1 /* 2 * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/macros.h> 11 #include <openssl/objects.h> 12 #include <openssl/sslerr.h> 13 #include <crypto/rand.h> 14 #include "quic_local.h" 15 #include "internal/hashfunc.h" 16 #include "internal/ssl_unwrap.h" 17 #include "internal/quic_tls.h" 18 #include "internal/quic_rx_depack.h" 19 #include "internal/quic_error.h" 20 #include "internal/quic_engine.h" 21 #include "internal/quic_port.h" 22 #include "internal/quic_reactor_wait_ctx.h" 23 #include "internal/time.h" 24 25 typedef struct qctx_st QCTX; 26 27 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock); 28 static void aon_write_finish(QUIC_XSO *xso); 29 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx); 30 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs); 31 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch); 32 static int qc_try_create_default_xso_for_write(QCTX *ctx); 33 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek); 34 static void qctx_lock(QCTX *qctx); 35 static void qctx_unlock(QCTX *qctx); 36 static void qctx_lock_for_io(QCTX *ctx); 37 static int quic_do_handshake(QCTX *ctx); 38 static void qc_update_reject_policy(QUIC_CONNECTION *qc); 39 static void qc_touch_default_xso(QUIC_CONNECTION *qc); 40 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch); 41 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, 42 int touch, QUIC_XSO **old_xso); 43 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock); 44 static int quic_validate_for_write(QUIC_XSO *xso, int *err); 45 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active); 46 static void qctx_maybe_autotick(QCTX *ctx); 47 static int qctx_should_autotick(QCTX *ctx); 48 49 /* 50 * QCTX is a utility structure which provides information we commonly wish to 51 * unwrap upon an API call being dispatched to us, namely: 52 * 53 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO 54 * was passed); 55 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if 56 * a QCSO with a default stream was passed); 57 * - whether a QSSO was passed (xso == NULL must not be used to determine this 58 * because it may be non-NULL when a QCSO is passed if that QCSO has a 59 * default stream); 60 * - a pointer to a QUIC_LISTENER object, if one is relevant; 61 * - whether we are in "I/O context", meaning that non-normal errors can 62 * be reported via SSL_get_error() as well as via ERR. Functions such as 63 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context" 64 * functions which are allowed to change the value returned by 65 * SSL_get_error. However, other functions (including functions which call 66 * SSL_do_handshake() implicitly) are not allowed to change the return value 67 * of SSL_get_error. 68 */ 69 struct qctx_st { 70 QUIC_OBJ *obj; 71 QUIC_DOMAIN *qd; 72 QUIC_LISTENER *ql; 73 QUIC_CONNECTION *qc; 74 QUIC_XSO *xso; 75 int is_stream, is_listener, is_domain, in_io; 76 }; 77 78 QUIC_NEEDS_LOCK 79 static void quic_set_last_error(QCTX *ctx, int last_error) 80 { 81 if (!ctx->in_io) 82 return; 83 84 if (ctx->is_stream && ctx->xso != NULL) 85 ctx->xso->last_error = last_error; 86 else if (!ctx->is_stream && ctx->qc != NULL) 87 ctx->qc->last_error = last_error; 88 } 89 90 /* 91 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error() 92 * rather than via ERR. Note that normal errors must always be raised while 93 * holding a lock. 94 */ 95 QUIC_NEEDS_LOCK 96 static int quic_raise_normal_error(QCTX *ctx, 97 int err) 98 { 99 assert(ctx->in_io); 100 quic_set_last_error(ctx, err); 101 102 return 0; 103 } 104 105 /* 106 * Raise a 'non-normal' error, meaning any error that is not reported via 107 * SSL_get_error() and must be reported via ERR. 108 * 109 * qc should be provided if available. In exceptional circumstances when qc is 110 * not known NULL may be passed. This should generally only happen when an 111 * expect_...() function defined below fails, which generally indicates a 112 * dispatch error or caller error. 113 * 114 * ctx should be NULL if the connection lock is not held. 115 */ 116 static int quic_raise_non_normal_error(QCTX *ctx, 117 const char *file, 118 int line, 119 const char *func, 120 int reason, 121 const char *fmt, 122 ...) 123 { 124 va_list args; 125 126 if (ctx != NULL) { 127 quic_set_last_error(ctx, SSL_ERROR_SSL); 128 129 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL) 130 ossl_quic_channel_restore_err_state(ctx->qc->ch); 131 } 132 133 ERR_new(); 134 ERR_set_debug(file, line, func); 135 136 va_start(args, fmt); 137 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args); 138 va_end(args); 139 140 return 0; 141 } 142 143 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \ 144 quic_raise_normal_error((ctx), (err)) 145 146 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \ 147 quic_raise_non_normal_error((ctx), \ 148 OPENSSL_FILE, OPENSSL_LINE, \ 149 OPENSSL_FUNC, \ 150 (reason), \ 151 (msg)) 152 /* 153 * Flags for expect_quic_as: 154 * 155 * QCTX_C 156 * The input SSL object may be a QCSO. 157 * 158 * QCTX_S 159 * The input SSL object may be a QSSO or a QCSO with a default stream 160 * attached. 161 * 162 * (Note this means there is no current way to require an SSL object with a 163 * QUIC stream which is not a QCSO; a QCSO with a default stream attached 164 * is always considered to satisfy QCTX_S.) 165 * 166 * QCTX_AUTO_S 167 * The input SSL object may be a QSSO or a QCSO with a default stream 168 * attached. If no default stream is currently attached to a QCSO, 169 * one may be auto-created if possible. 170 * 171 * If QCTX_REMOTE_INIT is set, an auto-created default XSO is 172 * initiated by the remote party (i.e., local party reads first). 173 * 174 * If it is not set, an auto-created default XSO is 175 * initiated by the local party (i.e., local party writes first). 176 * 177 * QCTX_L 178 * The input SSL object may be a QLSO. 179 * 180 * QCTX_LOCK 181 * If and only if the function returns successfully, the ctx 182 * is guaranteed to be locked. 183 * 184 * QCTX_IO 185 * Begin an I/O context. If not set, begins a non-I/O context. 186 * This determines whether SSL_get_error() is updated; the value it returns 187 * is modified only by an I/O call. 188 * 189 * QCTX_NO_ERROR 190 * Don't raise an error if the object type is wrong. Should not be used in 191 * conjunction with any flags that may raise errors not related to a wrong 192 * object type. 193 */ 194 #define QCTX_C (1U << 0) 195 #define QCTX_S (1U << 1) 196 #define QCTX_L (1U << 2) 197 #define QCTX_AUTO_S (1U << 3) 198 #define QCTX_REMOTE_INIT (1U << 4) 199 #define QCTX_LOCK (1U << 5) 200 #define QCTX_IO (1U << 6) 201 #define QCTX_D (1U << 7) 202 #define QCTX_NO_ERROR (1U << 8) 203 204 /* 205 * Called when expect_quic failed. Used to diagnose why such a call failed and 206 * raise a reasonable error code based on the configured preconditions in flags. 207 */ 208 static int wrong_type(const SSL *s, uint32_t flags) 209 { 210 const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D; 211 int code = ERR_R_UNSUPPORTED; 212 213 if ((flags & QCTX_NO_ERROR) != 0) 214 return 1; 215 else if ((flags & mask) == QCTX_D) 216 code = SSL_R_DOMAIN_USE_ONLY; 217 else if ((flags & mask) == QCTX_L) 218 code = SSL_R_LISTENER_USE_ONLY; 219 else if ((flags & mask) == QCTX_C) 220 code = SSL_R_CONN_USE_ONLY; 221 else if ((flags & mask) == QCTX_S 222 || (flags & mask) == (QCTX_C | QCTX_S)) 223 code = SSL_R_NO_STREAM; 224 225 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, code, NULL); 226 } 227 228 /* 229 * Given a QDSO, QCSO, QSSO or QLSO, initialises a QCTX, determining the 230 * contextually applicable QUIC_LISTENER, QUIC_CONNECTION and QUIC_XSO 231 * pointers. 232 * 233 * After this returns 1, all fields of the passed QCTX are initialised. 234 * Returns 0 on failure. This function is intended to be used to provide API 235 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure 236 * unless the QCTX_NO_ERROR flag is set. 237 * 238 * The flags argument controls the preconditions and postconditions of this 239 * function. See above for the different flags. 240 * 241 * The fields of a QCTX are initialised as follows depending on the identity of 242 * the SSL object, and assuming the preconditions demanded by the flags field as 243 * described above are met: 244 * 245 * QDSO QLSO QCSO QSSO 246 * qd non-NULL maybe maybe maybe 247 * ql NULL non-NULL maybe maybe 248 * qc NULL NULL non-NULL non-NULL 249 * xso NULL NULL maybe non-NULL 250 * is_stream 0 0 0 1 251 * is_listener 0 1 0 0 252 * is_domain 1 0 0 0 253 * 254 */ 255 static int expect_quic_as(const SSL *s, QCTX *ctx, uint32_t flags) 256 { 257 int ok = 0, locked = 0, lock_requested = ((flags & QCTX_LOCK) != 0); 258 QUIC_DOMAIN *qd; 259 QUIC_LISTENER *ql; 260 QUIC_CONNECTION *qc; 261 QUIC_XSO *xso; 262 263 if ((flags & QCTX_AUTO_S) != 0) 264 flags |= QCTX_S; 265 266 ctx->obj = NULL; 267 ctx->qd = NULL; 268 ctx->ql = NULL; 269 ctx->qc = NULL; 270 ctx->xso = NULL; 271 ctx->is_stream = 0; 272 ctx->is_listener = 0; 273 ctx->is_domain = 0; 274 ctx->in_io = ((flags & QCTX_IO) != 0); 275 276 if (s == NULL) { 277 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL); 278 goto err; 279 } 280 281 switch (s->type) { 282 case SSL_TYPE_QUIC_DOMAIN: 283 if ((flags & QCTX_D) == 0) { 284 wrong_type(s, flags); 285 goto err; 286 } 287 288 qd = (QUIC_DOMAIN *)s; 289 ctx->obj = &qd->obj; 290 ctx->qd = qd; 291 ctx->is_domain = 1; 292 break; 293 294 case SSL_TYPE_QUIC_LISTENER: 295 if ((flags & QCTX_L) == 0) { 296 wrong_type(s, flags); 297 goto err; 298 } 299 300 ql = (QUIC_LISTENER *)s; 301 ctx->obj = &ql->obj; 302 ctx->qd = ql->domain; 303 ctx->ql = ql; 304 ctx->is_listener = 1; 305 break; 306 307 case SSL_TYPE_QUIC_CONNECTION: 308 qc = (QUIC_CONNECTION *)s; 309 ctx->obj = &qc->obj; 310 ctx->qd = qc->domain; 311 ctx->ql = qc->listener; /* never changes, so can be read without lock */ 312 ctx->qc = qc; 313 314 if ((flags & QCTX_AUTO_S) != 0) { 315 if ((flags & QCTX_IO) != 0) 316 qctx_lock_for_io(ctx); 317 else 318 qctx_lock(ctx); 319 320 locked = 1; 321 } 322 323 if ((flags & QCTX_AUTO_S) != 0 && qc->default_xso == NULL) { 324 if (!quic_mutation_allowed(qc, /*req_active=*/0)) { 325 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 326 goto err; 327 } 328 329 /* If we haven't finished the handshake, try to advance it. */ 330 if (quic_do_handshake(ctx) < 1) 331 /* ossl_quic_do_handshake raised error here */ 332 goto err; 333 334 if ((flags & QCTX_REMOTE_INIT) != 0) { 335 if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0)) 336 goto err; 337 } else { 338 if (!qc_try_create_default_xso_for_write(ctx)) 339 goto err; 340 } 341 } 342 343 if ((flags & QCTX_C) == 0 344 && (qc->default_xso == NULL || (flags & QCTX_S) == 0)) { 345 wrong_type(s, flags); 346 goto err; 347 } 348 349 ctx->xso = qc->default_xso; 350 break; 351 352 case SSL_TYPE_QUIC_XSO: 353 if ((flags & QCTX_S) == 0) { 354 wrong_type(s, flags); 355 goto err; 356 } 357 358 xso = (QUIC_XSO *)s; 359 ctx->obj = &xso->obj; 360 ctx->qd = xso->conn->domain; 361 ctx->ql = xso->conn->listener; 362 ctx->qc = xso->conn; 363 ctx->xso = xso; 364 ctx->is_stream = 1; 365 break; 366 367 default: 368 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 369 goto err; 370 } 371 372 if (lock_requested && !locked) { 373 if ((flags & QCTX_IO) != 0) 374 qctx_lock_for_io(ctx); 375 else 376 qctx_lock(ctx); 377 378 locked = 1; 379 } 380 381 ok = 1; 382 err: 383 if (locked && (!ok || !lock_requested)) 384 qctx_unlock(ctx); 385 386 return ok; 387 } 388 389 static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs) 390 { 391 uint32_t flags = QCTX_C; 392 393 if (!raiseerrs) 394 flags |= QCTX_NO_ERROR; 395 return expect_quic_as(s, ctx, flags); 396 } 397 398 /* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */ 399 static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs) 400 { 401 uint32_t flags = QCTX_C | QCTX_S; 402 403 if (!raiseerrs) 404 flags |= QCTX_NO_ERROR; 405 return expect_quic_as(s, ctx, flags); 406 } 407 408 static int expect_quic_cs(const SSL *s, QCTX *ctx) 409 { 410 return expect_quic_as(s, ctx, QCTX_C | QCTX_S); 411 } 412 413 static int expect_quic_csl(const SSL *s, QCTX *ctx) 414 { 415 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L); 416 } 417 418 static int expect_quic_csld(const SSL *s, QCTX *ctx) 419 { 420 return expect_quic_as(s, ctx, QCTX_C | QCTX_S | QCTX_L | QCTX_D); 421 } 422 423 #define expect_quic_any expect_quic_csld 424 425 static int expect_quic_listener(const SSL *s, QCTX *ctx) 426 { 427 return expect_quic_as(s, ctx, QCTX_L); 428 } 429 430 static int expect_quic_domain(const SSL *s, QCTX *ctx) 431 { 432 return expect_quic_as(s, ctx, QCTX_D); 433 } 434 435 /* 436 * Like expect_quic_cs(), but requires a QUIC_XSO be contextually available. In 437 * other words, requires that the passed QSO be a QSSO or a QCSO with a default 438 * stream. 439 * 440 * remote_init determines if we expect the default XSO to be remotely created or 441 * not. If it is -1, do not instantiate a default XSO if one does not yet exist. 442 * 443 * Channel mutex is acquired and retained on success. 444 */ 445 QUIC_ACQUIRES_LOCK 446 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init, 447 int in_io, QCTX *ctx) 448 { 449 uint32_t flags = QCTX_S | QCTX_LOCK; 450 451 if (remote_init >= 0) 452 flags |= QCTX_AUTO_S; 453 454 if (remote_init > 0) 455 flags |= QCTX_REMOTE_INIT; 456 457 if (in_io) 458 flags |= QCTX_IO; 459 460 return expect_quic_as(s, ctx, flags); 461 } 462 463 /* 464 * Like expect_quic_cs(), but fails if called on a QUIC_XSO. ctx->xso may still 465 * be non-NULL if the QCSO has a default stream. 466 */ 467 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx) 468 { 469 return expect_quic_as(s, ctx, QCTX_C); 470 } 471 472 /* 473 * Ensures that the domain mutex is held for a method which touches channel 474 * state. 475 * 476 * Precondition: Domain mutex is not held (unchecked) 477 */ 478 static void qctx_lock(QCTX *ctx) 479 { 480 #if defined(OPENSSL_THREADS) 481 assert(ctx->obj != NULL); 482 ossl_crypto_mutex_lock(ossl_quic_obj_get0_mutex(ctx->obj)); 483 #endif 484 } 485 486 /* Precondition: Channel mutex is held (unchecked) */ 487 QUIC_NEEDS_LOCK 488 static void qctx_unlock(QCTX *ctx) 489 { 490 #if defined(OPENSSL_THREADS) 491 assert(ctx->obj != NULL); 492 ossl_crypto_mutex_unlock(ossl_quic_obj_get0_mutex(ctx->obj)); 493 #endif 494 } 495 496 static void qctx_lock_for_io(QCTX *ctx) 497 { 498 qctx_lock(ctx); 499 ctx->in_io = 1; 500 501 /* 502 * We are entering an I/O function so we must update the values returned by 503 * SSL_get_error and SSL_want. Set no error. This will be overridden later 504 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR 505 * occurs during the API call. 506 */ 507 quic_set_last_error(ctx, SSL_ERROR_NONE); 508 } 509 510 /* 511 * This predicate is the criterion which should determine API call rejection for 512 * *most* mutating API calls, particularly stream-related operations for send 513 * parts. 514 * 515 * A call is rejected (this function returns 0) if shutdown is in progress 516 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If 517 * req_active=1, the connection must be active (i.e., the IDLE state is also 518 * rejected). 519 */ 520 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active) 521 { 522 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch)) 523 return 0; 524 525 if (req_active && !ossl_quic_channel_is_active(qc->ch)) 526 return 0; 527 528 return 1; 529 } 530 531 static int qctx_is_top_level(QCTX *ctx) 532 { 533 return ctx->obj->parent_obj == NULL; 534 } 535 536 static int qctx_blocking(QCTX *ctx) 537 { 538 return ossl_quic_obj_blocking(ctx->obj); 539 } 540 541 /* 542 * Block until a predicate is met. 543 * 544 * Precondition: Must have a channel. 545 * Precondition: Must hold channel lock (unchecked). 546 */ 547 QUIC_NEEDS_LOCK 548 static int block_until_pred(QCTX *ctx, 549 int (*pred)(void *arg), void *pred_arg, 550 uint32_t flags) 551 { 552 QUIC_ENGINE *qeng; 553 QUIC_REACTOR *rtor; 554 555 qeng = ossl_quic_obj_get0_engine(ctx->obj); 556 assert(qeng != NULL); 557 558 /* 559 * Any attempt to block auto-disables tick inhibition as otherwise we will 560 * hang around forever. 561 */ 562 ossl_quic_engine_set_inhibit_tick(qeng, 0); 563 564 rtor = ossl_quic_engine_get0_reactor(qeng); 565 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags); 566 } 567 568 /* 569 * QUIC Front-End I/O API: Initialization 570 * ====================================== 571 * 572 * SSL_new => ossl_quic_new 573 * ossl_quic_init 574 * SSL_reset => ossl_quic_reset 575 * SSL_clear => ossl_quic_clear 576 * ossl_quic_deinit 577 * SSL_free => ossl_quic_free 578 * 579 * SSL_set_options => ossl_quic_set_options 580 * SSL_get_options => ossl_quic_get_options 581 * SSL_clear_options => ossl_quic_clear_options 582 * 583 */ 584 585 /* SSL_new */ 586 SSL *ossl_quic_new(SSL_CTX *ctx) 587 { 588 QUIC_CONNECTION *qc = NULL; 589 SSL_CONNECTION *sc = NULL; 590 591 /* 592 * QUIC_server_method should not be used with SSL_new. 593 * It should only be used with SSL_new_listener. 594 */ 595 if (ctx->method == OSSL_QUIC_server_method()) { 596 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 597 return NULL; 598 } 599 600 qc = OPENSSL_zalloc(sizeof(*qc)); 601 if (qc == NULL) { 602 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 603 return NULL; 604 } 605 606 /* Create the QUIC domain mutex. */ 607 #if defined(OPENSSL_THREADS) 608 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) { 609 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 610 goto err; 611 } 612 #endif 613 614 /* Create the handshake layer. */ 615 qc->tls = ossl_ssl_connection_new_int(ctx, &qc->obj.ssl, TLS_method()); 616 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { 617 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 618 goto err; 619 } 620 621 /* override the user_ssl of the inner connection */ 622 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL; 623 624 /* Restrict options derived from the SSL_CTX. */ 625 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN; 626 sc->pha_enabled = 0; 627 628 /* Determine mode of operation. */ 629 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 630 qc->is_thread_assisted 631 = ((ctx->domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0); 632 #endif 633 634 qc->as_server = 0; 635 qc->as_server_state = qc->as_server; 636 637 if (!create_channel(qc, ctx)) 638 goto err; 639 640 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, &qc->obj.ssl); 641 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg); 642 643 /* Initialise the QUIC_CONNECTION's QUIC_OBJ base. */ 644 if (!ossl_quic_obj_init(&qc->obj, ctx, SSL_TYPE_QUIC_CONNECTION, NULL, 645 qc->engine, qc->port)) { 646 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 647 goto err; 648 } 649 650 /* Initialise libssl APL-related state. */ 651 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 652 qc->default_ssl_mode = qc->obj.ssl.ctx->mode; 653 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 654 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 655 qc->last_error = SSL_ERROR_NONE; 656 657 qc_update_reject_policy(qc); 658 659 /* 660 * We do not create the default XSO yet. The reason for this is that the 661 * stream ID of the default XSO will depend on whether the stream is client 662 * or server-initiated, which depends on who transmits first. Since we do 663 * not know whether the application will be using a client-transmits-first 664 * or server-transmits-first protocol, we defer default XSO creation until 665 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first, 666 * we take that as a cue that the client is expecting a server-initiated 667 * stream, and vice versa if SSL_write() is called first. 