1 /*
2 * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/packet_quic.h"
11 #include "internal/nelem.h"
12 #include "internal/quic_wire.h"
13 #include "internal/quic_record_rx.h"
14 #include "internal/quic_ackm.h"
15 #include "internal/quic_rx_depack.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_fc.h"
18 #include "internal/quic_channel.h"
19 #include "internal/sockets.h"
20
21 #include "quic_local.h"
22 #include "quic_channel_local.h"
23 #include "../ssl_local.h"
24
25 /*
26 * Helper functions to process different frame types.
27 *
28 * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT
29 * pointer argument, the few that aren't ACK eliciting will not. This makes
30 * them a verifiable pattern against tables where this is specified.
31 */
32 static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,
33 uint64_t stream_id,
34 uint64_t frame_type,
35 QUIC_STREAM **result);
36
depack_do_frame_padding(PACKET * pkt)37 static int depack_do_frame_padding(PACKET *pkt)
38 {
39 /* We ignore this frame */
40 ossl_quic_wire_decode_padding(pkt);
41 return 1;
42 }
43
depack_do_frame_ping(PACKET * pkt,QUIC_CHANNEL * ch,uint32_t enc_level,OSSL_ACKM_RX_PKT * ackm_data)44 static int depack_do_frame_ping(PACKET *pkt, QUIC_CHANNEL *ch,
45 uint32_t enc_level,
46 OSSL_ACKM_RX_PKT *ackm_data)
47 {
48 /* We ignore this frame, apart from eliciting an ACK */
49 if (!ossl_quic_wire_decode_frame_ping(pkt)) {
50 ossl_quic_channel_raise_protocol_error(ch,
51 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
52 OSSL_QUIC_FRAME_TYPE_PING,
53 "decode error");
54 return 0;
55 }
56
57 ossl_quic_tx_packetiser_schedule_ack_eliciting(ch->txp, enc_level);
58 return 1;
59 }
60
depack_do_frame_ack(PACKET * pkt,QUIC_CHANNEL * ch,int packet_space,OSSL_TIME received,uint64_t frame_type,OSSL_QRX_PKT * qpacket)61 static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,
62 int packet_space, OSSL_TIME received,
63 uint64_t frame_type,
64 OSSL_QRX_PKT *qpacket)
65 {
66 OSSL_QUIC_FRAME_ACK ack;
67 OSSL_QUIC_ACK_RANGE *p;
68 uint64_t total_ranges = 0;
69 uint32_t ack_delay_exp = ch->rx_ack_delay_exp;
70
71 if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
72 /* In case sizeof(uint64_t) > sizeof(size_t) */
73 || total_ranges > SIZE_MAX / sizeof(OSSL_QUIC_ACK_RANGE))
74 goto malformed;
75
76 if (ch->num_ack_range_scratch < (size_t)total_ranges) {
77 if ((p = OPENSSL_realloc(ch->ack_range_scratch,
78 sizeof(OSSL_QUIC_ACK_RANGE)
79 * (size_t)total_ranges))
80 == NULL)
81 goto malformed;
82
83 ch->ack_range_scratch = p;
84 ch->num_ack_range_scratch = (size_t)total_ranges;
85 }
86
87 ack.ack_ranges = ch->ack_range_scratch;
88 ack.num_ack_ranges = (size_t)total_ranges;
89
90 if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
91 goto malformed;
92
93 if (qpacket->hdr->type == QUIC_PKT_TYPE_1RTT
94 && (qpacket->key_epoch < ossl_qrx_get_key_epoch(ch->qrx)
95 || ch->rxku_expected)
96 && ack.ack_ranges[0].end >= ch->txku_pn) {
97 /*
98 * RFC 9001 s. 6.2: An endpoint that receives an acknowledgment that is
99 * carried in a packet protected with old keys where any acknowledged
100 * packet was protected with newer keys MAY treat that as a connection
101 * error of type KEY_UPDATE_ERROR.
102 *
103 * Two cases to handle here:
104 *
105 * - We did spontaneous TXKU, the peer has responded in kind and we
106 * have detected RXKU; !ch->rxku_expected, but then it sent a packet
107 * with old keys acknowledging a packet in the new key epoch.
108 *
109 * This also covers the case where we got RXKU and triggered
110 * solicited TXKU, and then for some reason the peer sent an ACK of
111 * a PN in our new TX key epoch with old keys.
112 *
113 * - We did spontaneous TXKU; ch->txku_pn is the starting PN of our
114 * new TX key epoch; the peer has not initiated a solicited TXKU in
115 * response (so we have not detected RXKU); in this case the RX key
116 * epoch has not incremented and ch->rxku_expected is still 1.
117 */
118 ossl_quic_channel_raise_protocol_error(ch,
119 OSSL_QUIC_ERR_KEY_UPDATE_ERROR,
120 frame_type,
121 "acked packet which initiated a "
122 "key update without a "
123 "corresponding key update");
124 return 0;
125 }
126
127 if (!ossl_ackm_on_rx_ack_frame(ch->ackm, &ack,
128 packet_space, received))
129 goto malformed;
130
131 ++ch->diag_num_rx_ack;
132 return 1;
133
134 malformed:
135 ossl_quic_channel_raise_protocol_error(ch,
136 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
137 frame_type,
138 "decode error");
139 return 0;
140 }
141
depack_do_frame_reset_stream(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)142 static int depack_do_frame_reset_stream(PACKET *pkt,
143 QUIC_CHANNEL *ch,
144 OSSL_ACKM_RX_PKT *ackm_data)
145 {
146 OSSL_QUIC_FRAME_RESET_STREAM frame_data;
147 QUIC_STREAM *stream = NULL;
148 uint64_t fce;
149
150 if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) {
151 ossl_quic_channel_raise_protocol_error(ch,
152 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
153 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
154 "decode error");
155 return 0;
156 }
157
158 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
159 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
160 &stream))
161 return 0; /* error already raised for us */
162
163 if (stream == NULL)
164 return 1; /* old deleted stream, not a protocol violation, ignore */
165
166 if (!ossl_quic_stream_has_recv(stream)) {
167 ossl_quic_channel_raise_protocol_error(ch,
168 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
169 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
170 "RESET_STREAM frame for "
171 "TX only stream");
172 return 0;
173 }
174
175 /*
176 * The final size field of the RESET_STREAM frame must be used to determine
177 * how much flow control credit the aborted stream was considered to have
178 * consumed.
