1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/packet_quic.h"
11 #include "internal/nelem.h"
12 #include "internal/quic_wire.h"
13 #include "internal/quic_record_rx.h"
14 #include "internal/quic_ackm.h"
15 #include "internal/quic_rx_depack.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_fc.h"
18 #include "internal/quic_channel.h"
19 #include "internal/sockets.h"
20
21 #include "quic_local.h"
22 #include "quic_channel_local.h"
23 #include "../ssl_local.h"
24
25 /*
26 * Helper functions to process different frame types.
27 *
28 * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT
29 * pointer argument, the few that aren't ACK eliciting will not. This makes
30 * them a verifiable pattern against tables where this is specified.
31 */
32 static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,
33 uint64_t stream_id,
34 uint64_t frame_type,
35 QUIC_STREAM **result);
36
depack_do_frame_padding(PACKET * pkt)37 static int depack_do_frame_padding(PACKET *pkt)
38 {
39 /* We ignore this frame */
40 ossl_quic_wire_decode_padding(pkt);
41 return 1;
42 }
43
depack_do_frame_ping(PACKET * pkt,QUIC_CHANNEL * ch,uint32_t enc_level,OSSL_ACKM_RX_PKT * ackm_data)44 static int depack_do_frame_ping(PACKET *pkt, QUIC_CHANNEL *ch,
45 uint32_t enc_level,
46 OSSL_ACKM_RX_PKT *ackm_data)
47 {
48 /* We ignore this frame, apart from eliciting an ACK */
49 if (!ossl_quic_wire_decode_frame_ping(pkt)) {
50 ossl_quic_channel_raise_protocol_error(ch,
51 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
52 OSSL_QUIC_FRAME_TYPE_PING,
53 "decode error");
54 return 0;
55 }
56
57 ossl_quic_tx_packetiser_schedule_ack_eliciting(ch->txp, enc_level);
58 return 1;
59 }
60
depack_do_frame_ack(PACKET * pkt,QUIC_CHANNEL * ch,int packet_space,OSSL_TIME received,uint64_t frame_type,OSSL_QRX_PKT * qpacket)61 static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,
62 int packet_space, OSSL_TIME received,
63 uint64_t frame_type,
64 OSSL_QRX_PKT *qpacket)
65 {
66 OSSL_QUIC_FRAME_ACK ack;
67 OSSL_QUIC_ACK_RANGE *p;
68 uint64_t total_ranges = 0;
69 uint32_t ack_delay_exp = ch->rx_ack_delay_exp;
70
71 if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
72 /* In case sizeof(uint64_t) > sizeof(size_t) */
73 || total_ranges > SIZE_MAX / sizeof(OSSL_QUIC_ACK_RANGE))
74 goto malformed;
75
76 if (ch->num_ack_range_scratch < (size_t)total_ranges) {
77 if ((p = OPENSSL_realloc(ch->ack_range_scratch,
78 sizeof(OSSL_QUIC_ACK_RANGE)
79 * (size_t)total_ranges)) == NULL)
80 goto malformed;
81
82 ch->ack_range_scratch = p;
83 ch->num_ack_range_scratch = (size_t)total_ranges;
84 }
85
86 ack.ack_ranges = ch->ack_range_scratch;
87 ack.num_ack_ranges = (size_t)total_ranges;
88
89 if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
90 goto malformed;
91
92 if (qpacket->hdr->type == QUIC_PKT_TYPE_1RTT
93 && (qpacket->key_epoch < ossl_qrx_get_key_epoch(ch->qrx)
94 || ch->rxku_expected)
95 && ack.ack_ranges[0].end >= ch->txku_pn) {
96 /*
97 * RFC 9001 s. 6.2: An endpoint that receives an acknowledgment that is
98 * carried in a packet protected with old keys where any acknowledged
99 * packet was protected with newer keys MAY treat that as a connection
100 * error of type KEY_UPDATE_ERROR.
101 *
102 * Two cases to handle here:
103 *
104 * - We did spontaneous TXKU, the peer has responded in kind and we
105 * have detected RXKU; !ch->rxku_expected, but then it sent a packet
106 * with old keys acknowledging a packet in the new key epoch.
107 *
108 * This also covers the case where we got RXKU and triggered
109 * solicited TXKU, and then for some reason the peer sent an ACK of
110 * a PN in our new TX key epoch with old keys.
111 *
112 * - We did spontaneous TXKU; ch->txku_pn is the starting PN of our
113 * new TX key epoch; the peer has not initiated a solicited TXKU in
114 * response (so we have not detected RXKU); in this case the RX key
115 * epoch has not incremented and ch->rxku_expected is still 1.
116 */
117 ossl_quic_channel_raise_protocol_error(ch,
118 OSSL_QUIC_ERR_KEY_UPDATE_ERROR,
119 frame_type,
120 "acked packet which initiated a "
121 "key update without a "
122 "corresponding key update");
123 return 0;
124 }
125
126 if (!ossl_ackm_on_rx_ack_frame(ch->ackm, &ack,
127 packet_space, received))
128 goto malformed;
129
130 ++ch->diag_num_rx_ack;
131 return 1;
132
133 malformed:
134 ossl_quic_channel_raise_protocol_error(ch,
135 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
136 frame_type,
137 "decode error");
138 return 0;
139 }
140
depack_do_frame_reset_stream(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)141 static int depack_do_frame_reset_stream(PACKET *pkt,
142 QUIC_CHANNEL *ch,
143 OSSL_ACKM_RX_PKT *ackm_data)
144 {
145 OSSL_QUIC_FRAME_RESET_STREAM frame_data;
146 QUIC_STREAM *stream = NULL;
147 uint64_t fce;
148
149 if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) {
150 ossl_quic_channel_raise_protocol_error(ch,
151 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
152 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
153 "decode error");
154 return 0;
155 }
156
157 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
158 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
159 &stream))
160 return 0; /* error already raised for us */
161
162 if (stream == NULL)
163 return 1; /* old deleted stream, not a protocol violation, ignore */
164
165 if (!ossl_quic_stream_has_recv(stream)) {
166 ossl_quic_channel_raise_protocol_error(ch,
167 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
168 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
169 "RESET_STREAM frame for "
170 "TX only stream");
171 return 0;
172 }
173
174 /*
175 * The final size field of the RESET_STREAM frame must be used to determine
176 * how much flow control credit the aborted stream was considered to have
177 * consumed.