668 */ 669 return &qc->obj.ssl; 670 671 err: 672 if (qc != NULL) { 673 qc_cleanup(qc, /*have_lock=*/0); 674 OPENSSL_free(qc); 675 } 676 return NULL; 677 } 678 679 QUIC_NEEDS_LOCK 680 static void quic_unref_port_bios(QUIC_PORT *port) 681 { 682 BIO *b; 683 684 b = ossl_quic_port_get_net_rbio(port); 685 BIO_free_all(b); 686 687 b = ossl_quic_port_get_net_wbio(port); 688 BIO_free_all(b); 689 } 690 691 QUIC_NEEDS_LOCK 692 static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock) 693 { 694 SSL_free(qc->tls); 695 qc->tls = NULL; 696 697 ossl_quic_channel_free(qc->ch); 698 qc->ch = NULL; 699 700 if (qc->port != NULL && qc->listener == NULL && qc->pending == 0) { /* TODO */ 701 quic_unref_port_bios(qc->port); 702 ossl_quic_port_free(qc->port); 703 qc->port = NULL; 704 705 ossl_quic_engine_free(qc->engine); 706 qc->engine = NULL; 707 } 708 709 #if defined(OPENSSL_THREADS) 710 if (have_lock) 711 /* tsan doesn't like freeing locked mutexes */ 712 ossl_crypto_mutex_unlock(qc->mutex); 713 714 if (qc->listener == NULL && qc->pending == 0) 715 ossl_crypto_mutex_free(&qc->mutex); 716 #endif 717 } 718 719 /* SSL_free */ 720 QUIC_TAKES_LOCK 721 static void quic_free_listener(QCTX *ctx) 722 { 723 quic_unref_port_bios(ctx->ql->port); 724 ossl_quic_port_drop_incoming(ctx->ql->port); 725 ossl_quic_port_free(ctx->ql->port); 726 727 if (ctx->ql->domain == NULL) { 728 ossl_quic_engine_free(ctx->ql->engine); 729 #if defined(OPENSSL_THREADS) 730 ossl_crypto_mutex_free(&ctx->ql->mutex); 731 #endif 732 } else { 733 SSL_free(&ctx->ql->domain->obj.ssl); 734 } 735 } 736 737 /* SSL_free */ 738 QUIC_TAKES_LOCK 739 static void quic_free_domain(QCTX *ctx) 740 { 741 ossl_quic_engine_free(ctx->qd->engine); 742 #if defined(OPENSSL_THREADS) 743 ossl_crypto_mutex_free(&ctx->qd->mutex); 744 #endif 745 } 746 747 QUIC_TAKES_LOCK 748 void ossl_quic_free(SSL *s) 749 { 750 QCTX ctx; 751 int is_default; 752 753 /* We should never be called on anything but a QSO. */ 754 if (!expect_quic_any(s, &ctx)) 755 return; 756 757 if (ctx.is_domain) { 758 quic_free_domain(&ctx); 759 return; 760 } 761 762 if (ctx.is_listener) { 763 quic_free_listener(&ctx); 764 return; 765 } 766 767 qctx_lock(&ctx); 768 769 if (ctx.is_stream) { 770 /* 771 * When a QSSO is freed, the XSO is freed immediately, because the XSO 772 * itself only contains API personality layer data. However the 773 * underlying QUIC_STREAM is not freed immediately but is instead marked 774 * as deleted for later collection. 775 */ 776 777 assert(ctx.qc->num_xso > 0); 778 --ctx.qc->num_xso; 779 780 /* If a stream's send part has not been finished, auto-reset it. */ 781 if ((ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY 782 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND) 783 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL)) 784 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch), 785 ctx.xso->stream, 0); 786 787 /* Do STOP_SENDING for the receive part, if applicable. */ 788 if (ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV 789 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN) 790 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch), 791 ctx.xso->stream, 0); 792 793 /* Update stream state. */ 794 ctx.xso->stream->deleted = 1; 795 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch), 796 ctx.xso->stream); 797 798 is_default = (ctx.xso == ctx.qc->default_xso); 799 qctx_unlock(&ctx); 800 801 /* 802 * Unref the connection in most cases; the XSO has a ref to the QC and 803 * not vice versa. But for a default XSO, to avoid circular references, 804 * the QC refs the XSO but the XSO does not ref the QC. If we are the 805 * default XSO, we only get here when the QC is being torn down anyway, 806 * so don't call SSL_free(qc) as we are already in it. 807 */ 808 if (!is_default) 809 SSL_free(&ctx.qc->obj.ssl); 810 811 /* Note: SSL_free calls OPENSSL_free(xso) for us */ 812 return; 813 } 814 815 /* 816 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this 817 * stage, but is freed during the channel free when the whole QSM is freed. 818 */ 819 if (ctx.qc->default_xso != NULL) { 820 QUIC_XSO *xso = ctx.qc->default_xso; 821 822 qctx_unlock(&ctx); 823 SSL_free(&xso->obj.ssl); 824 qctx_lock(&ctx); 825 ctx.qc->default_xso = NULL; 826 } 827 828 /* Ensure we have no remaining XSOs. */ 829 assert(ctx.qc->num_xso == 0); 830 831 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 832 if (ctx.qc->is_thread_assisted && ctx.qc->started) { 833 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist); 834 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist); 835 } 836 #endif 837 838 /* 839 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for 840 * us 841 */ 842 qc_cleanup(ctx.qc, /*have_lock=*/1); 843 /* Note: SSL_free calls OPENSSL_free(qc) for us */ 844 845 if (ctx.qc->listener != NULL) 846 SSL_free(&ctx.qc->listener->obj.ssl); 847 if (ctx.qc->domain != NULL) 848 SSL_free(&ctx.qc->domain->obj.ssl); 849 } 850 851 /* SSL method init */ 852 int ossl_quic_init(SSL *s) 853 { 854 /* Same op as SSL_clear, forward the call. */ 855 return ossl_quic_clear(s); 856 } 857 858 /* SSL method deinit */ 859 void ossl_quic_deinit(SSL *s) 860 { 861 /* No-op. */ 862 } 863 864 /* SSL_clear (ssl_reset method) */ 865 int ossl_quic_reset(SSL *s) 866 { 867 QCTX ctx; 868 869 if (!expect_quic_any(s, &ctx)) 870 return 0; 871 872 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); 873 return 0; 874 } 875 876 /* ssl_clear method (unused) */ 877 int ossl_quic_clear(SSL *s) 878 { 879 QCTX ctx; 880 881 if (!expect_quic_any(s, &ctx)) 882 return 0; 883 884 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); 885 return 0; 886 } 887 888 int ossl_quic_set_override_now_cb(SSL *s, 889 OSSL_TIME (*now_cb)(void *arg), 890 void *now_cb_arg) 891 { 892 QCTX ctx; 893 894 if (!expect_quic_any(s, &ctx)) 895 return 0; 896 897 qctx_lock(&ctx); 898 899 ossl_quic_engine_set_time_cb(ctx.obj->engine, now_cb, now_cb_arg); 900 901 qctx_unlock(&ctx); 902 return 1; 903 } 904 905 void ossl_quic_conn_force_assist_thread_wake(SSL *s) 906 { 907 QCTX ctx; 908 909 if (!expect_quic_conn_only(s, &ctx)) 910 return; 911 912 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 913 if (ctx.qc->is_thread_assisted && ctx.qc->started) 914 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist); 915 #endif 916 } 917 918 QUIC_NEEDS_LOCK 919 static void qc_touch_default_xso(QUIC_CONNECTION *qc) 920 { 921 qc->default_xso_created = 1; 922 qc_update_reject_policy(qc); 923 } 924 925 /* 926 * Changes default XSO. Allows caller to keep reference to the old default XSO 927 * (if any). Reference to new XSO is transferred from caller. 928 */ 929 QUIC_NEEDS_LOCK 930 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, 931 int touch, 932 QUIC_XSO **old_xso) 933 { 934 int refs; 935 936 *old_xso = NULL; 937 938 if (qc->default_xso != xso) { 939 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */ 940 941 qc->default_xso = xso; 942 943 if (xso == NULL) { 944 /* 945 * Changing to not having a default XSO. XSO becomes standalone and 946 * now has a ref to the QC. 947 */ 948 if (!ossl_assert(SSL_up_ref(&qc->obj.ssl))) 949 return; 950 } else { 951 /* 952 * Changing from not having a default XSO to having one. The new XSO 953 * will have had a reference to the QC we need to drop to avoid a 954 * circular reference. 955 * 956 * Currently we never change directly from one default XSO to 957 * another, though this function would also still be correct if this 958 * weren't the case. 959 */ 960 assert(*old_xso == NULL); 961 962 CRYPTO_DOWN_REF(&qc->obj.ssl.references, &refs); 963 assert(refs > 0); 964 } 965 } 966 967 if (touch) 968 qc_touch_default_xso(qc); 969 } 970 971 /* 972 * Changes default XSO, releasing the reference to any previous default XSO. 973 * Reference to new XSO is transferred from caller. 974 */ 975 QUIC_NEEDS_LOCK 976 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch) 977 { 978 QUIC_XSO *old_xso = NULL; 979 980 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso); 981 982 if (old_xso != NULL) 983 SSL_free(&old_xso->obj.ssl); 984 } 985 986 QUIC_NEEDS_LOCK 987 static void xso_update_options(QUIC_XSO *xso) 988 { 989 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0); 990 991 if (xso->stream->rstream != NULL) 992 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse); 993 994 if (xso->stream->sstream != NULL) 995 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse); 996 } 997 998 /* 999 * SSL_set_options 1000 * --------------- 1001 * 1002 * Setting options on a QCSO 1003 * - configures the handshake-layer options; 1004 * - configures the default data-plane options for new streams; 1005 * - configures the data-plane options on the default XSO, if there is one. 1006 * 1007 * Setting options on a QSSO 1008 * - configures data-plane options for that stream only. 1009 */ 1010 QUIC_TAKES_LOCK 1011 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value) 1012 { 1013 QCTX ctx; 1014 uint64_t hs_mask_value, hs_or_value, ret; 1015 1016 if (!expect_quic_cs(ssl, &ctx)) 1017 return 0; 1018 1019 qctx_lock(&ctx); 1020 1021 if (!ctx.is_stream) { 1022 /* 1023 * If we were called on the connection, we apply any handshake option 1024 * changes. 1025 */ 1026 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); 1027 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); 1028 1029 SSL_clear_options(ctx.qc->tls, hs_mask_value); 1030 SSL_set_options(ctx.qc->tls, hs_or_value); 1031 1032 /* Update defaults for new streams. */ 1033 ctx.qc->default_ssl_options 1034 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value) 1035 & OSSL_QUIC_PERMITTED_OPTIONS; 1036 } 1037 1038 ret = ctx.qc->default_ssl_options; 1039 if (ctx.xso != NULL) { 1040 ctx.xso->ssl_options 1041 = ((ctx.xso->ssl_options & ~mask_value) | or_value) 1042 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; 1043 1044 xso_update_options(ctx.xso); 1045 1046 if (ctx.is_stream) 1047 ret = ctx.xso->ssl_options; 1048 } 1049 1050 qctx_unlock(&ctx); 1051 return ret; 1052 } 1053 1054 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options) 1055 { 1056 return quic_mask_or_options(ssl, 0, options); 1057 } 1058 1059 /* SSL_clear_options */ 1060 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options) 1061 { 1062 return quic_mask_or_options(ssl, options, 0); 1063 } 1064 1065 /* SSL_get_options */ 1066 uint64_t ossl_quic_get_options(const SSL *ssl) 1067 { 1068 return quic_mask_or_options((SSL *)ssl, 0, 0); 1069 } 1070 1071 /* 1072 * QUIC Front-End I/O API: Network BIO Configuration 1073 * ================================================= 1074 * 1075 * Handling the different BIOs is difficult: 1076 * 1077 * - It is more or less a requirement that we use non-blocking network I/O; 1078 * we need to be able to have timeouts on recv() calls, and make best effort 1079 * (non blocking) send() and recv() calls. 1080 * 1081 * The only sensible way to do this is to configure the socket into 1082 * non-blocking mode. We could try to do select() before calling send() or 1083 * recv() to get a guarantee that the call will not block, but this will 1084 * probably run into issues with buggy OSes which generate spurious socket 1085 * readiness events. In any case, relying on this to work reliably does not 1086 * seem sane. 1087 * 1088 * Timeouts could be handled via setsockopt() socket timeout options, but 1089 * this depends on OS support and adds another syscall to every network I/O 1090 * operation. It also has obvious thread safety concerns if we want to move 1091 * to concurrent use of a single socket at some later date. 1092 * 1093 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to 1094 * be made non-blocking. However some OSes (e.g. Windows) do not support 1095 * this, so we cannot rely on this. 1096 * 1097 * As such, we need to configure any FD in non-blocking mode. This may 1098 * confound users who pass a blocking socket to libssl. However, in practice 1099 * it would be extremely strange for a user of QUIC to pass an FD to us, 1100 * then also try and send receive traffic on the same socket(!). Thus the 1101 * impact of this should be limited, and can be documented. 1102 * 1103 * - We support both blocking and non-blocking operation in terms of the API 1104 * presented to the user. One prospect is to set the blocking mode based on 1105 * whether the socket passed to us was already in blocking mode. However, 1106 * Windows has no API for determining if a socket is in blocking mode (!), 1107 * therefore this cannot be done portably. Currently therefore we expose an 1108 * explicit API call to set this, and default to blocking mode. 1109 * 1110 * - We need to determine our initial destination UDP address. The "natural" 1111 * way for a user to do this is to set the peer variable on a BIO_dgram. 1112 * However, this has problems because BIO_dgram's peer variable is used for 1113 * both transmission and reception. This means it can be constantly being 1114 * changed to a malicious value (e.g. if some random unrelated entity on the 1115 * network starts sending traffic to us) on every read call. This is not a 1116 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg 1117 * calls only, which do not use this variable. However, we do need to let 1118 * the user specify the peer in a 'normal' manner. The compromise here is 1119 * that we grab the current peer value set at the time the write BIO is set 1120 * and do not read the value again. 1121 * 1122 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs. 1123 * Currently we do this by only supporting non-blocking mode. 1124 * 1125 */ 1126 1127 /* 1128 * Determines what initial destination UDP address we should use, if possible. 1129 * If this fails the client must set the destination address manually, or use a 1130 * BIO which does not need a destination address. 1131 */ 1132 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer) 1133 { 1134 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0) 1135 return 0; 1136 1137 return 1; 1138 } 1139 1140 static int 1141 quic_set0_net_rbio(QUIC_OBJ *obj, BIO *net_rbio) 1142 { 1143 QUIC_PORT *port; 1144 BIO *old_rbio = NULL; 1145 1146 port = ossl_quic_obj_get0_port(obj); 1147 old_rbio = ossl_quic_port_get_net_rbio(port); 1148 if (old_rbio == net_rbio) 1149 return 0; 1150 1151 if (!ossl_quic_port_set_net_rbio(port, net_rbio)) 1152 return 0; 1153 1154 BIO_free_all(old_rbio); 1155 if (net_rbio != NULL) 1156 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */ 1157 1158 return 1; 1159 } 1160 1161 static int 1162 quic_set0_net_wbio(QUIC_OBJ *obj, BIO *net_wbio) 1163 { 1164 QUIC_PORT *port; 1165 BIO *old_wbio = NULL; 1166 1167 port = ossl_quic_obj_get0_port(obj); 1168 old_wbio = ossl_quic_port_get_net_wbio(port); 1169 if (old_wbio == net_wbio) 1170 return 0; 1171 1172 if (!ossl_quic_port_set_net_wbio(port, net_wbio)) 1173 return 0; 1174 1175 BIO_free_all(old_wbio); 1176 if (net_wbio != NULL) 1177 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */ 1178 1179 return 1; 1180 } 1181 1182 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio) 1183 { 1184 QCTX ctx; 1185 1186 if (!expect_quic_csl(s, &ctx)) 1187 return; 1188 1189 /* Returns 0 if no change. */ 1190 if (!quic_set0_net_rbio(ctx.obj, net_rbio)) 1191 return; 1192 } 1193 1194 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio) 1195 { 1196 QCTX ctx; 1197 1198 if (!expect_quic_csl(s, &ctx)) 1199 return; 1200 1201 /* Returns 0 if no change. */ 1202 if (!quic_set0_net_wbio(ctx.obj, net_wbio)) 1203 return; 1204 } 1205 1206 BIO *ossl_quic_conn_get_net_rbio(const SSL *s) 1207 { 1208 QCTX ctx; 1209 QUIC_PORT *port; 1210 1211 if (!expect_quic_csl(s, &ctx)) 1212 return NULL; 1213 1214 port = ossl_quic_obj_get0_port(ctx.obj); 1215 assert(port != NULL); 1216 return ossl_quic_port_get_net_rbio(port); 1217 } 1218 1219 BIO *ossl_quic_conn_get_net_wbio(const SSL *s) 1220 { 1221 QCTX ctx; 1222 QUIC_PORT *port; 1223 1224 if (!expect_quic_csl(s, &ctx)) 1225 return NULL; 1226 1227 port = ossl_quic_obj_get0_port(ctx.obj); 1228 assert(port != NULL); 1229 return ossl_quic_port_get_net_wbio(port); 1230 } 1231 1232 int ossl_quic_conn_get_blocking_mode(const SSL *s) 1233 { 1234 QCTX ctx; 1235 1236 if (!expect_quic_csl(s, &ctx)) 1237 return 0; 1238 1239 return qctx_blocking(&ctx); 1240 } 1241 1242 QUIC_TAKES_LOCK 1243 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking) 1244 { 1245 int ret = 0; 1246 unsigned int mode; 1247 QCTX ctx; 1248 1249 if (!expect_quic_csl(s, &ctx)) 1250 return 0; 1251 1252 qctx_lock(&ctx); 1253 1254 /* Sanity check - can we support the request given the current network BIO? */ 1255 if (blocking) { 1256 /* 1257 * If called directly on a top-level object (QCSO or QLSO), update our 1258 * information on network BIO capabilities. 1259 */ 1260 if (qctx_is_top_level(&ctx)) 1261 ossl_quic_engine_update_poll_descriptors(ctx.obj->engine, /*force=*/1); 1262 1263 /* Cannot enable blocking mode if we do not have pollable FDs. */ 1264 if (!ossl_quic_obj_can_support_blocking(ctx.obj)) { 1265 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1266 goto out; 1267 } 1268 } 1269 1270 mode = (blocking != 0) 1271 ? QUIC_BLOCKING_MODE_BLOCKING 1272 : QUIC_BLOCKING_MODE_NONBLOCKING; 1273 1274 ossl_quic_obj_set_blocking_mode(ctx.obj, mode); 1275 1276 ret = 1; 1277 out: 1278 qctx_unlock(&ctx); 1279 return ret; 1280 } 1281 1282 int ossl_quic_conn_set_initial_peer_addr(SSL *s, 1283 const BIO_ADDR *peer_addr) 1284 { 1285 QCTX ctx; 1286 1287 if (!expect_quic_cs(s, &ctx)) 1288 return 0; 1289 1290 if (ctx.qc->started) 1291 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 1292 NULL); 1293 1294 if (peer_addr == NULL) { 1295 BIO_ADDR_clear(&ctx.qc->init_peer_addr); 1296 return 1; 1297 } 1298 1299 return BIO_ADDR_copy(&ctx.qc->init_peer_addr, peer_addr); 1300 } 1301 1302 /* 1303 * QUIC Front-End I/O API: Asynchronous I/O Management 1304 * =================================================== 1305 * 1306 * (BIO/)SSL_handle_events => ossl_quic_handle_events 1307 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout 1308 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd 1309 * 1310 */ 1311 1312 /* SSL_handle_events; performs QUIC I/O and timeout processing. */ 1313 QUIC_TAKES_LOCK 1314 int ossl_quic_handle_events(SSL *s) 1315 { 1316 QCTX ctx; 1317 1318 if (!expect_quic_any(s, &ctx)) 1319 return 0; 1320 1321 qctx_lock(&ctx); 1322 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0); 1323 qctx_unlock(&ctx); 1324 return 1; 1325 } 1326 1327 /* 1328 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object 1329 * should next have events handled by the application by calling 1330 * SSL_handle_events(). tv is set to 0 if the object should have events handled 1331 * immediately. If no timeout is currently active, *is_infinite is set to 1 and 1332 * the value of *tv is undefined. 