xso != NULL) {
1650 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1651 return ctx.xso->ssl_mode;
1652 }
1653
1654 return ctx.qc->default_ssl_mode;
1655
1656 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1657 if (ctx.is_listener)
1658 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1659
1660 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1661 /* This ctrl also needs to be passed to the internal SSL object */
1662 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1663
1664 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1665 {
1666 int is_infinite;
1667
1668 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1669 return 0;
1670
1671 return !is_infinite;
1672 }
1673 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1674 /* For legacy compatibility with DTLS calls. */
1675 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1676
1677 /* Mask ctrls we shouldn't support for QUIC. */
1678 case SSL_CTRL_GET_READ_AHEAD:
1679 case SSL_CTRL_SET_READ_AHEAD:
1680 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1681 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1682 case SSL_CTRL_SET_MAX_PIPELINES:
1683 return 0;
1684
1685 default:
1686 /*
1687 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1688 * implementation. Either SSL_ctrl will handle it itself by direct
1689 * access into handshake layer state, or failing that, it will be passed
1690 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1691 * supported by anything, the handshake layer's ctrl method will finally
1692 * return 0.
1693 */
1694 if (ctx.is_listener)
1695 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
1696
1697 return ossl_ctrl_internal(&ctx.qc->obj.ssl, cmd, larg, parg, /*no_quic=*/1);
1698 }
1699 }
1700
1701 /* SSL_set_connect_state */
ossl_quic_set_connect_state(SSL * s,int raiseerrs)1702 int ossl_quic_set_connect_state(SSL *s, int raiseerrs)
1703 {
1704 QCTX ctx;
1705
1706 if (!is_quic_c(s, &ctx, raiseerrs))
1707 return 0;
1708
1709 if (ctx.qc->as_server_state == 0)
1710 return 1;
1711
1712 /* Cannot be changed after handshake started */
1713 if (ctx.qc->started) {
1714 if (raiseerrs)
1715 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1716 return 0;
1717 }
1718
1719 ctx.qc->as_server_state = 0;
1720 return 1;
1721 }
1722
1723 /* SSL_set_accept_state */
ossl_quic_set_accept_state(SSL * s,int raiseerrs)1724 int ossl_quic_set_accept_state(SSL *s, int raiseerrs)
1725 {
1726 QCTX ctx;
1727
1728 if (!is_quic_c(s, &ctx, raiseerrs))
1729 return 0;
1730
1731 if (ctx.qc->as_server_state == 1)
1732 return 1;
1733
1734 /* Cannot be changed after handshake started */
1735 if (ctx.qc->started) {
1736 if (raiseerrs)
1737 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
1738 return 0;
1739 }
1740
1741 ctx.qc->as_server_state = 1;
1742 return 1;
1743 }
1744
1745 /* SSL_do_handshake */
1746 struct quic_handshake_wait_args {
1747 QUIC_CONNECTION *qc;
1748 };
1749
tls_wants_non_io_retry(QUIC_CONNECTION * qc)1750 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1751 {
1752 int want = SSL_want(qc->tls);
1753
1754 if (want == SSL_X509_LOOKUP
1755 || want == SSL_CLIENT_HELLO_CB
1756 || want == SSL_RETRY_VERIFY)
1757 return 1;
1758
1759 return 0;
1760 }
1761
quic_handshake_wait(void * arg)1762 static int quic_handshake_wait(void *arg)
1763 {
1764 struct quic_handshake_wait_args *args = arg;
1765
1766 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1767 return -1;
1768
1769 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1770 return 1;
1771
1772 if (tls_wants_non_io_retry(args->qc))
1773 return 1;
1774
1775 return 0;
1776 }
1777
configure_channel(QUIC_CONNECTION * qc)1778 static int configure_channel(QUIC_CONNECTION *qc)
1779 {
1780 assert(qc->ch != NULL);
1781
1782 if (!ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1783 return 0;
1784
1785 return 1;
1786 }
1787
need_notifier_for_domain_flags(uint64_t domain_flags)1788 static int need_notifier_for_domain_flags(uint64_t domain_flags)
1789 {
1790 return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0
1791 || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0
1792 && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0);
1793 }
1794
1795 QUIC_NEEDS_LOCK
create_channel(QUIC_CONNECTION * qc,SSL_CTX * ctx)1796 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx)
1797 {
1798 QUIC_ENGINE_ARGS engine_args = {0};
1799 QUIC_PORT_ARGS port_args = {0};
1800
1801 engine_args.libctx = ctx->libctx;
1802 engine_args.propq = ctx->propq;
1803 #if defined(OPENSSL_THREADS)
1804 engine_args.mutex = qc->mutex;
1805 #endif
1806
1807 if (need_notifier_for_domain_flags(ctx->domain_flags))
1808 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
1809
1810 qc->engine = ossl_quic_engine_new(&engine_args);
1811 if (qc->engine == NULL) {
1812 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1813 return 0;
1814 }
1815
1816 port_args.channel_ctx = ctx;
1817 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1818 if (qc->port == NULL) {
1819 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1820 ossl_quic_engine_free(qc->engine);
1821 return 0;
1822 }
1823
1824 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1825 if (qc->ch == NULL) {
1826 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1827 ossl_quic_port_free(qc->port);
1828 ossl_quic_engine_free(qc->engine);
1829 return 0;
1830 }
1831
1832 return 1;
1833 }
1834
1835 /*
1836 * Configures a channel with the information we have accumulated via calls made
1837 * to us from the application prior to starting a handshake attempt.
1838 */
1839 QUIC_NEEDS_LOCK
ensure_channel_started(QCTX * ctx)1840 static int ensure_channel_started(QCTX *ctx)
1841 {
1842 QUIC_CONNECTION *qc = ctx->qc;
1843
1844 if (!qc->started) {
1845 if (!configure_channel(qc)) {
1846 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1847 "failed to configure channel");
1848 return 0;
1849 }
1850
1851 if (!ossl_quic_channel_start(qc->ch)) {
1852 ossl_quic_channel_restore_err_state(qc->ch);
1853 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1854 "failed to start channel");
1855 return 0;
1856 }
1857
1858 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1859 if (qc->is_thread_assisted)
1860 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) {
1861 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1862 "failed to start assist thread");
1863 return 0;
1864 }
1865 #endif
1866 }
1867
1868 qc->started = 1;
1869 return 1;
1870 }
1871
1872 QUIC_NEEDS_LOCK
quic_do_handshake(QCTX * ctx)1873 static int quic_do_handshake(QCTX *ctx)
1874 {
1875 int ret;
1876 QUIC_CONNECTION *qc = ctx->qc;
1877 QUIC_PORT *port;
1878 BIO *net_rbio, *net_wbio;
1879
1880 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1881 /* Handshake already completed. */
1882 return 1;
1883
1884 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1885 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1886
1887 if (qc->as_server != qc->as_server_state) {
1888 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1889 return -1; /* Non-protocol error */
1890 }
1891
1892 port = ossl_quic_obj_get0_port(ctx->obj);
1893 net_rbio = ossl_quic_port_get_net_rbio(port);
1894 net_wbio = ossl_quic_port_get_net_wbio(port);
1895 if (net_rbio == NULL || net_wbio == NULL) {
1896 /* Need read and write BIOs. */
1897 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1898 return -1; /* Non-protocol error */
1899 }
1900
1901 if (!qc->started && ossl_quic_port_is_addressed_w(port)
1902 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1903 /*
1904 * We are trying to connect and are using addressed mode, which means we
1905 * need an initial peer address; if we do not have a peer address yet,
1906 * we should try to autodetect one.
1907 *
1908 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1909 * may not be able to provide us with a peer address until they have
1910 * finished their own processing. They may not be able to perform this
1911 * processing until an application has finished configuring that BIO
1912 * (e.g. with setter calls), which might happen after SSL_set_bio is
1913 * called.
1914 */
1915 if (!csm_analyse_init_peer_addr(net_wbio, &qc->init_peer_addr))
1916 /* best effort */
1917 BIO_ADDR_clear(&qc->init_peer_addr);
1918 else
1919 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1920 }
1921
1922 if (!qc->started
1923 && ossl_quic_port_is_addressed_w(port)
1924 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1925 /*
1926 * If we still don't have a peer address in addressed mode, we can't do
1927 * anything.
1928 */
1929 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1930 return -1; /* Non-protocol error */
1931 }
1932
1933 /*
1934 * Start connection process. Note we may come here multiple times in
1935 * non-blocking mode, which is fine.
1936 */
1937 if (!ensure_channel_started(ctx)) /* raises on failure */
1938 return -1; /* Non-protocol error */
1939
1940 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1941 /* The handshake is now done. */
1942 return 1;
1943
1944 if (!qctx_blocking(ctx)) {
1945 /* Try to advance the reactor. */
1946 qctx_maybe_autotick(ctx);
1947
1948 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1949 /* The handshake is now done. */
1950 return 1;
1951
1952 if (ossl_quic_channel_is_term_any(qc->ch)) {
1953 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1954 return 0;
1955 } else if (ossl_quic_obj_desires_blocking(&qc->obj)) {
1956 /*
1957 * As a special case when doing a handshake when blocking mode is
1958 * desired yet not available, see if the network BIOs have become
1959 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1960 * which do late creation of socket FDs and therefore cannot expose
1961 * a poll descriptor until after a network BIO is set on the QCSO.
1962 */
1963 ossl_quic_engine_update_poll_descriptors(qc->obj.engine, /*force=*/1);
1964 }
1965 }
1966
1967 /*
1968 * We are either in blocking mode or just entered it due to the code above.
1969 */
1970 if (qctx_blocking(ctx)) {
1971 /* In blocking mode, wait for the handshake to complete. */
1972 struct quic_handshake_wait_args args;
1973
1974 args.qc = qc;
1975
1976 ret = block_until_pred(ctx, quic_handshake_wait, &args, 0);
1977 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1978 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1979 return 0; /* Shutdown before completion */
1980 } else if (ret <= 0) {
1981 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1982 return -1; /* Non-protocol error */
1983 }
1984
1985 if (tls_wants_non_io_retry(qc)) {
1986 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1987 return -1;
1988 }
1989
1990 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1991 return 1;
1992 }
1993
1994 if (tls_wants_non_io_retry(qc)) {
1995 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1996 return -1;
1997 }
1998
1999 /*
2000 * Otherwise, indicate that the handshake isn't done yet.
2001 * We can only get here in non-blocking mode.
2002 */
2003 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2004 return -1; /* Non-protocol error */
2005 }
2006
2007 QUIC_TAKES_LOCK
ossl_quic_do_handshake(SSL * s)2008 int ossl_quic_do_handshake(SSL *s)
2009 {
2010 int ret;
2011 QCTX ctx;
2012
2013 if (!expect_quic_cs(s, &ctx))
2014 return 0;
2015
2016 qctx_lock_for_io(&ctx);
2017
2018 ret = quic_do_handshake(&ctx);
2019 qctx_unlock(&ctx);
2020 return ret;
2021 }
2022
2023 /* SSL_connect */
ossl_quic_connect(SSL * s)2024 int ossl_quic_connect(SSL *s)
2025 {
2026 /* Ensure we are in connect state (no-op if non-idle). */
2027 if (!ossl_quic_set_connect_state(s, 1))
2028 return -1;
2029
2030 /* Begin or continue the handshake */
2031 return ossl_quic_do_handshake(s);
2032 }
2033
2034 /* SSL_accept */
ossl_quic_accept(SSL * s)2035 int ossl_quic_accept(SSL *s)
2036 {
2037 /* Ensure we are in accept state (no-op if non-idle). */
2038 if (!ossl_quic_set_accept_state(s, 1))
2039 return -1;
2040
2041 /* Begin or continue the handshake */
2042 return ossl_quic_do_handshake(s);
2043 }
2044
2045 /*
2046 * QUIC Front-End I/O API: Stream Lifecycle Operations
2047 * ===================================================
2048 *
2049 * SSL_stream_new => ossl_quic_conn_stream_new
2050 *
2051 */
2052
2053 /*
2054 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
2055 * default XSO was created. Returns 0 if it was not (e.g. because it already
2056 * exists). Note that this is NOT an error condition.
2057 */
2058 QUIC_NEEDS_LOCK
qc_try_create_default_xso_for_write(QCTX * ctx)2059 static int qc_try_create_default_xso_for_write(QCTX *ctx)
2060 {
2061 uint64_t flags = 0;
2062 QUIC_CONNECTION *qc = ctx->qc;
2063
2064 if (qc->default_xso_created
2065 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2066 /*
2067 * We only do this once. If the user detaches a previously created
2068 * default XSO we don't auto-create another one.
2069 */
2070 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2071
2072 /* Create a locally-initiated stream. */
2073 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2074 flags |= SSL_STREAM_FLAG_UNI;
2075
2076 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
2077 /*needs_lock=*/0),
2078 /*touch=*/0);
2079 if (qc->default_xso == NULL)
2080 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2081
2082 qc_touch_default_xso(qc);
2083 return 1;
2084 }
2085
2086 struct quic_wait_for_stream_args {
2087 QUIC_CONNECTION *qc;
2088 QUIC_STREAM *qs;
2089 QCTX *ctx;
2090 uint64_t expect_id;
2091 };
2092
2093 QUIC_NEEDS_LOCK
quic_wait_for_stream(void * arg)2094 static int quic_wait_for_stream(void *arg)
2095 {
2096 struct quic_wait_for_stream_args *args = arg;
2097
2098 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
2099 /* If connection is torn down due to an error while blocking, stop. */
2100 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2101 return -1;
2102 }
2103
2104 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2105 args->expect_id | QUIC_STREAM_DIR_BIDI);
2106 if (args->qs == NULL)
2107 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
2108 args->expect_id | QUIC_STREAM_DIR_UNI);
2109
2110 if (args->qs != NULL)
2111 return 1; /* stream now exists */
2112
2113 return 0; /* did not get a stream, keep trying */
2114 }
2115
2116 QUIC_NEEDS_LOCK
qc_wait_for_default_xso_for_read(QCTX * ctx,int peek)2117 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek)
2118 {
2119 /* Called on a QCSO and we don't currently have a default stream. */
2120 uint64_t expect_id;
2121 QUIC_CONNECTION *qc = ctx->qc;
2122 QUIC_STREAM *qs;
2123 int res;
2124 struct quic_wait_for_stream_args wargs;
2125 OSSL_RTT_INFO rtt_info;
2126
2127 /*
2128 * If default stream functionality is disabled or we already detached
2129 * one, don't make another default stream and just fail.