178 *
179 * We also need to ensure that if we already have a final size for the
180 * stream, the RESET_STREAM frame's Final Size field matches this; we SHOULD
181 * terminate the connection otherwise (RFC 9000 s. 4.5). The RXFC takes care
182 * of this for us.
183 */
184 if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,
185 frame_data.final_size, /*is_fin=*/1)) {
186 ossl_quic_channel_raise_protocol_error(ch,
187 OSSL_QUIC_ERR_INTERNAL_ERROR,
188 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
189 "internal error (flow control)");
190 return 0;
191 }
192
193 /* Has a flow control error occurred? */
194 fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);
195 if (fce != OSSL_QUIC_ERR_NO_ERROR) {
196 ossl_quic_channel_raise_protocol_error(ch,
197 fce,
198 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
199 "flow control violation");
200 return 0;
201 }
202
203 /*
204 * Depending on the receive part state this is handled either as a reset
205 * transition or a no-op (e.g. if a reset has already been received before,
206 * or the application already retired a FIN). Best effort - there are no
207 * protocol error conditions we need to check for here.
208 */
209 ossl_quic_stream_map_notify_reset_recv_part(&ch->qsm, stream,
210 frame_data.app_error_code,
211 frame_data.final_size);
212
213 ossl_quic_stream_map_update_state(&ch->qsm, stream);
214 return 1;
215 }
216
depack_do_frame_stop_sending(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)217 static int depack_do_frame_stop_sending(PACKET *pkt,
218 QUIC_CHANNEL *ch,
219 OSSL_ACKM_RX_PKT *ackm_data)
220 {
221 OSSL_QUIC_FRAME_STOP_SENDING frame_data;
222 QUIC_STREAM *stream = NULL;
223
224 if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) {
225 ossl_quic_channel_raise_protocol_error(ch,
226 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
227 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
228 "decode error");
229 return 0;
230 }
231
232 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
233 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
234 &stream))
235 return 0; /* error already raised for us */
236
237 if (stream == NULL)
238 return 1; /* old deleted stream, not a protocol violation, ignore */
239
240 if (!ossl_quic_stream_has_send(stream)) {
241 ossl_quic_channel_raise_protocol_error(ch,
242 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
243 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
244 "STOP_SENDING frame for "
245 "RX only stream");
246 return 0;
247 }
248
249 stream->peer_stop_sending = 1;
250 stream->peer_stop_sending_aec = frame_data.app_error_code;
251
252 /*
253 * RFC 9000 s. 3.5: Receiving a STOP_SENDING frame means we must respond in
254 * turn with a RESET_STREAM frame for the same part of the stream. The other
255 * part is unaffected.
256 */
257 ossl_quic_stream_map_reset_stream_send_part(&ch->qsm, stream,
258 frame_data.app_error_code);
259 return 1;
260 }
261
depack_do_frame_crypto(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_QRX_PKT * parent_pkt,OSSL_ACKM_RX_PKT * ackm_data,uint64_t * datalen)262 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,
263 OSSL_QRX_PKT *parent_pkt,
264 OSSL_ACKM_RX_PKT *ackm_data,
265 uint64_t *datalen)
266 {
267 OSSL_QUIC_FRAME_CRYPTO f;
268 QUIC_RSTREAM *rstream;
269 QUIC_RXFC *rxfc;
270
271 *datalen = 0;
272
273 if (!ossl_quic_wire_decode_frame_crypto(pkt, 0, &f)) {
274 ossl_quic_channel_raise_protocol_error(ch,
275 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
276 OSSL_QUIC_FRAME_TYPE_CRYPTO,
277 "decode error");
278 return 0;
279 }
280
281 if (f.len == 0)
282 return 1; /* nothing to do */
283
284 rstream = ch->crypto_recv[ackm_data->pkt_space];
285 if (!ossl_assert(rstream != NULL))
286 /*
287 * This should not happen; we should only have a NULL stream here if
288 * the EL has been discarded, and if the EL has been discarded we
289 * shouldn't be here.
290 */
291 return 0;
292
293 rxfc = &ch->crypto_rxfc[ackm_data->pkt_space];
294
295 if (!ossl_quic_rxfc_on_rx_stream_frame(rxfc, f.offset + f.len,
296 /*is_fin=*/0)) {
297 ossl_quic_channel_raise_protocol_error(ch,
298 OSSL_QUIC_ERR_INTERNAL_ERROR,
299 OSSL_QUIC_FRAME_TYPE_CRYPTO,
300 "internal error (crypto RXFC)");
301 return 0;
302 }
303
304 if (ossl_quic_rxfc_get_error(rxfc, 0) != OSSL_QUIC_ERR_NO_ERROR) {
305 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,
306 OSSL_QUIC_FRAME_TYPE_CRYPTO,
307 "exceeded maximum crypto buffer");
308 return 0;
309 }
310
311 if (!ossl_quic_rstream_queue_data(rstream, parent_pkt,
312 f.offset, f.data, f.len, 0)) {
313 ossl_quic_channel_raise_protocol_error(ch,
314 OSSL_QUIC_ERR_INTERNAL_ERROR,
315 OSSL_QUIC_FRAME_TYPE_CRYPTO,
316 "internal error (rstream queue)");
317 return 0;
318 }
319
320 ch->did_crypto_frame = 1;
321 *datalen = f.len;
322
323 return 1;
324 }
325
depack_do_frame_new_token(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)326 static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch,
327 OSSL_ACKM_RX_PKT *ackm_data)
328 {
329 const uint8_t *token;
330 size_t token_len;
331
332 if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) {
333 ossl_quic_channel_raise_protocol_error(ch,
334 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
335 OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
336 "decode error");
337 return 0;
338 }
339
340 if (token_len == 0) {
341 /*
342 * RFC 9000 s. 19.7: "A client MUST treat receipt of a NEW_TOKEN frame
343 * with an empty Token field as a connection error of type
344 * FRAME_ENCODING_ERROR."
345 */
346 ossl_quic_channel_raise_protocol_error(ch,
347 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
348 OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
349 "zero-length NEW_TOKEN");
350 return 0;
351 }
352
353 /* store the new token in our token cache */
354 if (!ossl_quic_set_peer_token(ossl_quic_port_get_channel_ctx(ch->port),
355 &ch->cur_peer_addr, token, token_len))
356 return 0;
357
358 return 1;
359 }
360
361 /*
362 * Returns 1 if no protocol violation has occurred. In this case *result will be
363 * non-NULL unless this is an old deleted stream and we should ignore the frame
364 * causing this function to be called. Returns 0 on protocol violation.