1333 */ 1334 QUIC_TAKES_LOCK 1335 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite) 1336 { 1337 QCTX ctx; 1338 QUIC_REACTOR *reactor; 1339 OSSL_TIME deadline; 1340 OSSL_TIME basetime; 1341 1342 if (!expect_quic_any(s, &ctx)) 1343 return 0; 1344 1345 qctx_lock(&ctx); 1346 1347 reactor = ossl_quic_obj_get0_reactor(ctx.obj); 1348 deadline = ossl_quic_reactor_get_tick_deadline(reactor); 1349 1350 if (ossl_time_is_infinite(deadline)) { 1351 qctx_unlock(&ctx); 1352 *is_infinite = 1; 1353 1354 /* 1355 * Robustness against faulty applications that don't check *is_infinite; 1356 * harmless long timeout. 1357 */ 1358 tv->tv_sec = 1000000; 1359 tv->tv_usec = 0; 1360 return 1; 1361 } 1362 1363 basetime = ossl_quic_engine_get_time(ctx.obj->engine); 1364 1365 qctx_unlock(&ctx); 1366 1367 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, basetime)); 1368 *is_infinite = 0; 1369 1370 return 1; 1371 } 1372 1373 /* SSL_get_rpoll_descriptor */ 1374 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) 1375 { 1376 QCTX ctx; 1377 QUIC_PORT *port = NULL; 1378 BIO *net_rbio; 1379 1380 if (!expect_quic_csl(s, &ctx)) 1381 return 0; 1382 1383 port = ossl_quic_obj_get0_port(ctx.obj); 1384 net_rbio = ossl_quic_port_get_net_rbio(port); 1385 if (desc == NULL || net_rbio == NULL) 1386 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 1387 NULL); 1388 1389 return BIO_get_rpoll_descriptor(net_rbio, desc); 1390 } 1391 1392 /* SSL_get_wpoll_descriptor */ 1393 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) 1394 { 1395 QCTX ctx; 1396 QUIC_PORT *port = NULL; 1397 BIO *net_wbio; 1398 1399 if (!expect_quic_csl(s, &ctx)) 1400 return 0; 1401 1402 port = ossl_quic_obj_get0_port(ctx.obj); 1403 net_wbio = ossl_quic_port_get_net_wbio(port); 1404 if (desc == NULL || net_wbio == NULL) 1405 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 1406 NULL); 1407 1408 return BIO_get_wpoll_descriptor(net_wbio, desc); 1409 } 1410 1411 /* SSL_net_read_desired */ 1412 QUIC_TAKES_LOCK 1413 int ossl_quic_get_net_read_desired(SSL *s) 1414 { 1415 QCTX ctx; 1416 int ret; 1417 1418 if (!expect_quic_csl(s, &ctx)) 1419 return 0; 1420 1421 qctx_lock(&ctx); 1422 ret = ossl_quic_reactor_net_read_desired(ossl_quic_obj_get0_reactor(ctx.obj)); 1423 qctx_unlock(&ctx); 1424 return ret; 1425 } 1426 1427 /* SSL_net_write_desired */ 1428 QUIC_TAKES_LOCK 1429 int ossl_quic_get_net_write_desired(SSL *s) 1430 { 1431 int ret; 1432 QCTX ctx; 1433 1434 if (!expect_quic_csl(s, &ctx)) 1435 return 0; 1436 1437 qctx_lock(&ctx); 1438 ret = ossl_quic_reactor_net_write_desired(ossl_quic_obj_get0_reactor(ctx.obj)); 1439 qctx_unlock(&ctx); 1440 return ret; 1441 } 1442 1443 /* 1444 * QUIC Front-End I/O API: Connection Lifecycle Operations 1445 * ======================================================= 1446 * 1447 * SSL_do_handshake => ossl_quic_do_handshake 1448 * SSL_set_connect_state => ossl_quic_set_connect_state 1449 * SSL_set_accept_state => ossl_quic_set_accept_state 1450 * SSL_shutdown => ossl_quic_shutdown 1451 * SSL_ctrl => ossl_quic_ctrl 1452 * (BIO/)SSL_connect => ossl_quic_connect 1453 * (BIO/)SSL_accept => ossl_quic_accept 1454 * 1455 */ 1456 1457 QUIC_NEEDS_LOCK 1458 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc) 1459 { 1460 QUIC_STREAM_MAP *qsm; 1461 1462 if (qc->shutting_down) 1463 return; 1464 1465 qsm = ossl_quic_channel_get_qsm(qc->ch); 1466 1467 ossl_quic_stream_map_begin_shutdown_flush(qsm); 1468 qc->shutting_down = 1; 1469 } 1470 1471 /* Returns 1 if all shutdown-flush streams have been done with. */ 1472 QUIC_NEEDS_LOCK 1473 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc) 1474 { 1475 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); 1476 1477 return qc->shutting_down 1478 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm); 1479 } 1480 1481 /* SSL_shutdown */ 1482 static int quic_shutdown_wait(void *arg) 1483 { 1484 QUIC_CONNECTION *qc = arg; 1485 1486 return ossl_quic_channel_is_terminated(qc->ch); 1487 } 1488 1489 /* Returns 1 if shutdown flush process has finished or is inapplicable. */ 1490 static int quic_shutdown_flush_wait(void *arg) 1491 { 1492 QUIC_CONNECTION *qc = arg; 1493 1494 return ossl_quic_channel_is_term_any(qc->ch) 1495 || qc_shutdown_flush_finished(qc); 1496 } 1497 1498 static int quic_shutdown_peer_wait(void *arg) 1499 { 1500 QUIC_CONNECTION *qc = arg; 1501 return ossl_quic_channel_is_term_any(qc->ch); 1502 } 1503 1504 QUIC_TAKES_LOCK 1505 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, 1506 const SSL_SHUTDOWN_EX_ARGS *args, 1507 size_t args_len) 1508 { 1509 int ret; 1510 QCTX ctx; 1511 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0); 1512 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0); 1513 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0); 1514 1515 if (!expect_quic_cs(s, &ctx)) 1516 return -1; 1517 1518 if (ctx.is_stream) { 1519 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL); 1520 return -1; 1521 } 1522 1523 qctx_lock(&ctx); 1524 1525 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { 1526 qctx_unlock(&ctx); 1527 return 1; 1528 } 1529 1530 /* Phase 1: Stream Flushing */ 1531 if (!wait_peer && stream_flush) { 1532 qc_shutdown_flush_init(ctx.qc); 1533 1534 if (!qc_shutdown_flush_finished(ctx.qc)) { 1535 if (!no_block && qctx_blocking(&ctx)) { 1536 ret = block_until_pred(&ctx, quic_shutdown_flush_wait, ctx.qc, 0); 1537 if (ret < 1) { 1538 ret = 0; 1539 goto err; 1540 } 1541 } else { 1542 qctx_maybe_autotick(&ctx); 1543 } 1544 } 1545 1546 if (!qc_shutdown_flush_finished(ctx.qc)) { 1547 qctx_unlock(&ctx); 1548 return 0; /* ongoing */ 1549 } 1550 } 1551 1552 /* Phase 2: Connection Closure */ 1553 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) { 1554 if (!no_block && qctx_blocking(&ctx)) { 1555 ret = block_until_pred(&ctx, quic_shutdown_peer_wait, ctx.qc, 0); 1556 if (ret < 1) { 1557 ret = 0; 1558 goto err; 1559 } 1560 } else { 1561 qctx_maybe_autotick(&ctx); 1562 } 1563 1564 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) { 1565 ret = 0; /* peer hasn't closed yet - still not done */ 1566 goto err; 1567 } 1568 1569 /* 1570 * We are at least terminating - go through the normal process of 1571 * waiting until we are in the TERMINATED state. 1572 */ 1573 } 1574 1575 /* Block mutation ops regardless of if we did stream flush. */ 1576 ctx.qc->shutting_down = 1; 1577 1578 /* 1579 * This call is a no-op if we are already terminating, so it doesn't 1580 * affect the wait_peer case. 1581 */ 1582 ossl_quic_channel_local_close(ctx.qc->ch, 1583 args != NULL ? args->quic_error_code : 0, 1584 args != NULL ? args->quic_reason : NULL); 1585 1586 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN); 1587 1588 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { 1589 qctx_unlock(&ctx); 1590 return 1; 1591 } 1592 1593 /* Phase 3: Terminating Wait Time */ 1594 if (!no_block && qctx_blocking(&ctx) 1595 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) { 1596 ret = block_until_pred(&ctx, quic_shutdown_wait, ctx.qc, 0); 1597 if (ret < 1) { 1598 ret = 0; 1599 goto err; 1600 } 1601 } else { 1602 qctx_maybe_autotick(&ctx); 1603 } 1604 1605 ret = ossl_quic_channel_is_terminated(ctx.qc->ch); 1606 err: 1607 qctx_unlock(&ctx); 1608 return ret; 1609 } 1610 1611 /* SSL_ctrl */ 1612 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) 1613 { 1614 QCTX ctx; 1615 1616 if (!expect_quic_csl(s, &ctx)) 1617 return 0; 1618 1619 switch (cmd) { 1620 case SSL_CTRL_MODE: 1621 if (ctx.is_listener) 1622 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1623 1624 /* If called on a QCSO, update the default mode. */ 1625 if (!ctx.is_stream) 1626 ctx.qc->default_ssl_mode |= (uint32_t)larg; 1627 1628 /* 1629 * If we were called on a QSSO or have a default stream, we also update 1630 * that. 1631 */ 1632 if (ctx.xso != NULL) { 1633 /* Cannot enable EPW while AON write in progress. */ 1634 if (ctx.xso->aon_write_in_progress) 1635 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; 1636 1637 ctx.xso->ssl_mode |= (uint32_t)larg; 1638 return ctx.xso->ssl_mode; 1639 } 1640 1641 return ctx.qc->default_ssl_mode; 1642 case SSL_CTRL_CLEAR_MODE: 1643 if (ctx.is_listener) 1644 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1645 1646 if (!ctx.is_stream) 1647 ctx.qc->default_ssl_mode &= ~(uint32_t)larg; 1648 1649 if (ctx.xso != NULL) { 1650 ctx.xso->ssl_mode &= ~(uint32_t)larg; 1651 return ctx.xso->ssl_mode; 1652 } 1653 1654 return ctx.qc->default_ssl_mode; 1655 1656 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1657 if (ctx.is_listener) 1658 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1659 1660 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg); 1661 /* This ctrl also needs to be passed to the internal SSL object */ 1662 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg); 1663 1664 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */ 1665 { 1666 int is_infinite; 1667 1668 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite)) 1669 return 0; 1670 1671 return !is_infinite; 1672 } 1673 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */ 1674 /* For legacy compatibility with DTLS calls. */ 1675 return ossl_quic_handle_events(s) == 1 ? 1 : -1; 1676 1677 /* Mask ctrls we shouldn't support for QUIC. */ 1678 case SSL_CTRL_GET_READ_AHEAD: 1679 case SSL_CTRL_SET_READ_AHEAD: 1680 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1681 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 1682 case SSL_CTRL_SET_MAX_PIPELINES: 1683 return 0; 1684 1685 default: 1686 /* 1687 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl 1688 * implementation. Either SSL_ctrl will handle it itself by direct 1689 * access into handshake layer state, or failing that, it will be passed 1690 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not 1691 * supported by anything, the handshake layer's ctrl method will finally 1692 * return 0. 1693 */ 1694 if (ctx.is_listener) 1695 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 1696 1697 return ossl_ctrl_internal(&ctx.qc->obj.ssl, cmd, larg, parg, /*no_quic=*/1); 1698 } 1699 } 1700 1701 /* SSL_set_connect_state */ 1702 int ossl_quic_set_connect_state(SSL *s, int raiseerrs) 1703 { 1704 QCTX ctx; 1705 1706 if (!is_quic_c(s, &ctx, raiseerrs)) 1707 return 0; 1708 1709 if (ctx.qc->as_server_state == 0) 1710 return 1; 1711 1712 /* Cannot be changed after handshake started */ 1713 if (ctx.qc->started) { 1714 if (raiseerrs) 1715 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL); 1716 return 0; 1717 } 1718 1719 ctx.qc->as_server_state = 0; 1720 return 1; 1721 } 1722 1723 /* SSL_set_accept_state */ 1724 int ossl_quic_set_accept_state(SSL *s, int raiseerrs) 1725 { 1726 QCTX ctx; 1727 1728 if (!is_quic_c(s, &ctx, raiseerrs)) 1729 return 0; 1730 1731 if (ctx.qc->as_server_state == 1) 1732 return 1; 1733 1734 /* Cannot be changed after handshake started */ 1735 if (ctx.qc->started) { 1736 if (raiseerrs) 1737 QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL); 1738 return 0; 1739 } 1740 1741 ctx.qc->as_server_state = 1; 1742 return 1; 1743 } 1744 1745 /* SSL_do_handshake */ 1746 struct quic_handshake_wait_args { 1747 QUIC_CONNECTION *qc; 1748 }; 1749 1750 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc) 1751 { 1752 int want = SSL_want(qc->tls); 1753 1754 if (want == SSL_X509_LOOKUP 1755 || want == SSL_CLIENT_HELLO_CB 1756 || want == SSL_RETRY_VERIFY) 1757 return 1; 1758 1759 return 0; 1760 } 1761 1762 static int quic_handshake_wait(void *arg) 1763 { 1764 struct quic_handshake_wait_args *args = arg; 1765 1766 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) 1767 return -1; 1768 1769 if (ossl_quic_channel_is_handshake_complete(args->qc->ch)) 1770 return 1; 1771 1772 if (tls_wants_non_io_retry(args->qc)) 1773 return 1; 1774 1775 return 0; 1776 } 1777 1778 static int configure_channel(QUIC_CONNECTION *qc) 1779 { 1780 assert(qc->ch != NULL); 1781 1782 if (!ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr)) 1783 return 0; 1784 1785 return 1; 1786 } 1787 1788 static int need_notifier_for_domain_flags(uint64_t domain_flags) 1789 { 1790 return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0 1791 || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0 1792 && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0); 1793 } 1794 1795 QUIC_NEEDS_LOCK 1796 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx) 1797 { 1798 QUIC_ENGINE_ARGS engine_args = { 0 }; 1799 QUIC_PORT_ARGS port_args = { 0 }; 1800 1801 engine_args.libctx = ctx->libctx; 1802 engine_args.propq = ctx->propq; 1803 #if defined(OPENSSL_THREADS) 1804 engine_args.mutex = qc->mutex; 1805 #endif 1806 1807 if (need_notifier_for_domain_flags(ctx->domain_flags)) 1808 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 1809 1810 qc->engine = ossl_quic_engine_new(&engine_args); 1811 if (qc->engine == NULL) { 1812 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1813 return 0; 1814 } 1815 1816 port_args.channel_ctx = ctx; 1817 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args); 1818 if (qc->port == NULL) { 1819 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1820 ossl_quic_engine_free(qc->engine); 1821 return 0; 1822 } 1823 1824 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); 1825 if (qc->ch == NULL) { 1826 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 1827 ossl_quic_port_free(qc->port); 1828 ossl_quic_engine_free(qc->engine); 1829 return 0; 1830 } 1831 1832 return 1; 1833 } 1834 1835 /* 1836 * Configures a channel with the information we have accumulated via calls made 1837 * to us from the application prior to starting a handshake attempt. 1838 */ 1839 QUIC_NEEDS_LOCK 1840 static int ensure_channel_started(QCTX *ctx) 1841 { 1842 QUIC_CONNECTION *qc = ctx->qc; 1843 1844 if (!qc->started) { 1845 if (!configure_channel(qc)) { 1846 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1847 "failed to configure channel"); 1848 return 0; 1849 } 1850 1851 if (!ossl_quic_channel_start(qc->ch)) { 1852 ossl_quic_channel_restore_err_state(qc->ch); 1853 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1854 "failed to start channel"); 1855 return 0; 1856 } 1857 1858 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 1859 if (qc->is_thread_assisted) 1860 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch)) { 1861 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, 1862 "failed to start assist thread"); 1863 return 0; 1864 } 1865 #endif 1866 } 1867 1868 qc->started = 1; 1869 return 1; 1870 } 1871 1872 QUIC_NEEDS_LOCK 1873 static int quic_do_handshake(QCTX *ctx) 1874 { 1875 int ret; 1876 QUIC_CONNECTION *qc = ctx->qc; 1877 QUIC_PORT *port; 1878 BIO *net_rbio, *net_wbio; 1879 1880 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1881 /* Handshake already completed. */ 1882 return 1; 1883 1884 if (!quic_mutation_allowed(qc, /*req_active=*/0)) 1885 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1886 1887 if (qc->as_server != qc->as_server_state) { 1888 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 1889 return -1; /* Non-protocol error */ 1890 } 1891 1892 port = ossl_quic_obj_get0_port(ctx->obj); 1893 net_rbio = ossl_quic_port_get_net_rbio(port); 1894 net_wbio = ossl_quic_port_get_net_wbio(port); 1895 if (net_rbio == NULL || net_wbio == NULL) { 1896 /* Need read and write BIOs. */ 1897 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL); 1898 return -1; /* Non-protocol error */ 1899 } 1900 1901 if (!qc->started && ossl_quic_port_is_addressed_w(port) 1902 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { 1903 /* 1904 * We are trying to connect and are using addressed mode, which means we 1905 * need an initial peer address; if we do not have a peer address yet, 1906 * we should try to autodetect one. 1907 * 1908 * We do this as late as possible because some BIOs (e.g. BIO_s_connect) 1909 * may not be able to provide us with a peer address until they have 1910 * finished their own processing. They may not be able to perform this 1911 * processing until an application has finished configuring that BIO 1912 * (e.g. with setter calls), which might happen after SSL_set_bio is 1913 * called. 1914 */ 1915 if (!csm_analyse_init_peer_addr(net_wbio, &qc->init_peer_addr)) 1916 /* best effort */ 1917 BIO_ADDR_clear(&qc->init_peer_addr); 1918 else 1919 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr); 1920 } 1921 1922 if (!qc->started 1923 && ossl_quic_port_is_addressed_w(port) 1924 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { 1925 /* 1926 * If we still don't have a peer address in addressed mode, we can't do 1927 * anything. 1928 */ 1929 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL); 1930 return -1; /* Non-protocol error */ 1931 } 1932 1933 /* 1934 * Start connection process. Note we may come here multiple times in 1935 * non-blocking mode, which is fine. 1936 */ 1937 if (!ensure_channel_started(ctx)) /* raises on failure */ 1938 return -1; /* Non-protocol error */ 1939 1940 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1941 /* The handshake is now done. */ 1942 return 1; 1943 1944 if (!qctx_blocking(ctx)) { 1945 /* Try to advance the reactor. */ 1946 qctx_maybe_autotick(ctx); 1947 1948 if (ossl_quic_channel_is_handshake_complete(qc->ch)) 1949 /* The handshake is now done. */ 1950 return 1; 1951 1952 if (ossl_quic_channel_is_term_any(qc->ch)) { 1953 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1954 return 0; 1955 } else if (ossl_quic_obj_desires_blocking(&qc->obj)) { 1956 /* 1957 * As a special case when doing a handshake when blocking mode is 1958 * desired yet not available, see if the network BIOs have become 1959 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect 1960 * which do late creation of socket FDs and therefore cannot expose 1961 * a poll descriptor until after a network BIO is set on the QCSO. 1962 */ 1963 ossl_quic_engine_update_poll_descriptors(qc->obj.engine, /*force=*/1); 1964 } 1965 } 1966 1967 /* 1968 * We are either in blocking mode or just entered it due to the code above. 