179 *
180 * We also need to ensure that if we already have a final size for the
181 * stream, the RESET_STREAM frame's Final Size field matches this; we SHOULD
182 * terminate the connection otherwise (RFC 9000 s. 4.5). The RXFC takes care
183 * of this for us.
184 */
185 if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,
186 frame_data.final_size, /*is_fin=*/1)) {
187 ossl_quic_channel_raise_protocol_error(ch,
188 OSSL_QUIC_ERR_INTERNAL_ERROR,
189 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
190 "internal error (flow control)");
191 return 0;
192 }
193
194 /* Has a flow control error occurred? */
195 fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);
196 if (fce != OSSL_QUIC_ERR_NO_ERROR) {
197 ossl_quic_channel_raise_protocol_error(ch,
198 fce,
199 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
200 "flow control violation");
201 return 0;
202 }
203
204 /*
205 * Depending on the receive part state this is handled either as a reset
206 * transition or a no-op (e.g. if a reset has already been received before,
207 * or the application already retired a FIN). Best effort - there are no
208 * protocol error conditions we need to check for here.
209 */
210 ossl_quic_stream_map_notify_reset_recv_part(&ch->qsm, stream,
211 frame_data.app_error_code,
212 frame_data.final_size);
213
214 ossl_quic_stream_map_update_state(&ch->qsm, stream);
215 return 1;
216 }
217
depack_do_frame_stop_sending(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)218 static int depack_do_frame_stop_sending(PACKET *pkt,
219 QUIC_CHANNEL *ch,
220 OSSL_ACKM_RX_PKT *ackm_data)
221 {
222 OSSL_QUIC_FRAME_STOP_SENDING frame_data;
223 QUIC_STREAM *stream = NULL;
224
225 if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) {
226 ossl_quic_channel_raise_protocol_error(ch,
227 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
228 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
229 "decode error");
230 return 0;
231 }
232
233 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
234 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
235 &stream))
236 return 0; /* error already raised for us */
237
238 if (stream == NULL)
239 return 1; /* old deleted stream, not a protocol violation, ignore */
240
241 if (!ossl_quic_stream_has_send(stream)) {
242 ossl_quic_channel_raise_protocol_error(ch,
243 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
244 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
245 "STOP_SENDING frame for "
246 "RX only stream");
247 return 0;
248 }
249
250 stream->peer_stop_sending = 1;
251 stream->peer_stop_sending_aec = frame_data.app_error_code;
252
253 /*
254 * RFC 9000 s. 3.5: Receiving a STOP_SENDING frame means we must respond in
255 * turn with a RESET_STREAM frame for the same part of the stream. The other
256 * part is unaffected.
257 */
258 ossl_quic_stream_map_reset_stream_send_part(&ch->qsm, stream,
259 frame_data.app_error_code);
260 return 1;
261 }
262
depack_do_frame_crypto(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_QRX_PKT * parent_pkt,OSSL_ACKM_RX_PKT * ackm_data,uint64_t * datalen)263 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,
264 OSSL_QRX_PKT *parent_pkt,
265 OSSL_ACKM_RX_PKT *ackm_data,
266 uint64_t *datalen)
267 {
268 OSSL_QUIC_FRAME_CRYPTO f;
269 QUIC_RSTREAM *rstream;
270 QUIC_RXFC *rxfc;
271
272 *datalen = 0;
273
274 if (!ossl_quic_wire_decode_frame_crypto(pkt, 0, &f)) {
275 ossl_quic_channel_raise_protocol_error(ch,
276 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
277 OSSL_QUIC_FRAME_TYPE_CRYPTO,
278 "decode error");
279 return 0;
280 }
281
282 if (f.len == 0)
283 return 1; /* nothing to do */
284
285 rstream = ch->crypto_recv[ackm_data->pkt_space];
286 if (!ossl_assert(rstream != NULL))
287 /*
288 * This should not happen; we should only have a NULL stream here if
289 * the EL has been discarded, and if the EL has been discarded we
290 * shouldn't be here.
291 */
292 return 0;
293
294 rxfc = &ch->crypto_rxfc[ackm_data->pkt_space];
295
296 if (!ossl_quic_rxfc_on_rx_stream_frame(rxfc, f.offset + f.len,
297 /*is_fin=*/0)) {
298 ossl_quic_channel_raise_protocol_error(ch,
299 OSSL_QUIC_ERR_INTERNAL_ERROR,
300 OSSL_QUIC_FRAME_TYPE_CRYPTO,
301 "internal error (crypto RXFC)");
302 return 0;
303 }
304
305 if (ossl_quic_rxfc_get_error(rxfc, 0) != OSSL_QUIC_ERR_NO_ERROR) {
306 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,
307 OSSL_QUIC_FRAME_TYPE_CRYPTO,
308 "exceeded maximum crypto buffer");
309 return 0;
310 }
311
312 if (!ossl_quic_rstream_queue_data(rstream, parent_pkt,
313 f.offset, f.data, f.len, 0)) {
314 ossl_quic_channel_raise_protocol_error(ch,
315 OSSL_QUIC_ERR_INTERNAL_ERROR,
316 OSSL_QUIC_FRAME_TYPE_CRYPTO,
317 "internal error (rstream queue)");
318 return 0;
319 }
320
321 ch->did_crypto_frame = 1;
322 *datalen = f.len;
323
324 return 1;
325 }
326
depack_do_frame_new_token(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)327 static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch,
328 OSSL_ACKM_RX_PKT *ackm_data)
329 {
330 const uint8_t *token;
331 size_t token_len;
332
333 if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) {
334 ossl_quic_channel_raise_protocol_error(ch,
335 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
336 OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
337 "decode error");
338 return 0;
339 }
340
341 if (token_len == 0) {
342 /*
343 * RFC 9000 s. 19.7: "A client MUST treat receipt of a NEW_TOKEN frame
344 * with an empty Token field as a connection error of type
345 * FRAME_ENCODING_ERROR."
346 */
347 ossl_quic_channel_raise_protocol_error(ch,
348 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
349 OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
350 "zero-length NEW_TOKEN");
351 return 0;
352 }
353
354 /* store the new token in our token cache */
355 if (!ossl_quic_set_peer_token(ossl_quic_port_get_channel_ctx(ch->port),
356 &ch->cur_peer_addr, token, token_len))
357 return 0;
358
359 return 1;
360 }
361
362 /*
363 * Returns 1 if no protocol violation has occurred. In this case *result will be
364 * non-NULL unless this is an old deleted stream and we should ignore the frame
365 * causing this function to be called. Returns 0 on protocol violation.