365 */
depack_do_implicit_stream_create(QUIC_CHANNEL * ch,uint64_t stream_id,uint64_t frame_type,QUIC_STREAM ** result)366 static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,
367 uint64_t stream_id,
368 uint64_t frame_type,
369 QUIC_STREAM **result)
370 {
371 QUIC_STREAM *stream;
372 uint64_t peer_role, stream_ordinal;
373 uint64_t *p_next_ordinal_local, *p_next_ordinal_remote;
374 QUIC_RXFC *max_streams_fc;
375 int is_uni, is_remote_init;
376
377 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id);
378 if (stream != NULL) {
379 *result = stream;
380 return 1;
381 }
382
383 /*
384 * If we do not yet have a stream with the given ID, there are three
385 * possibilities:
386 *
387 * (a) The stream ID is for a remotely-created stream and the peer
388 * is creating a stream.
389 *
390 * (b) The stream ID is for a locally-created stream which has
391 * previously been deleted.
392 *
393 * (c) The stream ID is for a locally-created stream which does
394 * not exist yet. This is a protocol violation and we must
395 * terminate the connection in this case.
396 *
397 * We distinguish between (b) and (c) using the stream ID allocator
398 * variable. Since stream ordinals are allocated monotonically, we
399 * simply determine if the stream ordinal is in the future.
400 */
401 peer_role = ch->is_server
402 ? QUIC_STREAM_INITIATOR_CLIENT
403 : QUIC_STREAM_INITIATOR_SERVER;
404
405 is_remote_init = ((stream_id & QUIC_STREAM_INITIATOR_MASK) == peer_role);
406 is_uni = ((stream_id & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_UNI);
407
408 stream_ordinal = stream_id >> 2;
409
410 if (is_remote_init) {
411 /*
412 * Peer-created stream which does not yet exist. Create it. QUIC stream
413 * ordinals within a given stream type MUST be used in sequence and
414 * receiving a STREAM frame for ordinal n must implicitly create streams
415 * with ordinals [0, n) within that stream type even if no explicit
416 * STREAM frames are received for those ordinals.
417 */
418 p_next_ordinal_remote = is_uni
419 ? &ch->next_remote_stream_ordinal_uni
420 : &ch->next_remote_stream_ordinal_bidi;
421
422 /* Check this isn't violating stream count flow control. */
423 max_streams_fc = is_uni
424 ? &ch->max_streams_uni_rxfc
425 : &ch->max_streams_bidi_rxfc;
426
427 if (!ossl_quic_rxfc_on_rx_stream_frame(max_streams_fc,
428 stream_ordinal + 1,
429 /*is_fin=*/0)) {
430 ossl_quic_channel_raise_protocol_error(ch,
431 OSSL_QUIC_ERR_INTERNAL_ERROR,
432 frame_type,
433 "internal error (stream count RXFC)");
434 return 0;
435 }
436
437 if (ossl_quic_rxfc_get_error(max_streams_fc, 0) != OSSL_QUIC_ERR_NO_ERROR) {
438 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,
439 frame_type,
440 "exceeded maximum allowed streams");
441 return 0;
442 }
443
444 /*
445 * Create the named stream and any streams coming before it yet to be
446 * created.
447 */
448 while (*p_next_ordinal_remote <= stream_ordinal) {
449 uint64_t cur_stream_id = (*p_next_ordinal_remote << 2) |
450 (stream_id
451 & (QUIC_STREAM_DIR_MASK | QUIC_STREAM_INITIATOR_MASK));
452
453 stream = ossl_quic_channel_new_stream_remote(ch, cur_stream_id);
454 if (stream == NULL) {
455 ossl_quic_channel_raise_protocol_error(ch,
456 OSSL_QUIC_ERR_INTERNAL_ERROR,
457 frame_type,
458 "internal error (stream allocation)");
459 return 0;
460 }
461
462 ++*p_next_ordinal_remote;
463 }
464
465 *result = stream;
466 } else {
467 /* Locally-created stream which does not yet exist. */
468 p_next_ordinal_local = is_uni
469 ? &ch->next_local_stream_ordinal_uni
470 : &ch->next_local_stream_ordinal_bidi;
471
472 if (stream_ordinal >= *p_next_ordinal_local) {
473 /*
474 * We never created this stream yet, this is a protocol
475 * violation.
476 */
477 ossl_quic_channel_raise_protocol_error(ch,
478 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
479 frame_type,
480 "STREAM frame for nonexistent "
481 "stream");
482 return 0;
483 }
484
485 /*
486 * Otherwise this is for an old locally-initiated stream which we
487 * have subsequently deleted. Ignore the data; it may simply be a
488 * retransmission. We already take care of notifying the peer of the
489 * termination of the stream during the stream deletion lifecycle.
490 */
491 *result = NULL;
492 }
493
494 return 1;
495 }
496
depack_do_frame_stream(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_QRX_PKT * parent_pkt,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type,uint64_t * datalen)497 static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
498 OSSL_QRX_PKT *parent_pkt,
499 OSSL_ACKM_RX_PKT *ackm_data,
500 uint64_t frame_type,
501 uint64_t *datalen)
502 {
503 OSSL_QUIC_FRAME_STREAM frame_data;
504 QUIC_STREAM *stream;
505 uint64_t fce;
506 size_t rs_avail;
507 int rs_fin = 0;
508
509 *datalen = 0;
510
511 if (!ossl_quic_wire_decode_frame_stream(pkt, 0, &frame_data)) {
512 ossl_quic_channel_raise_protocol_error(ch,
513 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
514 frame_type,
515 "decode error");
516 return 0;
517 }
518
519 if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,
520 frame_type, &stream))
521 return 0; /* protocol error raised by above call */
522
523 if (stream == NULL)
524 /*
525 * Data for old stream which is not a protocol violation but should be
526 * ignored, so stop here.
527 */
528 return 1;
529
530 if (!ossl_quic_stream_has_recv(stream)) {
531 ossl_quic_channel_raise_protocol_error(ch,
532 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
533 frame_type,
534 "STREAM frame for TX only "
535 "stream");
536 return 0;
537 }
538
539 /* Notify stream flow controller. */
540 if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,
541 frame_data.offset + frame_data.len,
542 frame_data.is_fin)) {
543 ossl_quic_channel_raise_protocol_error(ch,
544 OSSL_QUIC_ERR_INTERNAL_ERROR,
545 frame_type,
546 "internal error (flow control)");
547 return 0;
548 }
549
550 /* Has a flow control error occurred? */
551 fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);
552 if (fce != OSSL_QUIC_ERR_NO_ERROR) {
553 ossl_quic_channel_raise_protocol_error(ch,
554 fce,
555 frame_type,
556 "flow control violation");
557 return 0;
558 }
559
560 switch (stream->recv_state) {
561 case QUIC_RSTREAM_STATE_RECV:
562 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
563 /*
564 * It only makes sense to process incoming STREAM frames in these
565 * states.