1969 */ 1970 if (qctx_blocking(ctx)) { 1971 /* In blocking mode, wait for the handshake to complete. */ 1972 struct quic_handshake_wait_args args; 1973 1974 args.qc = qc; 1975 1976 ret = block_until_pred(ctx, quic_handshake_wait, &args, 0); 1977 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 1978 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 1979 return 0; /* Shutdown before completion */ 1980 } else if (ret <= 0) { 1981 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 1982 return -1; /* Non-protocol error */ 1983 } 1984 1985 if (tls_wants_non_io_retry(qc)) { 1986 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); 1987 return -1; 1988 } 1989 1990 assert(ossl_quic_channel_is_handshake_complete(qc->ch)); 1991 return 1; 1992 } 1993 1994 if (tls_wants_non_io_retry(qc)) { 1995 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); 1996 return -1; 1997 } 1998 1999 /* 2000 * Otherwise, indicate that the handshake isn't done yet. 2001 * We can only get here in non-blocking mode. 2002 */ 2003 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); 2004 return -1; /* Non-protocol error */ 2005 } 2006 2007 QUIC_TAKES_LOCK 2008 int ossl_quic_do_handshake(SSL *s) 2009 { 2010 int ret; 2011 QCTX ctx; 2012 2013 if (!expect_quic_cs(s, &ctx)) 2014 return 0; 2015 2016 qctx_lock_for_io(&ctx); 2017 2018 ret = quic_do_handshake(&ctx); 2019 qctx_unlock(&ctx); 2020 return ret; 2021 } 2022 2023 /* SSL_connect */ 2024 int ossl_quic_connect(SSL *s) 2025 { 2026 /* Ensure we are in connect state (no-op if non-idle). */ 2027 if (!ossl_quic_set_connect_state(s, 1)) 2028 return -1; 2029 2030 /* Begin or continue the handshake */ 2031 return ossl_quic_do_handshake(s); 2032 } 2033 2034 /* SSL_accept */ 2035 int ossl_quic_accept(SSL *s) 2036 { 2037 /* Ensure we are in accept state (no-op if non-idle). */ 2038 if (!ossl_quic_set_accept_state(s, 1)) 2039 return -1; 2040 2041 /* Begin or continue the handshake */ 2042 return ossl_quic_do_handshake(s); 2043 } 2044 2045 /* 2046 * QUIC Front-End I/O API: Stream Lifecycle Operations 2047 * =================================================== 2048 * 2049 * SSL_stream_new => ossl_quic_conn_stream_new 2050 * 2051 */ 2052 2053 /* 2054 * Try to create the default XSO if it doesn't already exist. Returns 1 if the 2055 * default XSO was created. Returns 0 if it was not (e.g. because it already 2056 * exists). Note that this is NOT an error condition. 2057 */ 2058 QUIC_NEEDS_LOCK 2059 static int qc_try_create_default_xso_for_write(QCTX *ctx) 2060 { 2061 uint64_t flags = 0; 2062 QUIC_CONNECTION *qc = ctx->qc; 2063 2064 if (qc->default_xso_created 2065 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 2066 /* 2067 * We only do this once. If the user detaches a previously created 2068 * default XSO we don't auto-create another one. 2069 */ 2070 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 2071 2072 /* Create a locally-initiated stream. */ 2073 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2074 flags |= SSL_STREAM_FLAG_UNI; 2075 2076 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags, 2077 /*needs_lock=*/0), 2078 /*touch=*/0); 2079 if (qc->default_xso == NULL) 2080 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2081 2082 qc_touch_default_xso(qc); 2083 return 1; 2084 } 2085 2086 struct quic_wait_for_stream_args { 2087 QUIC_CONNECTION *qc; 2088 QUIC_STREAM *qs; 2089 QCTX *ctx; 2090 uint64_t expect_id; 2091 }; 2092 2093 QUIC_NEEDS_LOCK 2094 static int quic_wait_for_stream(void *arg) 2095 { 2096 struct quic_wait_for_stream_args *args = arg; 2097 2098 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) { 2099 /* If connection is torn down due to an error while blocking, stop. */ 2100 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2101 return -1; 2102 } 2103 2104 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), 2105 args->expect_id | QUIC_STREAM_DIR_BIDI); 2106 if (args->qs == NULL) 2107 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), 2108 args->expect_id | QUIC_STREAM_DIR_UNI); 2109 2110 if (args->qs != NULL) 2111 return 1; /* stream now exists */ 2112 2113 return 0; /* did not get a stream, keep trying */ 2114 } 2115 2116 QUIC_NEEDS_LOCK 2117 static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek) 2118 { 2119 /* Called on a QCSO and we don't currently have a default stream. */ 2120 uint64_t expect_id; 2121 QUIC_CONNECTION *qc = ctx->qc; 2122 QUIC_STREAM *qs; 2123 int res; 2124 struct quic_wait_for_stream_args wargs; 2125 OSSL_RTT_INFO rtt_info; 2126 2127 /* 2128 * If default stream functionality is disabled or we already detached 2129 * one, don't make another default stream and just fail. 2130 */ 2131 if (qc->default_xso_created 2132 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 2133 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 2134 2135 /* 2136 * The peer may have opened a stream since we last ticked. So tick and 2137 * see if the stream with ordinal 0 (remote, bidi/uni based on stream 2138 * mode) exists yet. QUIC stream IDs must be allocated in order, so the 2139 * first stream created by a peer must have an ordinal of 0. 2140 */ 2141 expect_id = qc->as_server 2142 ? QUIC_STREAM_INITIATOR_CLIENT 2143 : QUIC_STREAM_INITIATOR_SERVER; 2144 2145 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2146 expect_id | QUIC_STREAM_DIR_BIDI); 2147 if (qs == NULL) 2148 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2149 expect_id | QUIC_STREAM_DIR_UNI); 2150 2151 if (qs == NULL) { 2152 qctx_maybe_autotick(ctx); 2153 2154 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), 2155 expect_id); 2156 } 2157 2158 if (qs == NULL) { 2159 if (peek) 2160 return 0; 2161 2162 if (ossl_quic_channel_is_term_any(qc->ch)) { 2163 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2164 } else if (!qctx_blocking(ctx)) { 2165 /* Non-blocking mode, so just bail immediately. */ 2166 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); 2167 } 2168 2169 /* Block until we have a stream. */ 2170 wargs.qc = qc; 2171 wargs.qs = NULL; 2172 wargs.ctx = ctx; 2173 wargs.expect_id = expect_id; 2174 2175 res = block_until_pred(ctx, quic_wait_for_stream, &wargs, 0); 2176 if (res == 0) 2177 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2178 else if (res < 0 || wargs.qs == NULL) 2179 /* quic_wait_for_stream raised error here */ 2180 return 0; 2181 2182 qs = wargs.qs; 2183 } 2184 2185 /* 2186 * We now have qs != NULL. Remove it from the incoming stream queue so that 2187 * it isn't also returned by any future SSL_accept_stream calls. 2188 */ 2189 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); 2190 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch), 2191 qs, rtt_info.smoothed_rtt); 2192 2193 /* 2194 * Now make qs the default stream, creating the necessary XSO. 2195 */ 2196 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0); 2197 if (qc->default_xso == NULL) 2198 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2199 2200 qc_touch_default_xso(qc); /* inhibits default XSO */ 2201 return 1; 2202 } 2203 2204 QUIC_NEEDS_LOCK 2205 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs) 2206 { 2207 QUIC_XSO *xso = NULL; 2208 2209 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) { 2210 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 2211 goto err; 2212 } 2213 2214 if (!ossl_quic_obj_init(&xso->obj, qc->obj.ssl.ctx, SSL_TYPE_QUIC_XSO, 2215 &qc->obj.ssl, NULL, NULL)) { 2216 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 2217 goto err; 2218 } 2219 2220 /* XSO refs QC */ 2221 if (!SSL_up_ref(&qc->obj.ssl)) { 2222 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL); 2223 goto err; 2224 } 2225 2226 xso->conn = qc; 2227 xso->ssl_mode = qc->default_ssl_mode; 2228 xso->ssl_options 2229 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; 2230 xso->last_error = SSL_ERROR_NONE; 2231 2232 xso->stream = qs; 2233 2234 ++qc->num_xso; 2235 xso_update_options(xso); 2236 return xso; 2237 2238 err: 2239 OPENSSL_free(xso); 2240 return NULL; 2241 } 2242 2243 struct quic_new_stream_wait_args { 2244 QUIC_CONNECTION *qc; 2245 int is_uni; 2246 }; 2247 2248 static int quic_new_stream_wait(void *arg) 2249 { 2250 struct quic_new_stream_wait_args *args = arg; 2251 QUIC_CONNECTION *qc = args->qc; 2252 2253 if (!quic_mutation_allowed(qc, /*req_active=*/1)) 2254 return -1; 2255 2256 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni)) 2257 return 1; 2258 2259 return 0; 2260 } 2261 2262 /* locking depends on need_lock */ 2263 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock) 2264 { 2265 int ret; 2266 QUIC_CONNECTION *qc = ctx->qc; 2267 QUIC_XSO *xso = NULL; 2268 QUIC_STREAM *qs = NULL; 2269 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0); 2270 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0); 2271 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0); 2272 2273 if (need_lock) 2274 qctx_lock(ctx); 2275 2276 if (!quic_mutation_allowed(qc, /*req_active=*/0)) { 2277 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2278 goto err; 2279 } 2280 2281 if (!advance 2282 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) { 2283 struct quic_new_stream_wait_args args; 2284 2285 /* 2286 * Stream count flow control currently doesn't permit this stream to be 2287 * opened. 2288 */ 2289 if (no_blocking || !qctx_blocking(ctx)) { 2290 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL); 2291 goto err; 2292 } 2293 2294 args.qc = qc; 2295 args.is_uni = is_uni; 2296 2297 /* Blocking mode - wait until we can get a stream. */ 2298 ret = block_until_pred(ctx, quic_new_stream_wait, &args, 0); 2299 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 2300 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2301 goto err; /* Shutdown before completion */ 2302 } else if (ret <= 0) { 2303 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2304 goto err; /* Non-protocol error */ 2305 } 2306 } 2307 2308 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni); 2309 if (qs == NULL) { 2310 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2311 goto err; 2312 } 2313 2314 xso = create_xso_from_stream(qc, qs); 2315 if (xso == NULL) 2316 goto err; 2317 2318 qc_touch_default_xso(qc); /* inhibits default XSO */ 2319 if (need_lock) 2320 qctx_unlock(ctx); 2321 2322 return &xso->obj.ssl; 2323 2324 err: 2325 OPENSSL_free(xso); 2326 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs); 2327 if (need_lock) 2328 qctx_unlock(ctx); 2329 2330 return NULL; 2331 } 2332 2333 QUIC_TAKES_LOCK 2334 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags) 2335 { 2336 QCTX ctx; 2337 2338 if (!expect_quic_conn_only(s, &ctx)) 2339 return NULL; 2340 2341 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1); 2342 } 2343 2344 /* 2345 * QUIC Front-End I/O API: Steady-State Operations 2346 * =============================================== 2347 * 2348 * Here we dispatch calls to the steady-state front-end I/O API functions; that 2349 * is, the functions used during the established phase of a QUIC connection 2350 * (e.g. SSL_read, SSL_write). 2351 * 2352 * Each function must handle both blocking and non-blocking modes. As discussed 2353 * above, all QUIC I/O is implemented using non-blocking mode internally. 2354 * 2355 * SSL_get_error => partially implemented by ossl_quic_get_error 2356 * SSL_want => ossl_quic_want 2357 * (BIO/)SSL_read => ossl_quic_read 2358 * (BIO/)SSL_write => ossl_quic_write 2359 * SSL_pending => ossl_quic_pending 2360 * SSL_stream_conclude => ossl_quic_conn_stream_conclude 2361 * SSL_key_update => ossl_quic_key_update 2362 */ 2363 2364 /* SSL_get_error */ 2365 int ossl_quic_get_error(const SSL *s, int i) 2366 { 2367 QCTX ctx; 2368 int net_error, last_error; 2369 2370 /* SSL_get_errors() should not raise new errors */ 2371 if (!is_quic_cs(s, &ctx, 0 /* suppress errors */)) 2372 return SSL_ERROR_SSL; 2373 2374 qctx_lock(&ctx); 2375 net_error = ossl_quic_channel_net_error(ctx.qc->ch); 2376 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error; 2377 qctx_unlock(&ctx); 2378 2379 if (net_error) 2380 return SSL_ERROR_SYSCALL; 2381 2382 return last_error; 2383 } 2384 2385 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */ 2386 static int error_to_want(int error) 2387 { 2388 switch (error) { 2389 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */ 2390 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */ 2391 case SSL_ERROR_ZERO_RETURN: 2392 default: 2393 return SSL_NOTHING; 2394 2395 case SSL_ERROR_WANT_READ: 2396 return SSL_READING; 2397 2398 case SSL_ERROR_WANT_WRITE: 2399 return SSL_WRITING; 2400 2401 case SSL_ERROR_WANT_RETRY_VERIFY: 2402 return SSL_RETRY_VERIFY; 2403 2404 case SSL_ERROR_WANT_CLIENT_HELLO_CB: 2405 return SSL_CLIENT_HELLO_CB; 2406 2407 case SSL_ERROR_WANT_X509_LOOKUP: 2408 return SSL_X509_LOOKUP; 2409 } 2410 } 2411 2412 /* SSL_want */ 2413 int ossl_quic_want(const SSL *s) 2414 { 2415 QCTX ctx; 2416 int w; 2417 2418 if (!expect_quic_cs(s, &ctx)) 2419 return SSL_NOTHING; 2420 2421 qctx_lock(&ctx); 2422 2423 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error); 2424 2425 qctx_unlock(&ctx); 2426 return w; 2427 } 2428 2429 /* 2430 * SSL_write 2431 * --------- 2432 * 2433 * The set of functions below provide the implementation of the public SSL_write 2434 * function. We must handle: 2435 * 2436 * - both blocking and non-blocking operation at the application level, 2437 * depending on how we are configured; 2438 * 2439 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off; 2440 * 2441 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. 2442 * 2443 */ 2444 QUIC_NEEDS_LOCK 2445 static void quic_post_write(QUIC_XSO *xso, int did_append, 2446 int did_append_all, uint64_t flags, 2447 int do_tick) 2448 { 2449 /* 2450 * We have appended at least one byte to the stream. 2451 * Potentially mark stream as active, depending on FC. 2452 */ 2453 if (did_append) 2454 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch), 2455 xso->stream); 2456 2457 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0) 2458 ossl_quic_sstream_fin(xso->stream->sstream); 2459 2460 /* 2461 * Try and send. 2462 * 2463 * TODO(QUIC FUTURE): It is probably inefficient to try and do this 2464 * immediately, plus we should eventually consider Nagle's algorithm. 2465 */ 2466 if (do_tick) 2467 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0); 2468 } 2469 2470 struct quic_write_again_args { 2471 QUIC_XSO *xso; 2472 const unsigned char *buf; 2473 size_t len; 2474 size_t total_written; 2475 int err; 2476 uint64_t flags; 2477 }; 2478 2479 /* 2480 * Absolute maximum write buffer size, enforced to prevent a rogue peer from 2481 * deliberately inducing DoS. This has been chosen based on the optimal buffer 2482 * size for an RTT of 500ms and a bandwidth of 100 Mb/s. 2483 */ 2484 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024) 2485 2486 /* 2487 * Ensure spare buffer space available (up until a limit, at least). 2488 */ 2489 QUIC_NEEDS_LOCK 2490 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare) 2491 { 2492 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream); 2493 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream); 2494 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare; 2495 size_t new_sz, growth; 2496 2497 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE) 2498 return 1; 2499 2500 growth = spare_ - avail; 2501 if (cur_sz + growth > MAX_WRITE_BUF_SIZE) 2502 new_sz = MAX_WRITE_BUF_SIZE; 2503 else 2504 new_sz = cur_sz + growth; 2505 2506 return ossl_quic_sstream_set_buffer_size(sstream, new_sz); 2507 } 2508 2509 /* 2510 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded 2511 * as needed according to flow control. 2512 */ 2513 QUIC_NEEDS_LOCK 2514 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf, 2515 size_t len, size_t *actual_written) 2516 { 2517 QUIC_SSTREAM *sstream = xso->stream->sstream; 2518 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream); 2519 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc); 2520 uint64_t permitted = (cwm >= cur ? cwm - cur : 0); 2521 2522 if (len > permitted) 2523 len = (size_t)permitted; 2524 2525 if (!sstream_ensure_spare(sstream, len)) 2526 return 0; 2527 2528 return ossl_quic_sstream_append(sstream, buf, len, actual_written); 2529 } 2530 2531 QUIC_NEEDS_LOCK 2532 static int quic_write_again(void *arg) 2533 { 2534 struct quic_write_again_args *args = arg; 2535 size_t actual_written = 0; 2536 2537 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1)) 2538 /* If connection is torn down due to an error while blocking, stop. */ 2539 return -2; 2540 2541 if (!quic_validate_for_write(args->xso, &args->err)) 2542 /* 2543 * Stream may have become invalid for write due to connection events 2544 * while we blocked. 2545 */ 2546 return -2; 2547 2548 args->err = ERR_R_INTERNAL_ERROR; 2549 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written)) 2550 return -2; 2551 2552 quic_post_write(args->xso, actual_written > 0, 2553 args->len == actual_written, args->flags, 0); 2554 2555 args->buf += actual_written; 2556 args->len -= actual_written; 2557 args->total_written += actual_written; 2558 2559 if (args->len == 0) 2560 /* Written everything, done. */ 2561 return 1; 2562 2563 /* Not written everything yet, keep trying. */ 2564 return 0; 2565 } 2566 2567 QUIC_NEEDS_LOCK 2568 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, 2569 uint64_t flags, size_t *written) 2570 { 2571 int res; 2572 QUIC_XSO *xso = ctx->xso; 2573 struct quic_write_again_args args; 2574 size_t actual_written = 0; 2575 2576 /* First make a best effort to append as much of the data as possible. */ 2577 if (!xso_sstream_append(xso, buf, len, &actual_written)) { 2578 /* Stream already finished or allocation error. */ 2579 *written = 0; 2580 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2581 } 2582 2583 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1); 2584 2585 /* 2586 * Record however much data we wrote 2587 */ 2588 *written = actual_written; 2589 2590 if (actual_written == len) { 2591 /* Managed to append everything on the first try. */ 2592 return 1; 2593 } 2594 2595 /* 2596 * We did not manage to append all of the data immediately, so the stream 2597 * buffer has probably filled up. This means we need to block until some of 2598 * it is freed up. 2599 */ 2600 args.xso = xso; 2601 args.buf = (const unsigned char *)buf + actual_written; 2602 args.len = len - actual_written; 2603 args.total_written = 0; 2604 args.err = ERR_R_INTERNAL_ERROR; 2605 args.flags = flags; 2606 2607 res = block_until_pred(ctx, quic_write_again, &args, 0); 2608 if (res <= 0) { 2609 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1)) 2610 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2611 else 2612 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL); 2613 } 2614 2615 /* 2616 * When waiting on extra buffer space to be available, args.total_written 2617 * holds the amount of remaining data we requested to write, which will be 2618 * something less than the len parameter passed in, however much we wrote 2619 * here, add it to the value that we wrote when we initially called 2620 * xso_sstream_append 2621 */ 2622 *written += args.total_written; 2623 return 1; 2624 } 2625 2626 /* 2627 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE) 2628 * write semantics. 