/src/openssl/ssl/quic/quic_impl.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/macros.h> |
11 | | #include <openssl/objects.h> |
12 | | #include <openssl/sslerr.h> |
13 | | #include <crypto/rand.h> |
14 | | #include "quic_local.h" |
15 | | #include "internal/quic_tls.h" |
16 | | #include "internal/quic_rx_depack.h" |
17 | | #include "internal/quic_error.h" |
18 | | #include "internal/quic_engine.h" |
19 | | #include "internal/quic_port.h" |
20 | | #include "internal/time.h" |
21 | | |
22 | | typedef struct qctx_st QCTX; |
23 | | |
24 | | static void aon_write_finish(QUIC_XSO *xso); |
25 | | static int create_channel(QUIC_CONNECTION *qc); |
26 | | static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs); |
27 | | static int qc_try_create_default_xso_for_write(QCTX *ctx); |
28 | | static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek); |
29 | | static void quic_lock(QUIC_CONNECTION *qc); |
30 | | static void quic_unlock(QUIC_CONNECTION *qc); |
31 | | static void quic_lock_for_io(QCTX *ctx); |
32 | | static int quic_do_handshake(QCTX *ctx); |
33 | | static void qc_update_reject_policy(QUIC_CONNECTION *qc); |
34 | | static void qc_touch_default_xso(QUIC_CONNECTION *qc); |
35 | | static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch); |
36 | | static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, |
37 | | int touch, QUIC_XSO **old_xso); |
38 | | static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock); |
39 | | static int quic_validate_for_write(QUIC_XSO *xso, int *err); |
40 | | static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active); |
41 | | static int qc_blocking_mode(const QUIC_CONNECTION *qc); |
42 | | static int xso_blocking_mode(const QUIC_XSO *xso); |
43 | | static void qctx_maybe_autotick(QCTX *ctx); |
44 | | static int qctx_should_autotick(QCTX *ctx); |
45 | | |
46 | | /* |
47 | | * QUIC Front-End I/O API: Common Utilities |
48 | | * ======================================== |
49 | | */ |
50 | | |
51 | | /* |
52 | | * Block until a predicate is met. |
53 | | * |
54 | | * Precondition: Must have a channel. |
55 | | * Precondition: Must hold channel lock (unchecked). |
56 | | */ |
57 | | QUIC_NEEDS_LOCK |
58 | | static int block_until_pred(QUIC_CONNECTION *qc, |
59 | | int (*pred)(void *arg), void *pred_arg, |
60 | | uint32_t flags) |
61 | 0 | { |
62 | 0 | QUIC_REACTOR *rtor; |
63 | |
|
64 | 0 | assert(qc->ch != NULL); |
65 | | |
66 | | /* |
67 | | * Any attempt to block auto-disables tick inhibition as otherwise we will |
68 | | * hang around forever. |
69 | | */ |
70 | 0 | ossl_quic_engine_set_inhibit_tick(qc->engine, 0); |
71 | |
|
72 | 0 | rtor = ossl_quic_channel_get_reactor(qc->ch); |
73 | 0 | return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags, |
74 | 0 | qc->mutex); |
75 | 0 | } |
76 | | |
77 | | static OSSL_TIME get_time(QUIC_CONNECTION *qc) |
78 | 0 | { |
79 | 0 | if (qc->override_now_cb != NULL) |
80 | 0 | return qc->override_now_cb(qc->override_now_cb_arg); |
81 | 0 | else |
82 | 0 | return ossl_time_now(); |
83 | 0 | } |
84 | | |
85 | | static OSSL_TIME get_time_cb(void *arg) |
86 | 0 | { |
87 | 0 | QUIC_CONNECTION *qc = arg; |
88 | |
|
89 | 0 | return get_time(qc); |
90 | 0 | } |
91 | | |
92 | | /* |
93 | | * QCTX is a utility structure which provides information we commonly wish to |
94 | | * unwrap upon an API call being dispatched to us, namely: |
95 | | * |
96 | | * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO |
97 | | * was passed); |
98 | | * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if |
99 | | * a QCSO with a default stream was passed); |
100 | | * - whether a QSSO was passed (xso == NULL must not be used to determine this |
101 | | * because it may be non-NULL when a QCSO is passed if that QCSO has a |
102 | | * default stream); |
103 | | * - whether we are in "I/O context", meaning that non-normal errors can |
104 | | * be reported via SSL_get_error() as well as via ERR. Functions such as |
105 | | * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context" |
106 | | * functions which are allowed to change the value returned by |