2130 */
2131 if (qc->default_xso_created
2132 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2133 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
2134
2135 /*
2136 * The peer may have opened a stream since we last ticked. So tick and
2137 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
2138 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
2139 * first stream created by a peer must have an ordinal of 0.
2140 */
2141 expect_id = qc->as_server
2142 ? QUIC_STREAM_INITIATOR_CLIENT
2143 : QUIC_STREAM_INITIATOR_SERVER;
2144
2145 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2146 expect_id | QUIC_STREAM_DIR_BIDI);
2147 if (qs == NULL)
2148 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2149 expect_id | QUIC_STREAM_DIR_UNI);
2150
2151 if (qs == NULL) {
2152 qctx_maybe_autotick(ctx);
2153
2154 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
2155 expect_id);
2156 }
2157
2158 if (qs == NULL) {
2159 if (peek)
2160 return 0;
2161
2162 if (ossl_quic_channel_is_term_any(qc->ch)) {
2163 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2164 } else if (!qctx_blocking(ctx)) {
2165 /* Non-blocking mode, so just bail immediately. */
2166 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
2167 }
2168
2169 /* Block until we have a stream. */
2170 wargs.qc = qc;
2171 wargs.qs = NULL;
2172 wargs.ctx = ctx;
2173 wargs.expect_id = expect_id;
2174
2175 res = block_until_pred(ctx, quic_wait_for_stream, &wargs, 0);
2176 if (res == 0)
2177 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2178 else if (res < 0 || wargs.qs == NULL)
2179 /* quic_wait_for_stream raised error here */
2180 return 0;
2181
2182 qs = wargs.qs;
2183 }
2184
2185 /*
2186 * We now have qs != NULL. Remove it from the incoming stream queue so that
2187 * it isn't also returned by any future SSL_accept_stream calls.
2188 */
2189 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2190 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
2191 qs, rtt_info.smoothed_rtt);
2192
2193 /*
2194 * Now make qs the default stream, creating the necessary XSO.
2195 */
2196 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
2197 if (qc->default_xso == NULL)
2198 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2199
2200 qc_touch_default_xso(qc); /* inhibits default XSO */
2201 return 1;
2202 }
2203
2204 QUIC_NEEDS_LOCK
create_xso_from_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs)2205 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
2206 {
2207 QUIC_XSO *xso = NULL;
2208
2209 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
2210 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
2211 goto err;
2212 }
2213
2214 if (!ossl_quic_obj_init(&xso->obj, qc->obj.ssl.ctx, SSL_TYPE_QUIC_XSO,
2215 &qc->obj.ssl, NULL, NULL)) {
2216 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
2217 goto err;
2218 }
2219
2220 /* XSO refs QC */
2221 if (!SSL_up_ref(&qc->obj.ssl)) {
2222 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
2223 goto err;
2224 }
2225
2226 xso->conn = qc;
2227 xso->ssl_mode = qc->default_ssl_mode;
2228 xso->ssl_options
2229 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
2230 xso->last_error = SSL_ERROR_NONE;
2231
2232 xso->stream = qs;
2233
2234 ++qc->num_xso;
2235 xso_update_options(xso);
2236 return xso;
2237
2238 err:
2239 OPENSSL_free(xso);
2240 return NULL;
2241 }
2242
2243 struct quic_new_stream_wait_args {
2244 QUIC_CONNECTION *qc;
2245 int is_uni;
2246 };
2247
quic_new_stream_wait(void * arg)2248 static int quic_new_stream_wait(void *arg)
2249 {
2250 struct quic_new_stream_wait_args *args = arg;
2251 QUIC_CONNECTION *qc = args->qc;
2252
2253 if (!quic_mutation_allowed(qc, /*req_active=*/1))
2254 return -1;
2255
2256 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
2257 return 1;
2258
2259 return 0;
2260 }
2261
2262 /* locking depends on need_lock */
quic_conn_stream_new(QCTX * ctx,uint64_t flags,int need_lock)2263 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
2264 {
2265 int ret;
2266 QUIC_CONNECTION *qc = ctx->qc;
2267 QUIC_XSO *xso = NULL;
2268 QUIC_STREAM *qs = NULL;
2269 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2270 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2271 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2272
2273 if (need_lock)
2274 qctx_lock(ctx);
2275
2276 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2278 goto err;
2279 }
2280
2281 if (!advance
2282 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2283 struct quic_new_stream_wait_args args;
2284
2285 /*
2286 * Stream count flow control currently doesn't permit this stream to be
2287 * opened.
2288 */
2289 if (no_blocking || !qctx_blocking(ctx)) {
2290 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2291 goto err;
2292 }
2293
2294 args.qc = qc;
2295 args.is_uni = is_uni;
2296
2297 /* Blocking mode - wait until we can get a stream. */
2298 ret = block_until_pred(ctx, quic_new_stream_wait, &args, 0);
2299 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2300 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2301 goto err; /* Shutdown before completion */
2302 } else if (ret <= 0) {
2303 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2304 goto err; /* Non-protocol error */
2305 }
2306 }
2307
2308 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2309 if (qs == NULL) {
2310 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2311 goto err;
2312 }
2313
2314 xso = create_xso_from_stream(qc, qs);
2315 if (xso == NULL)
2316 goto err;
2317
2318 qc_touch_default_xso(qc); /* inhibits default XSO */
2319 if (need_lock)
2320 qctx_unlock(ctx);
2321
2322 return &xso->obj.ssl;
2323
2324 err:
2325 OPENSSL_free(xso);
2326 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2327 if (need_lock)
2328 qctx_unlock(ctx);
2329
2330 return NULL;
2331
2332 }
2333
2334 QUIC_TAKES_LOCK
ossl_quic_conn_stream_new(SSL * s,uint64_t flags)2335 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2336 {
2337 QCTX ctx;
2338
2339 if (!expect_quic_conn_only(s, &ctx))
2340 return NULL;
2341
2342 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2343 }
2344
2345 /*
2346 * QUIC Front-End I/O API: Steady-State Operations
2347 * ===============================================
2348 *
2349 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2350 * is, the functions used during the established phase of a QUIC connection
2351 * (e.g. SSL_read, SSL_write).
2352 *
2353 * Each function must handle both blocking and non-blocking modes. As discussed
2354 * above, all QUIC I/O is implemented using non-blocking mode internally.
2355 *
2356 * SSL_get_error => partially implemented by ossl_quic_get_error
2357 * SSL_want => ossl_quic_want
2358 * (BIO/)SSL_read => ossl_quic_read
2359 * (BIO/)SSL_write => ossl_quic_write
2360 * SSL_pending => ossl_quic_pending
2361 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2362 * SSL_key_update => ossl_quic_key_update
2363 */
2364
2365 /* SSL_get_error */
ossl_quic_get_error(const SSL * s,int i)2366 int ossl_quic_get_error(const SSL *s, int i)
2367 {
2368 QCTX ctx;
2369 int net_error, last_error;
2370
2371 /* SSL_get_errors() should not raise new errors */
2372 if (!is_quic_cs(s, &ctx, 0 /* suppress errors */))
2373 return SSL_ERROR_SSL;
2374
2375 qctx_lock(&ctx);
2376 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2377 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2378 qctx_unlock(&ctx);
2379
2380 if (net_error)
2381 return SSL_ERROR_SYSCALL;
2382
2383 return last_error;
2384 }
2385
2386 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
error_to_want(int error)2387 static int error_to_want(int error)
2388 {
2389 switch (error) {
2390 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2391 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2392 case SSL_ERROR_ZERO_RETURN:
2393 default:
2394 return SSL_NOTHING;
2395
2396 case SSL_ERROR_WANT_READ:
2397 return SSL_READING;
2398
2399 case SSL_ERROR_WANT_WRITE:
2400 return SSL_WRITING;
2401
2402 case SSL_ERROR_WANT_RETRY_VERIFY:
2403 return SSL_RETRY_VERIFY;
2404
2405 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2406 return SSL_CLIENT_HELLO_CB;
2407
2408 case SSL_ERROR_WANT_X509_LOOKUP:
2409 return SSL_X509_LOOKUP;
2410 }
2411 }
2412
2413 /* SSL_want */
ossl_quic_want(const SSL * s)2414 int ossl_quic_want(const SSL *s)
2415 {
2416 QCTX ctx;
2417 int w;
2418
2419 if (!expect_quic_cs(s, &ctx))
2420 return SSL_NOTHING;
2421
2422 qctx_lock(&ctx);
2423
2424 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2425
2426 qctx_unlock(&ctx);
2427 return w;
2428 }
2429
2430 /*
2431 * SSL_write
2432 * ---------
2433 *
2434 * The set of functions below provide the implementation of the public SSL_write
2435 * function. We must handle:
2436 *
2437 * - both blocking and non-blocking operation at the application level,
2438 * depending on how we are configured;
2439 *
2440 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2441 *
2442 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2443 *
2444 */
2445 QUIC_NEEDS_LOCK
quic_post_write(QUIC_XSO * xso,int did_append,int did_append_all,uint64_t flags,int do_tick)2446 static void quic_post_write(QUIC_XSO *xso, int did_append,
2447 int did_append_all, uint64_t flags,
2448 int do_tick)
2449 {
2450 /*
2451 * We have appended at least one byte to the stream.
2452 * Potentially mark stream as active, depending on FC.
2453 */
2454 if (did_append)
2455 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2456 xso->stream);
2457
2458 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2459 ossl_quic_sstream_fin(xso->stream->sstream);
2460
2461 /*
2462 * Try and send.
2463 *
2464 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2465 * immediately, plus we should eventually consider Nagle's algorithm.
2466 */
2467 if (do_tick)
2468 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2469 }
2470
2471 struct quic_write_again_args {
2472 QUIC_XSO *xso;
2473 const unsigned char *buf;
2474 size_t len;
2475 size_t total_written;
2476 int err;
2477 uint64_t flags;
2478 };
2479
2480 /*
2481 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2482 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2483 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2484 */
2485 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2486
2487 /*
2488 * Ensure spare buffer space available (up until a limit, at least).
2489 */
2490 QUIC_NEEDS_LOCK
sstream_ensure_spare(QUIC_SSTREAM * sstream,uint64_t spare)2491 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2492 {
2493 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2494 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2495 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2496 size_t new_sz, growth;
2497
2498 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2499 return 1;
2500
2501 growth = spare_ - avail;
2502 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2503 new_sz = MAX_WRITE_BUF_SIZE;
2504 else
2505 new_sz = cur_sz + growth;
2506
2507 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2508 }
2509
2510 /*
2511 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2512 * as needed according to flow control.
2513 */
2514 QUIC_NEEDS_LOCK
xso_sstream_append(QUIC_XSO * xso,const unsigned char * buf,size_t len,size_t * actual_written)2515 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2516 size_t len, size_t *actual_written)
2517 {
2518 QUIC_SSTREAM *sstream = xso->stream->sstream;
2519 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2520 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2521 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2522
2523 if (len > permitted)
2524 len = (size_t)permitted;
2525
2526 if (!sstream_ensure_spare(sstream, len))
2527 return 0;
2528
2529 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2530 }
2531
2532 QUIC_NEEDS_LOCK
quic_write_again(void * arg)2533 static int quic_write_again(void *arg)
2534 {
2535 struct quic_write_again_args *args = arg;
2536 size_t actual_written = 0;
2537
2538 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2539 /* If connection is torn down due to an error while blocking, stop. */
2540 return -2;
2541
2542 if (!quic_validate_for_write(args->xso, &args->err))
2543 /*
2544 * Stream may have become invalid for write due to connection events
2545 * while we blocked.
2546 */
2547 return -2;
2548
2549 args->err = ERR_R_INTERNAL_ERROR;
2550 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2551 return -2;
2552
2553 quic_post_write(args->xso, actual_written > 0,
2554 args->len == actual_written, args->flags, 0);
2555
2556 args->buf += actual_written;
2557 args->len -= actual_written;
2558 args->total_written += actual_written;
2559
2560 if (args->len == 0)
2561 /* Written everything, done. */
2562 return 1;
2563
2564 /* Not written everything yet, keep trying. */
2565 return 0;
2566 }
2567
2568 QUIC_NEEDS_LOCK
quic_write_blocking(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2569 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2570 uint64_t flags, size_t *written)
2571 {
2572 int res;
2573 QUIC_XSO *xso = ctx->xso;
2574 struct quic_write_again_args args;
2575 size_t actual_written = 0;
2576
2577 /* First make a best effort to append as much of the data as possible. */
2578 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2579 /* Stream already finished or allocation error. */
2580 *written = 0;
2581 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2582 }
2583
2584 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2585
2586 /*
2587 * Record however much data we wrote
2588 */
2589 *written = actual_written;
2590
2591 if (actual_written == len) {
2592 /* Managed to append everything on the first try. */
2593 return 1;
2594 }
2595
2596 /*
2597 * We did not manage to append all of the data immediately, so the stream
2598 * buffer has probably filled up. This means we need to block until some of
2599 * it is freed up.
2600 */
2601 args.xso = xso;
2602 args.buf = (const unsigned char *)buf + actual_written;
2603 args.len = len - actual_written;
2604 args.total_written = 0;
2605 args.err = ERR_R_INTERNAL_ERROR;
2606 args.flags = flags;
2607
2608 res = block_until_pred(ctx, quic_write_again, &args, 0);
2609 if (res <= 0) {
2610 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2611 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2612 else
2613 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2614 }
2615
2616 /*
2617 * When waiting on extra buffer space to be available, args.total_written
2618 * holds the amount of remaining data we requested to write, which will be
2619 * something less than the len parameter passed in, however much we wrote
2620 * here, add it to the value that we wrote when we initially called
2621 * xso_sstream_append
2622 */
2623 *written += args.total_written;
2624 return 1;
2625 }
2626
2627 /*
2628 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2629 * write semantics.