2629 */ 2630 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf, 2631 size_t buf_len, size_t already_sent) 2632 { 2633 assert(!xso->aon_write_in_progress); 2634 2635 xso->aon_write_in_progress = 1; 2636 xso->aon_buf_base = buf; 2637 xso->aon_buf_pos = already_sent; 2638 xso->aon_buf_len = buf_len; 2639 } 2640 2641 static void aon_write_finish(QUIC_XSO *xso) 2642 { 2643 xso->aon_write_in_progress = 0; 2644 xso->aon_buf_base = NULL; 2645 xso->aon_buf_pos = 0; 2646 xso->aon_buf_len = 0; 2647 } 2648 2649 QUIC_NEEDS_LOCK 2650 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf, 2651 size_t len, uint64_t flags, 2652 size_t *written) 2653 { 2654 QUIC_XSO *xso = ctx->xso; 2655 const void *actual_buf; 2656 size_t actual_len, actual_written = 0; 2657 int accept_moving_buffer 2658 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0); 2659 2660 if (xso->aon_write_in_progress) { 2661 /* 2662 * We are in the middle of an AON write (i.e., a previous write did not 2663 * manage to append all data to the SSTREAM and we have Enable Partial 2664 * Write (EPW) mode disabled.) 2665 */ 2666 if ((!accept_moving_buffer && xso->aon_buf_base != buf) 2667 || len != xso->aon_buf_len) 2668 /* 2669 * Pointer must not have changed if we are not in accept moving 2670 * buffer mode. Length must never change. 2671 */ 2672 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL); 2673 2674 actual_buf = (unsigned char *)buf + xso->aon_buf_pos; 2675 actual_len = len - xso->aon_buf_pos; 2676 assert(actual_len > 0); 2677 } else { 2678 actual_buf = buf; 2679 actual_len = len; 2680 } 2681 2682 /* First make a best effort to append as much of the data as possible. */ 2683 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) { 2684 /* Stream already finished or allocation error. */ 2685 *written = 0; 2686 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2687 } 2688 2689 quic_post_write(xso, actual_written > 0, actual_written == actual_len, 2690 flags, qctx_should_autotick(ctx)); 2691 2692 if (actual_written == actual_len) { 2693 /* We have sent everything. */ 2694 if (xso->aon_write_in_progress) { 2695 /* 2696 * We have sent everything, and we were in the middle of an AON 2697 * write. The output write length is the total length of the AON 2698 * buffer, not however many bytes we managed to write to the stream 2699 * in this call. 2700 */ 2701 *written = xso->aon_buf_len; 2702 aon_write_finish(xso); 2703 } else { 2704 *written = actual_written; 2705 } 2706 2707 return 1; 2708 } 2709 2710 if (xso->aon_write_in_progress) { 2711 /* 2712 * AON write is in progress but we have not written everything yet. We 2713 * may have managed to send zero bytes, or some number of bytes less 2714 * than the total remaining which need to be appended during this 2715 * AON operation. 2716 */ 2717 xso->aon_buf_pos += actual_written; 2718 assert(xso->aon_buf_pos < xso->aon_buf_len); 2719 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2720 } 2721 2722 /* 2723 * Not in an existing AON operation but partial write is not enabled, so we 2724 * need to begin a new AON operation. However we needn't bother if we didn't 2725 * actually append anything. 2726 */ 2727 if (actual_written > 0) 2728 aon_write_begin(xso, buf, len, actual_written); 2729 2730 /* 2731 * AON - We do not publicly admit to having appended anything until AON 2732 * completes. 2733 */ 2734 *written = 0; 2735 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2736 } 2737 2738 QUIC_NEEDS_LOCK 2739 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len, 2740 uint64_t flags, size_t *written) 2741 { 2742 QUIC_XSO *xso = ctx->xso; 2743 2744 /* Simple best effort operation. */ 2745 if (!xso_sstream_append(xso, buf, len, written)) { 2746 /* Stream already finished or allocation error. */ 2747 *written = 0; 2748 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2749 } 2750 2751 quic_post_write(xso, *written > 0, *written == len, flags, 2752 qctx_should_autotick(ctx)); 2753 2754 if (*written == 0) 2755 /* SSL_write_ex returns 0 if it didn't write anything. */ 2756 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); 2757 2758 return 1; 2759 } 2760 2761 QUIC_NEEDS_LOCK 2762 static int quic_validate_for_write(QUIC_XSO *xso, int *err) 2763 { 2764 QUIC_STREAM_MAP *qsm; 2765 2766 if (xso == NULL || xso->stream == NULL) { 2767 *err = ERR_R_INTERNAL_ERROR; 2768 return 0; 2769 } 2770 2771 switch (xso->stream->send_state) { 2772 default: 2773 case QUIC_SSTREAM_STATE_NONE: 2774 *err = SSL_R_STREAM_RECV_ONLY; 2775 return 0; 2776 2777 case QUIC_SSTREAM_STATE_READY: 2778 qsm = ossl_quic_channel_get_qsm(xso->conn->ch); 2779 2780 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) { 2781 *err = ERR_R_INTERNAL_ERROR; 2782 return 0; 2783 } 2784 2785 /* FALLTHROUGH */ 2786 case QUIC_SSTREAM_STATE_SEND: 2787 case QUIC_SSTREAM_STATE_DATA_SENT: 2788 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) { 2789 *err = SSL_R_STREAM_FINISHED; 2790 return 0; 2791 } 2792 return 1; 2793 2794 case QUIC_SSTREAM_STATE_DATA_RECVD: 2795 *err = SSL_R_STREAM_FINISHED; 2796 return 0; 2797 2798 case QUIC_SSTREAM_STATE_RESET_SENT: 2799 case QUIC_SSTREAM_STATE_RESET_RECVD: 2800 *err = SSL_R_STREAM_RESET; 2801 return 0; 2802 } 2803 } 2804 2805 QUIC_TAKES_LOCK 2806 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, 2807 uint64_t flags, size_t *written) 2808 { 2809 int ret; 2810 QCTX ctx; 2811 int partial_write, err; 2812 2813 *written = 0; 2814 2815 if (len == 0) { 2816 /* Do not autocreate default XSO for zero-length writes. */ 2817 if (!expect_quic_cs(s, &ctx)) 2818 return 0; 2819 2820 qctx_lock_for_io(&ctx); 2821 } else { 2822 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx)) 2823 return 0; 2824 } 2825 2826 partial_write = ((ctx.xso != NULL) 2827 ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) 2828 : 0); 2829 2830 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) { 2831 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL); 2832 goto out; 2833 } 2834 2835 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { 2836 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 2837 goto out; 2838 } 2839 2840 /* 2841 * If we haven't finished the handshake, try to advance it. 2842 * We don't accept writes until the handshake is completed. 2843 */ 2844 if (quic_do_handshake(&ctx) < 1) { 2845 ret = 0; 2846 goto out; 2847 } 2848 2849 /* Ensure correct stream state, stream send part not concluded, etc. */ 2850 if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) { 2851 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 2852 goto out; 2853 } 2854 2855 if (len == 0) { 2856 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0) 2857 quic_post_write(ctx.xso, 0, 1, flags, 2858 qctx_should_autotick(&ctx)); 2859 2860 ret = 1; 2861 goto out; 2862 } 2863 2864 if (qctx_blocking(&ctx)) 2865 ret = quic_write_blocking(&ctx, buf, len, flags, written); 2866 else if (partial_write) 2867 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written); 2868 else 2869 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written); 2870 2871 out: 2872 qctx_unlock(&ctx); 2873 return ret; 2874 } 2875 2876 QUIC_TAKES_LOCK 2877 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) 2878 { 2879 return ossl_quic_write_flags(s, buf, len, 0, written); 2880 } 2881 2882 /* 2883 * SSL_read 2884 * -------- 2885 */ 2886 struct quic_read_again_args { 2887 QCTX *ctx; 2888 QUIC_STREAM *stream; 2889 void *buf; 2890 size_t len; 2891 size_t *bytes_read; 2892 int peek; 2893 }; 2894 2895 QUIC_NEEDS_LOCK 2896 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos) 2897 { 2898 QUIC_STREAM_MAP *qsm; 2899 2900 *eos = 0; 2901 2902 if (xso == NULL || xso->stream == NULL) { 2903 *err = ERR_R_INTERNAL_ERROR; 2904 return 0; 2905 } 2906 2907 switch (xso->stream->recv_state) { 2908 default: 2909 case QUIC_RSTREAM_STATE_NONE: 2910 *err = SSL_R_STREAM_SEND_ONLY; 2911 return 0; 2912 2913 case QUIC_RSTREAM_STATE_RECV: 2914 case QUIC_RSTREAM_STATE_SIZE_KNOWN: 2915 case QUIC_RSTREAM_STATE_DATA_RECVD: 2916 return 1; 2917 2918 case QUIC_RSTREAM_STATE_DATA_READ: 2919 *eos = 1; 2920 return 0; 2921 2922 case QUIC_RSTREAM_STATE_RESET_RECVD: 2923 qsm = ossl_quic_channel_get_qsm(xso->conn->ch); 2924 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream); 2925 2926 /* FALLTHROUGH */ 2927 case QUIC_RSTREAM_STATE_RESET_READ: 2928 *err = SSL_R_STREAM_RESET; 2929 return 0; 2930 } 2931 } 2932 2933 QUIC_NEEDS_LOCK 2934 static int quic_read_actual(QCTX *ctx, 2935 QUIC_STREAM *stream, 2936 void *buf, size_t buf_len, 2937 size_t *bytes_read, 2938 int peek) 2939 { 2940 int is_fin = 0, err, eos; 2941 QUIC_CONNECTION *qc = ctx->qc; 2942 2943 if (!quic_validate_for_read(ctx->xso, &err, &eos)) { 2944 if (eos) { 2945 ctx->xso->retired_fin = 1; 2946 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); 2947 } else { 2948 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL); 2949 } 2950 } 2951 2952 if (peek) { 2953 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len, 2954 bytes_read, &is_fin)) 2955 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2956 2957 } else { 2958 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len, 2959 bytes_read, &is_fin)) 2960 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2961 } 2962 2963 if (!peek) { 2964 if (*bytes_read > 0) { 2965 /* 2966 * We have read at least one byte from the stream. Inform stream-level 2967 * RXFC of the retirement of controlled bytes. Update the active stream 2968 * status (the RXFC may now want to emit a frame granting more credit to 2969 * the peer). 2970 */ 2971 OSSL_RTT_INFO rtt_info; 2972 2973 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); 2974 2975 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read, 2976 rtt_info.smoothed_rtt)) 2977 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); 2978 } 2979 2980 if (is_fin && !peek) { 2981 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch); 2982 2983 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream); 2984 } 2985 2986 if (*bytes_read > 0) 2987 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch), 2988 stream); 2989 } 2990 2991 if (*bytes_read == 0 && is_fin) { 2992 ctx->xso->retired_fin = 1; 2993 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); 2994 } 2995 2996 return 1; 2997 } 2998 2999 QUIC_NEEDS_LOCK 3000 static int quic_read_again(void *arg) 3001 { 3002 struct quic_read_again_args *args = arg; 3003 3004 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) { 3005 /* If connection is torn down due to an error while blocking, stop. */ 3006 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3007 return -1; 3008 } 3009 3010 if (!quic_read_actual(args->ctx, args->stream, 3011 args->buf, args->len, args->bytes_read, 3012 args->peek)) 3013 return -1; 3014 3015 if (*args->bytes_read > 0) 3016 /* got at least one byte, the SSL_read op can finish now */ 3017 return 1; 3018 3019 return 0; /* did not read anything, keep trying */ 3020 } 3021 3022 QUIC_TAKES_LOCK 3023 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek) 3024 { 3025 int ret, res; 3026 QCTX ctx; 3027 struct quic_read_again_args args; 3028 3029 *bytes_read = 0; 3030 3031 if (!expect_quic_cs(s, &ctx)) 3032 return 0; 3033 3034 qctx_lock_for_io(&ctx); 3035 3036 /* If we haven't finished the handshake, try to advance it. */ 3037 if (quic_do_handshake(&ctx) < 1) { 3038 ret = 0; /* ossl_quic_do_handshake raised error here */ 3039 goto out; 3040 } 3041 3042 if (ctx.xso == NULL) { 3043 /* 3044 * Called on a QCSO and we don't currently have a default stream. 3045 * 3046 * Wait until we get a stream initiated by the peer (blocking mode) or 3047 * fail if we don't have one yet (non-blocking mode). 3048 */ 3049 if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) { 3050 ret = 0; /* error already raised here */ 3051 goto out; 3052 } 3053 3054 ctx.xso = ctx.qc->default_xso; 3055 } 3056 3057 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { 3058 ret = 0; /* quic_read_actual raised error here */ 3059 goto out; 3060 } 3061 3062 if (*bytes_read > 0) { 3063 /* 3064 * Even though we succeeded, tick the reactor here to ensure we are 3065 * handling other aspects of the QUIC connection. 3066 */ 3067 if (quic_mutation_allowed(ctx.qc, /*req_active=*/0)) 3068 qctx_maybe_autotick(&ctx); 3069 3070 ret = 1; 3071 } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { 3072 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3073 goto out; 3074 } else if (qctx_blocking(&ctx)) { 3075 /* 3076 * We were not able to read anything immediately, so our stream 3077 * buffer is empty. This means we need to block until we get 3078 * at least one byte. 3079 */ 3080 args.ctx = &ctx; 3081 args.stream = ctx.xso->stream; 3082 args.buf = buf; 3083 args.len = len; 3084 args.bytes_read = bytes_read; 3085 args.peek = peek; 3086 3087 res = block_until_pred(&ctx, quic_read_again, &args, 0); 3088 if (res == 0) { 3089 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3090 goto out; 3091 } else if (res < 0) { 3092 ret = 0; /* quic_read_again raised error here */ 3093 goto out; 3094 } 3095 3096 ret = 1; 3097 } else { 3098 /* 3099 * We did not get any bytes and are not in blocking mode. 3100 * Tick to see if this delivers any more. 3101 */ 3102 qctx_maybe_autotick(&ctx); 3103 3104 /* Try the read again. */ 3105 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { 3106 ret = 0; /* quic_read_actual raised error here */ 3107 goto out; 3108 } 3109 3110 if (*bytes_read > 0) 3111 ret = 1; /* Succeeded this time. */ 3112 else 3113 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ); 3114 } 3115 3116 out: 3117 qctx_unlock(&ctx); 3118 return ret; 3119 } 3120 3121 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read) 3122 { 3123 return quic_read(s, buf, len, bytes_read, 0); 3124 } 3125 3126 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read) 3127 { 3128 return quic_read(s, buf, len, bytes_read, 1); 3129 } 3130 3131 /* 3132 * SSL_pending 3133 * ----------- 3134 */ 3135 3136 QUIC_TAKES_LOCK 3137 static size_t ossl_quic_pending_int(const SSL *s, int check_channel) 3138 { 3139 QCTX ctx; 3140 size_t avail = 0; 3141 3142 if (!expect_quic_cs(s, &ctx)) 3143 return 0; 3144 3145 qctx_lock(&ctx); 3146 3147 if (!ctx.qc->started) 3148 goto out; 3149 3150 if (ctx.xso == NULL) { 3151 /* No XSO yet, but there might be a default XSO eligible to be created. */ 3152 if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) { 3153 ctx.xso = ctx.qc->default_xso; 3154 } else { 3155 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL); 3156 goto out; 3157 } 3158 } 3159 3160 if (ctx.xso->stream == NULL) { 3161 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3162 goto out; 3163 } 3164 3165 if (check_channel) 3166 avail = ossl_quic_stream_recv_pending(ctx.xso->stream, 3167 /*include_fin=*/1) 3168 || ossl_quic_channel_has_pending(ctx.qc->ch) 3169 || ossl_quic_channel_is_term_any(ctx.qc->ch); 3170 else 3171 avail = ossl_quic_stream_recv_pending(ctx.xso->stream, 3172 /*include_fin=*/0); 3173 3174 out: 3175 qctx_unlock(&ctx); 3176 return avail; 3177 } 3178 3179 size_t ossl_quic_pending(const SSL *s) 3180 { 3181 return ossl_quic_pending_int(s, /*check_channel=*/0); 3182 } 3183 3184 int ossl_quic_has_pending(const SSL *s) 3185 { 3186 /* Do we have app-side pending data or pending URXEs or RXEs? */ 3187 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0; 3188 } 3189 3190 /* 3191 * SSL_stream_conclude 3192 * ------------------- 3193 */ 3194 QUIC_TAKES_LOCK 3195 int ossl_quic_conn_stream_conclude(SSL *s) 3196 { 3197 QCTX ctx; 3198 QUIC_STREAM *qs; 3199 int err; 3200 int ret; 3201 3202 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx)) 3203 return 0; 3204 3205 qs = ctx.xso->stream; 3206 3207 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) { 3208 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3209 qctx_unlock(&ctx); 3210 return ret; 3211 } 3212 3213 if (!quic_validate_for_write(ctx.xso, &err)) { 3214 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 3215 qctx_unlock(&ctx); 3216 return ret; 3217 } 3218 3219 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) { 3220 qctx_unlock(&ctx); 3221 return 1; 3222 } 3223 3224 ossl_quic_sstream_fin(qs->sstream); 3225 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx)); 3226 qctx_unlock(&ctx); 3227 return 1; 3228 } 3229 3230 /* 3231 * SSL_inject_net_dgram 3232 * -------------------- 3233 */ 3234 QUIC_TAKES_LOCK 3235 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, 3236 size_t buf_len, 3237 const BIO_ADDR *peer, 3238 const BIO_ADDR *local) 3239 { 3240 int ret = 0; 3241 QCTX ctx; 3242 QUIC_DEMUX *demux; 3243 QUIC_PORT *port; 3244 3245 if (!expect_quic_csl(s, &ctx)) 3246 return 0; 3247 3248 qctx_lock(&ctx); 3249 3250 port = ossl_quic_obj_get0_port(ctx.obj); 3251 if (port == NULL) { 3252 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); 3253 goto err; 3254 } 3255 3256 demux = ossl_quic_port_get0_demux(port); 3257 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local); 3258 3259 err: 3260 qctx_unlock(&ctx); 3261 return ret; 3262 } 3263 3264 /* 3265 * SSL_get0_connection 3266 * ------------------- 3267 */ 3268 SSL *ossl_quic_get0_connection(SSL *s) 3269 { 3270 QCTX ctx; 3271 3272 if (!expect_quic_cs(s, &ctx)) 3273 return NULL; 3274 3275 return &ctx.qc->obj.ssl; 3276 } 3277 3278 /* 3279 * SSL_get0_listener 3280 * ----------------- 3281 */ 3282 SSL *ossl_quic_get0_listener(SSL *s) 3283 { 3284 QCTX ctx; 3285 3286 if (!expect_quic_csl(s, &ctx)) 3287 return NULL; 3288 3289 return ctx.ql != NULL ? &ctx.ql->obj.ssl : NULL; 3290 } 3291 3292 /* 3293 * SSL_get0_domain 3294 * --------------- 3295 */ 3296 SSL *ossl_quic_get0_domain(SSL *s) 3297 { 3298 QCTX ctx; 3299 3300 if (!expect_quic_any(s, &ctx)) 3301 return NULL; 3302 3303 return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL; 3304 } 3305 3306 /* 3307 * SSL_get_domain_flags 3308 * -------------------- 3309 */ 3310 int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags) 3311 { 3312 QCTX ctx; 3313 3314 if (!expect_quic_any(ssl, &ctx)) 3315 return 0; 3316 3317 if (domain_flags != NULL) 3318 *domain_flags = ctx.obj->domain_flags; 3319 3320 return 1; 3321 } 3322 3323 /* 3324 * SSL_get_stream_type 3325 * ------------------- 3326 */ 3327 int ossl_quic_get_stream_type(SSL *s) 3328 { 3329 QCTX ctx; 3330 3331 if (!expect_quic_cs(s, &ctx)) 3332 return SSL_STREAM_TYPE_BIDI; 3333 3334 if (ctx.xso == NULL) { 3335 /* 3336 * If deferred XSO creation has yet to occur, proceed according to the 3337 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know 3338 * what kind of stream will be created yet, so return BIDI on the basis 3339 * that at this time, the client still has the option of calling 3340 * SSL_read() or SSL_write() first. 