107 | | * SSL_get_error. However, other functions (including functions which call |
108 | | * SSL_do_handshake() implicitly) are not allowed to change the return value |
109 | | * of SSL_get_error. |
110 | | */ |
111 | | struct qctx_st { |
112 | | QUIC_CONNECTION *qc; |
113 | | QUIC_XSO *xso; |
114 | | int is_stream, in_io; |
115 | | }; |
116 | | |
117 | | QUIC_NEEDS_LOCK |
118 | | static void quic_set_last_error(QCTX *ctx, int last_error) |
119 | 0 | { |
120 | 0 | if (!ctx->in_io) |
121 | 0 | return; |
122 | | |
123 | 0 | if (ctx->is_stream && ctx->xso != NULL) |
124 | 0 | ctx->xso->last_error = last_error; |
125 | 0 | else if (!ctx->is_stream && ctx->qc != NULL) |
126 | 0 | ctx->qc->last_error = last_error; |
127 | 0 | } |
128 | | |
129 | | /* |
130 | | * Raise a 'normal' error, meaning one that can be reported via SSL_get_error() |
131 | | * rather than via ERR. Note that normal errors must always be raised while |
132 | | * holding a lock. |
133 | | */ |
134 | | QUIC_NEEDS_LOCK |
135 | | static int quic_raise_normal_error(QCTX *ctx, |
136 | | int err) |
137 | 0 | { |
138 | 0 | assert(ctx->in_io); |
139 | 0 | quic_set_last_error(ctx, err); |
140 | |
|
141 | 0 | return 0; |
142 | 0 | } |
143 | | |
144 | | /* |
145 | | * Raise a 'non-normal' error, meaning any error that is not reported via |
146 | | * SSL_get_error() and must be reported via ERR. |
147 | | * |
148 | | * qc should be provided if available. In exceptional circumstances when qc is |
149 | | * not known NULL may be passed. This should generally only happen when an |
150 | | * expect_...() function defined below fails, which generally indicates a |
151 | | * dispatch error or caller error. |
152 | | * |
153 | | * ctx should be NULL if the connection lock is not held. |
154 | | */ |
155 | | static int quic_raise_non_normal_error(QCTX *ctx, |
156 | | const char *file, |
157 | | int line, |
158 | | const char *func, |
159 | | int reason, |
160 | | const char *fmt, |
161 | | ...) |
162 | 0 | { |
163 | 0 | va_list args; |
164 | |
|
165 | 0 | if (ctx != NULL) { |
166 | 0 | quic_set_last_error(ctx, SSL_ERROR_SSL); |
167 | |
|
168 | 0 | if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL) |
169 | 0 | ossl_quic_channel_restore_err_state(ctx->qc->ch); |
170 | 0 | } |
171 | |
|
172 | 0 | ERR_new(); |
173 | 0 | ERR_set_debug(file, line, func); |
174 | |
|
175 | 0 | va_start(args, fmt); |
176 | 0 | ERR_vset_error(ERR_LIB_SSL, reason, fmt, args); |
177 | 0 | va_end(args); |
178 | |
|
179 | 0 | return 0; |
180 | 0 | } |
181 | | |
182 | | #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \ |
183 | 0 | quic_raise_normal_error((ctx), (err)) |
184 | | |
185 | | #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \ |
186 | 0 | quic_raise_non_normal_error((ctx), \ |
187 | 0 | OPENSSL_FILE, OPENSSL_LINE, \ |
188 | 0 | OPENSSL_FUNC, \ |
189 | 0 | (reason), \ |
190 | 0 | (msg)) |
191 | | |
192 | | /* |
193 | | * Given a QCSO or QSSO, initialises a QCTX, determining the contextually |
194 | | * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer. |
195 | | * |
196 | | * After this returns 1, all fields of the passed QCTX are initialised. |
197 | | * Returns 0 on failure. This function is intended to be used to provide API |
198 | | * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure. |
199 | | */ |
200 | | static int expect_quic(const SSL *s, QCTX *ctx) |
201 | 0 | { |
202 | 0 | QUIC_CONNECTION *qc; |
203 | 0 | QUIC_XSO *xso; |
204 | |
|
205 | 0 | ctx->qc = NULL; |
206 | 0 | ctx->xso = NULL; |
207 | 0 | ctx->is_stream = 0; |
208 | |
|
209 | 0 | if (s == NULL) |
210 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL); |
211 | | |
212 | 0 | switch (s->type) { |
213 | 0 | case SSL_TYPE_QUIC_CONNECTION: |
214 | 0 | qc = (QUIC_CONNECTION *)s; |
215 | 0 | ctx->qc = qc; |
216 | 0 | ctx->xso = qc->default_xso; |
217 | 0 | ctx->is_stream = 0; |
218 | 0 | ctx->in_io = 0; |
219 | 0 | return 1; |
220 | | |
221 | 0 | case SSL_TYPE_QUIC_XSO: |
222 | 0 | xso = (QUIC_XSO *)s; |
223 | 0 | ctx->qc = xso->conn; |
224 | 0 | ctx->xso = xso; |
225 | 0 | ctx->is_stream = 1; |