566 */
567 break;
568
569 case QUIC_RSTREAM_STATE_DATA_RECVD:
570 case QUIC_RSTREAM_STATE_DATA_READ:
571 case QUIC_RSTREAM_STATE_RESET_RECVD:
572 case QUIC_RSTREAM_STATE_RESET_READ:
573 default:
574 /*
575 * We have no use for STREAM frames once the receive part reaches any of
576 * these states, so just ignore.
577 */
578 return 1;
579 }
580
581 /* If we are in RECV, auto-transition to SIZE_KNOWN on FIN. */
582 if (frame_data.is_fin
583 && !ossl_quic_stream_recv_get_final_size(stream, NULL)) {
584
585 /* State was already checked above, so can't fail. */
586 ossl_quic_stream_map_notify_size_known_recv_part(&ch->qsm, stream,
587 frame_data.offset
588 + frame_data.len);
589 }
590
591 /*
592 * If we requested STOP_SENDING do not bother buffering the data. Note that
593 * this must happen after RXFC checks above as even if we sent STOP_SENDING
594 * we must still enforce correct flow control (RFC 9000 s. 3.5).
595 */
596 if (stream->stop_sending)
597 return 1; /* not an error - packet reordering, etc. */
598
599 /*
600 * The receive stream buffer may or may not choose to consume the data
601 * without copying by reffing the OSSL_QRX_PKT. In this case
602 * ossl_qrx_pkt_release() will be eventually called when the data is no
603 * longer needed.
604 *
605 * It is OK for the peer to send us a zero-length non-FIN STREAM frame,
606 * which is a no-op, aside from the fact that it ensures the stream exists.
607 * In this case we have nothing to report to the receive buffer.
608 */
609 if ((frame_data.len > 0 || frame_data.is_fin)
610 && !ossl_quic_rstream_queue_data(stream->rstream, parent_pkt,
611 frame_data.offset,
612 frame_data.data,
613 frame_data.len,
614 frame_data.is_fin)) {
615 ossl_quic_channel_raise_protocol_error(ch,
616 OSSL_QUIC_ERR_INTERNAL_ERROR,
617 frame_type,
618 "internal error (rstream queue)");
619 return 0;
620 }
621
622 /*
623 * rs_fin will be 1 only if we can read all data up to and including the FIN
624 * without any gaps before it; this implies we have received all data. Avoid
625 * calling ossl_quic_rstream_available() where it is not necessary as it is
626 * more expensive.
627 */
628 if (stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN
629 && !ossl_quic_rstream_available(stream->rstream, &rs_avail, &rs_fin)) {
630 ossl_quic_channel_raise_protocol_error(ch,
631 OSSL_QUIC_ERR_INTERNAL_ERROR,
632 frame_type,
633 "internal error (rstream available)");
634 return 0;
635 }
636
637 if (rs_fin)
638 ossl_quic_stream_map_notify_totally_received(&ch->qsm, stream);
639
640 *datalen = frame_data.len;
641
642 return 1;
643 }
644
update_streams(QUIC_STREAM * s,void * arg)645 static void update_streams(QUIC_STREAM *s, void *arg)
646 {
647 QUIC_CHANNEL *ch = arg;
648
649 ossl_quic_stream_map_update_state(&ch->qsm, s);
650 }
651
update_streams_bidi(QUIC_STREAM * s,void * arg)652 static void update_streams_bidi(QUIC_STREAM *s, void *arg)
653 {
654 QUIC_CHANNEL *ch = arg;
655
656 if (!ossl_quic_stream_is_bidi(s))
657 return;
658
659 ossl_quic_stream_map_update_state(&ch->qsm, s);
660 }
661
update_streams_uni(QUIC_STREAM * s,void * arg)662 static void update_streams_uni(QUIC_STREAM *s, void *arg)
663 {
664 QUIC_CHANNEL *ch = arg;
665
666 if (ossl_quic_stream_is_bidi(s))
667 return;
668
669 ossl_quic_stream_map_update_state(&ch->qsm, s);
670 }
671
depack_do_frame_max_data(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)672 static int depack_do_frame_max_data(PACKET *pkt, QUIC_CHANNEL *ch,
673 OSSL_ACKM_RX_PKT *ackm_data)
674 {
675 uint64_t max_data = 0;
676
677 if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) {
678 ossl_quic_channel_raise_protocol_error(ch,
679 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
680 OSSL_QUIC_FRAME_TYPE_MAX_DATA,
681 "decode error");
682 return 0;
683 }
684
685 ossl_quic_txfc_bump_cwm(&ch->conn_txfc, max_data);
686 ossl_quic_stream_map_visit(&ch->qsm, update_streams, ch);
687 return 1;
688 }
689
depack_do_frame_max_stream_data(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)690 static int depack_do_frame_max_stream_data(PACKET *pkt,
691 QUIC_CHANNEL *ch,
692 OSSL_ACKM_RX_PKT *ackm_data)
693 {
694 uint64_t stream_id = 0;
695 uint64_t max_stream_data = 0;
696 QUIC_STREAM *stream;
697
698 if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,
699 &max_stream_data)) {
700 ossl_quic_channel_raise_protocol_error(ch,
701 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
702 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
703 "decode error");
704 return 0;
705 }
706
707 if (!depack_do_implicit_stream_create(ch, stream_id,
708 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
709 &stream))
710 return 0; /* error already raised for us */
711
712 if (stream == NULL)
713 return 1; /* old deleted stream, not a protocol violation, ignore */
714
715 if (!ossl_quic_stream_has_send(stream)) {
716 ossl_quic_channel_raise_protocol_error(ch,
717 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
718 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
719 "MAX_STREAM_DATA for TX only "
720 "stream");
721 return 0;
722 }
723
724 ossl_quic_txfc_bump_cwm(&stream->txfc, max_stream_data);
725 ossl_quic_stream_map_update_state(&ch->qsm, stream);
726 return 1;
727 }
728
depack_do_frame_max_streams(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type)729 static int depack_do_frame_max_streams(PACKET *pkt,
730 QUIC_CHANNEL *ch,
731 OSSL_ACKM_RX_PKT *ackm_data,
732 uint64_t frame_type)
733 {
734 uint64_t max_streams = 0;
735
736 if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) {
737 ossl_quic_channel_raise_protocol_error(ch,
738 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
739 frame_type,
740 "decode error");
741 return 0;
742 }
743
744 if (max_streams > (((uint64_t)1) << 60)) {
745 ossl_quic_channel_raise_protocol_error(ch,
746 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