3341 */ 3342 if (ctx.qc->default_xso_created 3343 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 3344 return SSL_STREAM_TYPE_NONE; 3345 else 3346 return SSL_STREAM_TYPE_BIDI; 3347 } 3348 3349 if (ossl_quic_stream_is_bidi(ctx.xso->stream)) 3350 return SSL_STREAM_TYPE_BIDI; 3351 3352 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server) 3353 return SSL_STREAM_TYPE_READ; 3354 else 3355 return SSL_STREAM_TYPE_WRITE; 3356 } 3357 3358 /* 3359 * SSL_get_stream_id 3360 * ----------------- 3361 */ 3362 QUIC_TAKES_LOCK 3363 uint64_t ossl_quic_get_stream_id(SSL *s) 3364 { 3365 QCTX ctx; 3366 uint64_t id; 3367 3368 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) 3369 return UINT64_MAX; 3370 3371 id = ctx.xso->stream->id; 3372 qctx_unlock(&ctx); 3373 3374 return id; 3375 } 3376 3377 /* 3378 * SSL_is_stream_local 3379 * ------------------- 3380 */ 3381 QUIC_TAKES_LOCK 3382 int ossl_quic_is_stream_local(SSL *s) 3383 { 3384 QCTX ctx; 3385 int is_local; 3386 3387 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) 3388 return -1; 3389 3390 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream); 3391 qctx_unlock(&ctx); 3392 3393 return is_local; 3394 } 3395 3396 /* 3397 * SSL_set_default_stream_mode 3398 * --------------------------- 3399 */ 3400 QUIC_TAKES_LOCK 3401 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode) 3402 { 3403 QCTX ctx; 3404 3405 if (!expect_quic_conn_only(s, &ctx)) 3406 return 0; 3407 3408 qctx_lock(&ctx); 3409 3410 if (ctx.qc->default_xso_created) { 3411 qctx_unlock(&ctx); 3412 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 3413 "too late to change default stream mode"); 3414 } 3415 3416 switch (mode) { 3417 case SSL_DEFAULT_STREAM_MODE_NONE: 3418 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI: 3419 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI: 3420 ctx.qc->default_stream_mode = mode; 3421 break; 3422 default: 3423 qctx_unlock(&ctx); 3424 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3425 "bad default stream type"); 3426 } 3427 3428 qctx_unlock(&ctx); 3429 return 1; 3430 } 3431 3432 /* 3433 * SSL_detach_stream 3434 * ----------------- 3435 */ 3436 QUIC_TAKES_LOCK 3437 SSL *ossl_quic_detach_stream(SSL *s) 3438 { 3439 QCTX ctx; 3440 QUIC_XSO *xso = NULL; 3441 3442 if (!expect_quic_conn_only(s, &ctx)) 3443 return NULL; 3444 3445 qctx_lock(&ctx); 3446 3447 /* Calling this function inhibits default XSO autocreation. */ 3448 /* QC ref to any default XSO is transferred to us and to caller. */ 3449 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso); 3450 3451 qctx_unlock(&ctx); 3452 3453 return xso != NULL ? &xso->obj.ssl : NULL; 3454 } 3455 3456 /* 3457 * SSL_attach_stream 3458 * ----------------- 3459 */ 3460 QUIC_TAKES_LOCK 3461 int ossl_quic_attach_stream(SSL *conn, SSL *stream) 3462 { 3463 QCTX ctx; 3464 QUIC_XSO *xso; 3465 int nref; 3466 3467 if (!expect_quic_conn_only(conn, &ctx)) 3468 return 0; 3469 3470 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO) 3471 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER, 3472 "stream to attach must be a valid QUIC stream"); 3473 3474 xso = (QUIC_XSO *)stream; 3475 3476 qctx_lock(&ctx); 3477 3478 if (ctx.qc->default_xso != NULL) { 3479 qctx_unlock(&ctx); 3480 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, 3481 "connection already has a default stream"); 3482 } 3483 3484 /* 3485 * It is a caller error for the XSO being attached as a default XSO to have 3486 * more than one ref. 3487 */ 3488 if (!CRYPTO_GET_REF(&xso->obj.ssl.references, &nref)) { 3489 qctx_unlock(&ctx); 3490 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, 3491 "ref"); 3492 } 3493 3494 if (nref != 1) { 3495 qctx_unlock(&ctx); 3496 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3497 "stream being attached must have " 3498 "only 1 reference"); 3499 } 3500 3501 /* Caller's reference to the XSO is transferred to us. */ 3502 /* Calling this function inhibits default XSO autocreation. */ 3503 qc_set_default_xso(ctx.qc, xso, /*touch=*/1); 3504 3505 qctx_unlock(&ctx); 3506 return 1; 3507 } 3508 3509 /* 3510 * SSL_set_incoming_stream_policy 3511 * ------------------------------ 3512 */ 3513 QUIC_NEEDS_LOCK 3514 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc) 3515 { 3516 switch (qc->incoming_stream_policy) { 3517 case SSL_INCOMING_STREAM_POLICY_AUTO: 3518 if ((qc->default_xso == NULL && !qc->default_xso_created) 3519 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) 3520 return SSL_INCOMING_STREAM_POLICY_ACCEPT; 3521 else 3522 return SSL_INCOMING_STREAM_POLICY_REJECT; 3523 3524 default: 3525 return qc->incoming_stream_policy; 3526 } 3527 } 3528 3529 QUIC_NEEDS_LOCK 3530 static void qc_update_reject_policy(QUIC_CONNECTION *qc) 3531 { 3532 int policy = qc_get_effective_incoming_stream_policy(qc); 3533 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT); 3534 3535 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch, 3536 enable_reject, 3537 qc->incoming_stream_aec); 3538 } 3539 3540 QUIC_TAKES_LOCK 3541 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, 3542 uint64_t aec) 3543 { 3544 int ret = 1; 3545 QCTX ctx; 3546 3547 if (!expect_quic_conn_only(s, &ctx)) 3548 return 0; 3549 3550 qctx_lock(&ctx); 3551 3552 switch (policy) { 3553 case SSL_INCOMING_STREAM_POLICY_AUTO: 3554 case SSL_INCOMING_STREAM_POLICY_ACCEPT: 3555 case SSL_INCOMING_STREAM_POLICY_REJECT: 3556 ctx.qc->incoming_stream_policy = policy; 3557 ctx.qc->incoming_stream_aec = aec; 3558 break; 3559 3560 default: 3561 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 3562 ret = 0; 3563 break; 3564 } 3565 3566 qc_update_reject_policy(ctx.qc); 3567 qctx_unlock(&ctx); 3568 return ret; 3569 } 3570 3571 /* 3572 * SSL_get_value, SSL_set_value 3573 * ---------------------------- 3574 */ 3575 QUIC_TAKES_LOCK 3576 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_, 3577 uint64_t *p_value_out, uint64_t *p_value_in) 3578 { 3579 int ret = 0; 3580 uint64_t value_out = 0, value_in; 3581 3582 qctx_lock(ctx); 3583 3584 switch (class_) { 3585 case SSL_VALUE_CLASS_FEATURE_REQUEST: 3586 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch); 3587 3588 if (p_value_in != NULL) { 3589 value_in = *p_value_in; 3590 if (value_in > OSSL_QUIC_VLINT_MAX) { 3591 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3592 NULL); 3593 goto err; 3594 } 3595 3596 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) { 3597 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE, 3598 NULL); 3599 goto err; 3600 } 3601 3602 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in); 3603 } 3604 break; 3605 3606 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: 3607 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED: 3608 if (p_value_in != NULL) { 3609 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP, 3610 NULL); 3611 goto err; 3612 } 3613 3614 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) { 3615 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE, 3616 NULL); 3617 goto err; 3618 } 3619 3620 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED) 3621 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch) 3622 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch); 3623 break; 3624 3625 default: 3626 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3627 NULL); 3628 goto err; 3629 } 3630 3631 ret = 1; 3632 err: 3633 qctx_unlock(ctx); 3634 if (ret && p_value_out != NULL) 3635 *p_value_out = value_out; 3636 3637 return ret; 3638 } 3639 3640 QUIC_TAKES_LOCK 3641 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_, 3642 int is_uni, int is_remote, 3643 uint64_t *value) 3644 { 3645 int ret = 0; 3646 3647 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3648 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3649 NULL); 3650 return 0; 3651 } 3652 3653 qctx_lock(ctx); 3654 3655 *value = is_remote 3656 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni) 3657 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni); 3658 3659 ret = 1; 3660 qctx_unlock(ctx); 3661 return ret; 3662 } 3663 3664 QUIC_NEEDS_LOCK 3665 static int qctx_should_autotick(QCTX *ctx) 3666 { 3667 int event_handling_mode; 3668 QUIC_OBJ *obj = ctx->obj; 3669 3670 for (; (event_handling_mode = obj->event_handling_mode) == SSL_VALUE_EVENT_HANDLING_MODE_INHERIT 3671 && obj->parent_obj != NULL; 3672 obj = obj->parent_obj) 3673 ; 3674 3675 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT; 3676 } 3677 3678 QUIC_NEEDS_LOCK 3679 static void qctx_maybe_autotick(QCTX *ctx) 3680 { 3681 if (!qctx_should_autotick(ctx)) 3682 return; 3683 3684 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx->obj), 0); 3685 } 3686 3687 QUIC_TAKES_LOCK 3688 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_, 3689 uint64_t *p_value_out, 3690 uint64_t *p_value_in) 3691 { 3692 int ret = 0; 3693 uint64_t value_out = 0; 3694 3695 qctx_lock(ctx); 3696 3697 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3698 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3699 NULL); 3700 goto err; 3701 } 3702 3703 if (p_value_in != NULL) { 3704 switch (*p_value_in) { 3705 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: 3706 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: 3707 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: 3708 break; 3709 default: 3710 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, 3711 NULL); 3712 goto err; 3713 } 3714 3715 value_out = *p_value_in; 3716 ctx->obj->event_handling_mode = (int)value_out; 3717 } else { 3718 value_out = ctx->obj->event_handling_mode; 3719 } 3720 3721 ret = 1; 3722 err: 3723 qctx_unlock(ctx); 3724 if (ret && p_value_out != NULL) 3725 *p_value_out = value_out; 3726 3727 return ret; 3728 } 3729 3730 QUIC_TAKES_LOCK 3731 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_, 3732 uint64_t *p_value_out, 3733 size_t (*getter)(QUIC_SSTREAM *sstream)) 3734 { 3735 int ret = 0; 3736 size_t value = 0; 3737 3738 qctx_lock(ctx); 3739 3740 if (class_ != SSL_VALUE_CLASS_GENERIC) { 3741 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, 3742 NULL); 3743 goto err; 3744 } 3745 3746 if (ctx->xso == NULL) { 3747 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); 3748 goto err; 3749 } 3750 3751 if (!ossl_quic_stream_has_send(ctx->xso->stream)) { 3752 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL); 3753 goto err; 3754 } 3755 3756 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream)) 3757 value = getter(ctx->xso->stream->sstream); 3758 3759 ret = 1; 3760 err: 3761 qctx_unlock(ctx); 3762 *p_value_out = (uint64_t)value; 3763 return ret; 3764 } 3765 3766 QUIC_NEEDS_LOCK 3767 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id) 3768 { 3769 switch (id) { 3770 case SSL_VALUE_EVENT_HANDLING_MODE: 3771 case SSL_VALUE_STREAM_WRITE_BUF_SIZE: 3772 case SSL_VALUE_STREAM_WRITE_BUF_USED: 3773 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: 3774 return expect_quic_cs(s, ctx); 3775 default: 3776 return expect_quic_conn_only(s, ctx); 3777 } 3778 } 3779 3780 QUIC_TAKES_LOCK 3781 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id, 3782 uint64_t *value) 3783 { 3784 QCTX ctx; 3785 3786 if (!expect_quic_for_value(s, &ctx, id)) 3787 return 0; 3788 3789 if (value == NULL) 3790 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3791 ERR_R_PASSED_INVALID_ARGUMENT, NULL); 3792 3793 switch (id) { 3794 case SSL_VALUE_QUIC_IDLE_TIMEOUT: 3795 return qc_getset_idle_timeout(&ctx, class_, value, NULL); 3796 3797 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: 3798 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value); 3799 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: 3800 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value); 3801 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: 3802 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value); 3803 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: 3804 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value); 3805 3806 case SSL_VALUE_EVENT_HANDLING_MODE: 3807 return qc_getset_event_handling(&ctx, class_, value, NULL); 3808 3809 case SSL_VALUE_STREAM_WRITE_BUF_SIZE: 3810 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3811 ossl_quic_sstream_get_buffer_size); 3812 case SSL_VALUE_STREAM_WRITE_BUF_USED: 3813 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3814 ossl_quic_sstream_get_buffer_used); 3815 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: 3816 return qc_get_stream_write_buf_stat(&ctx, class_, value, 3817 ossl_quic_sstream_get_buffer_avail); 3818 3819 default: 3820 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3821 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); 3822 } 3823 3824 return 1; 3825 } 3826 3827 QUIC_TAKES_LOCK 3828 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id, 3829 uint64_t value) 3830 { 3831 QCTX ctx; 3832 3833 if (!expect_quic_for_value(s, &ctx, id)) 3834 return 0; 3835 3836 switch (id) { 3837 case SSL_VALUE_QUIC_IDLE_TIMEOUT: 3838 return qc_getset_idle_timeout(&ctx, class_, NULL, &value); 3839 3840 case SSL_VALUE_EVENT_HANDLING_MODE: 3841 return qc_getset_event_handling(&ctx, class_, NULL, &value); 3842 3843 default: 3844 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, 3845 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); 3846 } 3847 3848 return 1; 3849 } 3850 3851 /* 3852 * SSL_accept_stream 3853 * ----------------- 3854 */ 3855 struct wait_for_incoming_stream_args { 3856 QCTX *ctx; 3857 QUIC_STREAM *qs; 3858 }; 3859 3860 QUIC_NEEDS_LOCK 3861 static int wait_for_incoming_stream(void *arg) 3862 { 3863 struct wait_for_incoming_stream_args *args = arg; 3864 QUIC_CONNECTION *qc = args->ctx->qc; 3865 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); 3866 3867 if (!quic_mutation_allowed(qc, /*req_active=*/1)) { 3868 /* If connection is torn down due to an error while blocking, stop. */ 3869 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); 3870 return -1; 3871 } 3872 3873 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm); 3874 if (args->qs != NULL) 3875 return 1; /* got a stream */ 3876 3877 return 0; /* did not get a stream, keep trying */ 3878 } 3879 3880 QUIC_TAKES_LOCK 3881 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags) 3882 { 3883 QCTX ctx; 3884 int ret; 3885 SSL *new_s = NULL; 3886 QUIC_STREAM_MAP *qsm; 3887 QUIC_STREAM *qs; 3888 QUIC_XSO *xso; 3889 OSSL_RTT_INFO rtt_info; 3890 3891 if (!expect_quic_conn_only(s, &ctx)) 3892 return NULL; 3893 3894 qctx_lock(&ctx); 3895 3896 if (qc_get_effective_incoming_stream_policy(ctx.qc) 3897 == SSL_INCOMING_STREAM_POLICY_REJECT) { 3898 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 3899 goto out; 3900 } 3901 3902 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); 3903 3904 qs = ossl_quic_stream_map_peek_accept_queue(qsm); 3905 if (qs == NULL) { 3906 if (qctx_blocking(&ctx) 3907 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) { 3908 struct wait_for_incoming_stream_args args; 3909 3910 args.ctx = &ctx; 3911 args.qs = NULL; 3912 3913 ret = block_until_pred(&ctx, wait_for_incoming_stream, &args, 0); 3914 if (ret == 0) { 3915 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 3916 goto out; 3917 } else if (ret < 0 || args.qs == NULL) { 3918 goto out; 3919 } 3920 3921 qs = args.qs; 3922 } else { 3923 goto out; 3924 } 3925 } 3926 3927 xso = create_xso_from_stream(ctx.qc, qs); 3928 if (xso == NULL) 3929 goto out; 3930 3931 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info); 3932 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs, 3933 rtt_info.smoothed_rtt); 3934 new_s = &xso->obj.ssl; 3935 3936 /* Calling this function inhibits default XSO autocreation. */ 3937 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */ 3938 3939 out: 3940 qctx_unlock(&ctx); 3941 return new_s; 3942 } 3943 3944 /* 3945 * SSL_get_accept_stream_queue_len 3946 * ------------------------------- 3947 */ 3948 QUIC_TAKES_LOCK 3949 size_t ossl_quic_get_accept_stream_queue_len(SSL *s) 3950 { 3951 QCTX ctx; 3952 size_t v; 3953 3954 if (!expect_quic_conn_only(s, &ctx)) 3955 return 0; 3956 3957 qctx_lock(&ctx); 3958 3959 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch)); 3960 3961 qctx_unlock(&ctx); 3962 return v; 3963 } 3964 3965 /* 3966 * SSL_stream_reset 3967 * ---------------- 3968 */ 3969 int ossl_quic_stream_reset(SSL *ssl, 3970 const SSL_STREAM_RESET_ARGS *args, 3971 size_t args_len) 3972 { 3973 QCTX ctx; 3974 QUIC_STREAM_MAP *qsm; 3975 QUIC_STREAM *qs; 3976 uint64_t error_code; 3977 int ok, err; 3978 3979 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx)) 3980 return 0; 3981 3982 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); 3983 qs = ctx.xso->stream; 3984 error_code = (args != NULL ? args->quic_error_code : 0); 3985 3986 if (!quic_validate_for_write(ctx.xso, &err)) { 3987 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); 3988 goto err; 3989 } 3990 3991 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code); 3992 if (ok) 3993 ctx.xso->requested_reset = 1; 3994 3995 err: 3996 qctx_unlock(&ctx); 3997 return ok; 3998 } 3999 4000 /* 4001 * SSL_get_stream_read_state 4002 * ------------------------- 4003 */ 4004 static void quic_classify_stream(QUIC_CONNECTION *qc, 4005 QUIC_STREAM *qs, 4006 int is_write, 4007 int *state, 4008 uint64_t *app_error_code) 4009 { 4010 int local_init; 4011 uint64_t final_size; 4012 4013 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server); 4014 4015 if (app_error_code != NULL) 4016 *app_error_code = UINT64_MAX; 4017 else 4018 app_error_code = &final_size; /* throw away value */ 4019 4020 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) { 4021 /* 4022 * Unidirectional stream and this direction of transmission doesn't 4023 * exist. 4024 */ 4025 *state = SSL_STREAM_STATE_WRONG_DIR; 4026 } else if (ossl_quic_channel_is_term_any(qc->ch)) { 4027 /* Connection already closed. */ 4028 *state = SSL_STREAM_STATE_CONN_CLOSED; 4029 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) { 4030 /* Application has read a FIN. */ 4031 *state = SSL_STREAM_STATE_FINISHED; 4032 } else if ((!is_write && qs->stop_sending) 4033 || (is_write && ossl_quic_stream_send_is_reset(qs))) { 4034 /* 4035 * Stream has been reset locally. FIN takes precedence over this for the 4036 * read case as the application need not care if the stream is reset 4037 * after a FIN has been successfully processed. 