366 */
depack_do_implicit_stream_create(QUIC_CHANNEL * ch,uint64_t stream_id,uint64_t frame_type,QUIC_STREAM ** result)367 static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,
368 uint64_t stream_id,
369 uint64_t frame_type,
370 QUIC_STREAM **result)
371 {
372 QUIC_STREAM *stream;
373 uint64_t peer_role, stream_ordinal;
374 uint64_t *p_next_ordinal_local, *p_next_ordinal_remote;
375 QUIC_RXFC *max_streams_fc;
376 int is_uni, is_remote_init;
377
378 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id);
379 if (stream != NULL) {
380 *result = stream;
381 return 1;
382 }
383
384 /*
385 * If we do not yet have a stream with the given ID, there are three
386 * possibilities:
387 *
388 * (a) The stream ID is for a remotely-created stream and the peer
389 * is creating a stream.
390 *
391 * (b) The stream ID is for a locally-created stream which has
392 * previously been deleted.
393 *
394 * (c) The stream ID is for a locally-created stream which does
395 * not exist yet. This is a protocol violation and we must
396 * terminate the connection in this case.
397 *
398 * We distinguish between (b) and (c) using the stream ID allocator
399 * variable. Since stream ordinals are allocated monotonically, we
400 * simply determine if the stream ordinal is in the future.
401 */
402 peer_role = ch->is_server
403 ? QUIC_STREAM_INITIATOR_CLIENT
404 : QUIC_STREAM_INITIATOR_SERVER;
405
406 is_remote_init = ((stream_id & QUIC_STREAM_INITIATOR_MASK) == peer_role);
407 is_uni = ((stream_id & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_UNI);
408
409 stream_ordinal = stream_id >> 2;
410
411 if (is_remote_init) {
412 /*
413 * Peer-created stream which does not yet exist. Create it. QUIC stream
414 * ordinals within a given stream type MUST be used in sequence and
415 * receiving a STREAM frame for ordinal n must implicitly create streams
416 * with ordinals [0, n) within that stream type even if no explicit
417 * STREAM frames are received for those ordinals.
418 */
419 p_next_ordinal_remote = is_uni
420 ? &ch->next_remote_stream_ordinal_uni
421 : &ch->next_remote_stream_ordinal_bidi;
422
423 /* Check this isn't violating stream count flow control. */
424 max_streams_fc = is_uni
425 ? &ch->max_streams_uni_rxfc
426 : &ch->max_streams_bidi_rxfc;
427
428 if (!ossl_quic_rxfc_on_rx_stream_frame(max_streams_fc,
429 stream_ordinal + 1,
430 /*is_fin=*/0)) {
431 ossl_quic_channel_raise_protocol_error(ch,
432 OSSL_QUIC_ERR_INTERNAL_ERROR,
433 frame_type,
434 "internal error (stream count RXFC)");
435 return 0;
436 }
437
438 if (ossl_quic_rxfc_get_error(max_streams_fc, 0) != OSSL_QUIC_ERR_NO_ERROR) {
439 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,
440 frame_type,
441 "exceeded maximum allowed streams");
442 return 0;
443 }
444
445 /*
446 * Create the named stream and any streams coming before it yet to be
447 * created.
448 */
449 while (*p_next_ordinal_remote <= stream_ordinal) {
450 uint64_t cur_stream_id = (*p_next_ordinal_remote << 2) | (stream_id & (QUIC_STREAM_DIR_MASK | QUIC_STREAM_INITIATOR_MASK));
451
452 stream = ossl_quic_channel_new_stream_remote(ch, cur_stream_id);
453 if (stream == NULL) {
454 ossl_quic_channel_raise_protocol_error(ch,
455 OSSL_QUIC_ERR_INTERNAL_ERROR,
456 frame_type,
457 "internal error (stream allocation)");
458 return 0;
459 }
460
461 ++*p_next_ordinal_remote;
462 }
463
464 *result = stream;
465 } else {
466 /* Locally-created stream which does not yet exist. */
467 p_next_ordinal_local = is_uni
468 ? &ch->next_local_stream_ordinal_uni
469 : &ch->next_local_stream_ordinal_bidi;
470
471 if (stream_ordinal >= *p_next_ordinal_local) {
472 /*
473 * We never created this stream yet, this is a protocol
474 * violation.
475 */
476 ossl_quic_channel_raise_protocol_error(ch,
477 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
478 frame_type,
479 "STREAM frame for nonexistent "
480 "stream");
481 return 0;
482 }
483
484 /*
485 * Otherwise this is for an old locally-initiated stream which we
486 * have subsequently deleted. Ignore the data; it may simply be a
487 * retransmission. We already take care of notifying the peer of the
488 * termination of the stream during the stream deletion lifecycle.
489 */
490 *result = NULL;
491 }
492
493 return 1;
494 }
495
depack_do_frame_stream(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_QRX_PKT * parent_pkt,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type,uint64_t * datalen)496 static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
497 OSSL_QRX_PKT *parent_pkt,
498 OSSL_ACKM_RX_PKT *ackm_data,
499 uint64_t frame_type,
500 uint64_t *datalen)
501 {
502 OSSL_QUIC_FRAME_STREAM frame_data;
503 QUIC_STREAM *stream;
504 uint64_t fce;
505 size_t rs_avail;
506 int rs_fin = 0;
507
508 *datalen = 0;
509
510 if (!ossl_quic_wire_decode_frame_stream(pkt, 0, &frame_data)) {
511 ossl_quic_channel_raise_protocol_error(ch,
512 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
513 frame_type,
514 "decode error");
515 return 0;
516 }
517
518 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
519 frame_type, &stream))
520 return 0; /* protocol error raised by above call */
521
522 if (stream == NULL)
523 /*
524 * Data for old stream which is not a protocol violation but should be
525 * ignored, so stop here.
526 */
527 return 1;
528
529 if (!ossl_quic_stream_has_recv(stream)) {
530 ossl_quic_channel_raise_protocol_error(ch,
531 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
532 frame_type,
533 "STREAM frame for TX only "
534 "stream");
535 return 0;
536 }
537
538 /* Notify stream flow controller. */
539 if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,
540 frame_data.offset + frame_data.len,
541 frame_data.is_fin)) {
542 ossl_quic_channel_raise_protocol_error(ch,
543 OSSL_QUIC_ERR_INTERNAL_ERROR,
544 frame_type,
545 "internal error (flow control)");
546 return 0;
547 }
548
549 /* Has a flow control error occurred? */
550 fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);
551 if (fce != OSSL_QUIC_ERR_NO_ERROR) {
552 ossl_quic_channel_raise_protocol_error(ch,
553 fce,
554 frame_type,
555 "flow control violation");
556 return 0;
557 }
558
559 switch (stream->recv_state) {
560 case QUIC_RSTREAM_STATE_RECV:
561 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
562 /*
563 * It only makes sense to process incoming STREAM frames in these
564 * states.