2630 */
aon_write_begin(QUIC_XSO * xso,const unsigned char * buf,size_t buf_len,size_t already_sent)2631 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2632 size_t buf_len, size_t already_sent)
2633 {
2634 assert(!xso->aon_write_in_progress);
2635
2636 xso->aon_write_in_progress = 1;
2637 xso->aon_buf_base = buf;
2638 xso->aon_buf_pos = already_sent;
2639 xso->aon_buf_len = buf_len;
2640 }
2641
aon_write_finish(QUIC_XSO * xso)2642 static void aon_write_finish(QUIC_XSO *xso)
2643 {
2644 xso->aon_write_in_progress = 0;
2645 xso->aon_buf_base = NULL;
2646 xso->aon_buf_pos = 0;
2647 xso->aon_buf_len = 0;
2648 }
2649
2650 QUIC_NEEDS_LOCK
quic_write_nonblocking_aon(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2651 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2652 size_t len, uint64_t flags,
2653 size_t *written)
2654 {
2655 QUIC_XSO *xso = ctx->xso;
2656 const void *actual_buf;
2657 size_t actual_len, actual_written = 0;
2658 int accept_moving_buffer
2659 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2660
2661 if (xso->aon_write_in_progress) {
2662 /*
2663 * We are in the middle of an AON write (i.e., a previous write did not
2664 * manage to append all data to the SSTREAM and we have Enable Partial
2665 * Write (EPW) mode disabled.)
2666 */
2667 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2668 || len != xso->aon_buf_len)
2669 /*
2670 * Pointer must not have changed if we are not in accept moving
2671 * buffer mode. Length must never change.
2672 */
2673 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2674
2675 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2676 actual_len = len - xso->aon_buf_pos;
2677 assert(actual_len > 0);
2678 } else {
2679 actual_buf = buf;
2680 actual_len = len;
2681 }
2682
2683 /* First make a best effort to append as much of the data as possible. */
2684 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2685 /* Stream already finished or allocation error. */
2686 *written = 0;
2687 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2688 }
2689
2690 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2691 flags, qctx_should_autotick(ctx));
2692
2693 if (actual_written == actual_len) {
2694 /* We have sent everything. */
2695 if (xso->aon_write_in_progress) {
2696 /*
2697 * We have sent everything, and we were in the middle of an AON
2698 * write. The output write length is the total length of the AON
2699 * buffer, not however many bytes we managed to write to the stream
2700 * in this call.
2701 */
2702 *written = xso->aon_buf_len;
2703 aon_write_finish(xso);
2704 } else {
2705 *written = actual_written;
2706 }
2707
2708 return 1;
2709 }
2710
2711 if (xso->aon_write_in_progress) {
2712 /*
2713 * AON write is in progress but we have not written everything yet. We
2714 * may have managed to send zero bytes, or some number of bytes less
2715 * than the total remaining which need to be appended during this
2716 * AON operation.
2717 */
2718 xso->aon_buf_pos += actual_written;
2719 assert(xso->aon_buf_pos < xso->aon_buf_len);
2720 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2721 }
2722
2723 /*
2724 * Not in an existing AON operation but partial write is not enabled, so we
2725 * need to begin a new AON operation. However we needn't bother if we didn't
2726 * actually append anything.
2727 */
2728 if (actual_written > 0)
2729 aon_write_begin(xso, buf, len, actual_written);
2730
2731 /*
2732 * AON - We do not publicly admit to having appended anything until AON
2733 * completes.
2734 */
2735 *written = 0;
2736 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2737 }
2738
2739 QUIC_NEEDS_LOCK
quic_write_nonblocking_epw(QCTX * ctx,const void * buf,size_t len,uint64_t flags,size_t * written)2740 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2741 uint64_t flags, size_t *written)
2742 {
2743 QUIC_XSO *xso = ctx->xso;
2744
2745 /* Simple best effort operation. */
2746 if (!xso_sstream_append(xso, buf, len, written)) {
2747 /* Stream already finished or allocation error. */
2748 *written = 0;
2749 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2750 }
2751
2752 quic_post_write(xso, *written > 0, *written == len, flags,
2753 qctx_should_autotick(ctx));
2754
2755 if (*written == 0)
2756 /* SSL_write_ex returns 0 if it didn't write anything. */
2757 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2758
2759 return 1;
2760 }
2761
2762 QUIC_NEEDS_LOCK
quic_validate_for_write(QUIC_XSO * xso,int * err)2763 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2764 {
2765 QUIC_STREAM_MAP *qsm;
2766
2767 if (xso == NULL || xso->stream == NULL) {
2768 *err = ERR_R_INTERNAL_ERROR;
2769 return 0;
2770 }
2771
2772 switch (xso->stream->send_state) {
2773 default:
2774 case QUIC_SSTREAM_STATE_NONE:
2775 *err = SSL_R_STREAM_RECV_ONLY;
2776 return 0;
2777
2778 case QUIC_SSTREAM_STATE_READY:
2779 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2780
2781 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2782 *err = ERR_R_INTERNAL_ERROR;
2783 return 0;
2784 }
2785
2786 /* FALLTHROUGH */
2787 case QUIC_SSTREAM_STATE_SEND:
2788 case QUIC_SSTREAM_STATE_DATA_SENT:
2789 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2790 *err = SSL_R_STREAM_FINISHED;
2791 return 0;
2792 }
2793 return 1;
2794
2795 case QUIC_SSTREAM_STATE_DATA_RECVD:
2796 *err = SSL_R_STREAM_FINISHED;
2797 return 0;
2798
2799 case QUIC_SSTREAM_STATE_RESET_SENT:
2800 case QUIC_SSTREAM_STATE_RESET_RECVD:
2801 *err = SSL_R_STREAM_RESET;
2802 return 0;
2803 }
2804 }
2805
2806 QUIC_TAKES_LOCK
ossl_quic_write_flags(SSL * s,const void * buf,size_t len,uint64_t flags,size_t * written)2807 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2808 uint64_t flags, size_t *written)
2809 {
2810 int ret;
2811 QCTX ctx;
2812 int partial_write, err;
2813
2814 *written = 0;
2815
2816 if (len == 0) {
2817 /* Do not autocreate default XSO for zero-length writes. */
2818 if (!expect_quic_cs(s, &ctx))
2819 return 0;
2820
2821 qctx_lock_for_io(&ctx);
2822 } else {
2823 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2824 return 0;
2825 }
2826
2827 partial_write = ((ctx.xso != NULL)
2828 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0);
2829
2830 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2831 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2832 goto out;
2833 }
2834
2835 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2836 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2837 goto out;
2838 }
2839
2840 /*
2841 * If we haven't finished the handshake, try to advance it.
2842 * We don't accept writes until the handshake is completed.
2843 */
2844 if (quic_do_handshake(&ctx) < 1) {
2845 ret = 0;
2846 goto out;
2847 }
2848
2849 /* Ensure correct stream state, stream send part not concluded, etc. */
2850 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) {
2851 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2852 goto out;
2853 }
2854
2855 if (len == 0) {
2856 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2857 quic_post_write(ctx.xso, 0, 1, flags,
2858 qctx_should_autotick(&ctx));
2859
2860 ret = 1;
2861 goto out;
2862 }
2863
2864 if (qctx_blocking(&ctx))
2865 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2866 else if (partial_write)
2867 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2868 else
2869 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2870
2871 out:
2872 qctx_unlock(&ctx);
2873 return ret;
2874 }
2875
2876 QUIC_TAKES_LOCK
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)2877 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2878 {
2879 return ossl_quic_write_flags(s, buf, len, 0, written);
2880 }
2881
2882 /*
2883 * SSL_read
2884 * --------
2885 */
2886 struct quic_read_again_args {
2887 QCTX *ctx;
2888 QUIC_STREAM *stream;
2889 void *buf;
2890 size_t len;
2891 size_t *bytes_read;
2892 int peek;
2893 };
2894
2895 QUIC_NEEDS_LOCK
quic_validate_for_read(QUIC_XSO * xso,int * err,int * eos)2896 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2897 {
2898 QUIC_STREAM_MAP *qsm;
2899
2900 *eos = 0;
2901
2902 if (xso == NULL || xso->stream == NULL) {
2903 *err = ERR_R_INTERNAL_ERROR;
2904 return 0;
2905 }
2906
2907 switch (xso->stream->recv_state) {
2908 default:
2909 case QUIC_RSTREAM_STATE_NONE:
2910 *err = SSL_R_STREAM_SEND_ONLY;
2911 return 0;
2912
2913 case QUIC_RSTREAM_STATE_RECV:
2914 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2915 case QUIC_RSTREAM_STATE_DATA_RECVD:
2916 return 1;
2917
2918 case QUIC_RSTREAM_STATE_DATA_READ:
2919 *eos = 1;
2920 return 0;
2921
2922 case QUIC_RSTREAM_STATE_RESET_RECVD:
2923 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2924 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2925
2926 /* FALLTHROUGH */
2927 case QUIC_RSTREAM_STATE_RESET_READ:
2928 *err = SSL_R_STREAM_RESET;
2929 return 0;
2930 }
2931 }
2932
2933 QUIC_NEEDS_LOCK
quic_read_actual(QCTX * ctx,QUIC_STREAM * stream,void * buf,size_t buf_len,size_t * bytes_read,int peek)2934 static int quic_read_actual(QCTX *ctx,
2935 QUIC_STREAM *stream,
2936 void *buf, size_t buf_len,
2937 size_t *bytes_read,
2938 int peek)
2939 {
2940 int is_fin = 0, err, eos;
2941 QUIC_CONNECTION *qc = ctx->qc;
2942
2943 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2944 if (eos) {
2945 ctx->xso->retired_fin = 1;
2946 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2947 } else {
2948 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2949 }
2950 }
2951
2952 if (peek) {
2953 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2954 bytes_read, &is_fin))
2955 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2956
2957 } else {
2958 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2959 bytes_read, &is_fin))
2960 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2961 }
2962
2963 if (!peek) {
2964 if (*bytes_read > 0) {
2965 /*
2966 * We have read at least one byte from the stream. Inform stream-level
2967 * RXFC of the retirement of controlled bytes. Update the active stream
2968 * status (the RXFC may now want to emit a frame granting more credit to
2969 * the peer).
2970 */
2971 OSSL_RTT_INFO rtt_info;
2972
2973 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2974
2975 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2976 rtt_info.smoothed_rtt))
2977 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2978 }
2979
2980 if (is_fin && !peek) {
2981 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2982
2983 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2984 }
2985
2986 if (*bytes_read > 0)
2987 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2988 stream);
2989 }
2990
2991 if (*bytes_read == 0 && is_fin) {
2992 ctx->xso->retired_fin = 1;
2993 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2994 }
2995
2996 return 1;
2997 }
2998
2999 QUIC_NEEDS_LOCK
quic_read_again(void * arg)3000 static int quic_read_again(void *arg)
3001 {
3002 struct quic_read_again_args *args = arg;
3003
3004 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
3005 /* If connection is torn down due to an error while blocking, stop. */
3006 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3007 return -1;
3008 }
3009
3010 if (!quic_read_actual(args->ctx, args->stream,
3011 args->buf, args->len, args->bytes_read,
3012 args->peek))
3013 return -1;
3014
3015 if (*args->bytes_read > 0)
3016 /* got at least one byte, the SSL_read op can finish now */
3017 return 1;
3018
3019 return 0; /* did not read anything, keep trying */
3020 }
3021
3022 QUIC_TAKES_LOCK
quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read,int peek)3023 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
3024 {
3025 int ret, res;
3026 QCTX ctx;
3027 struct quic_read_again_args args;
3028
3029 *bytes_read = 0;
3030
3031 if (!expect_quic_cs(s, &ctx))
3032 return 0;
3033
3034 qctx_lock_for_io(&ctx);
3035
3036 /* If we haven't finished the handshake, try to advance it. */
3037 if (quic_do_handshake(&ctx) < 1) {
3038 ret = 0; /* ossl_quic_do_handshake raised error here */
3039 goto out;
3040 }
3041
3042 if (ctx.xso == NULL) {
3043 /*
3044 * Called on a QCSO and we don't currently have a default stream.
3045 *
3046 * Wait until we get a stream initiated by the peer (blocking mode) or
3047 * fail if we don't have one yet (non-blocking mode).
3048 */
3049 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) {
3050 ret = 0; /* error already raised here */
3051 goto out;
3052 }
3053
3054 ctx.xso = ctx.qc->default_xso;
3055 }
3056
3057 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3058 ret = 0; /* quic_read_actual raised error here */
3059 goto out;
3060 }
3061
3062 if (*bytes_read > 0) {
3063 /*
3064 * Even though we succeeded, tick the reactor here to ensure we are
3065 * handling other aspects of the QUIC connection.
3066 */
3067 if (quic_mutation_allowed(ctx.qc, /*req_active=*/0))
3068 qctx_maybe_autotick(&ctx);
3069
3070 ret = 1;
3071 } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
3072 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3073 goto out;
3074 } else if (qctx_blocking(&ctx)) {
3075 /*
3076 * We were not able to read anything immediately, so our stream
3077 * buffer is empty. This means we need to block until we get
3078 * at least one byte.
3079 */
3080 args.ctx = &ctx;
3081 args.stream = ctx.xso->stream;
3082 args.buf = buf;
3083 args.len = len;
3084 args.bytes_read = bytes_read;
3085 args.peek = peek;
3086
3087 res = block_until_pred(&ctx, quic_read_again, &args, 0);
3088 if (res == 0) {
3089 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3090 goto out;
3091 } else if (res < 0) {
3092 ret = 0; /* quic_read_again raised error here */
3093 goto out;
3094 }
3095
3096 ret = 1;
3097 } else {
3098 /*
3099 * We did not get any bytes and are not in blocking mode.