747 frame_type,
748 "invalid max streams value");
749 return 0;
750 }
751
752 switch (frame_type) {
753 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
754 if (max_streams > ch->max_local_streams_bidi)
755 ch->max_local_streams_bidi = max_streams;
756
757 /* Some streams may now be able to send. */
758 ossl_quic_stream_map_visit(&ch->qsm, update_streams_bidi, ch);
759 break;
760 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
761 if (max_streams > ch->max_local_streams_uni)
762 ch->max_local_streams_uni = max_streams;
763
764 /* Some streams may now be able to send. */
765 ossl_quic_stream_map_visit(&ch->qsm, update_streams_uni, ch);
766 break;
767 default:
768 ossl_quic_channel_raise_protocol_error(ch,
769 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
770 frame_type,
771 "decode error");
772 return 0;
773 }
774
775 return 1;
776 }
777
depack_do_frame_data_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)778 static int depack_do_frame_data_blocked(PACKET *pkt,
779 QUIC_CHANNEL *ch,
780 OSSL_ACKM_RX_PKT *ackm_data)
781 {
782 uint64_t max_data = 0;
783
784 if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) {
785 ossl_quic_channel_raise_protocol_error(ch,
786 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
787 OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED,
788 "decode error");
789 return 0;
790 }
791
792 /* No-op - informative/debugging frame. */
793 return 1;
794 }
795
depack_do_frame_stream_data_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)796 static int depack_do_frame_stream_data_blocked(PACKET *pkt,
797 QUIC_CHANNEL *ch,
798 OSSL_ACKM_RX_PKT *ackm_data)
799 {
800 uint64_t stream_id = 0;
801 uint64_t max_data = 0;
802 QUIC_STREAM *stream;
803
804 if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,
805 &max_data)) {
806 ossl_quic_channel_raise_protocol_error(ch,
807 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
808 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
809 "decode error");
810 return 0;
811 }
812
813 /*
814 * This is an informative/debugging frame, so we don't have to do anything,
815 * but it does trigger stream creation.
816 */
817 if (!depack_do_implicit_stream_create(ch, stream_id,
818 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
819 &stream))
820 return 0; /* error already raised for us */
821
822 if (stream == NULL)
823 return 1; /* old deleted stream, not a protocol violation, ignore */
824
825 if (!ossl_quic_stream_has_recv(stream)) {
826 /*
827 * RFC 9000 s. 19.14: "An endpoint that receives a STREAM_DATA_BLOCKED
828 * frame for a send-only stream MUST terminate the connection with error
829 * STREAM_STATE_ERROR."
830 */
831 ossl_quic_channel_raise_protocol_error(ch,
832 OSSL_QUIC_ERR_STREAM_STATE_ERROR,
833 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
834 "STREAM_DATA_BLOCKED frame for "
835 "TX only stream");
836 return 0;
837 }
838
839 /* No-op - informative/debugging frame. */
840 return 1;
841 }
842
depack_do_frame_streams_blocked(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data,uint64_t frame_type)843 static int depack_do_frame_streams_blocked(PACKET *pkt,
844 QUIC_CHANNEL *ch,
845 OSSL_ACKM_RX_PKT *ackm_data,
846 uint64_t frame_type)
847 {
848 uint64_t max_data = 0;
849
850 if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) {
851 ossl_quic_channel_raise_protocol_error(ch,
852 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
853 frame_type,
854 "decode error");
855 return 0;
856 }
857
858 if (max_data > (((uint64_t)1) << 60)) {
859 /*
860 * RFC 9000 s. 19.14: "This value cannot exceed 2**60, as it is not
861 * possible to encode stream IDs larger than 2**62 - 1. Receipt of a
862 * frame that encodes a larger stream ID MUST be treated as a connection
863 * error of type STREAM_LIMIT_ERROR or FRAME_ENCODING_ERROR."
864 */
865 ossl_quic_channel_raise_protocol_error(ch,
866 OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,
867 frame_type,
868 "invalid stream count limit");
869 return 0;
870 }
871
872 /* No-op - informative/debugging frame. */
873 return 1;
874 }
875
depack_do_frame_new_conn_id(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)876 static int depack_do_frame_new_conn_id(PACKET *pkt,
877 QUIC_CHANNEL *ch,
878 OSSL_ACKM_RX_PKT *ackm_data)
879 {
880 OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;
881
882 if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) {
883 ossl_quic_channel_raise_protocol_error(ch,
884 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
885 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
886 "decode error");
887 return 0;
888 }
889
890 ossl_quic_channel_on_new_conn_id(ch, &frame_data);
891
892 return 1;
893 }
894
depack_do_frame_retire_conn_id(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)895 static int depack_do_frame_retire_conn_id(PACKET *pkt,
896 QUIC_CHANNEL *ch,
897 OSSL_ACKM_RX_PKT *ackm_data)
898 {
899 uint64_t seq_num;
900
901 if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) {
902 ossl_quic_channel_raise_protocol_error(ch,
903 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
904 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
905 "decode error");
906 return 0;
907 }
908
909 /*
910 * RFC 9000 s. 19.16: "An endpoint cannot send this frame if it was provided
911 * with a zero-length connection ID by its peer. An endpoint that provides a
912 * zero-length connection ID MUST treat receipt of a RETIRE_CONNECTION_ID
913 * frame as a connection error of type PROTOCOL_VIOLATION."
914 *
915 * Since we always use a zero-length SCID as a client, there is no case
916 * where it is valid for a server to send this. Our server support is
917 * currently non-conformant and for internal testing use; simply handle it
918 * as a no-op in this case.
919 *
920 * TODO(QUIC FUTURE): Revise and implement correctly for server support.