565 */
566 break;
567
568 case QUIC_RSTREAM_STATE_DATA_RECVD:
569 case QUIC_RSTREAM_STATE_DATA_READ:
570 case QUIC_RSTREAM_STATE_RESET_RECVD:
571 case QUIC_RSTREAM_STATE_RESET_READ:
572 default:
573 /*
574 * We have no use for STREAM frames once the receive part reaches any of
575 * these states, so just ignore.
576 */
577 return 1;
578 }
579
580 /* If we are in RECV, auto-transition to SIZE_KNOWN on FIN. */
581 if (frame_data.is_fin
582 && !ossl_quic_stream_recv_get_final_size(stream, NULL)) {
583
584 /* State was already checked above, so can't fail. */
585 ossl_quic_stream_map_notify_size_known_recv_part(&ch->qsm, stream,
586 frame_data.offset
587 + frame_data.len);
588 }
589
590 /*
591 * If we requested STOP_SENDING do not bother buffering the data. Note that
592 * this must happen after RXFC checks above as even if we sent STOP_SENDING
593 * we must still enforce correct flow control (RFC 9000 s. 3.5).
594 */
595 if (stream->stop_sending)
596 return 1; /* not an error - packet reordering, etc. */
597
598 /*
599 * The receive stream buffer may or may not choose to consume the data
600 * without copying by reffing the OSSL_QRX_PKT. In this case
601 * ossl_qrx_pkt_release() will be eventually called when the data is no
602 * longer needed.
603 *
604 * It is OK for the peer to send us a zero-length non-FIN STREAM frame,
605 * which is a no-op, aside from the fact that it ensures the stream exists.
606 * In this case we have nothing to report to the receive buffer.
607 */
608 if ((frame_data.len > 0 || frame_data.is_fin)
609 && !ossl_quic_rstream_queue_data(stream->rstream, parent_pkt,
610 frame_data.offset,
611 frame_data.data,
612 frame_data.len,
613 frame_data.is_fin)) {
614 ossl_quic_channel_raise_protocol_error(ch,
615 OSSL_QUIC_ERR_INTERNAL_ERROR,
616 frame_type,
617 "internal error (rstream queue)");
618 return 0;
619 }
620
621 /*
622 * rs_fin will be 1 only if we can read all data up to and including the FIN
623 * without any gaps before it; this implies we have received all data. Avoid
624 * calling ossl_quic_rstream_available() where it is not necessary as it is
625 * more expensive.
626 */
627 if (stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN
628 && !ossl_quic_rstream_available(stream->rstream, &rs_avail, &rs_fin)) {
629 ossl_quic_channel_raise_protocol_error(ch,
630 OSSL_QUIC_ERR_INTERNAL_ERROR,
631 frame_type,
632 "internal error (rstream available)");
633 return 0;
634 }
635
636 if (rs_fin)
637 ossl_quic_stream_map_notify_totally_received(&ch->qsm, stream);
638
639 *datalen = frame_data.len;
640
641 return 1;
642 }
643
update_streams(QUIC_STREAM * s,void * arg)644 static void update_streams(QUIC_STREAM *s, void *arg)
645 {
646 QUIC_CHANNEL *ch = arg;
647
648 ossl_quic_stream_map_update_state(&ch->qsm, s);
649 }
650
update_streams_bidi(QUIC_STREAM * s,void * arg)651 static void update_streams_bidi(QUIC_STREAM *s, void *arg)
652 {
653 QUIC_CHANNEL *ch = arg;
654
655 if (!ossl_quic_stream_is_bidi(s))
656 return;
657
658 ossl_quic_stream_map_update_state(&ch->qsm, s);
659 }
660
update_streams_uni(QUIC_STREAM * s,void * arg)661 static void update_streams_uni(QUIC_STREAM *s, void *arg)
662 {
663 QUIC_CHANNEL *ch = arg;
664
665 if (ossl_quic_stream_is_bidi(s))
666 return;
667
668 ossl_quic_stream_map_update_state(&ch->qsm, s);
669 }
670
depack_do_frame_max_data(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)671 static int depack_do_frame_max_data(PACKET *pkt, QUIC_CHANNEL *ch,
672 OSSL_ACKM_RX_PKT *ackm_data)
673 {
674 uint64_t max_data = 0;
675
676 if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) {
677 ossl_quic_channel_raise_protocol_error(ch,
678 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
679 OSSL_QUIC_FRAME_TYPE_MAX_DATA,
680 "decode error");
681 return 0;
682 }
683
684 ossl_quic_txfc_bump_cwm(&ch->conn_txfc, max_data);
685 ossl_quic_stream_map_visit(&ch->qsm, update_streams, ch);
686 return 1;
687 }
688
depack_do_frame_max_stream_data(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)689 static int depack_do_frame_max_stream_data(PACKET *pkt,
690 QUIC_CHANNEL *ch,
691 OSSL_ACKM_RX_PKT *ackm_data)
692 {
693 uint64_t stream_id = 0;
694 uint64_t max_stream_data = 0;
695 QUIC_STREAM *stream;
696
697 if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,
698 &max_stream_data)) {
699 ossl_quic_channel_raise_protocol_error(ch,
700 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
701 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
702 "decode error");
703 return 0;
704 }
705
706 if (!depack_do_implicit_stream_create(ch, stream_id,
707 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
708 &stream))
709 return 0; /* error already raised for us */
710
711 if (stream == NULL)
712 return 1; /* old deleted stream, not a protocol violation, ignore */
713
714 if (!ossl_quic_stream_has_send(stream)) {
715 ossl_quic_channel_raise_protocol_error(ch,
716 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
717 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
718 "MAX_STREAM_DATA for TX only "
719 "stream");
720 return 0;
721 }
722
723 ossl_quic_txfc_bump_cwm(&stream->txfc, max_stream_data);
724 ossl_quic_stream_map_update_state(&ch->qsm, stream);
725 return 1;
726 }
727
depack_do_frame_max_streams(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type)728 static int depack_do_frame_max_streams(PACKET *pkt,
729 QUIC_CHANNEL *ch,
730 OSSL_ACKM_RX_PKT *ackm_data,
731 uint64_t frame_type)
732 {
733 uint64_t max_streams = 0;
734
735 if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) {
736 ossl_quic_channel_raise_protocol_error(ch,
737 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
738 frame_type,
739 "decode error");
740 return 0;
741 }
742
743 if (max_streams > (((uint64_t)1) << 60)) {
744 ossl_quic_channel_raise_protocol_error(ch,
745 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
746 frame_type,
747 "invalid max streams value");
748 return 0;
749 }
750
751 switch (frame_type) {
752 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
753 if (max_streams > ch->max_local_streams_bidi)
754 ch->max_local_streams_bidi = max_streams;
755
756 /* Some streams may now be able to send. */
757 ossl_quic_stream_map_visit(&ch->qsm, update_streams_bidi, ch);
758 break;