3100 * Tick to see if this delivers any more.
3101 */
3102 qctx_maybe_autotick(&ctx);
3103
3104 /* Try the read again. */
3105 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
3106 ret = 0; /* quic_read_actual raised error here */
3107 goto out;
3108 }
3109
3110 if (*bytes_read > 0)
3111 ret = 1; /* Succeeded this time. */
3112 else
3113 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
3114 }
3115
3116 out:
3117 qctx_unlock(&ctx);
3118 return ret;
3119 }
3120
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * bytes_read)3121 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
3122 {
3123 return quic_read(s, buf, len, bytes_read, 0);
3124 }
3125
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * bytes_read)3126 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
3127 {
3128 return quic_read(s, buf, len, bytes_read, 1);
3129 }
3130
3131 /*
3132 * SSL_pending
3133 * -----------
3134 */
3135
3136 QUIC_TAKES_LOCK
ossl_quic_pending_int(const SSL * s,int check_channel)3137 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
3138 {
3139 QCTX ctx;
3140 size_t avail = 0;
3141
3142 if (!expect_quic_cs(s, &ctx))
3143 return 0;
3144
3145 qctx_lock(&ctx);
3146
3147 if (!ctx.qc->started)
3148 goto out;
3149
3150 if (ctx.xso == NULL) {
3151 /* No XSO yet, but there might be a default XSO eligible to be created. */
3152 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {
3153 ctx.xso = ctx.qc->default_xso;
3154 } else {
3155 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
3156 goto out;
3157 }
3158 }
3159
3160 if (ctx.xso->stream == NULL) {
3161 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3162 goto out;
3163 }
3164
3165 if (check_channel)
3166 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3167 /*include_fin=*/1)
3168 || ossl_quic_channel_has_pending(ctx.qc->ch)
3169 || ossl_quic_channel_is_term_any(ctx.qc->ch);
3170 else
3171 avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
3172 /*include_fin=*/0);
3173
3174 out:
3175 qctx_unlock(&ctx);
3176 return avail;
3177 }
3178
ossl_quic_pending(const SSL * s)3179 size_t ossl_quic_pending(const SSL *s)
3180 {
3181 return ossl_quic_pending_int(s, /*check_channel=*/0);
3182 }
3183
ossl_quic_has_pending(const SSL * s)3184 int ossl_quic_has_pending(const SSL *s)
3185 {
3186 /* Do we have app-side pending data or pending URXEs or RXEs? */
3187 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
3188 }
3189
3190 /*
3191 * SSL_stream_conclude
3192 * -------------------
3193 */
3194 QUIC_TAKES_LOCK
ossl_quic_conn_stream_conclude(SSL * s)3195 int ossl_quic_conn_stream_conclude(SSL *s)
3196 {
3197 QCTX ctx;
3198 QUIC_STREAM *qs;
3199 int err;
3200 int ret;
3201
3202 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
3203 return 0;
3204
3205 qs = ctx.xso->stream;
3206
3207 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
3208 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3209 qctx_unlock(&ctx);
3210 return ret;
3211 }
3212
3213 if (!quic_validate_for_write(ctx.xso, &err)) {
3214 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3215 qctx_unlock(&ctx);
3216 return ret;
3217 }
3218
3219 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
3220 qctx_unlock(&ctx);
3221 return 1;
3222 }
3223
3224 ossl_quic_sstream_fin(qs->sstream);
3225 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
3226 qctx_unlock(&ctx);
3227 return 1;
3228 }
3229
3230 /*
3231 * SSL_inject_net_dgram
3232 * --------------------
3233 */
3234 QUIC_TAKES_LOCK
SSL_inject_net_dgram(SSL * s,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)3235 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
3236 size_t buf_len,
3237 const BIO_ADDR *peer,
3238 const BIO_ADDR *local)
3239 {
3240 int ret = 0;
3241 QCTX ctx;
3242 QUIC_DEMUX *demux;
3243 QUIC_PORT *port;
3244
3245 if (!expect_quic_csl(s, &ctx))
3246 return 0;
3247
3248 qctx_lock(&ctx);
3249
3250 port = ossl_quic_obj_get0_port(ctx.obj);
3251 if (port == NULL) {
3252 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
3253 goto err;
3254 }
3255
3256 demux = ossl_quic_port_get0_demux(port);
3257 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
3258
3259 err:
3260 qctx_unlock(&ctx);
3261 return ret;
3262 }
3263
3264 /*
3265 * SSL_get0_connection
3266 * -------------------
3267 */
ossl_quic_get0_connection(SSL * s)3268 SSL *ossl_quic_get0_connection(SSL *s)
3269 {
3270 QCTX ctx;
3271
3272 if (!expect_quic_cs(s, &ctx))
3273 return NULL;
3274
3275 return &ctx.qc->obj.ssl;
3276 }
3277
3278 /*
3279 * SSL_get0_listener
3280 * -----------------
3281 */
ossl_quic_get0_listener(SSL * s)3282 SSL *ossl_quic_get0_listener(SSL *s)
3283 {
3284 QCTX ctx;
3285
3286 if (!expect_quic_csl(s, &ctx))
3287 return NULL;
3288
3289 return ctx.ql != NULL ? &ctx.ql->obj.ssl : NULL;
3290 }
3291
3292 /*
3293 * SSL_get0_domain
3294 * ---------------
3295 */
ossl_quic_get0_domain(SSL * s)3296 SSL *ossl_quic_get0_domain(SSL *s)
3297 {
3298 QCTX ctx;
3299
3300 if (!expect_quic_any(s, &ctx))
3301 return NULL;
3302
3303 return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL;
3304 }
3305
3306 /*
3307 * SSL_get_domain_flags
3308 * --------------------
3309 */
ossl_quic_get_domain_flags(const SSL * ssl,uint64_t * domain_flags)3310 int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags)
3311 {
3312 QCTX ctx;
3313
3314 if (!expect_quic_any(ssl, &ctx))
3315 return 0;
3316
3317 if (domain_flags != NULL)
3318 *domain_flags = ctx.obj->domain_flags;
3319
3320 return 1;
3321 }
3322
3323 /*
3324 * SSL_get_stream_type
3325 * -------------------
3326 */
ossl_quic_get_stream_type(SSL * s)3327 int ossl_quic_get_stream_type(SSL *s)
3328 {
3329 QCTX ctx;
3330
3331 if (!expect_quic_cs(s, &ctx))
3332 return SSL_STREAM_TYPE_BIDI;
3333
3334 if (ctx.xso == NULL) {
3335 /*
3336 * If deferred XSO creation has yet to occur, proceed according to the
3337 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
3338 * what kind of stream will be created yet, so return BIDI on the basis
3339 * that at this time, the client still has the option of calling
3340 * SSL_read() or SSL_write() first.
3341 */
3342 if (ctx.qc->default_xso_created
3343 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3344 return SSL_STREAM_TYPE_NONE;
3345 else
3346 return SSL_STREAM_TYPE_BIDI;
3347 }
3348
3349 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
3350 return SSL_STREAM_TYPE_BIDI;
3351
3352 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
3353 return SSL_STREAM_TYPE_READ;
3354 else
3355 return SSL_STREAM_TYPE_WRITE;
3356 }
3357
3358 /*
3359 * SSL_get_stream_id
3360 * -----------------
3361 */
3362 QUIC_TAKES_LOCK
ossl_quic_get_stream_id(SSL * s)3363 uint64_t ossl_quic_get_stream_id(SSL *s)
3364 {
3365 QCTX ctx;
3366 uint64_t id;
3367
3368 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3369 return UINT64_MAX;
3370
3371 id = ctx.xso->stream->id;
3372 qctx_unlock(&ctx);
3373
3374 return id;
3375 }
3376
3377 /*
3378 * SSL_is_stream_local
3379 * -------------------
3380 */
3381 QUIC_TAKES_LOCK
ossl_quic_is_stream_local(SSL * s)3382 int ossl_quic_is_stream_local(SSL *s)
3383 {
3384 QCTX ctx;
3385 int is_local;
3386
3387 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3388 return -1;
3389
3390 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3391 qctx_unlock(&ctx);
3392
3393 return is_local;
3394 }
3395
3396 /*
3397 * SSL_set_default_stream_mode
3398 * ---------------------------
3399 */
3400 QUIC_TAKES_LOCK
ossl_quic_set_default_stream_mode(SSL * s,uint32_t mode)3401 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3402 {
3403 QCTX ctx;
3404
3405 if (!expect_quic_conn_only(s, &ctx))
3406 return 0;
3407
3408 qctx_lock(&ctx);
3409
3410 if (ctx.qc->default_xso_created) {
3411 qctx_unlock(&ctx);
3412 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3413 "too late to change default stream mode");
3414 }
3415
3416 switch (mode) {
3417 case SSL_DEFAULT_STREAM_MODE_NONE:
3418 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3419 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3420 ctx.qc->default_stream_mode = mode;
3421 break;
3422 default:
3423 qctx_unlock(&ctx);
3424 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3425 "bad default stream type");
3426 }
3427
3428 qctx_unlock(&ctx);
3429 return 1;
3430 }
3431
3432 /*
3433 * SSL_detach_stream
3434 * -----------------
3435 */
3436 QUIC_TAKES_LOCK
ossl_quic_detach_stream(SSL * s)3437 SSL *ossl_quic_detach_stream(SSL *s)
3438 {
3439 QCTX ctx;
3440 QUIC_XSO *xso = NULL;
3441
3442 if (!expect_quic_conn_only(s, &ctx))
3443 return NULL;
3444
3445 qctx_lock(&ctx);
3446
3447 /* Calling this function inhibits default XSO autocreation. */
3448 /* QC ref to any default XSO is transferred to us and to caller. */
3449 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3450
3451 qctx_unlock(&ctx);
3452
3453 return xso != NULL ? &xso->obj.ssl : NULL;
3454 }
3455
3456 /*
3457 * SSL_attach_stream
3458 * -----------------
3459 */
3460 QUIC_TAKES_LOCK
ossl_quic_attach_stream(SSL * conn,SSL * stream)3461 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3462 {
3463 QCTX ctx;
3464 QUIC_XSO *xso;
3465 int nref;
3466
3467 if (!expect_quic_conn_only(conn, &ctx))
3468 return 0;
3469
3470 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3471 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3472 "stream to attach must be a valid QUIC stream");
3473
3474 xso = (QUIC_XSO *)stream;
3475
3476 qctx_lock(&ctx);
3477
3478 if (ctx.qc->default_xso != NULL) {
3479 qctx_unlock(&ctx);
3480 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3481 "connection already has a default stream");
3482 }
3483
3484 /*
3485 * It is a caller error for the XSO being attached as a default XSO to have
3486 * more than one ref.