921 */
922 if (!ch->is_server) {
923 ossl_quic_channel_raise_protocol_error(ch,
924 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
925 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
926 "conn has zero-length CID");
927 return 0;
928 }
929
930 return 1;
931 }
932
free_path_response(unsigned char * buf,size_t buf_len,void * arg)933 static void free_path_response(unsigned char *buf, size_t buf_len, void *arg)
934 {
935 OPENSSL_free(buf);
936 }
937
depack_do_frame_path_challenge(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)938 static int depack_do_frame_path_challenge(PACKET *pkt,
939 QUIC_CHANNEL *ch,
940 OSSL_ACKM_RX_PKT *ackm_data)
941 {
942 uint64_t frame_data = 0;
943 unsigned char *encoded = NULL;
944 size_t encoded_len;
945 WPACKET wpkt;
946
947 if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) {
948 ossl_quic_channel_raise_protocol_error(ch,
949 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
950 OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,
951 "decode error");
952 return 0;
953 }
954
955 /*
956 * RFC 9000 s. 8.2.2: On receiving a PATH_CHALLENGE frame, an endpoint MUST
957 * respond by echoing the data contained in the PATH_CHALLENGE frame in a
958 * PATH_RESPONSE frame.
959 *
960 * TODO(QUIC FUTURE): We should try to avoid allocation here in the future.
961 */
962 encoded_len = sizeof(uint64_t) + 1;
963 if ((encoded = OPENSSL_malloc(encoded_len)) == NULL)
964 goto err;
965
966 if (!WPACKET_init_static_len(&wpkt, encoded, encoded_len, 0))
967 goto err;
968
969 if (!ossl_quic_wire_encode_frame_path_response(&wpkt, frame_data)) {
970 WPACKET_cleanup(&wpkt);
971 goto err;
972 }
973
974 WPACKET_finish(&wpkt);
975
976 if (!ossl_quic_cfq_add_frame(ch->cfq, 0, QUIC_PN_SPACE_APP,
977 OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,
978 QUIC_CFQ_ITEM_FLAG_UNRELIABLE,
979 encoded, encoded_len,
980 free_path_response, NULL))
981 goto err;
982
983 return 1;
984
985 err:
986 OPENSSL_free(encoded);
987 ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_INTERNAL_ERROR,
988 OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,
989 "internal error");
990 return 0;
991 }
992
depack_do_frame_path_response(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)993 static int depack_do_frame_path_response(PACKET *pkt,
994 QUIC_CHANNEL *ch,
995 OSSL_ACKM_RX_PKT *ackm_data)
996 {
997 uint64_t frame_data = 0;
998
999 if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) {
1000 ossl_quic_channel_raise_protocol_error(ch,
1001 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1002 OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,
1003 "decode error");
1004 return 0;
1005 }
1006
1007 /* TODO(QUIC MULTIPATH): ADD CODE to send |frame_data| to the ch manager */
1008
1009 return 1;
1010 }
1011
depack_do_frame_conn_close(PACKET * pkt,QUIC_CHANNEL * ch,uint64_t frame_type)1012 static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CHANNEL *ch,
1013 uint64_t frame_type)
1014 {
1015 OSSL_QUIC_FRAME_CONN_CLOSE frame_data;
1016
1017 if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data)) {
1018 ossl_quic_channel_raise_protocol_error(ch,
1019 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1020 frame_type,
1021 "decode error");
1022 return 0;
1023 }
1024
1025 ossl_quic_channel_on_remote_conn_close(ch, &frame_data);
1026 return 1;
1027 }
1028
depack_do_frame_handshake_done(PACKET * pkt,QUIC_CHANNEL * ch,OSSL_ACKM_RX_PKT * ackm_data)1029 static int depack_do_frame_handshake_done(PACKET *pkt,
1030 QUIC_CHANNEL *ch,
1031 OSSL_ACKM_RX_PKT *ackm_data)
1032 {
1033 if (!ossl_quic_wire_decode_frame_handshake_done(pkt)) {
1034 /* This can fail only with an internal error. */
1035 ossl_quic_channel_raise_protocol_error(ch,
1036 OSSL_QUIC_ERR_INTERNAL_ERROR,
1037 OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE,
1038 "internal error (decode frame handshake done)");
1039 return 0;
1040 }
1041
1042 ossl_quic_channel_on_handshake_confirmed(ch);
1043 return 1;
1044 }
1045
1046 /* Main frame processor */
1047
depack_process_frames(QUIC_CHANNEL * ch,PACKET * pkt,OSSL_QRX_PKT * parent_pkt,uint32_t enc_level,OSSL_TIME received,OSSL_ACKM_RX_PKT * ackm_data)1048 static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
1049 OSSL_QRX_PKT *parent_pkt, uint32_t enc_level,
1050 OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)
1051 {
1052 uint32_t pkt_type = parent_pkt->hdr->type;
1053 uint32_t packet_space = ossl_quic_enc_level_to_pn_space(enc_level);
1054
1055 if (PACKET_remaining(pkt) == 0) {
1056 /*
1057 * RFC 9000 s. 12.4: An endpoint MUST treat receipt of a packet
1058 * containing no frames as a connection error of type
1059 * PROTOCOL_VIOLATION.
1060 */
1061 ossl_quic_channel_raise_protocol_error(ch,
1062 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1063 0,
1064 "empty packet payload");
1065 return 0;
1066 }
1067
1068 while (PACKET_remaining(pkt) > 0) {
1069 int was_minimal;
1070 uint64_t frame_type;
1071 const unsigned char *sof = NULL;
1072 uint64_t datalen = 0;
1073
1074 if (ch->msg_callback != NULL)
1075 sof = PACKET_data(pkt);
1076
1077 if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type, &was_minimal)) {
1078 ossl_quic_channel_raise_protocol_error(ch,
1079 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1080 0,
1081 "malformed frame header");
1082 return 0;
1083 }
1084
1085 if (!was_minimal) {
1086 ossl_quic_channel_raise_protocol_error(ch,
1087 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1088 frame_type,
1089 "non-minimal frame type encoding");
1090 return 0;
1091 }
1092
1093 /*
1094 * There are only a few frame types which are not ACK-eliciting. Handle
1095 * these centrally to make error handling cases more resilient, as we
1096 * should tell the ACKM about an ACK-eliciting frame even if it was not
1097 * successfully handled.