759 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
760 if (max_streams > ch->max_local_streams_uni)
761 ch->max_local_streams_uni = max_streams;
762
763 /* Some streams may now be able to send. */
764 ossl_quic_stream_map_visit(&ch->qsm, update_streams_uni, ch);
765 break;
766 default:
767 ossl_quic_channel_raise_protocol_error(ch,
768 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
769 frame_type,
770 "decode error");
771 return 0;
772 }
773
774 return 1;
775 }
776
depack_do_frame_data_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)777 static int depack_do_frame_data_blocked(PACKET *pkt,
778 QUIC_CHANNEL *ch,
779 OSSL_ACKM_RX_PKT *ackm_data)
780 {
781 uint64_t max_data = 0;
782
783 if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) {
784 ossl_quic_channel_raise_protocol_error(ch,
785 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
786 OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED,
787 "decode error");
788 return 0;
789 }
790
791 /* No-op - informative/debugging frame. */
792 return 1;
793 }
794
depack_do_frame_stream_data_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)795 static int depack_do_frame_stream_data_blocked(PACKET *pkt,
796 QUIC_CHANNEL *ch,
797 OSSL_ACKM_RX_PKT *ackm_data)
798 {
799 uint64_t stream_id = 0;
800 uint64_t max_data = 0;
801 QUIC_STREAM *stream;
802
803 if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,
804 &max_data)) {
805 ossl_quic_channel_raise_protocol_error(ch,
806 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
807 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
808 "decode error");
809 return 0;
810 }
811
812 /*
813 * This is an informative/debugging frame, so we don't have to do anything,
814 * but it does trigger stream creation.
815 */
816 if (!depack_do_implicit_stream_create(ch, stream_id,
817 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
818 &stream))
819 return 0; /* error already raised for us */
820
821 if (stream == NULL)
822 return 1; /* old deleted stream, not a protocol violation, ignore */
823
824 if (!ossl_quic_stream_has_recv(stream)) {
825 /*
826 * RFC 9000 s. 19.14: "An endpoint that receives a STREAM_DATA_BLOCKED
827 * frame for a send-only stream MUST terminate the connection with error
828 * STREAM_STATE_ERROR."
829 */
830 ossl_quic_channel_raise_protocol_error(ch,
831 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
832 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
833 "STREAM_DATA_BLOCKED frame for "
834 "TX only stream");
835 return 0;
836 }
837
838 /* No-op - informative/debugging frame. */
839 return 1;
840 }
841
depack_do_frame_streams_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type)842 static int depack_do_frame_streams_blocked(PACKET *pkt,
843 QUIC_CHANNEL *ch,
844 OSSL_ACKM_RX_PKT *ackm_data,
845 uint64_t frame_type)
846 {
847 uint64_t max_data = 0;
848
849 if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) {
850 ossl_quic_channel_raise_protocol_error(ch,
851 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
852 frame_type,
853 "decode error");
854 return 0;
855 }
856
857 if (max_data > (((uint64_t)1) << 60)) {
858 /*
859 * RFC 9000 s. 19.14: "This value cannot exceed 2**60, as it is not
860 * possible to encode stream IDs larger than 2**62 - 1. Receipt of a
861 * frame that encodes a larger stream ID MUST be treated as a connection
862 * error of type STREAM_LIMIT_ERROR or FRAME_ENCODING_ERROR."
863 */
864 ossl_quic_channel_raise_protocol_error(ch,
865 OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,
866 frame_type,
867 "invalid stream count limit");
868 return 0;
869 }
870
871 /* No-op - informative/debugging frame. */
872 return 1;
873 }
874
depack_do_frame_new_conn_id(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)875 static int depack_do_frame_new_conn_id(PACKET *pkt,
876 QUIC_CHANNEL *ch,
877 OSSL_ACKM_RX_PKT *ackm_data)
878 {
879 OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;
880
881 if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) {
882 ossl_quic_channel_raise_protocol_error(ch,
883 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
884 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
885 "decode error");
886 return 0;
887 }
888
889 ossl_quic_channel_on_new_conn_id(ch, &frame_data);
890
891 return 1;
892 }
893
depack_do_frame_retire_conn_id(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)894 static int depack_do_frame_retire_conn_id(PACKET *pkt,
895 QUIC_CHANNEL *ch,
896 OSSL_ACKM_RX_PKT *ackm_data)
897 {
898 uint64_t seq_num;
899
900 if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) {
901 ossl_quic_channel_raise_protocol_error(ch,
902 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
903 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
904 "decode error");
905 return 0;
906 }
907
908 /*
909 * RFC 9000 s. 19.16: "An endpoint cannot send this frame if it was provided
910 * with a zero-length connection ID by its peer. An endpoint that provides a
911 * zero-length connection ID MUST treat receipt of a RETIRE_CONNECTION_ID
912 * frame as a connection error of type PROTOCOL_VIOLATION."
913 *
914 * Since we always use a zero-length SCID as a client, there is no case
915 * where it is valid for a server to send this. Our server support is
916 * currently non-conformant and for internal testing use; simply handle it
917 * as a no-op in this case.
918 *
919 * TODO(QUIC FUTURE): Revise and implement correctly for server support.
920 */
921 if (!ch->is_server) {
922 ossl_quic_channel_raise_protocol_error(ch,
923 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
924 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
925 "conn has zero-length CID");
926 return 0;
927 }
928
929 return 1;
930 }
931
free_path_response(unsigned char * buf,size_t buf_len,void * arg)932 static void free_path_response(unsigned char *buf, size_t buf_len, void *arg)
933 {
934 QUIC_CHANNEL *ch = (QUIC_CHANNEL *)arg;
935
936 assert(ch->path_response_limit > 0);
937
938 ch->path_response_limit--;
939
940 /*
941 * Assume path response frame is being freed on behalf of
942 * finished TX operation. This is for unit testing purposes
943 * only. The counter is also bumped when channel is being
944 * destroyed and CFQ (control frame queue) is freed.