3487 */
3488 if (!CRYPTO_GET_REF(&xso->obj.ssl.references, &nref)) {
3489 qctx_unlock(&ctx);
3490 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3491 "ref");
3492 }
3493
3494 if (nref != 1) {
3495 qctx_unlock(&ctx);
3496 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3497 "stream being attached must have "
3498 "only 1 reference");
3499 }
3500
3501 /* Caller's reference to the XSO is transferred to us. */
3502 /* Calling this function inhibits default XSO autocreation. */
3503 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3504
3505 qctx_unlock(&ctx);
3506 return 1;
3507 }
3508
3509 /*
3510 * SSL_set_incoming_stream_policy
3511 * ------------------------------
3512 */
3513 QUIC_NEEDS_LOCK
qc_get_effective_incoming_stream_policy(QUIC_CONNECTION * qc)3514 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3515 {
3516 switch (qc->incoming_stream_policy) {
3517 case SSL_INCOMING_STREAM_POLICY_AUTO:
3518 if ((qc->default_xso == NULL && !qc->default_xso_created)
3519 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3520 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3521 else
3522 return SSL_INCOMING_STREAM_POLICY_REJECT;
3523
3524 default:
3525 return qc->incoming_stream_policy;
3526 }
3527 }
3528
3529 QUIC_NEEDS_LOCK
qc_update_reject_policy(QUIC_CONNECTION * qc)3530 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3531 {
3532 int policy = qc_get_effective_incoming_stream_policy(qc);
3533 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3534
3535 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3536 enable_reject,
3537 qc->incoming_stream_aec);
3538 }
3539
3540 QUIC_TAKES_LOCK
ossl_quic_set_incoming_stream_policy(SSL * s,int policy,uint64_t aec)3541 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3542 uint64_t aec)
3543 {
3544 int ret = 1;
3545 QCTX ctx;
3546
3547 if (!expect_quic_conn_only(s, &ctx))
3548 return 0;
3549
3550 qctx_lock(&ctx);
3551
3552 switch (policy) {
3553 case SSL_INCOMING_STREAM_POLICY_AUTO:
3554 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3555 case SSL_INCOMING_STREAM_POLICY_REJECT:
3556 ctx.qc->incoming_stream_policy = policy;
3557 ctx.qc->incoming_stream_aec = aec;
3558 break;
3559
3560 default:
3561 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3562 ret = 0;
3563 break;
3564 }
3565
3566 qc_update_reject_policy(ctx.qc);
3567 qctx_unlock(&ctx);
3568 return ret;
3569 }
3570
3571 /*
3572 * SSL_get_value, SSL_set_value
3573 * ----------------------------
3574 */
3575 QUIC_TAKES_LOCK
qc_getset_idle_timeout(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3576 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3577 uint64_t *p_value_out, uint64_t *p_value_in)
3578 {
3579 int ret = 0;
3580 uint64_t value_out = 0, value_in;
3581
3582 qctx_lock(ctx);
3583
3584 switch (class_) {
3585 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3586 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3587
3588 if (p_value_in != NULL) {
3589 value_in = *p_value_in;
3590 if (value_in > OSSL_QUIC_VLINT_MAX) {
3591 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3592 NULL);
3593 goto err;
3594 }
3595
3596 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3597 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3598 NULL);
3599 goto err;
3600 }
3601
3602 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3603 }
3604 break;
3605
3606 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3607 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3608 if (p_value_in != NULL) {
3609 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3610 NULL);
3611 goto err;
3612 }
3613
3614 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3615 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3616 NULL);
3617 goto err;
3618 }
3619
3620 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3621 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3622 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3623 break;
3624
3625 default:
3626 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3627 NULL);
3628 goto err;
3629 }
3630
3631 ret = 1;
3632 err:
3633 qctx_unlock(ctx);
3634 if (ret && p_value_out != NULL)
3635 *p_value_out = value_out;
3636
3637 return ret;
3638 }
3639
3640 QUIC_TAKES_LOCK
qc_get_stream_avail(QCTX * ctx,uint32_t class_,int is_uni,int is_remote,uint64_t * value)3641 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3642 int is_uni, int is_remote,
3643 uint64_t *value)
3644 {
3645 int ret = 0;
3646
3647 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3648 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3649 NULL);
3650 return 0;
3651 }
3652
3653 qctx_lock(ctx);
3654
3655 *value = is_remote
3656 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3657 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3658
3659 ret = 1;
3660 qctx_unlock(ctx);
3661 return ret;
3662 }
3663
3664 QUIC_NEEDS_LOCK
qctx_should_autotick(QCTX * ctx)3665 static int qctx_should_autotick(QCTX *ctx)
3666 {
3667 int event_handling_mode;
3668 QUIC_OBJ *obj = ctx->obj;
3669
3670 for (; (event_handling_mode = obj->event_handling_mode) == SSL_VALUE_EVENT_HANDLING_MODE_INHERIT
3671 && obj->parent_obj != NULL; obj = obj->parent_obj);
3672
3673 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3674 }
3675
3676 QUIC_NEEDS_LOCK
qctx_maybe_autotick(QCTX * ctx)3677 static void qctx_maybe_autotick(QCTX *ctx)
3678 {
3679 if (!qctx_should_autotick(ctx))
3680 return;
3681
3682 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx->obj), 0);
3683 }
3684
3685 QUIC_TAKES_LOCK
qc_getset_event_handling(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,uint64_t * p_value_in)3686 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3687 uint64_t *p_value_out,
3688 uint64_t *p_value_in)
3689 {
3690 int ret = 0;
3691 uint64_t value_out = 0;
3692
3693 qctx_lock(ctx);
3694
3695 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3696 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3697 NULL);
3698 goto err;
3699 }
3700
3701 if (p_value_in != NULL) {
3702 switch (*p_value_in) {
3703 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3704 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3705 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3706 break;
3707 default:
3708 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3709 NULL);
3710 goto err;
3711 }
3712
3713 value_out = *p_value_in;
3714 ctx->obj->event_handling_mode = (int)value_out;
3715 } else {
3716 value_out = ctx->obj->event_handling_mode;
3717 }
3718
3719 ret = 1;
3720 err:
3721 qctx_unlock(ctx);
3722 if (ret && p_value_out != NULL)
3723 *p_value_out = value_out;
3724
3725 return ret;
3726 }
3727
3728 QUIC_TAKES_LOCK
qc_get_stream_write_buf_stat(QCTX * ctx,uint32_t class_,uint64_t * p_value_out,size_t (* getter)(QUIC_SSTREAM * sstream))3729 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3730 uint64_t *p_value_out,
3731 size_t (*getter)(QUIC_SSTREAM *sstream))
3732 {
3733 int ret = 0;
3734 size_t value = 0;
3735
3736 qctx_lock(ctx);
3737
3738 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3739 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3740 NULL);
3741 goto err;
3742 }
3743
3744 if (ctx->xso == NULL) {
3745 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3746 goto err;
3747 }
3748
3749 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3750 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3751 goto err;
3752 }
3753
3754 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3755 value = getter(ctx->xso->stream->sstream);
3756
3757 ret = 1;
3758 err:
3759 qctx_unlock(ctx);
3760 *p_value_out = (uint64_t)value;
3761 return ret;
3762 }
3763
3764 QUIC_NEEDS_LOCK
expect_quic_for_value(SSL * s,QCTX * ctx,uint32_t id)3765 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3766 {
3767 switch (id) {
3768 case SSL_VALUE_EVENT_HANDLING_MODE:
3769 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3770 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3771 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3772 return expect_quic_cs(s, ctx);
3773 default:
3774 return expect_quic_conn_only(s, ctx);
3775 }
3776 }
3777
3778 QUIC_TAKES_LOCK
ossl_quic_get_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t * value)3779 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3780 uint64_t *value)
3781 {
3782 QCTX ctx;
3783
3784 if (!expect_quic_for_value(s, &ctx, id))
3785 return 0;
3786
3787 if (value == NULL)
3788 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3789 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3790
3791 switch (id) {
3792 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3793 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3794
3795 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3796 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3797 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3798 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3799 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3800 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3801 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3802 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3803
3804 case SSL_VALUE_EVENT_HANDLING_MODE:
3805 return qc_getset_event_handling(&ctx, class_, value, NULL);
3806
3807 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3808 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3809 ossl_quic_sstream_get_buffer_size);
3810 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3811 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3812 ossl_quic_sstream_get_buffer_used);
3813 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3814 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3815 ossl_quic_sstream_get_buffer_avail);
3816
3817 default:
3818 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3819 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3820 }
3821
3822 return 1;
3823 }
3824
3825 QUIC_TAKES_LOCK
ossl_quic_set_value_uint(SSL * s,uint32_t class_,uint32_t id,uint64_t value)3826 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3827 uint64_t value)
3828 {
3829 QCTX ctx;
3830
3831 if (!expect_quic_for_value(s, &ctx, id))
3832 return 0;
3833
3834 switch (id) {
3835 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3836 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3837
3838 case SSL_VALUE_EVENT_HANDLING_MODE:
3839 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3840
3841 default:
3842 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3843 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3844 }
3845
3846 return 1;
3847 }
3848
3849 /*
3850 * SSL_accept_stream
3851 * -----------------
3852 */
3853 struct wait_for_incoming_stream_args {
3854 QCTX *ctx;
3855 QUIC_STREAM *qs;
3856 };
3857
3858 QUIC_NEEDS_LOCK
wait_for_incoming_stream(void * arg)3859 static int wait_for_incoming_stream(void *arg)
3860 {
3861 struct wait_for_incoming_stream_args *args = arg;
3862 QUIC_CONNECTION *qc = args->ctx->qc;
3863 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3864
3865 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3866 /* If connection is torn down due to an error while blocking, stop. */
3867 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3868 return -1;
3869 }
3870
3871 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3872 if (args->qs != NULL)
3873 return 1; /* got a stream */
3874
3875 return 0; /* did not get a stream, keep trying */
3876 }
3877
3878 QUIC_TAKES_LOCK
ossl_quic_accept_stream(SSL * s,uint64_t flags)3879 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3880 {
3881 QCTX ctx;
3882 int ret;
3883 SSL *new_s = NULL;
3884 QUIC_STREAM_MAP *qsm;
3885 QUIC_STREAM *qs;
3886 QUIC_XSO *xso;
3887 OSSL_RTT_INFO rtt_info;
3888
3889 if (!expect_quic_conn_only(s, &ctx))
3890 return NULL;
3891
3892 qctx_lock(&ctx);
3893
3894 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3895 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3896 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3897 goto out;
3898 }
3899
3900 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3901
3902 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3903 if (qs == NULL) {
3904 if (qctx_blocking(&ctx)
3905 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3906 struct wait_for_incoming_stream_args args;
3907
3908 args.ctx = &ctx;
3909 args.qs = NULL;
3910
3911 ret = block_until_pred(&ctx, wait_for_incoming_stream, &args, 0);
3912 if (ret == 0) {
3913 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3914 goto out;
3915 } else if (ret < 0 || args.qs == NULL) {
3916 goto out;
3917 }
3918
3919 qs = args.qs;
3920 } else {
3921 goto out;
3922 }
3923 }
3924
3925 xso = create_xso_from_stream(ctx.qc, qs);
3926 if (xso == NULL)
3927 goto out;
3928
3929 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3930 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3931 rtt_info.smoothed_rtt);
3932 new_s = &xso->obj.ssl;
3933
3934 /* Calling this function inhibits default XSO autocreation. */
3935 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3936
3937 out:
3938 qctx_unlock(&ctx);
3939 return new_s;
3940 }
3941
3942 /*
3943 * SSL_get_accept_stream_queue_len
3944 * -------------------------------
3945 */
3946 QUIC_TAKES_LOCK
ossl_quic_get_accept_stream_queue_len(SSL * s)3947 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3948 {
3949 QCTX ctx;
3950 size_t v;
3951
3952 if (!expect_quic_conn_only(s, &ctx))
3953 return 0;
3954
3955 qctx_lock(&ctx);
3956
3957 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3958
3959 qctx_unlock(&ctx);
3960 return v;
3961 }
3962
3963 /*
3964 * SSL_stream_reset
3965 * ----------------
3966 */
ossl_quic_stream_reset(SSL * ssl,const SSL_STREAM_RESET_ARGS * args,size_t args_len)3967 int ossl_quic_stream_reset(SSL *ssl,
3968 const SSL_STREAM_RESET_ARGS *args,
3969 size_t args_len)
3970 {
3971 QCTX ctx;
3972 QUIC_STREAM_MAP *qsm;
3973 QUIC_STREAM *qs;
3974 uint64_t error_code;
3975 int ok, err;
3976
3977 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3978 return 0;
3979
3980 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3981 qs = ctx.xso->stream;
3982 error_code = (args != NULL ? args->quic_error_code : 0);
3983
3984 if (!quic_validate_for_write(ctx.xso, &err)) {
3985 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3986 goto err;
3987 }
3988
3989 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3990 if (ok)
3991 ctx.xso->requested_reset = 1;
3992
3993 err:
3994 qctx_unlock(&ctx);
3995 return ok;
3996 }
3997
3998 /*
3999 * SSL_get_stream_read_state
4000 * -------------------------
4001 */
quic_classify_stream(QUIC_CONNECTION * qc,QUIC_STREAM * qs,int is_write,int * state,uint64_t * app_error_code)4002 static void quic_classify_stream(QUIC_CONNECTION *qc,
4003 QUIC_STREAM *qs,
4004 int is_write,
4005 int *state,
4006 uint64_t *app_error_code)
4007 {
4008 int local_init;
4009 uint64_t final_size;
4010
4011 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
4012
4013 if (app_error_code != NULL)
4014 *app_error_code = UINT64_MAX;
4015 else
4016 app_error_code = &final_size; /* throw away value */
4017
4018 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
4019 /*
4020 * Unidirectional stream and this direction of transmission doesn't
4021 * exist.
4022 */
4023 *state = SSL_STREAM_STATE_WRONG_DIR;
4024 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
4025 /* Connection already closed. */
4026 *state = SSL_STREAM_STATE_CONN_CLOSED;
4027 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
4028 /* Application has read a FIN. */
4029 *state = SSL_STREAM_STATE_FINISHED;
4030 } else if ((!is_write && qs->stop_sending)
4031 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
4032 /*
4033 * Stream has been reset locally. FIN takes precedence over this for the
4034 * read case as the application need not care if the stream is reset
4035 * after a FIN has been successfully processed.
4036 */
4037 *state = SSL_STREAM_STATE_RESET_LOCAL;
4038 *app_error_code = !is_write
4039 ? qs->stop_sending_aec
4040 : qs->reset_stream_aec;
4041 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
4042 || (is_write && qs->peer_stop_sending)) {
4043 /*
4044 * Stream has been reset remotely. */
4045 *state = SSL_STREAM_STATE_RESET_REMOTE;
4046 *app_error_code = !is_write
4047 ? qs->peer_reset_stream_aec
4048 : qs->peer_stop_sending_aec;
4049 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
4050 &final_size)) {
4051 /*
4052 * Stream has been finished. Stream reset takes precedence over this for
4053 * the write case as peer may not have received all data.
4054 */
4055 *state = SSL_STREAM_STATE_FINISHED;
4056 } else {
4057 /* Stream still healthy. */
4058 *state = SSL_STREAM_STATE_OK;
4059 }
4060 }
4061
quic_get_stream_state(SSL * ssl,int is_write)4062 static int quic_get_stream_state(SSL *ssl, int is_write)
4063 {
4064 QCTX ctx;
4065 int state;
4066
4067 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4068 return SSL_STREAM_STATE_NONE;
4069
4070 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
4071 qctx_unlock(&ctx);
4072 return state;
4073 }
4074
ossl_quic_get_stream_read_state(SSL * ssl)4075 int ossl_quic_get_stream_read_state(SSL *ssl)
4076 {
4077 return quic_get_stream_state(ssl, /*is_write=*/0);
4078 }
4079
4080 /*
4081 * SSL_get_stream_write_state
4082 * --------------------------
4083 */
ossl_quic_get_stream_write_state(SSL * ssl)4084 int ossl_quic_get_stream_write_state(SSL *ssl)
4085 {
4086 return quic_get_stream_state(ssl, /*is_write=*/1);
4087 }
4088
4089 /*
4090 * SSL_get_stream_read_error_code
4091 * ------------------------------
4092 */
quic_get_stream_error_code(SSL * ssl,int is_write,uint64_t * app_error_code)4093 static int quic_get_stream_error_code(SSL *ssl, int is_write,
4094 uint64_t *app_error_code)
4095 {
4096 QCTX ctx;
4097 int state;
4098
4099 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4100 return -1;
4101
4102 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
4103 &state, app_error_code);
4104
4105 qctx_unlock(&ctx);
4106 switch (state) {
4107 case SSL_STREAM_STATE_FINISHED:
4108 return 0;
4109 case SSL_STREAM_STATE_RESET_LOCAL:
4110 case SSL_STREAM_STATE_RESET_REMOTE:
4111 return 1;
4112 default:
4113 return -1;
4114 }
4115 }
4116
ossl_quic_get_stream_read_error_code(SSL * ssl,uint64_t * app_error_code)4117 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
4118 {
4119 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
4120 }
4121
4122 /*
4123 * SSL_get_stream_write_error_code
4124 * -------------------------------
4125 */
ossl_quic_get_stream_write_error_code(SSL * ssl,uint64_t * app_error_code)4126 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
4127 {
4128 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
4129 }
4130
4131 /*
4132 * Write buffer size mutation
4133 * --------------------------
4134 */
ossl_quic_set_write_buffer_size(SSL * ssl,size_t size)4135 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
4136 {
4137 int ret = 0;
4138 QCTX ctx;
4139
4140 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
4141 return 0;
4142
4143 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
4144 /* Called on a unidirectional receive-only stream - error. */
4145 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
4146 goto out;
4147 }
4148
4149 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
4150 /*
4151 * If the stream has a send part but we have disposed of it because we
4152 * no longer need it, this is a no-op.