1098 */
1099 switch (frame_type) {
1100 case OSSL_QUIC_FRAME_TYPE_PADDING:
1101 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
1102 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
1103 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
1104 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
1105 break;
1106 default:
1107 ackm_data->is_ack_eliciting = 1;
1108 break;
1109 }
1110
1111 switch (frame_type) {
1112 case OSSL_QUIC_FRAME_TYPE_PING:
1113 /* Allowed in all packet types */
1114 if (!depack_do_frame_ping(pkt, ch, enc_level, ackm_data))
1115 return 0;
1116 break;
1117 case OSSL_QUIC_FRAME_TYPE_PADDING:
1118 /* Allowed in all packet types */
1119 if (!depack_do_frame_padding(pkt))
1120 return 0;
1121 break;
1122
1123 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
1124 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
1125 /* ACK frames are valid everywhere except in 0RTT packets */
1126 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
1127 ossl_quic_channel_raise_protocol_error(ch,
1128 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1129 frame_type,
1130 "ACK not valid in 0-RTT");
1131 return 0;
1132 }
1133 if (!depack_do_frame_ack(pkt, ch, packet_space, received,
1134 frame_type, parent_pkt))
1135 return 0;
1136 break;
1137
1138 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
1139 /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */
1140 if (pkt_type != QUIC_PKT_TYPE_0RTT
1141 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1142 ossl_quic_channel_raise_protocol_error(ch,
1143 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1144 frame_type,
1145 "RESET_STREAM not valid in "
1146 "INITIAL/HANDSHAKE");
1147 return 0;
1148 }
1149 if (!depack_do_frame_reset_stream(pkt, ch, ackm_data))
1150 return 0;
1151 break;
1152 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
1153 /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */
1154 if (pkt_type != QUIC_PKT_TYPE_0RTT
1155 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1156 ossl_quic_channel_raise_protocol_error(ch,
1157 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1158 frame_type,
1159 "STOP_SENDING not valid in "
1160 "INITIAL/HANDSHAKE");
1161 return 0;
1162 }
1163 if (!depack_do_frame_stop_sending(pkt, ch, ackm_data))
1164 return 0;
1165 break;
1166 case OSSL_QUIC_FRAME_TYPE_CRYPTO:
1167 /* CRYPTO frames are valid everywhere except in 0RTT packets */
1168 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
1169 ossl_quic_channel_raise_protocol_error(ch,
1170 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1171 frame_type,
1172 "CRYPTO frame not valid in 0-RTT");
1173 return 0;
1174 }
1175 if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data, &datalen))
1176 return 0;
1177 break;
1178 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
1179 /* NEW_TOKEN frames are valid in 1RTT packets */
1180 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1181 ossl_quic_channel_raise_protocol_error(ch,
1182 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1183 frame_type,
1184 "NEW_TOKEN valid only in 1-RTT");
1185 return 0;
1186 }
1187
1188 /*
1189 * RFC 9000 s. 19.7: "A server MUST treat receipt of a NEW_TOKEN
1190 * frame as a connection error of type PROTOCOL_VIOLATION."
1191 */
1192 if (ch->is_server) {
1193 ossl_quic_channel_raise_protocol_error(ch,
1194 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1195 frame_type,
1196 "NEW_TOKEN can only be sent by a server");
1197 return 0;
1198 }
1199
1200 if (!depack_do_frame_new_token(pkt, ch, ackm_data))
1201 return 0;
1202 break;
1203
1204 case OSSL_QUIC_FRAME_TYPE_STREAM:
1205 case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:
1206 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:
1207 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:
1208 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:
1209 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:
1210 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:
1211 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:
1212 /* STREAM frames are valid in 0RTT and 1RTT packets */
1213 if (pkt_type != QUIC_PKT_TYPE_0RTT
1214 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1215 ossl_quic_channel_raise_protocol_error(ch,
1216 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1217 frame_type,
1218 "STREAM valid only in 0/1-RTT");
1219 return 0;
1220 }
1221 if (!depack_do_frame_stream(pkt, ch, parent_pkt, ackm_data,
1222 frame_type, &datalen))
1223 return 0;
1224 break;
1225
1226 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
1227 /* MAX_DATA frames are valid in 0RTT and 1RTT packets */
1228 if (pkt_type != QUIC_PKT_TYPE_0RTT
1229 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1230 ossl_quic_channel_raise_protocol_error(ch,
1231 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1232 frame_type,
1233 "MAX_DATA valid only in 0/1-RTT");
1234 return 0;
1235 }
1236 if (!depack_do_frame_max_data(pkt, ch, ackm_data))
1237 return 0;
1238 break;
1239 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
1240 /* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */
1241 if (pkt_type != QUIC_PKT_TYPE_0RTT
1242 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1243 ossl_quic_channel_raise_protocol_error(ch,
1244 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1245 frame_type,
1246 "MAX_STREAM_DATA valid only in 0/1-RTT");
1247 return 0;
1248 }
1249 if (!depack_do_frame_max_stream_data(pkt, ch, ackm_data))
1250 return 0;
1251 break;
1252
1253 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
1254 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
1255 /* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */
1256 if (pkt_type != QUIC_PKT_TYPE_0RTT
1257 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1258 ossl_quic_channel_raise_protocol_error(ch,
1259 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1260 frame_type,
1261 "MAX_STREAMS valid only in 0/1-RTT");
1262 return 0;
1263 }
1264 if (!depack_do_frame_max_streams(pkt, ch, ackm_data,
1265 frame_type))
1266 return 0;
1267 break;
1268
1269 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
1270 /* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
1271 if (pkt_type != QUIC_PKT_TYPE_0RTT
1272 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1273 ossl_quic_channel_raise_protocol_error(ch,
1274 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1275 frame_type,
1276 "DATA_BLOCKED valid only in 0/1-RTT");
1277 return 0;
1278 }
1279 if (!depack_do_frame_data_blocked(pkt, ch, ackm_data))
1280 return 0;
1281 break;
1282 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
1283 /* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
1284 if (pkt_type != QUIC_PKT_TYPE_0RTT
1285 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1286 ossl_quic_channel_raise_protocol_error(ch,
1287 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1288 frame_type,
1289 "STREAM_DATA_BLOCKED valid only in 0/1-RTT");