945 * This currently does not matter for check_pc_flood
946 * in test/radix/quic_tests.c.
947 */
948 ch->path_response_tx++;
949
950 OPENSSL_free(buf);
951 }
952
depack_do_frame_path_challenge(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)953 static int depack_do_frame_path_challenge(PACKET *pkt,
954 QUIC_CHANNEL *ch,
955 OSSL_ACKM_RX_PKT *ackm_data)
956 {
957 uint64_t frame_data = 0;
958 unsigned char *encoded = NULL;
959 size_t encoded_len;
960 WPACKET wpkt;
961
962 if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) {
963 ossl_quic_channel_raise_protocol_error(ch,
964 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
965 OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,
966 "decode error");
967 return 0;
968 }
969
970 if (ch->seen_path_challenge == 0
971 && ch->path_response_limit < QUIC_PATH_RESPONSE_QLEN) {
972 /*
973 * RFC 9000 s. 8.2.2: On receiving a PATH_CHALLENGE frame, an endpoint
974 * MUST respond by echoing the data contained in the PATH_CHALLENGE
975 * frame in a PATH_RESPONSE frame.
976 *
977 * TODO(QUIC FUTURE): We should try to avoid allocation here in the
978 * future.
979 */
980 encoded_len = sizeof(uint64_t) + 1;
981 if ((encoded = OPENSSL_malloc(encoded_len)) == NULL)
982 goto err;
983
984 if (!WPACKET_init_static_len(&wpkt, encoded, encoded_len, 0))
985 goto err;
986
987 if (!ossl_quic_wire_encode_frame_path_response(&wpkt, frame_data)) {
988 WPACKET_cleanup(&wpkt);
989 goto err;
990 }
991
992 WPACKET_finish(&wpkt);
993
994 if (!ossl_quic_cfq_add_frame(ch->cfq, 0, QUIC_PN_SPACE_APP,
995 OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,
996 QUIC_CFQ_ITEM_FLAG_UNRELIABLE,
997 encoded, encoded_len,
998 free_path_response, ch))
999 goto err;
1000 ch->seen_path_challenge = 1;
1001 ch->path_response_limit++;
1002 }
1003
1004 ch->path_challenge_rx++;
1005
1006 return 1;
1007
1008 err:
1009 OPENSSL_free(encoded);
1010 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_INTERNAL_ERROR,
1011 OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,
1012 "internal error");
1013 return 0;
1014 }
1015
depack_do_frame_path_response(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)1016 static int depack_do_frame_path_response(PACKET *pkt,
1017 QUIC_CHANNEL *ch,
1018 OSSL_ACKM_RX_PKT *ackm_data)
1019 {
1020 uint64_t frame_data = 0;
1021
1022 if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) {
1023 ossl_quic_channel_raise_protocol_error(ch,
1024 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1025 OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,
1026 "decode error");
1027 return 0;
1028 }
1029
1030 /* TODO(QUIC MULTIPATH): ADD CODE to send |frame_data| to the ch manager */
1031
1032 return 1;
1033 }
1034
depack_do_frame_conn_close(PACKET * pkt,QUIC_CHANNEL * ch,uint64_t frame_type)1035 static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CHANNEL *ch,
1036 uint64_t frame_type)
1037 {
1038 OSSL_QUIC_FRAME_CONN_CLOSE frame_data;
1039
1040 if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data)) {
1041 ossl_quic_channel_raise_protocol_error(ch,
1042 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1043 frame_type,
1044 "decode error");
1045 return 0;
1046 }
1047
1048 ossl_quic_channel_on_remote_conn_close(ch, &frame_data);
1049 return 1;
1050 }
1051
depack_do_frame_handshake_done(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)1052 static int depack_do_frame_handshake_done(PACKET *pkt,
1053 QUIC_CHANNEL *ch,
1054 OSSL_ACKM_RX_PKT *ackm_data)
1055 {
1056 if (!ossl_quic_wire_decode_frame_handshake_done(pkt)) {
1057 /* This can fail only with an internal error. */
1058 ossl_quic_channel_raise_protocol_error(ch,
1059 OSSL_QUIC_ERR_INTERNAL_ERROR,
1060 OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE,
1061 "internal error (decode frame handshake done)");
1062 return 0;
1063 }
1064
1065 ossl_quic_channel_on_handshake_confirmed(ch);
1066 return 1;
1067 }
1068
1069 /* Main frame processor */
1070
depack_process_frames(QUIC_CHANNEL * ch,PACKET * pkt,OSSL_QRX_PKT * parent_pkt,uint32_t enc_level,OSSL_TIME received,OSSL_ACKM_RX_PKT * ackm_data)1071 static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
1072 OSSL_QRX_PKT *parent_pkt, uint32_t enc_level,
1073 OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)
1074 {
1075 uint32_t pkt_type = parent_pkt->hdr->type;
1076 uint32_t packet_space = ossl_quic_enc_level_to_pn_space(enc_level);
1077
1078 if (PACKET_remaining(pkt) == 0) {
1079 /*
1080 * RFC 9000 s. 12.4: An endpoint MUST treat receipt of a packet
1081 * containing no frames as a connection error of type
1082 * PROTOCOL_VIOLATION.
1083 */
1084 ossl_quic_channel_raise_protocol_error(ch,
1085 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1086 0,
1087 "empty packet payload");
1088 return 0;
1089 }
1090
1091 while (PACKET_remaining(pkt) > 0) {
1092 int was_minimal;
1093 uint64_t frame_type;
1094 const unsigned char *sof = NULL;
1095 uint64_t datalen = 0;
1096
1097 if (ch->msg_callback != NULL)
1098 sof = PACKET_data(pkt);
1099
1100 if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type, &was_minimal)) {
1101 ossl_quic_channel_raise_protocol_error(ch,
1102 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1103 0,
1104 "malformed frame header");
1105 return 0;
1106 }
1107
1108 if (!was_minimal) {
1109 ossl_quic_channel_raise_protocol_error(ch,
1110 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1111 frame_type,
1112 "non-minimal frame type encoding");
1113 return 0;
1114 }
1115
1116 /*
1117 * There are only a few frame types which are not ACK-eliciting. Handle
1118 * these centrally to make error handling cases more resilient, as we
1119 * should tell the ACKM about an ACK-eliciting frame even if it was not
1120 * successfully handled.