4153 */
4154 ret = 1;
4155 goto out;
4156 }
4157
4158 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
4159 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
4160 goto out;
4161 }
4162
4163 ret = 1;
4164
4165 out:
4166 qctx_unlock(&ctx);
4167 return ret;
4168 }
4169
4170 /*
4171 * SSL_get_conn_close_info
4172 * -----------------------
4173 */
ossl_quic_get_conn_close_info(SSL * ssl,SSL_CONN_CLOSE_INFO * info,size_t info_len)4174 int ossl_quic_get_conn_close_info(SSL *ssl,
4175 SSL_CONN_CLOSE_INFO *info,
4176 size_t info_len)
4177 {
4178 QCTX ctx;
4179 const QUIC_TERMINATE_CAUSE *tc;
4180
4181 if (!expect_quic_conn_only(ssl, &ctx))
4182 return -1;
4183
4184 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
4185 if (tc == NULL)
4186 return 0;
4187
4188 info->error_code = tc->error_code;
4189 info->frame_type = tc->frame_type;
4190 info->reason = tc->reason;
4191 info->reason_len = tc->reason_len;
4192 info->flags = 0;
4193 if (!tc->remote)
4194 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
4195 if (!tc->app)
4196 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
4197 return 1;
4198 }
4199
4200 /*
4201 * SSL_key_update
4202 * --------------
4203 */
ossl_quic_key_update(SSL * ssl,int update_type)4204 int ossl_quic_key_update(SSL *ssl, int update_type)
4205 {
4206 QCTX ctx;
4207
4208 if (!expect_quic_conn_only(ssl, &ctx))
4209 return 0;
4210
4211 switch (update_type) {
4212 case SSL_KEY_UPDATE_NOT_REQUESTED:
4213 /*
4214 * QUIC signals peer key update implicily by triggering a local
4215 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
4216 */
4217 case SSL_KEY_UPDATE_REQUESTED:
4218 break;
4219
4220 default:
4221 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
4222 return 0;
4223 }
4224
4225 qctx_lock(&ctx);
4226
4227 /* Attempt to perform a TXKU. */
4228 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
4229 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
4230 qctx_unlock(&ctx);
4231 return 0;
4232 }
4233
4234 qctx_unlock(&ctx);
4235 return 1;
4236 }
4237
4238 /*
4239 * SSL_get_key_update_type
4240 * -----------------------
4241 */
ossl_quic_get_key_update_type(const SSL * s)4242 int ossl_quic_get_key_update_type(const SSL *s)
4243 {
4244 /*
4245 * We always handle key updates immediately so a key update is never
4246 * pending.
4247 */
4248 return SSL_KEY_UPDATE_NONE;
4249 }
4250
4251 /**
4252 * @brief Allocates an SSL object for a user from a QUIC channel.
4253 *
4254 * This function creates a new QUIC_CONNECTION object based on an incoming
4255 * connection associated with the provided QUIC_LISTENER. If the connection
4256 * creation fails, the function returns NULL. Otherwise, it returns a pointer
4257 * to the SSL object associated with the newly created connection.
4258 *
4259 * Note: This function is a registered port callback made from
4260 * ossl_quic_new_listener and ossl_quic_new_listener_from, and allows for
4261 * pre-allocation of the user_ssl object when a channel is created, rather than
4262 * when it is accepted
4263 *
4264 * @param ch Pointer to the QUIC_CHANNEL representing the incoming connection.
4265 * @param arg Pointer to a QUIC_LISTENER used to create the connection.
4266 *
4267 * @return Pointer to the SSL object on success, or NULL on failure.
4268 */
alloc_port_user_ssl(QUIC_CHANNEL * ch,void * arg)4269 static SSL *alloc_port_user_ssl(QUIC_CHANNEL *ch, void *arg)
4270 {
4271 QUIC_LISTENER *ql = arg;
4272 QUIC_CONNECTION *qc = create_qc_from_incoming_conn(ql, ch);
4273
4274 return (qc == NULL) ? NULL : &qc->obj.ssl;
4275 }
4276
4277 /*
4278 * QUIC Front-End I/O API: Listeners
4279 * =================================
4280 */
4281
4282 /*
4283 * SSL_new_listener
4284 * ----------------
4285 */
ossl_quic_new_listener(SSL_CTX * ctx,uint64_t flags)4286 SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags)
4287 {
4288 QUIC_LISTENER *ql = NULL;
4289 QUIC_ENGINE_ARGS engine_args = {0};
4290 QUIC_PORT_ARGS port_args = {0};
4291
4292 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4293 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4294 goto err;
4295 }
4296
4297 #if defined(OPENSSL_THREADS)
4298 if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) {
4299 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4300 goto err;
4301 }
4302 #endif
4303
4304 engine_args.libctx = ctx->libctx;
4305 engine_args.propq = ctx->propq;
4306 #if defined(OPENSSL_THREADS)
4307 engine_args.mutex = ql->mutex;
4308 #endif
4309
4310 if (need_notifier_for_domain_flags(ctx->domain_flags))
4311 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
4312
4313 if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
4314 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4315 goto err;
4316 }
4317
4318 port_args.channel_ctx = ctx;
4319 port_args.is_multi_conn = 1;
4320 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4321 port_args.user_ssl_arg = ql;
4322 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4323 port_args.do_addr_validation = 1;
4324 ql->port = ossl_quic_engine_create_port(ql->engine, &port_args);
4325 if (ql->port == NULL) {
4326 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4327 goto err;
4328 }
4329
4330 /* TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT */
4331
4332 ossl_quic_port_set_allow_incoming(ql->port, 1);
4333
4334 /* Initialise the QUIC_LISTENER's object header. */
4335 if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL,
4336 ql->engine, ql->port))
4337 goto err;
4338
4339 return &ql->obj.ssl;
4340
4341 err:
4342 if (ql != NULL)
4343 ossl_quic_engine_free(ql->engine);
4344
4345 #if defined(OPENSSL_THREADS)
4346 ossl_crypto_mutex_free(&ql->mutex);
4347 #endif
4348 OPENSSL_free(ql);
4349 return NULL;
4350 }
4351
4352 /*
4353 * SSL_new_listener_from
4354 * ---------------------
4355 */
ossl_quic_new_listener_from(SSL * ssl,uint64_t flags)4356 SSL *ossl_quic_new_listener_from(SSL *ssl, uint64_t flags)
4357 {
4358 QCTX ctx;
4359 QUIC_LISTENER *ql = NULL;
4360 QUIC_PORT_ARGS port_args = {0};
4361
4362 if (!expect_quic_domain(ssl, &ctx))
4363 return NULL;
4364
4365 if (!SSL_up_ref(&ctx.qd->obj.ssl))
4366 return NULL;
4367
4368 qctx_lock(&ctx);
4369
4370 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
4371 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4372 goto err;
4373 }
4374
4375 port_args.channel_ctx = ssl->ctx;
4376 port_args.is_multi_conn = 1;
4377 port_args.get_conn_user_ssl = alloc_port_user_ssl;
4378 port_args.user_ssl_arg = ql;
4379 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0)
4380 port_args.do_addr_validation = 1;
4381 ql->port = ossl_quic_engine_create_port(ctx.qd->engine, &port_args);
4382 if (ql->port == NULL) {
4383 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4384 goto err;
4385 }
4386
4387 ql->domain = ctx.qd;
4388 ql->engine = ctx.qd->engine;
4389 #if defined(OPENSSL_THREADS)
4390 ql->mutex = ctx.qd->mutex;
4391 #endif
4392
4393 /*
4394 * TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT
4395 * Given that we have apis to create client SSL objects from
4396 * server SSL objects (see SSL_new_from_listener), we have aspirations
4397 * to enable a flag that allows for the creation of the latter, but not
4398 * be used to do accept any connections. This is a placeholder for the
4399 * implementation of that flag
4400 */
4401
4402 ossl_quic_port_set_allow_incoming(ql->port, 1);
4403
4404 /* Initialise the QUIC_LISTENER's object header. */
4405 if (!ossl_quic_obj_init(&ql->obj, ssl->ctx, SSL_TYPE_QUIC_LISTENER,
4406 &ctx.qd->obj.ssl, NULL, ql->port))
4407 goto err;
4408
4409 qctx_unlock(&ctx);
4410 return &ql->obj.ssl;
4411
4412 err:
4413 if (ql != NULL)
4414 ossl_quic_port_free(ql->port);
4415
4416 OPENSSL_free(ql);
4417 qctx_unlock(&ctx);
4418 SSL_free(&ctx.qd->obj.ssl);
4419
4420 return NULL;
4421 }
4422
4423 /*
4424 * SSL_new_from_listener
4425 * ---------------------
4426 * code here is derived from ossl_quic_new(). The `ssl` argument is
4427 * a listener object which already comes with QUIC port/engine. The newly
4428 * created QUIC connection object (QCSO) is going to share the port/engine
4429 * with listener (`ssl`). The `ssl` also becomes a parent of QCSO created
4430 * by this function. The caller uses QCSO instance to connect to
4431 * remote QUIC server.
4432 *
4433 * The QCSO created here requires us to also create a channel so we
4434 * can connect to remote server.
4435 */
ossl_quic_new_from_listener(SSL * ssl,uint64_t flags)4436 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
4437 {
4438 QCTX ctx;
4439 QUIC_CONNECTION *qc = NULL;
4440 QUIC_LISTENER *ql;
4441 SSL_CONNECTION *sc = NULL;
4442
4443 if (flags != 0)
4444 return NULL;
4445
4446 if (!expect_quic_listener(ssl, &ctx))
4447 return NULL;
4448
4449 if (!SSL_up_ref(&ctx.ql->obj.ssl))
4450 return NULL;
4451
4452 qctx_lock(&ctx);
4453
4454 ql = ctx.ql;
4455
4456 /*
4457 * listeners (server) contexts don't typically
4458 * allocate a token cache because they don't need
4459 * to store them, but here we are using a server side
4460 * ctx as a client, so we should allocate one now
4461 */
4462 if (ssl->ctx->tokencache == NULL)
4463 if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL)
4464 goto err;
4465
4466 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4467 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4468 goto err;
4469 }
4470
4471 /*
4472 * NOTE: setting a listener here is needed so `qc_cleanup()` does the right
4473 * thing. Setting listener to ql avoids premature destruction of port in
4474 * qc_cleanup()
4475 */
4476 qc->listener = ql;
4477 qc->engine = ql->engine;
4478 qc->port = ql->port;
4479 /* create channel */
4480 #if defined(OPENSSL_THREADS)
4481 /* this is the engine mutex */
4482 qc->mutex = ql->mutex;
4483 #endif
4484 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
4485 qc->is_thread_assisted
4486 = ((ql->obj.domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0);
4487 #endif
4488
4489 /* Create the handshake layer. */
4490 qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, NULL, TLS_method());
4491 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
4492 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4493 goto err;
4494 }
4495 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL;
4496
4497 qc->default_ssl_options = OSSL_QUIC_PERMITTED_OPTIONS;
4498 qc->last_error = SSL_ERROR_NONE;
4499
4500 /*
4501 * This is QCSO, we don't expect to accept connections
4502 * on success the channel assumes ownership of tls, we need
4503 * to grab reference for qc.
4504 */
4505 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
4506
4507 ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl);
4508 ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg);
4509
4510 /*
4511 * We deliberately pass NULL for engine and port, because we don't want to
4512 * to turn QCSO we create here into an event leader, nor port leader.
4513 * Both those roles are occupied already by listener (`ssl`) we use
4514 * to create a new QCSO here.