1290 return 0;
1291 }
1292 if (!depack_do_frame_stream_data_blocked(pkt, ch, ackm_data))
1293 return 0;
1294 break;
1295
1296 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
1297 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
1298 /* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */
1299 if (pkt_type != QUIC_PKT_TYPE_0RTT
1300 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1301 ossl_quic_channel_raise_protocol_error(ch,
1302 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1303 frame_type,
1304 "STREAMS valid only in 0/1-RTT");
1305 return 0;
1306 }
1307 if (!depack_do_frame_streams_blocked(pkt, ch, ackm_data,
1308 frame_type))
1309 return 0;
1310 break;
1311
1312 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
1313 /* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */
1314 if (pkt_type != QUIC_PKT_TYPE_0RTT
1315 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1316 ossl_quic_channel_raise_protocol_error(ch,
1317 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1318 frame_type,
1319 "NEW_CONN_ID valid only in 0/1-RTT");
1320 }
1321 if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
1322 return 0;
1323 break;
1324 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
1325 /* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */
1326 if (pkt_type != QUIC_PKT_TYPE_0RTT
1327 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1328 ossl_quic_channel_raise_protocol_error(ch,
1329 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1330 frame_type,
1331 "RETIRE_CONN_ID valid only in 0/1-RTT");
1332 return 0;
1333 }
1334 if (!depack_do_frame_retire_conn_id(pkt, ch, ackm_data))
1335 return 0;
1336 break;
1337 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
1338 /* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */
1339 if (pkt_type != QUIC_PKT_TYPE_0RTT
1340 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1341 ossl_quic_channel_raise_protocol_error(ch,
1342 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1343 frame_type,
1344 "PATH_CHALLENGE valid only in 0/1-RTT");
1345 return 0;
1346 }
1347 if (!depack_do_frame_path_challenge(pkt, ch, ackm_data))
1348 return 0;
1349
1350 break;
1351 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
1352 /* PATH_RESPONSE frames are valid in 1RTT packets */
1353 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1354 ossl_quic_channel_raise_protocol_error(ch,
1355 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1356 frame_type,
1357 "PATH_CHALLENGE valid only in 1-RTT");
1358 return 0;
1359 }
1360 if (!depack_do_frame_path_response(pkt, ch, ackm_data))
1361 return 0;
1362 break;
1363
1364 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
1365 /* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */
1366 if (pkt_type != QUIC_PKT_TYPE_0RTT
1367 && pkt_type != QUIC_PKT_TYPE_1RTT) {
1368 ossl_quic_channel_raise_protocol_error(ch,
1369 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1370 frame_type,
1371 "CONN_CLOSE (APP) valid only in 0/1-RTT");
1372 return 0;
1373 }
1374 /* FALLTHRU */
1375 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
1376 /* CONN_CLOSE_TRANSPORT frames are valid in all packets */
1377 if (!depack_do_frame_conn_close(pkt, ch, frame_type))
1378 return 0;
1379 break;
1380
1381 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
1382 /* HANDSHAKE_DONE frames are valid in 1RTT packets */
1383 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
1384 ossl_quic_channel_raise_protocol_error(ch,
1385 OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
1386 frame_type,
1387 "HANDSHAKE_DONE valid only in 1-RTT");
1388 return 0;
1389 }
1390 if (!depack_do_frame_handshake_done(pkt, ch, ackm_data))
1391 return 0;
1392 break;
1393
1394 default:
1395 /* Unknown frame type */
1396 ossl_quic_channel_raise_protocol_error(ch,
1397 OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,
1398 frame_type,
1399 "Unknown frame type received");
1400 return 0;
1401 }
1402
1403 if (ch->msg_callback != NULL) {
1404 int ctype = SSL3_RT_QUIC_FRAME_FULL;
1405
1406 size_t framelen = PACKET_data(pkt) - sof;
1407
1408 if (frame_type == OSSL_QUIC_FRAME_TYPE_PADDING) {
1409 ctype = SSL3_RT_QUIC_FRAME_PADDING;
1410 } else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(frame_type)
1411 || frame_type == OSSL_QUIC_FRAME_TYPE_CRYPTO) {
1412 ctype = SSL3_RT_QUIC_FRAME_HEADER;
1413 framelen -= (size_t)datalen;
1414 }
1415
1416 ch->msg_callback(0, OSSL_QUIC1_VERSION, ctype, sof, framelen,
1417 ch->msg_callback_ssl, ch->msg_callback_arg);
1418 }
1419 }
1420
1421 return 1;
1422 }
1423
1424 QUIC_NEEDS_LOCK
ossl_quic_handle_frames(QUIC_CHANNEL * ch,OSSL_QRX_PKT * qpacket)1425 int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
1426 {
1427 PACKET pkt;
1428 OSSL_ACKM_RX_PKT ackm_data;
1429 uint32_t enc_level;
1430 size_t dgram_len = qpacket->datagram_len;
1431
1432 /*
1433 * ok has three states:
1434 * -1 error with ackm_data uninitialized
1435 * 0 error with ackm_data initialized
1436 * 1 success (ackm_data initialized)
1437 */
1438 int ok = -1; /* Assume the worst */
1439
1440 if (ch == NULL)
1441 goto end;
1442
1443 ch->did_crypto_frame = 0;
1444
1445 /* Initialize |ackm_data| (and reinitialize |ok|)*/
1446 memset(&ackm_data, 0, sizeof(ackm_data));
1447 /*
1448 * ASSUMPTION: All packets that aren't special case have a
1449 * packet number.
1450 */
1451 ackm_data.pkt_num = qpacket->pn;
1452 ackm_data.time = qpacket->time;
1453 enc_level = ossl_quic_pkt_type_to_enc_level(qpacket->hdr->type);
1454 if (enc_level >= QUIC_ENC_LEVEL_NUM)
1455 /*
1456 * Retry and Version Negotiation packets should not be passed to this
1457 * function.
1458 */
1459 goto end;
1460
1461 ok = 0; /* Still assume the worst */
1462 ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level);
1463
1464 /*
1465 * RFC 9000 s. 8.1
1466 * We can consider the connection to be validated, if we receive a packet
1467 * from the client protected via handshake keys, meaning that the
1468 * amplification limit no longer applies (i.e. we can set it as validated.
1469 * Otherwise, add the size of this packet to the unvalidated credit for
1470 * the connection.
1471 */
1472 if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE)
1473 ossl_quic_tx_packetiser_set_validated(ch->txp);
1474 else
1475 ossl_quic_tx_packetiser_add_unvalidated_credit(ch->txp, dgram_len);
1476
1477 /* Now that special cases are out of the way, parse frames */
1478 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
1479 || !depack_process_frames(ch, &pkt, qpacket,
1480 enc_level,
1481 qpacket->time,
1482 &ackm_data))
1483 goto end;
1484
1485 ok = 1;
1486 end:
1487 /*
1488 * ASSUMPTION: If this function is called at all, |qpacket| is
1489 * a legitimate packet, even if its contents aren't.
1490 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
1491 * |ackm_data| has at least been initialized.
1492 */
1493 if (ok >= 0)
1494 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
1495
1496 return ok > 0;
1497 }
1498