1121 */
1122 switch (frame_type) {
1123 case OSSL_QUIC_FRAME_TYPE_PADDING:
1124 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
1125 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
1126 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
1127 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
1128 break;
1129 default:
1130 ackm_data->is_ack_eliciting = 1;
1131 break;
1132 }
1133
1134 switch (frame_type) {
1135 case OSSL_QUIC_FRAME_TYPE_PING:
1136 /* Allowed in all packet types */
1137 if (!depack_do_frame_ping(pkt, ch, enc_level, ackm_data))
1138 return 0;
1139 break;
1140 case OSSL_QUIC_FRAME_TYPE_PADDING:
1141 /* Allowed in all packet types */
1142 if (!depack_do_frame_padding(pkt))
1143 return 0;
1144 break;
1145
1146 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
1147 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
1148 /* ACK frames are valid everywhere except in 0RTT packets */
1149 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
1150 ossl_quic_channel_raise_protocol_error(ch,
1151 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1152 frame_type,
1153 "ACK not valid in 0-RTT");
1154 return 0;
1155 }
1156 if (!depack_do_frame_ack(pkt, ch, packet_space, received,
1157 frame_type, parent_pkt))
1158 return 0;
1159 break;
1160
1161 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
1162 /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */
1163 if (pkt_type != QUIC_PKT_TYPE_0RTT
1164 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1165 ossl_quic_channel_raise_protocol_error(ch,
1166 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1167 frame_type,
1168 "RESET_STREAM not valid in "
1169 "INITIAL/HANDSHAKE");
1170 return 0;
1171 }
1172 if (!depack_do_frame_reset_stream(pkt, ch, ackm_data))
1173 return 0;
1174 break;
1175 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
1176 /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */
1177 if (pkt_type != QUIC_PKT_TYPE_0RTT
1178 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1179 ossl_quic_channel_raise_protocol_error(ch,
1180 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1181 frame_type,
1182 "STOP_SENDING not valid in "
1183 "INITIAL/HANDSHAKE");
1184 return 0;
1185 }
1186 if (!depack_do_frame_stop_sending(pkt, ch, ackm_data))
1187 return 0;
1188 break;
1189 case OSSL_QUIC_FRAME_TYPE_CRYPTO:
1190 /* CRYPTO frames are valid everywhere except in 0RTT packets */
1191 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
1192 ossl_quic_channel_raise_protocol_error(ch,
1193 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1194 frame_type,
1195 "CRYPTO frame not valid in 0-RTT");
1196 return 0;
1197 }
1198 if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data, &datalen))
1199 return 0;
1200 break;
1201 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
1202 /* NEW_TOKEN frames are valid in 1RTT packets */
1203 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1204 ossl_quic_channel_raise_protocol_error(ch,
1205 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1206 frame_type,
1207 "NEW_TOKEN valid only in 1-RTT");
1208 return 0;
1209 }
1210
1211 /*
1212 * RFC 9000 s. 19.7: "A server MUST treat receipt of a NEW_TOKEN
1213 * frame as a connection error of type PROTOCOL_VIOLATION."
1214 */
1215 if (ch->is_server) {
1216 ossl_quic_channel_raise_protocol_error(ch,
1217 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1218 frame_type,
1219 "NEW_TOKEN can only be sent by a server");
1220 return 0;
1221 }
1222
1223 if (!depack_do_frame_new_token(pkt, ch, ackm_data))
1224 return 0;
1225 break;
1226
1227 case OSSL_QUIC_FRAME_TYPE_STREAM:
1228 case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:
1229 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:
1230 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:
1231 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:
1232 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:
1233 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:
1234 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:
1235 /* STREAM frames are valid in 0RTT and 1RTT packets */
1236 if (pkt_type != QUIC_PKT_TYPE_0RTT
1237 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1238 ossl_quic_channel_raise_protocol_error(ch,
1239 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1240 frame_type,
1241 "STREAM valid only in 0/1-RTT");
1242 return 0;
1243 }
1244 if (!depack_do_frame_stream(pkt, ch, parent_pkt, ackm_data,
1245 frame_type, &datalen))
1246 return 0;
1247 break;
1248
1249 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
1250 /* MAX_DATA frames are valid in 0RTT and 1RTT packets */
1251 if (pkt_type != QUIC_PKT_TYPE_0RTT
1252 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1253 ossl_quic_channel_raise_protocol_error(ch,
1254 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1255 frame_type,
1256 "MAX_DATA valid only in 0/1-RTT");
1257 return 0;
1258 }
1259 if (!depack_do_frame_max_data(pkt, ch, ackm_data))
1260 return 0;
1261 break;
1262 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
1263 /* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */
1264 if (pkt_type != QUIC_PKT_TYPE_0RTT
1265 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1266 ossl_quic_channel_raise_protocol_error(ch,
1267 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1268 frame_type,
1269 "MAX_STREAM_DATA valid only in 0/1-RTT");
1270 return 0;
1271 }
1272 if (!depack_do_frame_max_stream_data(pkt, ch, ackm_data))
1273 return 0;
1274 break;
1275
1276 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
1277 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
1278 /* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */
1279 if (pkt_type != QUIC_PKT_TYPE_0RTT
1280 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1281 ossl_quic_channel_raise_protocol_error(ch,
1282 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1283 frame_type,
1284 "MAX_STREAMS valid only in 0/1-RTT");
1285 return 0;
1286 }
1287 if (!depack_do_frame_max_streams(pkt, ch, ackm_data,
1288 frame_type))
1289 return 0;
1290 break;
1291
1292 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
1293 /* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
1294 if (pkt_type != QUIC_PKT_TYPE_0RTT
1295 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1296 ossl_quic_channel_raise_protocol_error(ch,
1297 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1298 frame_type,
1299 "DATA_BLOCKED valid only in 0/1-RTT");
1300 return 0;
1301 }
1302 if (!depack_do_frame_data_blocked(pkt, ch, ackm_data))
1303 return 0;
1304 break;
1305 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
1306 /* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