4515 */
4516 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4517 SSL_TYPE_QUIC_CONNECTION,
4518 &ql->obj.ssl, NULL, NULL)) {
4519 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4520 goto err;
4521 }
4522
4523 /* Initialise libssl APL-related state. */
4524 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4525 qc->default_ssl_mode = qc->obj.ssl.ctx->mode;
4526 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4527 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4528 qc->last_error = SSL_ERROR_NONE;
4529
4530 qc_update_reject_policy(qc);
4531
4532 qctx_unlock(&ctx);
4533
4534 return &qc->obj.ssl;
4535
4536 err:
4537 if (qc != NULL) {
4538 qc_cleanup(qc, /* have_lock= */ 0);
4539 OPENSSL_free(qc);
4540 }
4541 qctx_unlock(&ctx);
4542 SSL_free(&ctx.ql->obj.ssl);
4543
4544 return NULL;
4545 }
4546
4547 /*
4548 * SSL_listen
4549 * ----------
4550 */
4551 QUIC_NEEDS_LOCK
ql_listen(QUIC_LISTENER * ql)4552 static int ql_listen(QUIC_LISTENER *ql)
4553 {
4554 if (ql->listening)
4555 return 1;
4556
4557 ossl_quic_port_set_allow_incoming(ql->port, 1);
4558 ql->listening = 1;
4559 return 1;
4560 }
4561
4562 QUIC_TAKES_LOCK
ossl_quic_listen(SSL * ssl)4563 int ossl_quic_listen(SSL *ssl)
4564 {
4565 QCTX ctx;
4566 int ret;
4567
4568 if (!expect_quic_listener(ssl, &ctx))
4569 return 0;
4570
4571 qctx_lock_for_io(&ctx);
4572
4573 ret = ql_listen(ctx.ql);
4574
4575 qctx_unlock(&ctx);
4576 return ret;
4577 }
4578
4579 /*
4580 * SSL_accept_connection
4581 * ---------------------
4582 */
quic_accept_connection_wait(void * arg)4583 static int quic_accept_connection_wait(void *arg)
4584 {
4585 QUIC_PORT *port = arg;
4586
4587 if (!ossl_quic_port_is_running(port))
4588 return -1;
4589
4590 if (ossl_quic_port_have_incoming(port))
4591 return 1;
4592
4593 return 0;
4594 }
4595
4596 QUIC_TAKES_LOCK
ossl_quic_accept_connection(SSL * ssl,uint64_t flags)4597 SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
4598 {
4599 int ret;
4600 QCTX ctx;
4601 SSL *conn_ssl = NULL;
4602 SSL_CONNECTION *conn = NULL;
4603 QUIC_CHANNEL *new_ch = NULL;
4604 QUIC_CONNECTION *qc;
4605 int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
4606
4607 if (!expect_quic_listener(ssl, &ctx))
4608 return NULL;
4609
4610 qctx_lock_for_io(&ctx);
4611
4612 if (!ql_listen(ctx.ql))
4613 goto out;
4614
4615 /* Wait for an incoming connection if needed. */
4616 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4617 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4618 if (!no_block && qctx_blocking(&ctx)) {
4619 ret = block_until_pred(&ctx, quic_accept_connection_wait,
4620 ctx.ql->port, 0);
4621 if (ret < 1)
4622 goto out;
4623 } else {
4624 qctx_maybe_autotick(&ctx);
4625 }
4626
4627 if (!ossl_quic_port_is_running(ctx.ql->port))
4628 goto out;
4629
4630 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4631 }
4632
4633 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) {
4634 /* No connections already queued. */
4635 ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0);
4636
4637 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
4638 }
4639
4640 /*
4641 * port_make_channel pre-allocates our user_ssl for us for each newly
4642 * created channel, so once we pop the new channel from the port above
4643 * we just need to extract it
4644 */
4645 if (new_ch == NULL
4646 || (conn_ssl = ossl_quic_channel_get0_tls(new_ch)) == NULL
4647 || (conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) == NULL
4648 || (conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) == NULL)
4649 goto out;
4650 qc = (QUIC_CONNECTION *)conn_ssl;
4651 qc->listener = ctx.ql;
4652 qc->pending = 0;
4653 if (!SSL_up_ref(&ctx.ql->obj.ssl)) {
4654 SSL_free(conn_ssl);
4655 SSL_free(ossl_quic_channel_get0_tls(new_ch));
4656 conn_ssl = NULL;
4657 }
4658
4659 out:
4660 qctx_unlock(&ctx);
4661 return conn_ssl;
4662 }
4663
create_qc_from_incoming_conn(QUIC_LISTENER * ql,QUIC_CHANNEL * ch)4664 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch)
4665 {
4666 QUIC_CONNECTION *qc = NULL;
4667
4668 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
4669 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4670 goto err;
4671 }
4672
4673 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx,
4674 SSL_TYPE_QUIC_CONNECTION,
4675 &ql->obj.ssl, NULL, NULL)) {
4676 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
4677 goto err;
4678 }
4679
4680 ossl_quic_channel_get_peer_addr(ch, &qc->init_peer_addr); /* best effort */
4681 qc->pending = 1;
4682 qc->engine = ql->engine;
4683 qc->port = ql->port;
4684 qc->ch = ch;
4685 #if defined(OPENSSL_THREADS)
4686 qc->mutex = ql->mutex;
4687 #endif
4688 qc->tls = ossl_quic_channel_get0_tls(ch);
4689 qc->started = 1;
4690 qc->as_server = 1;
4691 qc->as_server_state = 1;
4692 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
4693 qc->default_ssl_options = ql->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
4694 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
4695 qc->last_error = SSL_ERROR_NONE;
4696 qc_update_reject_policy(qc);
4697 return qc;
4698
4699 err:
4700 OPENSSL_free(qc);
4701 return NULL;
4702 }
4703
4704 DEFINE_LHASH_OF_EX(QUIC_TOKEN);
4705
4706 struct ssl_token_store_st {
4707 LHASH_OF(QUIC_TOKEN) *cache;
4708 CRYPTO_REF_COUNT references;
4709 CRYPTO_MUTEX *mutex;
4710 };
4711
quic_token_hash(const QUIC_TOKEN * item)4712 static unsigned long quic_token_hash(const QUIC_TOKEN *item)
4713 {
4714 return (unsigned long)ossl_fnv1a_hash(item->hashkey, item->hashkey_len);
4715 }
4716
quic_token_cmp(const QUIC_TOKEN * a,const QUIC_TOKEN * b)4717 static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b)
4718 {
4719 if (a->hashkey_len != b->hashkey_len)
4720 return 1;
4721 return memcmp(a->hashkey, b->hashkey, a->hashkey_len);
4722 }
4723
ossl_quic_new_token_store(void)4724 SSL_TOKEN_STORE *ossl_quic_new_token_store(void)
4725 {
4726 int ok = 0;
4727 SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE));
4728
4729 if (newcache == NULL)
4730 goto out;
4731
4732 newcache->cache = lh_QUIC_TOKEN_new(quic_token_hash, quic_token_cmp);
4733 if (newcache->cache == NULL)
4734 goto out;
4735
4736 #if defined(OPENSSL_THREADS)
4737 if ((newcache->mutex = ossl_crypto_mutex_new()) == NULL)
4738 goto out;
4739 #endif
4740
4741 if (!CRYPTO_NEW_REF(&newcache->references, 1))
4742 goto out;
4743
4744 ok = 1;
4745 out:
4746 if (!ok) {
4747 ossl_quic_free_token_store(newcache);
4748 newcache = NULL;
4749 }
4750 return newcache;
4751 }
4752
free_this_token(QUIC_TOKEN * tok)4753 static void free_this_token(QUIC_TOKEN *tok)
4754 {
4755 ossl_quic_free_peer_token(tok);
4756 }
4757
ossl_quic_free_token_store(SSL_TOKEN_STORE * hdl)4758 void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl)
4759 {
4760 int refs;
4761
4762 if (hdl == NULL)
4763 return;
4764
4765 if (!CRYPTO_DOWN_REF(&hdl->references, &refs))
4766 return;
4767
4768 if (refs > 0)
4769 return;
4770
4771 /* last reference, we can clean up */
4772 ossl_crypto_mutex_free(&hdl->mutex);
4773 lh_QUIC_TOKEN_doall(hdl->cache, free_this_token);
4774 lh_QUIC_TOKEN_free(hdl->cache);
4775 CRYPTO_FREE_REF(&hdl->references);
4776 OPENSSL_free(hdl);
4777 return;
4778 }
4779
4780 /**
4781 * @brief build a new QUIC_TOKEN
4782 *
4783 * This function creates a new token storage structure for saving in our
4784 * tokencache
4785 *
4786 * In an effort to make allocation and freeing of these tokens a bit faster
4787 * We do them in a single allocation in this format
4788 * +---------------+ --\
4789 * | hashkey * |---| |
4790 * | hashkey_len | | | QUIC_TOKEN
4791 * | token * |---|--| |
4792 * | token_len | | | |
4793 * +---------------+<--| | --/
4794 * | hashkey buf | |
4795 * | | |
4796 * |---------------|<-----|
4797 * | token buf |
4798 * | |
4799 * +---------------+
4800 *
4801 * @param peer - the peer address that sent the token
4802 * @param token - the buffer holding the token
4803 * @param token_len - the size of token
4804 *
4805 * @returns a QUIC_TOKEN pointer or NULL on error
4806 */
ossl_quic_build_new_token(BIO_ADDR * peer,uint8_t * token,size_t token_len)4807 static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token,
4808 size_t token_len)
4809 {
4810 QUIC_TOKEN *new_token;
4811 size_t hashkey_len = 0;
4812 size_t addr_len = 0;
4813 int family;
4814 unsigned short port;
4815 int *famptr;
4816 unsigned short *portptr;
4817 uint8_t *addrptr;
4818
4819 if ((token != NULL && token_len == 0) || (token == NULL && token_len != 0))
4820 return NULL;
4821
4822 if (!BIO_ADDR_rawaddress(peer, NULL, &addr_len))
4823 return NULL;
4824 family = BIO_ADDR_family(peer);
4825 port = BIO_ADDR_rawport(peer);
4826
4827 hashkey_len += sizeof(int); /* hashkey(family) */
4828 hashkey_len += sizeof(unsigned short); /* hashkey(port) */
4829 hashkey_len += addr_len; /* hashkey(address) */
4830
4831 new_token = OPENSSL_zalloc(sizeof(QUIC_TOKEN) + hashkey_len + token_len);
4832 if (new_token == NULL)
4833 return NULL;
4834
4835 if (!CRYPTO_NEW_REF(&new_token->references, 1)) {
4836 OPENSSL_free(new_token);
4837 return NULL;
4838 }
4839
4840 new_token->hashkey_len = hashkey_len;
4841 /* hashkey is allocated inline, immediately after the QUIC_TOKEN struct */
4842 new_token->hashkey = (uint8_t *)(new_token + 1);
4843 /* token buffer follows the hashkey in the inline allocation */
4844 new_token->token = new_token->hashkey + hashkey_len;
4845 new_token->token_len = token_len;
4846 famptr = (int *)new_token->hashkey;
4847 portptr = (unsigned short *)(famptr + 1);
4848 addrptr = (uint8_t *)(portptr + 1);
4849 *famptr = family;
4850 *portptr = port;
4851 if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) {
4852 ossl_quic_free_peer_token(new_token);
4853 return NULL;
4854 }
4855 if (token != NULL)
4856 memcpy(new_token->token, token, token_len);
4857 return new_token;
4858 }
4859
ossl_quic_set_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,const uint8_t * token,size_t token_len)4860 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4861 const uint8_t *token, size_t token_len)
4862 {
4863 SSL_TOKEN_STORE *c = ctx->tokencache;
4864 QUIC_TOKEN *tok, *old = NULL;
4865
4866 if (ctx->tokencache == NULL)
4867 return 0;
4868
4869 tok = ossl_quic_build_new_token(peer, (uint8_t *)token, token_len);
4870 if (tok == NULL)
4871 return 0;
4872
4873 /* we might be sharing this cache, lock it */
4874 ossl_crypto_mutex_lock(c->mutex);
4875
4876 old = lh_QUIC_TOKEN_retrieve(c->cache, tok);
4877 if (old != NULL) {
4878 lh_QUIC_TOKEN_delete(c->cache, old);
4879 ossl_quic_free_peer_token(old);
4880 }
4881 lh_QUIC_TOKEN_insert(c->cache, tok);
4882
4883 ossl_crypto_mutex_unlock(c->mutex);
4884 return 1;
4885 }
4886
ossl_quic_get_peer_token(SSL_CTX * ctx,BIO_ADDR * peer,QUIC_TOKEN ** token)4887 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
4888 QUIC_TOKEN **token)
4889 {
4890 SSL_TOKEN_STORE *c = ctx->tokencache;
4891 QUIC_TOKEN *key = NULL;
4892 QUIC_TOKEN *tok = NULL;
4893 int ret;
4894 int rc = 0;
4895
4896 if (c == NULL)
4897 return 0;
4898
4899 key = ossl_quic_build_new_token(peer, NULL, 0);
4900 if (key == NULL)
4901 return 0;
4902
4903 ossl_crypto_mutex_lock(c->mutex);
4904 tok = lh_QUIC_TOKEN_retrieve(c->cache, key);
4905 if (tok != NULL) {
4906 *token = tok;
4907 CRYPTO_UP_REF(&tok->references, &ret);
4908 rc = 1;
4909 }
4910
4911 ossl_crypto_mutex_unlock(c->mutex);
4912 ossl_quic_free_peer_token(key);
4913 return rc;
4914 }
4915
ossl_quic_free_peer_token(QUIC_TOKEN * token)4916 void ossl_quic_free_peer_token(QUIC_TOKEN *token)
4917 {
4918 int refs = 0;
4919
4920 if (!CRYPTO_DOWN_REF(&token->references, &refs))
4921 return;
4922
4923 if (refs > 0)
4924 return;
4925
4926 CRYPTO_FREE_REF(&token->references);
4927 OPENSSL_free(token);
4928 }
4929
4930 /*
4931 * SSL_get_accept_connection_queue_len
4932 * -----------------------------------
4933 */
4934 QUIC_TAKES_LOCK
ossl_quic_get_accept_connection_queue_len(SSL * ssl)4935 size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl)
4936 {
4937 QCTX ctx;
4938 int ret;
4939
4940 if (!expect_quic_listener(ssl, &ctx))
4941 return 0;
4942
4943 qctx_lock(&ctx);
4944
4945 ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port);
4946
4947 qctx_unlock(&ctx);
4948 return ret;
4949 }
4950
4951 /*
4952 * QUIC Front-End I/O API: Domains
4953 * ===============================
4954 */
4955
4956 /*
4957 * SSL_new_domain
4958 * --------------
4959 */
ossl_quic_new_domain(SSL_CTX * ctx,uint64_t flags)4960 SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags)
4961 {
4962 QUIC_DOMAIN *qd = NULL;
4963 QUIC_ENGINE_ARGS engine_args = {0};
4964 uint64_t domain_flags;
4965
4966 domain_flags = ctx->domain_flags;
4967 if ((flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD
4968 | SSL_DOMAIN_FLAG_MULTI_THREAD
4969 | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0)
4970 domain_flags = flags;
4971 else
4972 domain_flags = ctx->domain_flags | flags;
4973
4974 if (!ossl_adjust_domain_flags(domain_flags, &domain_flags))
4975 return NULL;
4976
4977 if ((qd = OPENSSL_zalloc(sizeof(*qd))) == NULL) {
4978 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4979 return NULL;
4980 }
4981
4982 #if defined(OPENSSL_THREADS)
4983 if ((qd->mutex = ossl_crypto_mutex_new()) == NULL) {
4984 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
4985 goto err;
4986 }
4987 #endif
4988
4989 engine_args.libctx = ctx->libctx;
4990 engine_args.propq = ctx->propq;
4991 #if defined(OPENSSL_THREADS)
4992 engine_args.mutex = qd->mutex;
4993 #endif
4994
4995 if (need_notifier_for_domain_flags(domain_flags))
4996 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
4997
4998 if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
4999 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
5000 goto err;
5001 }
5002
5003 /* Initialise the QUIC_DOMAIN's object header. */
5004 if (!ossl_quic_obj_init(&qd->obj, ctx, SSL_TYPE_QUIC_DOMAIN, NULL,
5005 qd->engine, NULL))
5006 goto err;
5007
5008 ossl_quic_obj_set_domain_flags(&qd->obj, domain_flags);
5009 return &qd->obj.ssl;
5010
5011 err:
5012 ossl_quic_engine_free(qd->engine);
5013 #if defined(OPENSSL_THREADS)
5014 ossl_crypto_mutex_free(&qd->mutex);
5015 #endif
5016 OPENSSL_free(qd);
5017 return NULL;
5018 }
5019
5020 /*
5021 * QUIC Front-End I/O API: SSL_CTX Management
5022 * ==========================================
5023 */
5024
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)5025 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
5026 {
5027 switch (cmd) {
5028 default:
5029 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
5030 }
5031 }
5032
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))5033 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
5034 {
5035 QCTX ctx;
5036
5037 if (!expect_quic_conn_only(s, &ctx))
5038 return 0;
5039
5040 switch (cmd) {
5041 case SSL_CTRL_SET_MSG_CALLBACK:
5042 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
5043 &ctx.qc->obj.ssl);
5044 /* This callback also needs to be set on the internal SSL object */
5045 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
5046
5047 default:
5048 /* Probably a TLS related ctrl. Defer to our internal SSL object */
5049 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
5050 }
5051 }
5052
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))5053 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
5054 {
5055 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
5056 }
5057
ossl_quic_renegotiate_check(SSL * ssl,int initok)5058 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
5059 {
5060 /* We never do renegotiation. */
5061 return 0;
5062 }
5063
ossl_quic_get_cipher_by_char(const unsigned char * p)5064 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
5065 {
5066 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
5067
5068 if ((ciph->algorithm2 & SSL_QUIC) == 0)
5069 return NULL;
5070
5071 return ciph;
5072 }
5073
5074 /*
5075 * These functions define the TLSv1.2 (and below) ciphers that are supported by
5076 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
5077 */
5078
ossl_quic_num_ciphers(void)5079 int ossl_quic_num_ciphers(void)
5080 {
5081 return 0;
5082 }
5083
ossl_quic_get_cipher(unsigned int u)5084 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
5085 {
5086 return NULL;
5087 }
5088
5089 /*
5090 * SSL_get_shutdown()
5091 * ------------------
5092 */
ossl_quic_get_shutdown(const SSL * s)5093 int ossl_quic_get_shutdown(const SSL *s)
5094 {
5095 QCTX ctx;
5096 int shut = 0;
5097
5098 if (!expect_quic_conn_only(s, &ctx))
5099 return 0;
5100
5101 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
5102 shut |= SSL_SENT_SHUTDOWN;
5103 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
5104 shut |= SSL_RECEIVED_SHUTDOWN;
5105 }
5106
5107 return shut;
5108 }
5109
5110 /*
5111 * QUIC Polling Support APIs
5112 * =========================
5113 */
5114
5115 /* Do we have the R (read) condition? */
5116 QUIC_NEEDS_LOCK
test_poll_event_r(QUIC_XSO * xso)5117 static int test_poll_event_r(QUIC_XSO *xso)
5118 {
5119 int fin = 0;
5120 size_t avail = 0;
5121
5122 /*
5123 * If a stream has had the fin bit set on the last packet
5124 * received, then we need to return a 1 here to raise
5125 * SSL_POLL_EVENT_R, so that the stream can have its completion
5126 * detected and closed gracefully by an application.