4038 */ 4039 *state = SSL_STREAM_STATE_RESET_LOCAL; 4040 *app_error_code = !is_write 4041 ? qs->stop_sending_aec 4042 : qs->reset_stream_aec; 4043 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs)) 4044 || (is_write && qs->peer_stop_sending)) { 4045 /* 4046 * Stream has been reset remotely. */ 4047 *state = SSL_STREAM_STATE_RESET_REMOTE; 4048 *app_error_code = !is_write 4049 ? qs->peer_reset_stream_aec 4050 : qs->peer_stop_sending_aec; 4051 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream, &final_size)) { 4052 /* 4053 * Stream has been finished. Stream reset takes precedence over this for 4054 * the write case as peer may not have received all data. 4055 */ 4056 *state = SSL_STREAM_STATE_FINISHED; 4057 } else { 4058 /* Stream still healthy. */ 4059 *state = SSL_STREAM_STATE_OK; 4060 } 4061 } 4062 4063 static int quic_get_stream_state(SSL *ssl, int is_write) 4064 { 4065 QCTX ctx; 4066 int state; 4067 4068 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4069 return SSL_STREAM_STATE_NONE; 4070 4071 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL); 4072 qctx_unlock(&ctx); 4073 return state; 4074 } 4075 4076 int ossl_quic_get_stream_read_state(SSL *ssl) 4077 { 4078 return quic_get_stream_state(ssl, /*is_write=*/0); 4079 } 4080 4081 /* 4082 * SSL_get_stream_write_state 4083 * -------------------------- 4084 */ 4085 int ossl_quic_get_stream_write_state(SSL *ssl) 4086 { 4087 return quic_get_stream_state(ssl, /*is_write=*/1); 4088 } 4089 4090 /* 4091 * SSL_get_stream_read_error_code 4092 * ------------------------------ 4093 */ 4094 static int quic_get_stream_error_code(SSL *ssl, int is_write, 4095 uint64_t *app_error_code) 4096 { 4097 QCTX ctx; 4098 int state; 4099 4100 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4101 return -1; 4102 4103 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, 4104 &state, app_error_code); 4105 4106 qctx_unlock(&ctx); 4107 switch (state) { 4108 case SSL_STREAM_STATE_FINISHED: 4109 return 0; 4110 case SSL_STREAM_STATE_RESET_LOCAL: 4111 case SSL_STREAM_STATE_RESET_REMOTE: 4112 return 1; 4113 default: 4114 return -1; 4115 } 4116 } 4117 4118 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code) 4119 { 4120 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code); 4121 } 4122 4123 /* 4124 * SSL_get_stream_write_error_code 4125 * ------------------------------- 4126 */ 4127 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code) 4128 { 4129 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code); 4130 } 4131 4132 /* 4133 * Write buffer size mutation 4134 * -------------------------- 4135 */ 4136 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size) 4137 { 4138 int ret = 0; 4139 QCTX ctx; 4140 4141 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) 4142 return 0; 4143 4144 if (!ossl_quic_stream_has_send(ctx.xso->stream)) { 4145 /* Called on a unidirectional receive-only stream - error. */ 4146 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); 4147 goto out; 4148 } 4149 4150 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) { 4151 /* 4152 * If the stream has a send part but we have disposed of it because we 4153 * no longer need it, this is a no-op. 4154 */ 4155 ret = 1; 4156 goto out; 4157 } 4158 4159 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) { 4160 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); 4161 goto out; 4162 } 4163 4164 ret = 1; 4165 4166 out: 4167 qctx_unlock(&ctx); 4168 return ret; 4169 } 4170 4171 /* 4172 * SSL_get_conn_close_info 4173 * ----------------------- 4174 */ 4175 int ossl_quic_get_conn_close_info(SSL *ssl, 4176 SSL_CONN_CLOSE_INFO *info, 4177 size_t info_len) 4178 { 4179 QCTX ctx; 4180 const QUIC_TERMINATE_CAUSE *tc; 4181 4182 if (!expect_quic_conn_only(ssl, &ctx)) 4183 return -1; 4184 4185 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch); 4186 if (tc == NULL) 4187 return 0; 4188 4189 info->error_code = tc->error_code; 4190 info->frame_type = tc->frame_type; 4191 info->reason = tc->reason; 4192 info->reason_len = tc->reason_len; 4193 info->flags = 0; 4194 if (!tc->remote) 4195 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL; 4196 if (!tc->app) 4197 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT; 4198 return 1; 4199 } 4200 4201 /* 4202 * SSL_key_update 4203 * -------------- 4204 */ 4205 int ossl_quic_key_update(SSL *ssl, int update_type) 4206 { 4207 QCTX ctx; 4208 4209 if (!expect_quic_conn_only(ssl, &ctx)) 4210 return 0; 4211 4212 switch (update_type) { 4213 case SSL_KEY_UPDATE_NOT_REQUESTED: 4214 /* 4215 * QUIC signals peer key update implicily by triggering a local 4216 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED. 4217 */ 4218 case SSL_KEY_UPDATE_REQUESTED: 4219 break; 4220 4221 default: 4222 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); 4223 return 0; 4224 } 4225 4226 qctx_lock(&ctx); 4227 4228 /* Attempt to perform a TXKU. */ 4229 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) { 4230 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL); 4231 qctx_unlock(&ctx); 4232 return 0; 4233 } 4234 4235 qctx_unlock(&ctx); 4236 return 1; 4237 } 4238 4239 /* 4240 * SSL_get_key_update_type 4241 * ----------------------- 4242 */ 4243 int ossl_quic_get_key_update_type(const SSL *s) 4244 { 4245 /* 4246 * We always handle key updates immediately so a key update is never 4247 * pending. 4248 */ 4249 return SSL_KEY_UPDATE_NONE; 4250 } 4251 4252 /** 4253 * @brief Allocates an SSL object for a user from a QUIC channel. 4254 * 4255 * This function creates a new QUIC_CONNECTION object based on an incoming 4256 * connection associated with the provided QUIC_LISTENER. If the connection 4257 * creation fails, the function returns NULL. Otherwise, it returns a pointer 4258 * to the SSL object associated with the newly created connection. 4259 * 4260 * Note: This function is a registered port callback made from 4261 * ossl_quic_new_listener and ossl_quic_new_listener_from, and allows for 4262 * pre-allocation of the user_ssl object when a channel is created, rather than 4263 * when it is accepted 4264 * 4265 * @param ch Pointer to the QUIC_CHANNEL representing the incoming connection. 4266 * @param arg Pointer to a QUIC_LISTENER used to create the connection. 4267 * 4268 * @return Pointer to the SSL object on success, or NULL on failure. 4269 */ 4270 static SSL *alloc_port_user_ssl(QUIC_CHANNEL *ch, void *arg) 4271 { 4272 QUIC_LISTENER *ql = arg; 4273 QUIC_CONNECTION *qc = create_qc_from_incoming_conn(ql, ch); 4274 4275 return (qc == NULL) ? NULL : &qc->obj.ssl; 4276 } 4277 4278 /* 4279 * QUIC Front-End I/O API: Listeners 4280 * ================================= 4281 */ 4282 4283 /* 4284 * SSL_new_listener 4285 * ---------------- 4286 */ 4287 SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags) 4288 { 4289 QUIC_LISTENER *ql = NULL; 4290 QUIC_ENGINE_ARGS engine_args = { 0 }; 4291 QUIC_PORT_ARGS port_args = { 0 }; 4292 4293 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) { 4294 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4295 goto err; 4296 } 4297 4298 #if defined(OPENSSL_THREADS) 4299 if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) { 4300 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4301 goto err; 4302 } 4303 #endif 4304 4305 engine_args.libctx = ctx->libctx; 4306 engine_args.propq = ctx->propq; 4307 #if defined(OPENSSL_THREADS) 4308 engine_args.mutex = ql->mutex; 4309 #endif 4310 4311 if (need_notifier_for_domain_flags(ctx->domain_flags)) 4312 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 4313 4314 if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) { 4315 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4316 goto err; 4317 } 4318 4319 port_args.channel_ctx = ctx; 4320 port_args.is_multi_conn = 1; 4321 port_args.get_conn_user_ssl = alloc_port_user_ssl; 4322 port_args.user_ssl_arg = ql; 4323 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0) 4324 port_args.do_addr_validation = 1; 4325 ql->port = ossl_quic_engine_create_port(ql->engine, &port_args); 4326 if (ql->port == NULL) { 4327 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4328 goto err; 4329 } 4330 4331 /* TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT */ 4332 4333 ossl_quic_port_set_allow_incoming(ql->port, 1); 4334 4335 /* Initialise the QUIC_LISTENER's object header. */ 4336 if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL, 4337 ql->engine, ql->port)) 4338 goto err; 4339 4340 return &ql->obj.ssl; 4341 4342 err: 4343 if (ql != NULL) 4344 ossl_quic_engine_free(ql->engine); 4345 4346 #if defined(OPENSSL_THREADS) 4347 ossl_crypto_mutex_free(&ql->mutex); 4348 #endif 4349 OPENSSL_free(ql); 4350 return NULL; 4351 } 4352 4353 /* 4354 * SSL_new_listener_from 4355 * --------------------- 4356 */ 4357 SSL *ossl_quic_new_listener_from(SSL *ssl, uint64_t flags) 4358 { 4359 QCTX ctx; 4360 QUIC_LISTENER *ql = NULL; 4361 QUIC_PORT_ARGS port_args = { 0 }; 4362 4363 if (!expect_quic_domain(ssl, &ctx)) 4364 return NULL; 4365 4366 if (!SSL_up_ref(&ctx.qd->obj.ssl)) 4367 return NULL; 4368 4369 qctx_lock(&ctx); 4370 4371 if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) { 4372 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4373 goto err; 4374 } 4375 4376 port_args.channel_ctx = ssl->ctx; 4377 port_args.is_multi_conn = 1; 4378 port_args.get_conn_user_ssl = alloc_port_user_ssl; 4379 port_args.user_ssl_arg = ql; 4380 if ((flags & SSL_LISTENER_FLAG_NO_VALIDATE) == 0) 4381 port_args.do_addr_validation = 1; 4382 ql->port = ossl_quic_engine_create_port(ctx.qd->engine, &port_args); 4383 if (ql->port == NULL) { 4384 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4385 goto err; 4386 } 4387 4388 ql->domain = ctx.qd; 4389 ql->engine = ctx.qd->engine; 4390 #if defined(OPENSSL_THREADS) 4391 ql->mutex = ctx.qd->mutex; 4392 #endif 4393 4394 /* 4395 * TODO(QUIC FUTURE): Implement SSL_LISTENER_FLAG_NO_ACCEPT 4396 * Given that we have apis to create client SSL objects from 4397 * server SSL objects (see SSL_new_from_listener), we have aspirations 4398 * to enable a flag that allows for the creation of the latter, but not 4399 * be used to do accept any connections. This is a placeholder for the 4400 * implementation of that flag 4401 */ 4402 4403 ossl_quic_port_set_allow_incoming(ql->port, 1); 4404 4405 /* Initialise the QUIC_LISTENER's object header. */ 4406 if (!ossl_quic_obj_init(&ql->obj, ssl->ctx, SSL_TYPE_QUIC_LISTENER, 4407 &ctx.qd->obj.ssl, NULL, ql->port)) 4408 goto err; 4409 4410 qctx_unlock(&ctx); 4411 return &ql->obj.ssl; 4412 4413 err: 4414 if (ql != NULL) 4415 ossl_quic_port_free(ql->port); 4416 4417 OPENSSL_free(ql); 4418 qctx_unlock(&ctx); 4419 SSL_free(&ctx.qd->obj.ssl); 4420 4421 return NULL; 4422 } 4423 4424 /* 4425 * SSL_new_from_listener 4426 * --------------------- 4427 * code here is derived from ossl_quic_new(). The `ssl` argument is 4428 * a listener object which already comes with QUIC port/engine. The newly 4429 * created QUIC connection object (QCSO) is going to share the port/engine 4430 * with listener (`ssl`). The `ssl` also becomes a parent of QCSO created 4431 * by this function. The caller uses QCSO instance to connect to 4432 * remote QUIC server. 4433 * 4434 * The QCSO created here requires us to also create a channel so we 4435 * can connect to remote server. 4436 */ 4437 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags) 4438 { 4439 QCTX ctx; 4440 QUIC_CONNECTION *qc = NULL; 4441 QUIC_LISTENER *ql; 4442 SSL_CONNECTION *sc = NULL; 4443 4444 if (flags != 0) 4445 return NULL; 4446 4447 if (!expect_quic_listener(ssl, &ctx)) 4448 return NULL; 4449 4450 if (!SSL_up_ref(&ctx.ql->obj.ssl)) 4451 return NULL; 4452 4453 qctx_lock(&ctx); 4454 4455 ql = ctx.ql; 4456 4457 /* 4458 * listeners (server) contexts don't typically 4459 * allocate a token cache because they don't need 4460 * to store them, but here we are using a server side 4461 * ctx as a client, so we should allocate one now 4462 */ 4463 if (ssl->ctx->tokencache == NULL) 4464 if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL) 4465 goto err; 4466 4467 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) { 4468 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4469 goto err; 4470 } 4471 4472 /* 4473 * NOTE: setting a listener here is needed so `qc_cleanup()` does the right 4474 * thing. Setting listener to ql avoids premature destruction of port in 4475 * qc_cleanup() 4476 */ 4477 qc->listener = ql; 4478 qc->engine = ql->engine; 4479 qc->port = ql->port; 4480 /* create channel */ 4481 #if defined(OPENSSL_THREADS) 4482 /* this is the engine mutex */ 4483 qc->mutex = ql->mutex; 4484 #endif 4485 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) 4486 qc->is_thread_assisted 4487 = ((ql->obj.domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0); 4488 #endif 4489 4490 /* Create the handshake layer. */ 4491 qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, NULL, TLS_method()); 4492 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { 4493 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4494 goto err; 4495 } 4496 sc->s3.flags |= TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL; 4497 4498 qc->default_ssl_options = OSSL_QUIC_PERMITTED_OPTIONS; 4499 qc->last_error = SSL_ERROR_NONE; 4500 4501 /* 4502 * This is QCSO, we don't expect to accept connections 4503 * on success the channel assumes ownership of tls, we need 4504 * to grab reference for qc. 4505 */ 4506 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); 4507 4508 ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl); 4509 ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg); 4510 4511 /* 4512 * We deliberately pass NULL for engine and port, because we don't want to 4513 * to turn QCSO we create here into an event leader, nor port leader. 4514 * Both those roles are occupied already by listener (`ssl`) we use 4515 * to create a new QCSO here. 4516 */ 4517 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx, 4518 SSL_TYPE_QUIC_CONNECTION, 4519 &ql->obj.ssl, NULL, NULL)) { 4520 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4521 goto err; 4522 } 4523 4524 /* Initialise libssl APL-related state. */ 4525 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 4526 qc->default_ssl_mode = qc->obj.ssl.ctx->mode; 4527 qc->default_ssl_options = qc->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 4528 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 4529 qc->last_error = SSL_ERROR_NONE; 4530 4531 qc_update_reject_policy(qc); 4532 4533 qctx_unlock(&ctx); 4534 4535 return &qc->obj.ssl; 4536 4537 err: 4538 if (qc != NULL) { 4539 qc_cleanup(qc, /* have_lock= */ 0); 4540 OPENSSL_free(qc); 4541 } 4542 qctx_unlock(&ctx); 4543 SSL_free(&ctx.ql->obj.ssl); 4544 4545 return NULL; 4546 } 4547 4548 /* 4549 * SSL_listen 4550 * ---------- 4551 */ 4552 QUIC_NEEDS_LOCK 4553 static int ql_listen(QUIC_LISTENER *ql) 4554 { 4555 if (ql->listening) 4556 return 1; 4557 4558 ossl_quic_port_set_allow_incoming(ql->port, 1); 4559 ql->listening = 1; 4560 return 1; 4561 } 4562 4563 QUIC_TAKES_LOCK 4564 int ossl_quic_listen(SSL *ssl) 4565 { 4566 QCTX ctx; 4567 int ret; 4568 4569 if (!expect_quic_listener(ssl, &ctx)) 4570 return 0; 4571 4572 qctx_lock_for_io(&ctx); 4573 4574 ret = ql_listen(ctx.ql); 4575 4576 qctx_unlock(&ctx); 4577 return ret; 4578 } 4579 4580 /* 4581 * SSL_accept_connection 4582 * --------------------- 4583 */ 4584 static int quic_accept_connection_wait(void *arg) 4585 { 4586 QUIC_PORT *port = arg; 4587 4588 if (!ossl_quic_port_is_running(port)) 4589 return -1; 4590 4591 if (ossl_quic_port_have_incoming(port)) 4592 return 1; 4593 4594 return 0; 4595 } 4596 4597 QUIC_TAKES_LOCK 4598 SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags) 4599 { 4600 int ret; 4601 QCTX ctx; 4602 SSL *conn_ssl = NULL; 4603 SSL_CONNECTION *conn = NULL; 4604 QUIC_CHANNEL *new_ch = NULL; 4605 QUIC_CONNECTION *qc; 4606 int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0); 4607 4608 if (!expect_quic_listener(ssl, &ctx)) 4609 return NULL; 4610 4611 qctx_lock_for_io(&ctx); 4612 4613 if (!ql_listen(ctx.ql)) 4614 goto out; 4615 4616 /* Wait for an incoming connection if needed. */ 4617 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4618 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) { 4619 if (!no_block && qctx_blocking(&ctx)) { 4620 ret = block_until_pred(&ctx, quic_accept_connection_wait, 4621 ctx.ql->port, 0); 4622 if (ret < 1) 4623 goto out; 4624 } else { 4625 qctx_maybe_autotick(&ctx); 4626 } 4627 4628 if (!ossl_quic_port_is_running(ctx.ql->port)) 4629 goto out; 4630 4631 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4632 } 4633 4634 if (new_ch == NULL && ossl_quic_port_is_running(ctx.ql->port)) { 4635 /* No connections already queued. */ 4636 ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0); 4637 4638 new_ch = ossl_quic_port_pop_incoming(ctx.ql->port); 4639 } 4640 4641 /* 4642 * port_make_channel pre-allocates our user_ssl for us for each newly 4643 * created channel, so once we pop the new channel from the port above 4644 * we just need to extract it 4645 */ 4646 if (new_ch == NULL) 4647 goto out; 4648 4649 /* 4650 * All objects below must exist, because new_ch != NULL. The objects are 4651 * bound to new_ch. If channel constructor fails to create any item here 4652 * it just fails to create channel. 4653 */ 4654 if (!ossl_assert((conn_ssl = ossl_quic_channel_get0_tls(new_ch)) != NULL) 4655 || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) != NULL) 4656 || !ossl_assert((conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL)) 4657 goto out; 4658 4659 qc = (QUIC_CONNECTION *)conn_ssl; 4660 qc->pending = 0; 4661 if (!SSL_up_ref(&ctx.ql->obj.ssl)) { 4662 /* 4663 * You might expect ossl_quic_channel_free() to be called here. Be 4664 * assured it happens, The process goes as follows: 4665 * - The SSL_free() here is being handled by ossl_quic_free(). 4666 * - The very last step of ossl_quic_free() is call to qc_cleanup() 4667 * where channel gets freed. 4668 */ 4669 SSL_free(conn_ssl); 4670 } 4671 qc->listener = ctx.ql; 4672 4673 out: 4674 4675 qctx_unlock(&ctx); 4676 return conn_ssl; 4677 } 4678 4679 static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHANNEL *ch) 4680 { 4681 QUIC_CONNECTION *qc = NULL; 4682 4683 if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) { 4684 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4685 goto err; 4686 } 4687 4688 if (!ossl_quic_obj_init(&qc->obj, ql->obj.ssl.ctx, 4689 SSL_TYPE_QUIC_CONNECTION, 4690 &ql->obj.ssl, NULL, NULL)) { 4691 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 4692 goto err; 4693 } 4694 4695 ossl_quic_channel_get_peer_addr(ch, &qc->init_peer_addr); /* best effort */ 4696 qc->pending = 1; 4697 qc->engine = ql->engine; 4698 qc->port = ql->port; 4699 qc->ch = ch; 4700 #if defined(OPENSSL_THREADS) 4701 qc->mutex = ql->mutex; 4702 #endif 4703 qc->tls = ossl_quic_channel_get0_tls(ch); 4704 qc->started = 1; 4705 qc->as_server = 1; 4706 qc->as_server_state = 1; 4707 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; 4708 qc->default_ssl_options = ql->obj.ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; 4709 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; 4710 qc->last_error = SSL_ERROR_NONE; 4711 qc_update_reject_policy(qc); 4712 return qc; 4713 4714 err: 4715 OPENSSL_free(qc); 4716 return NULL; 4717 } 4718 4719 DEFINE_LHASH_OF_EX(QUIC_TOKEN); 4720 4721 struct ssl_token_store_st { 4722 LHASH_OF(QUIC_TOKEN) *cache; 4723 CRYPTO_REF_COUNT references; 4724 CRYPTO_MUTEX *mutex; 4725 }; 4726 4727 static unsigned long quic_token_hash(const QUIC_TOKEN *item) 4728 { 4729 return (unsigned long)ossl_fnv1a_hash(item->hashkey, item->hashkey_len); 4730 } 4731 4732 static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b) 4733 { 4734 if (a->hashkey_len != b->hashkey_len) 4735 return 1; 4736 return memcmp(a->hashkey, b->hashkey, a->hashkey_len); 4737 } 4738 4739 SSL_TOKEN_STORE *ossl_quic_new_token_store(void) 4740 { 4741 int ok = 0; 4742 SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE)); 4743 4744 if (newcache == NULL) 4745 goto out; 4746 4747 newcache->cache = lh_QUIC_TOKEN_new(quic_token_hash, quic_token_cmp); 4748 if (newcache->cache == NULL) 4749 goto out; 4750 4751 #if defined(OPENSSL_THREADS) 4752 if ((newcache->mutex = ossl_crypto_mutex_new()) == NULL) 4753 goto out; 4754 #endif 4755 4756 if (!CRYPTO_NEW_REF(&newcache->references, 1)) 4757 goto out; 4758 4759 ok = 1; 4760 out: 4761 if (!ok) { 4762 ossl_quic_free_token_store(newcache); 4763 newcache = NULL; 4764 } 4765 return newcache; 4766 } 4767 4768 static void free_this_token(QUIC_TOKEN *tok) 4769 { 4770 ossl_quic_free_peer_token(tok); 4771 } 4772 4773 void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl) 4774 { 4775 int refs; 4776 4777 if (hdl == NULL) 4778 return; 4779 4780 if (!CRYPTO_DOWN_REF(&hdl->references, &refs)) 4781 return; 4782 4783 if (refs > 0) 4784 return; 4785 4786 /* last reference, we can clean up */ 4787 ossl_crypto_mutex_free(&hdl->mutex); 4788 lh_QUIC_TOKEN_doall(hdl->cache, free_this_token); 4789 lh_QUIC_TOKEN_free(hdl->cache); 4790 CRYPTO_FREE_REF(&hdl->references); 4791 OPENSSL_free(hdl); 4792 return; 4793 } 4794 4795 /** 4796 * @brief build a new QUIC_TOKEN 4797 * 4798 * This function creates a new token storage structure for saving in our 4799 * tokencache 4800 * 4801 * In an effort to make allocation and freeing of these tokens a bit faster 4802 * We do them in a single allocation in this format 4803 * +---------------+ --\ 4804 * | hashkey * |---| | 4805 * | hashkey_len | | | QUIC_TOKEN 4806 * | token * |---|--| | 4807 * | token_len | | | | 4808 * +---------------+<--| | --/ 4809 * | hashkey buf | | 4810 * | | | 4811 * |---------------|<-----| 4812 * | token buf | 4813 * | | 4814 * +---------------+ 4815 * 4816 * @param peer - the peer address that sent the token 4817 * @param token - the buffer holding the token 4818 * @param token_len - the size of token 4819 * 4820 * @returns a QUIC_TOKEN pointer or NULL on error 4821 */ 4822 static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token, 4823 size_t token_len) 4824 { 4825 QUIC_TOKEN *new_token; 4826 size_t hashkey_len = 0; 4827 size_t addr_len = 0; 4828 int family; 4829 unsigned short port; 4830 int *famptr; 4831 unsigned short *portptr; 4832 uint8_t *addrptr; 4833 4834 if ((token != NULL && token_len == 0) || (token == NULL && token_len != 0)) 4835 return NULL; 4836 4837 if (!BIO_ADDR_rawaddress(peer, NULL, &addr_len)) 4838 return NULL; 4839 family = BIO_ADDR_family(peer); 4840 port = BIO_ADDR_rawport(peer); 4841 4842 hashkey_len += sizeof(int); /* hashkey(family) */ 4843 hashkey_len += sizeof(unsigned short); /* hashkey(port) */ 4844 hashkey_len += addr_len; /* hashkey(address) */ 4845 4846 new_token = OPENSSL_zalloc(sizeof(QUIC_TOKEN) + hashkey_len + token_len); 4847 if (new_token == NULL) 4848 return NULL; 4849 4850 if (!CRYPTO_NEW_REF(&new_token->references, 1)) { 4851 OPENSSL_free(new_token); 4852 return NULL; 4853 } 4854 4855 new_token->hashkey_len = hashkey_len; 4856 /* hashkey is allocated inline, immediately after the QUIC_TOKEN struct */ 4857 new_token->hashkey = (uint8_t *)(new_token + 1); 4858 /* token buffer follows the hashkey in the inline allocation */ 4859 new_token->token = new_token->hashkey + hashkey_len; 4860 new_token->token_len = token_len; 4861 famptr = (int *)new_token->hashkey; 4862 portptr = (unsigned short *)(famptr + 1); 4863 addrptr = (uint8_t *)(portptr + 1); 4864 *famptr = family; 4865 *portptr = port; 4866 if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) { 4867 ossl_quic_free_peer_token(new_token); 4868 return NULL; 4869 } 4870 if (token != NULL) 4871 memcpy(new_token->token, token, token_len); 4872 return new_token; 4873 } 4874 4875 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer, 4876 const uint8_t *token, size_t token_len) 4877 { 4878 SSL_TOKEN_STORE *c = ctx->tokencache; 4879 QUIC_TOKEN *tok, *old = NULL; 4880 4881 if (ctx->tokencache == NULL) 4882 return 0; 4883 4884 tok = ossl_quic_build_new_token(peer, (uint8_t *)token, token_len); 4885 if (tok == NULL) 4886 return 0; 4887 4888 /* we might be sharing this cache, lock it */ 4889 ossl_crypto_mutex_lock(c->mutex); 4890 4891 old = lh_QUIC_TOKEN_retrieve(c->cache, tok); 4892 if (old != NULL) { 4893 lh_QUIC_TOKEN_delete(c->cache, old); 4894 ossl_quic_free_peer_token(old); 4895 } 4896 lh_QUIC_TOKEN_insert(c->cache, tok); 4897 4898 ossl_crypto_mutex_unlock(c->mutex); 4899 return 1; 4900 } 4901 4902 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer, 4903 QUIC_TOKEN **token) 4904 { 4905 SSL_TOKEN_STORE *c = ctx->tokencache; 4906 QUIC_TOKEN *key = NULL; 4907 QUIC_TOKEN *tok = NULL; 4908 int ret; 4909 int rc = 0; 4910 4911 if (c == NULL) 4912 return 0; 4913 4914 key = ossl_quic_build_new_token(peer, NULL, 0); 4915 if (key == NULL) 4916 return 0; 4917 4918 ossl_crypto_mutex_lock(c->mutex); 4919 tok = lh_QUIC_TOKEN_retrieve(c->cache, key); 4920 if (tok != NULL) { 4921 *token = tok; 4922 CRYPTO_UP_REF(&tok->references, &ret); 4923 rc = 1; 4924 } 4925 4926 ossl_crypto_mutex_unlock(c->mutex); 4927 ossl_quic_free_peer_token(key); 4928 return rc; 4929 } 4930 4931 void ossl_quic_free_peer_token(QUIC_TOKEN *token) 4932 { 4933 int refs = 0; 4934 4935 if (!CRYPTO_DOWN_REF(&token->references, &refs)) 4936 return; 4937 4938 if (refs > 0) 4939 return; 4940 4941 CRYPTO_FREE_REF(&token->references); 4942 OPENSSL_free(token); 4943 } 4944 4945 /* 4946 * SSL_get_accept_connection_queue_len 4947 * ----------------------------------- 4948 */ 4949 QUIC_TAKES_LOCK 4950 size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl) 4951 { 4952 QCTX ctx; 4953 int ret; 4954 4955 if (!expect_quic_listener(ssl, &ctx)) 4956 return 0; 4957 4958 qctx_lock(&ctx); 4959 4960 ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port); 4961 4962 qctx_unlock(&ctx); 4963 return ret; 4964 } 4965 4966 /* 4967 * QUIC Front-End I/O API: Domains 4968 * =============================== 4969 */ 4970 4971 /* 4972 * SSL_new_domain 4973 * -------------- 4974 */ 4975 SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags) 4976 { 4977 QUIC_DOMAIN *qd = NULL; 4978 QUIC_ENGINE_ARGS engine_args = { 0 }; 4979 uint64_t domain_flags; 4980 4981 domain_flags = ctx->domain_flags; 4982 if ((flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD | SSL_DOMAIN_FLAG_MULTI_THREAD | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0) 4983 domain_flags = flags; 4984 else 4985 domain_flags = ctx->domain_flags | flags; 4986 4987 if (!ossl_adjust_domain_flags(domain_flags, &domain_flags)) 4988 return NULL; 4989 4990 if ((qd = OPENSSL_zalloc(sizeof(*qd))) == NULL) { 4991 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4992 return NULL; 4993 } 4994 4995 #if defined(OPENSSL_THREADS) 4996 if ((qd->mutex = ossl_crypto_mutex_new()) == NULL) { 4997 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); 4998 goto err; 4999 } 5000 #endif 5001 5002 engine_args.libctx = ctx->libctx; 5003 engine_args.propq = ctx->propq; 5004 #if defined(OPENSSL_THREADS) 5005 engine_args.mutex = qd->mutex; 5006 #endif 5007 5008 if (need_notifier_for_domain_flags(domain_flags)) 5009 engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER; 5010 5011 if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) { 5012 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); 5013 goto err; 5014 } 5015 5016 /* Initialise the QUIC_DOMAIN's object header. */ 5017 if (!ossl_quic_obj_init(&qd->obj, ctx, SSL_TYPE_QUIC_DOMAIN, NULL, 5018 qd->engine, NULL)) 5019 goto err; 5020 5021 ossl_quic_obj_set_domain_flags(&qd->obj, domain_flags); 5022 return &qd->obj.ssl; 5023 5024 err: 5025 ossl_quic_engine_free(qd->engine); 5026 #if defined(OPENSSL_THREADS) 5027 ossl_crypto_mutex_free(&qd->mutex); 5028 #endif 5029 OPENSSL_free(qd); 5030 return NULL; 5031 } 5032 5033 /* 5034 * QUIC Front-End I/O API: SSL_CTX Management 5035 * ========================================== 5036 */ 5037 5038 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 5039 { 5040 switch (cmd) { 5041 default: 5042 return ssl3_ctx_ctrl(ctx, cmd, larg, parg); 5043 } 5044 } 5045 5046 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 5047 { 5048 QCTX ctx; 5049 5050 if (!expect_quic_conn_only(s, &ctx)) 5051 return 0; 5052 5053 switch (cmd) { 5054 case SSL_CTRL_SET_MSG_CALLBACK: 5055 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp, 5056 &ctx.qc->obj.ssl); 5057 /* This callback also needs to be set on the internal SSL object */ 5058 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp); 5059 ; 5060 5061 default: 5062 /* Probably a TLS related ctrl. Defer to our internal SSL object */ 5063 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp); 5064 } 5065 } 5066 5067 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 5068 { 5069 return ssl3_ctx_callback_ctrl(ctx, cmd, fp); 5070 } 5071 5072 int ossl_quic_renegotiate_check(SSL *ssl, int initok) 5073 { 5074 /* We never do renegotiation. */ 5075 return 0; 5076 } 5077 5078 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) 5079 { 5080 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); 5081 5082 if (ciph == NULL) 5083 return NULL; 5084 if ((ciph->algorithm2 & SSL_QUIC) == 0) 5085 return NULL; 5086 5087 return ciph; 5088 } 5089 5090 /* 5091 * These functions define the TLSv1.2 (and below) ciphers that are supported by 5092 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any. 5093 */ 5094 5095 int ossl_quic_num_ciphers(void) 5096 { 5097 return 0; 5098 } 5099 5100 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u) 5101 { 5102 return NULL; 5103 } 5104 5105 /* 5106 * SSL_get_shutdown() 5107 * ------------------ 5108 */ 5109 int ossl_quic_get_shutdown(const SSL *s) 5110 { 5111 QCTX ctx; 5112 int shut = 0; 5113 5114 if (!expect_quic_conn_only(s, &ctx)) 5115 return 0; 5116 5117 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) { 5118 shut |= SSL_SENT_SHUTDOWN; 5119 if (!ossl_quic_channel_is_closing(ctx.qc->ch)) 5120 shut |= SSL_RECEIVED_SHUTDOWN; 5121 } 5122 5123 return shut; 5124 } 5125 5126 /* 5127 * QUIC Polling Support APIs 5128 * ========================= 5129 */ 5130 5131 /* Do we have the R (read) condition? */ 5132 QUIC_NEEDS_LOCK 5133 static int test_poll_event_r(QUIC_XSO *xso) 5134 { 5135 int fin = 0; 5136 size_t avail = 0; 5137 5138 /* 5139 * If a stream has had the fin bit set on the last packet 5140 * received, then we need to return a 1 here to raise 5141 * SSL_POLL_EVENT_R, so that the stream can have its completion 5142 * detected and closed gracefully by an application. 5143 * However, if the client reads the data via SSL_read[_ex], that api 5144 * provides no stream status, and as a result the stream state moves to 5145 * QUIC_RSTREAM_STATE_DATA_READ, and the receive buffer is freed, which 5146 * stored the fin state, so its not directly know-able here. Instead 5147 * check for the stream state being QUIC_RSTREAM_STATE_DATA_READ, which 5148 * is only set if the last stream frame received had the fin bit set, and 5149 * the client read the data. This catches our poll/read/poll case 5150 */ 5151 if (xso->stream->recv_state == QUIC_RSTREAM_STATE_DATA_READ) 5152 return 1; 5153 5154 return ossl_quic_stream_has_recv_buffer(xso->stream) 5155 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin) 5156 && (avail > 0 || (fin && !xso->retired_fin)); 5157 } 5158 5159 /* Do we have the ER (exception: read) condition? */ 5160 QUIC_NEEDS_LOCK 5161 static int test_poll_event_er(QUIC_XSO *xso) 5162 { 5163 return ossl_quic_stream_has_recv(xso->stream) 5164 && ossl_quic_stream_recv_is_reset(xso->stream) 5165 && !xso->retired_fin; 5166 } 5167 5168 /* Do we have the W (write) condition? */ 5169 QUIC_NEEDS_LOCK 5170 static int test_poll_event_w(QUIC_XSO *xso) 5171 { 5172 return !xso->conn->shutting_down 5173 && ossl_quic_stream_has_send_buffer(xso->stream) 5174 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream) 5175 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL) 5176 && ossl_quic_txfc_get_cwm(&xso->stream->txfc) 5177 > ossl_quic_sstream_get_cur_size(xso->stream->sstream) 5178 && quic_mutation_allowed(xso->conn, /*req_active=*/1); 5179 } 5180 5181 /* Do we have the EW (exception: write) condition? */ 5182 QUIC_NEEDS_LOCK 5183 static int test_poll_event_ew(QUIC_XSO *xso) 5184 { 5185 return ossl_quic_stream_has_send(xso->stream) 5186 && xso->stream->peer_stop_sending 5187 && !xso->requested_reset 5188 && !xso->conn->shutting_down; 5189 } 5190 5191 /* Do we have the EC (exception: connection) condition? */ 5192 QUIC_NEEDS_LOCK 5193 static int test_poll_event_ec(QUIC_CONNECTION *qc) 5194 { 5195 return ossl_quic_channel_is_term_any(qc->ch); 5196 } 5197 5198 /* Do we have the ECD (exception: connection drained) condition? */ 5199 QUIC_NEEDS_LOCK 5200 static int test_poll_event_ecd(QUIC_CONNECTION *qc) 5201 { 5202 return ossl_quic_channel_is_terminated(qc->ch); 5203 } 5204 5205 /* Do we have the IS (incoming: stream) condition? */ 5206 QUIC_NEEDS_LOCK 5207 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni) 5208 { 5209 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch), 5210 is_uni); 5211 } 5212 5213 /* Do we have the OS (outgoing: stream) condition? */ 5214 QUIC_NEEDS_LOCK 5215 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni) 5216 { 5217 /* Is it currently possible for us to make an outgoing stream? */ 5218 return quic_mutation_allowed(qc, /*req_active=*/1) 5219 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0; 5220 } 5221 5222 /* Do we have the EL (exception: listener) condition? */ 5223 QUIC_NEEDS_LOCK 5224 static int test_poll_event_el(QUIC_LISTENER *ql) 5225 { 5226 return !ossl_quic_port_is_running(ql->port); 5227 } 5228 5229 /* Do we have the IC (incoming: connection) condition? */ 5230 QUIC_NEEDS_LOCK 5231 static int test_poll_event_ic(QUIC_LISTENER *ql) 5232 { 5233 return ossl_quic_port_get_num_incoming_channels(ql->port) > 0; 5234 } 5235 5236 QUIC_TAKES_LOCK 5237 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, 5238 uint64_t *p_revents) 5239 { 5240 QCTX ctx; 5241 uint64_t revents = 0; 5242 5243 if (!expect_quic_csl(ssl, &ctx)) 5244 return 0; 5245 5246 qctx_lock(&ctx); 5247 5248 if (ctx.qc != NULL && !ctx.qc->started) { 5249 /* We can only try to write on non-started connection. */ 5250 if ((events & SSL_POLL_EVENT_W) != 0) 5251 revents |= SSL_POLL_EVENT_W; 5252 goto end; 5253 } 5254 5255 if (do_tick) 5256 ossl_quic_reactor_tick(ossl_quic_obj_get0_reactor(ctx.obj), 0); 5257 5258 if (ctx.xso != NULL) { 5259 /* SSL object has a stream component. */ 5260 5261 if ((events & SSL_POLL_EVENT_R) != 0 5262 && test_poll_event_r(ctx.xso)) 5263 revents |= SSL_POLL_EVENT_R; 5264 5265 if ((events & SSL_POLL_EVENT_ER) != 0 5266 && test_poll_event_er(ctx.xso)) 5267 revents |= SSL_POLL_EVENT_ER; 5268 5269 if ((events & SSL_POLL_EVENT_W) != 0 5270 && test_poll_event_w(ctx.xso)) 5271 revents |= SSL_POLL_EVENT_W; 5272 5273 if ((events & SSL_POLL_EVENT_EW) != 0 5274 && test_poll_event_ew(ctx.xso)) 5275 revents |= SSL_POLL_EVENT_EW; 5276 } 5277 5278 if (ctx.qc != NULL && !ctx.is_stream) { 5279 if ((events & SSL_POLL_EVENT_EC) != 0 5280 && test_poll_event_ec(ctx.qc)) 5281 revents |= SSL_POLL_EVENT_EC; 5282 5283 if ((events & SSL_POLL_EVENT_ECD) != 0 5284 && test_poll_event_ecd(ctx.qc)) 5285 revents |= SSL_POLL_EVENT_ECD; 5286 5287 if ((events & SSL_POLL_EVENT_ISB) != 0 5288 && test_poll_event_is(ctx.qc, /*uni=*/0)) 5289 revents |= SSL_POLL_EVENT_ISB; 5290 5291 if ((events & SSL_POLL_EVENT_ISU) != 0 5292 && test_poll_event_is(ctx.qc, /*uni=*/1)) 5293 revents |= SSL_POLL_EVENT_ISU; 5294 5295 if ((events & SSL_POLL_EVENT_OSB) != 0 5296 && test_poll_event_os(ctx.qc, /*uni=*/0)) 5297 revents |= SSL_POLL_EVENT_OSB; 5298 5299 if ((events & SSL_POLL_EVENT_OSU) != 0 5300 && test_poll_event_os(ctx.qc, /*uni=*/1)) 5301 revents |= SSL_POLL_EVENT_OSU; 5302 } 5303 5304 if (ctx.is_listener) { 5305 if ((events & SSL_POLL_EVENT_EL) != 0 5306 && test_poll_event_el(ctx.ql)) 5307 revents |= SSL_POLL_EVENT_EL; 5308 5309 if ((events & SSL_POLL_EVENT_IC) != 0 5310 && test_poll_event_ic(ctx.ql)) 5311 revents |= SSL_POLL_EVENT_IC; 5312 } 5313 5314 end: 5315 qctx_unlock(&ctx); 5316 *p_revents = revents; 5317 return 1; 5318 } 5319 5320 QUIC_TAKES_LOCK 5321 int ossl_quic_get_notifier_fd(SSL *ssl) 5322 { 5323 QCTX ctx; 5324 QUIC_REACTOR *rtor; 5325 RIO_NOTIFIER *nfy; 5326 int nfd = -1; 5327 5328 if (!expect_quic_any(ssl, &ctx)) 5329 return -1; 5330 5331 qctx_lock(&ctx); 5332 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5333 nfy = ossl_quic_reactor_get0_notifier(rtor); 5334 if (nfy == NULL) 5335 goto end; 5336 nfd = ossl_rio_notifier_as_fd(nfy); 5337 5338 end: 5339 qctx_unlock(&ctx); 5340 return nfd; 5341 } 5342 5343 QUIC_TAKES_LOCK 5344 void ossl_quic_enter_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx) 5345 { 5346 QCTX ctx; 5347 QUIC_REACTOR *rtor; 5348 5349 if (!expect_quic_any(ssl, &ctx)) 5350 return; 5351 5352 qctx_lock(&ctx); 5353 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5354 ossl_quic_reactor_wait_ctx_enter(wctx, rtor); 5355 qctx_unlock(&ctx); 5356 } 5357 5358 QUIC_TAKES_LOCK 5359 void ossl_quic_leave_blocking_section(SSL *ssl, QUIC_REACTOR_WAIT_CTX *wctx) 5360 { 5361 QCTX ctx; 5362 QUIC_REACTOR *rtor; 5363 5364 if (!expect_quic_any(ssl, &ctx)) 5365 return; 5366 5367 qctx_lock(&ctx); 5368 rtor = ossl_quic_obj_get0_reactor(ctx.obj); 5369 ossl_quic_reactor_wait_ctx_leave(wctx, rtor); 5370 qctx_unlock(&ctx); 5371 } 5372 5373 /* 5374 * Internal Testing APIs 5375 * ===================== 5376 */ 5377 5378 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s) 5379 { 5380 QCTX ctx; 5381 5382 if (!expect_quic_conn_only(s, &ctx)) 5383 return NULL; 5384 5385 return ctx.qc->ch; 5386 } 5387 5388 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title) 5389 { 5390 #ifndef OPENSSL_NO_QLOG 5391 OPENSSL_free(ctx->qlog_title); 5392 ctx->qlog_title = NULL; 5393 5394 if (title == NULL) 5395 return 1; 5396 5397 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL) 5398 return 0; 5399 #endif 5400 5401 return 1; 5402 } 5403
Indexes created Sat Feb 28 05:31:39 UTC 2026