1307 if (pkt_type != QUIC_PKT_TYPE_0RTT
1308 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1309 ossl_quic_channel_raise_protocol_error(ch,
1310 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1311 frame_type,
1312 "STREAM_DATA_BLOCKED valid only in 0/1-RTT");
1313 return 0;
1314 }
1315 if (!depack_do_frame_stream_data_blocked(pkt, ch, ackm_data))
1316 return 0;
1317 break;
1318
1319 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
1320 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
1321 /* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */
1322 if (pkt_type != QUIC_PKT_TYPE_0RTT
1323 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1324 ossl_quic_channel_raise_protocol_error(ch,
1325 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1326 frame_type,
1327 "STREAMS valid only in 0/1-RTT");
1328 return 0;
1329 }
1330 if (!depack_do_frame_streams_blocked(pkt, ch, ackm_data,
1331 frame_type))
1332 return 0;
1333 break;
1334
1335 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
1336 /* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */
1337 if (pkt_type != QUIC_PKT_TYPE_0RTT
1338 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1339 ossl_quic_channel_raise_protocol_error(ch,
1340 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1341 frame_type,
1342 "NEW_CONN_ID valid only in 0/1-RTT");
1343 return 0;
1344 }
1345 if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
1346 return 0;
1347 break;
1348 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
1349 /* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */
1350 if (pkt_type != QUIC_PKT_TYPE_0RTT
1351 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1352 ossl_quic_channel_raise_protocol_error(ch,
1353 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1354 frame_type,
1355 "RETIRE_CONN_ID valid only in 0/1-RTT");
1356 return 0;
1357 }
1358 if (!depack_do_frame_retire_conn_id(pkt, ch, ackm_data))
1359 return 0;
1360 break;
1361 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
1362 /* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */
1363 if (pkt_type != QUIC_PKT_TYPE_0RTT
1364 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1365 ossl_quic_channel_raise_protocol_error(ch,
1366 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1367 frame_type,
1368 "PATH_CHALLENGE valid only in 0/1-RTT");
1369 return 0;
1370 }
1371 if (!depack_do_frame_path_challenge(pkt, ch, ackm_data))
1372 return 0;
1373
1374 break;
1375 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
1376 /* PATH_RESPONSE frames are valid in 1RTT packets */
1377 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1378 ossl_quic_channel_raise_protocol_error(ch,
1379 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1380 frame_type,
1381 "PATH_CHALLENGE valid only in 1-RTT");
1382 return 0;
1383 }
1384 if (!depack_do_frame_path_response(pkt, ch, ackm_data))
1385 return 0;
1386 break;
1387
1388 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
1389 /* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */
1390 if (pkt_type != QUIC_PKT_TYPE_0RTT
1391 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1392 ossl_quic_channel_raise_protocol_error(ch,
1393 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1394 frame_type,
1395 "CONN_CLOSE (APP) valid only in 0/1-RTT");
1396 return 0;
1397 }
1398 /* FALLTHRU */
1399 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
1400 /* CONN_CLOSE_TRANSPORT frames are valid in all packets */
1401 if (!depack_do_frame_conn_close(pkt, ch, frame_type))
1402 return 0;
1403 break;
1404
1405 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
1406 /* HANDSHAKE_DONE frames are valid in 1RTT packets */
1407 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1408 ossl_quic_channel_raise_protocol_error(ch,
1409 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1410 frame_type,
1411 "HANDSHAKE_DONE valid only in 1-RTT");
1412 return 0;
1413 }
1414 if (!depack_do_frame_handshake_done(pkt, ch, ackm_data))
1415 return 0;
1416 break;
1417
1418 default:
1419 /* Unknown frame type */
1420 ossl_quic_channel_raise_protocol_error(ch,
1421 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1422 frame_type,
1423 "Unknown frame type received");
1424 return 0;
1425 }
1426
1427 if (ch->msg_callback != NULL) {
1428 int ctype = SSL3_RT_QUIC_FRAME_FULL;
1429
1430 size_t framelen = PACKET_data(pkt) - sof;
1431
1432 if (frame_type == OSSL_QUIC_FRAME_TYPE_PADDING) {
1433 ctype = SSL3_RT_QUIC_FRAME_PADDING;
1434 } else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(frame_type)
1435 || frame_type == OSSL_QUIC_FRAME_TYPE_CRYPTO) {
1436 ctype = SSL3_RT_QUIC_FRAME_HEADER;
1437 framelen -= (size_t)datalen;
1438 }
1439
1440 ch->msg_callback(0, OSSL_QUIC1_VERSION, ctype, sof, framelen,
1441 ch->msg_callback_ssl, ch->msg_callback_arg);
1442 }
1443 }
1444
1445 return 1;
1446 }
1447
1448 QUIC_NEEDS_LOCK
ossl_quic_handle_frames(QUIC_CHANNEL * ch,OSSL_QRX_PKT * qpacket)1449 int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
1450 {
1451 PACKET pkt;
1452 OSSL_ACKM_RX_PKT ackm_data;
1453 uint32_t enc_level;
1454 size_t dgram_len = qpacket->datagram_len;
1455
1456 if (ch == NULL)
1457 return 0;
1458
1459 ossl_ch_reset_rx_state(ch);
1460
1461 /* Initialize |ackm_data| (and reinitialize |ok|)*/
1462 memset(&ackm_data, 0, sizeof(ackm_data));
1463 /*
1464 * ASSUMPTION: All packets that aren't special case have a
1465 * packet number.
1466 */
1467 ackm_data.pkt_num = qpacket->pn;
1468 ackm_data.time = qpacket->time;
1469 enc_level = ossl_quic_pkt_type_to_enc_level(qpacket->hdr->type);
1470 if (enc_level >= QUIC_ENC_LEVEL_NUM)
1471 /*
1472 * Retry and Version Negotiation packets should not be passed to this
1473 * function.
1474 */
1475 return 0;
1476
1477 ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level);
1478
1479 /*
1480 * RFC 9000 s. 8.1
1481 * We can consider the connection to be validated, if we receive a packet
1482 * from the client protected via handshake keys, meaning that the
1483 * amplification limit no longer applies (i.e. we can set it as validated.
1484 * Otherwise, add the size of this packet to the unvalidated credit for
1485 * the connection.
1486 */
1487 if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE)
1488 ossl_quic_tx_packetiser_set_validated(ch->txp);
1489 else
1490 ossl_quic_tx_packetiser_add_unvalidated_credit(ch->txp, dgram_len);
1491
1492 /* Now that special cases are out of the way, parse frames */
1493 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
1494 || !depack_process_frames(ch, &pkt, qpacket,
1495 enc_level,
1496 qpacket->time,
1497 &ackm_data))
1498 return 0;
1499
1500 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
1501
1502 return 1;
1503 }
1504