5127 * However, if the client reads the data via SSL_read[_ex], that api
5128 * provides no stream status, and as a result the stream state moves to
5129 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which
5130 * stored the fin state, so its not directly know-able here. Instead
5131 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which
5132 * is only set if the last stream frame received had the fin bit set, and
5133 * the client read the data. This catches our poll/read/poll case
5134 */
5135 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ)
5136 return 1;
5137
5138 return ossl_quic_stream_has_recv_buffer(xso->stream)
5139 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
5140 && (avail > 0 || (fin && !xso->retired_fin));
5141 }
5142
5143 /* Do we have the ER (exception: read) condition? */
5144 QUIC_NEEDS_LOCK
test_poll_event_er(QUIC_XSO * xso)5145 static int test_poll_event_er(QUIC_XSO *xso)
5146 {
5147 return ossl_quic_stream_has_recv(xso->stream)
5148 && ossl_quic_stream_recv_is_reset(xso->stream)
5149 && !xso->retired_fin;
5150 }
5151
5152 /* Do we have the W (write) condition? */
5153 QUIC_NEEDS_LOCK
test_poll_event_w(QUIC_XSO * xso)5154 static int test_poll_event_w(QUIC_XSO *xso)
5155 {
5156 return !xso->conn->shutting_down
5157 && ossl_quic_stream_has_send_buffer(xso->stream)
5158 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
5159 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
5160 && ossl_quic_txfc_get_cwm(&xso->stream->txfc)
5161 > ossl_quic_sstream_get_cur_size(xso->stream->sstream)
5162 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
5163 }
5164
5165 /* Do we have the EW (exception: write) condition? */
5166 QUIC_NEEDS_LOCK
test_poll_event_ew(QUIC_XSO * xso)5167 static int test_poll_event_ew(QUIC_XSO *xso)
5168 {
5169 return ossl_quic_stream_has_send(xso->stream)
5170 && xso->stream->peer_stop_sending
5171 && !xso->requested_reset
5172 && !xso->conn->shutting_down;
5173 }
5174
5175 /* Do we have the EC (exception: connection) condition? */
5176 QUIC_NEEDS_LOCK
test_poll_event_ec(QUIC_CONNECTION * qc)5177 static int test_poll_event_ec(QUIC_CONNECTION *qc)
5178 {
5179 return ossl_quic_channel_is_term_any(qc->ch);
5180 }
5181
5182 /* Do we have the ECD (exception: connection drained) condition? */
5183 QUIC_NEEDS_LOCK
test_poll_event_ecd(QUIC_CONNECTION * qc)5184 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
5185 {
5186 return ossl_quic_channel_is_terminated(qc->ch);
5187 }
5188
5189 /* Do we have the IS (incoming: stream) condition? */
5190 QUIC_NEEDS_LOCK
test_poll_event_is(QUIC_CONNECTION * qc,int is_uni)5191 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
5192 {
5193 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
5194 is_uni);
5195 }
5196
5197 /* Do we have the OS (outgoing: stream) condition? */
5198 QUIC_NEEDS_LOCK
test_poll_event_os(QUIC_CONNECTION * qc,int is_uni)5199 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
5200 {
5201 /* Is it currently possible for us to make an outgoing stream? */
5202 return quic_mutation_allowed(qc, /*req_active=*/1)
5203 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
5204 }
5205
5206 /* Do we have the EL (exception: listener) condition? */
5207 QUIC_NEEDS_LOCK
test_poll_event_el(QUIC_LISTENER * ql)5208 static int test_poll_event_el(QUIC_LISTENER *ql)
5209 {
5210 return !ossl_quic_port_is_running(ql->port);
5211 }
5212
5213 /* Do we have the IC (incoming: connection) condition? */
5214 QUIC_NEEDS_LOCK
test_poll_event_ic(QUIC_LISTENER * ql)5215 static int test_poll_event_ic(QUIC_LISTENER *ql)
5216 {
5217 return ossl_quic_port_get_num_incoming_channels(ql->port) > 0;
5218 }
5219
5220 QUIC_TAKES_LOCK
ossl_quic_conn_poll_events(SSL * ssl,uint64_t events,int do_tick,uint64_t * p_revents)5221 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
5222 uint64_t *p_revents)
5223 {
5224 QCTX ctx;
5225 uint64_t revents = 0;
5226
5227 if (!expect_quic_csl(ssl, &ctx))
5228 return 0;
5229
5230 qctx_lock(&ctx);
5231
5232 if (ctx.qc != NULL && !ctx.qc->started) {
5233 /* We can only try to write on non-started connection. */
5234 if ((events & SSL_POLL_EVENT_W) != 0)
5235 revents |= SSL_POLL_EVENT_W;
5236 goto end;
5237 }
5238
5239 if (do_tick)
5240 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0);
5241
5242 if (ctx.xso != NULL) {
5243 /* SSL object has a stream component. */
5244
5245 if ((events & SSL_POLL_EVENT_R) != 0
5246 && test_poll_event_r(ctx.xso))
5247 revents |= SSL_POLL_EVENT_R;
5248
5249 if ((events & SSL_POLL_EVENT_ER) != 0
5250 && test_poll_event_er(ctx.xso))
5251 revents |= SSL_POLL_EVENT_ER;
5252
5253 if ((events & SSL_POLL_EVENT_W) != 0
5254 && test_poll_event_w(ctx.xso))
5255 revents |= SSL_POLL_EVENT_W;
5256
5257 if ((events & SSL_POLL_EVENT_EW) != 0
5258 && test_poll_event_ew(ctx.xso))
5259 revents |= SSL_POLL_EVENT_EW;
5260 }
5261
5262 if (ctx.qc != NULL && !ctx.is_stream) {
5263 if ((events & SSL_POLL_EVENT_EC) != 0
5264 && test_poll_event_ec(ctx.qc))
5265 revents |= SSL_POLL_EVENT_EC;
5266
5267 if ((events & SSL_POLL_EVENT_ECD) != 0
5268 && test_poll_event_ecd(ctx.qc))
5269 revents |= SSL_POLL_EVENT_ECD;
5270
5271 if ((events & SSL_POLL_EVENT_ISB) != 0
5272 && test_poll_event_is(ctx.qc, /*uni=*/0))
5273 revents |= SSL_POLL_EVENT_ISB;
5274
5275 if ((events & SSL_POLL_EVENT_ISU) != 0
5276 && test_poll_event_is(ctx.qc, /*uni=*/1))
5277 revents |= SSL_POLL_EVENT_ISU;
5278
5279 if ((events & SSL_POLL_EVENT_OSB) != 0
5280 && test_poll_event_os(ctx.qc, /*uni=*/0))
5281 revents |= SSL_POLL_EVENT_OSB;
5282
5283 if ((events & SSL_POLL_EVENT_OSU) != 0
5284 && test_poll_event_os(ctx.qc, /*uni=*/1))
5285 revents |= SSL_POLL_EVENT_OSU;
5286 }
5287
5288 if (ctx.is_listener) {
5289 if ((events & SSL_POLL_EVENT_EL) != 0
5290 && test_poll_event_el(ctx.ql))
5291 revents |= SSL_POLL_EVENT_EL;
5292
5293 if ((events & SSL_POLL_EVENT_IC) != 0
5294 && test_poll_event_ic(ctx.ql))
5295 revents |= SSL_POLL_EVENT_IC;
5296 }
5297
5298 end:
5299 qctx_unlock(&ctx);
5300 *p_revents = revents;
5301 return 1;
5302 }
5303
5304 QUIC_TAKES_LOCK
ossl_quic_get_notifier_fd(SSL * ssl)5305 int ossl_quic_get_notifier_fd(SSL *ssl)
5306 {
5307 QCTX ctx;
5308 QUIC_REACTOR *rtor;
5309 RIO_NOTIFIER *nfy;
5310 int nfd = -1;
5311
5312 if (!expect_quic_any(ssl, &ctx))
5313 return -1;
5314
5315 qctx_lock(&ctx);
5316 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5317 nfy = ossl_quic_reactor_get0_notifier(rtor);
5318 if (nfy == NULL)
5319 goto end;
5320 nfd = ossl_rio_notifier_as_fd(nfy);
5321
5322 end:
5323 qctx_unlock(&ctx);
5324 return nfd;
5325 }
5326
5327 QUIC_TAKES_LOCK
ossl_quic_enter_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5328 void ossl_quic_enter_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5329 {
5330 QCTX ctx;
5331 QUIC_REACTOR *rtor;
5332
5333 if (!expect_quic_any(ssl, &ctx))
5334 return;
5335
5336 qctx_lock(&ctx);
5337 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5338 ossl_quic_reactor_wait_ctx_enter(wctx, rtor);
5339 qctx_unlock(&ctx);
5340 }
5341
5342 QUIC_TAKES_LOCK
ossl_quic_leave_blocking_section(SSL * ssl,QUIC_REACTOR_WAIT_CTX * wctx)5343 void ossl_quic_leave_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx)
5344 {
5345 QCTX ctx;
5346 QUIC_REACTOR *rtor;
5347
5348 if (!expect_quic_any(ssl, &ctx))
5349 return;
5350
5351 qctx_lock(&ctx);
5352 rtor = ossl_quic_obj_get0_reactor(ctx.obj);
5353 ossl_quic_reactor_wait_ctx_leave(wctx, rtor);
5354 qctx_unlock(&ctx);
5355 }
5356
5357 /*
5358 * Internal Testing APIs
5359 * =====================
5360 */
5361
ossl_quic_conn_get_channel(SSL * s)5362 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
5363 {
5364 QCTX ctx;
5365
5366 if (!expect_quic_conn_only(s, &ctx))
5367 return NULL;
5368
5369 return ctx.qc->ch;
5370 }
5371
ossl_quic_set_diag_title(SSL_CTX * ctx,const char * title)5372 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
5373 {
5374 #ifndef OPENSSL_NO_QLOG
5375 OPENSSL_free(ctx->qlog_title);
5376 ctx->qlog_title = NULL;
5377
5378 if (title == NULL)
5379 return 1;
5380
5381 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)
5382 return 0;
5383 #endif
5384
5385 return 1;
5386 }
5387