226 | 0 | ctx->in_io = 0; |
227 | 0 | return 1; |
228 | | |
229 | 0 | default: |
230 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
231 | 0 | } |
232 | 0 | } |
233 | | |
234 | | /* |
235 | | * Like expect_quic(), but requires a QUIC_XSO be contextually available. In |
236 | | * other words, requires that the passed QSO be a QSSO or a QCSO with a default |
237 | | * stream. |
238 | | * |
239 | | * remote_init determines if we expect the default XSO to be remotely created or |
240 | | * not. If it is -1, do not instantiate a default XSO if one does not yet exist. |
241 | | * |
242 | | * Channel mutex is acquired and retained on success. |
243 | | */ |
244 | | QUIC_ACQUIRES_LOCK |
245 | | static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init, |
246 | | int in_io, QCTX *ctx) |
247 | 0 | { |
248 | 0 | if (!expect_quic(s, ctx)) |
249 | 0 | return 0; |
250 | | |
251 | 0 | if (in_io) |
252 | 0 | quic_lock_for_io(ctx); |
253 | 0 | else |
254 | 0 | quic_lock(ctx->qc); |
255 | |
|
256 | 0 | if (ctx->xso == NULL && remote_init >= 0) { |
257 | 0 | if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) { |
258 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
259 | 0 | goto err; |
260 | 0 | } |
261 | | |
262 | | /* If we haven't finished the handshake, try to advance it. */ |
263 | 0 | if (quic_do_handshake(ctx) < 1) |
264 | | /* ossl_quic_do_handshake raised error here */ |
265 | 0 | goto err; |
266 | | |
267 | 0 | if (remote_init == 0) { |
268 | 0 | if (!qc_try_create_default_xso_for_write(ctx)) |
269 | 0 | goto err; |
270 | 0 | } else { |
271 | 0 | if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0)) |
272 | 0 | goto err; |
273 | 0 | } |
274 | | |
275 | 0 | ctx->xso = ctx->qc->default_xso; |
276 | 0 | } |
277 | | |
278 | 0 | if (ctx->xso == NULL) { |
279 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); |
280 | 0 | goto err; |
281 | 0 | } |
282 | | |
283 | 0 | return 1; /* coverity[missing_unlock]: lock held */ |
284 | | |
285 | 0 | err: |
286 | 0 | quic_unlock(ctx->qc); |
287 | 0 | return 0; |
288 | 0 | } |
289 | | |
290 | | /* |
291 | | * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still |
292 | | * be non-NULL if the QCSO has a default stream. |
293 | | */ |
294 | | static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx) |
295 | 0 | { |
296 | 0 | if (!expect_quic(s, ctx)) |
297 | 0 | return 0; |
298 | | |
299 | 0 | if (ctx->is_stream) |
300 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL); |
301 | | |
302 | 0 | return 1; |
303 | 0 | } |
304 | | |
305 | | /* |
306 | | * Ensures that the channel mutex is held for a method which touches channel |
307 | | * state. |
308 | | * |
309 | | * Precondition: Channel mutex is not held (unchecked) |
310 | | */ |
311 | | static void quic_lock(QUIC_CONNECTION *qc) |
312 | 0 | { |
313 | 0 | #if defined(OPENSSL_THREADS) |
314 | 0 | ossl_crypto_mutex_lock(qc->mutex); |
315 | 0 | #endif |
316 | 0 | } |
317 | | |
318 | | static void quic_lock_for_io(QCTX *ctx) |
319 | 0 | { |
320 | 0 | quic_lock(ctx->qc); |
321 | 0 | ctx->in_io = 1; |
322 | | |
323 | | /* |
324 | | * We are entering an I/O function so we must update the values returned by |
325 | | * SSL_get_error and SSL_want. Set no error. This will be overridden later |
326 | | * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR |
327 | | * occurs during the API call. |
328 | | */ |
329 | 0 | quic_set_last_error(ctx, SSL_ERROR_NONE); |
330 | 0 | } |
331 | | |
332 | | /* Precondition: Channel mutex is held (unchecked) */ |
333 | | QUIC_NEEDS_LOCK |
334 | | static void quic_unlock(QUIC_CONNECTION *qc) |
335 | 0 | { |
336 | 0 | #if defined(OPENSSL_THREADS) |
337 | 0 | ossl_crypto_mutex_unlock(qc->mutex); |
338 | 0 | #endif |
339 | 0 | } |
340 | | |
341 | | /* |
342 | | * This predicate is the criterion which should determine API call rejection for |
343 | | * *most* mutating API calls, particularly stream-related operations for send |
344 | | * parts. |
345 | | * |
346 | | * A call is rejected (this function returns 0) if shutdown is in progress |
347 | | * (stream flushing), or we are in a TERMINATING or TERMINATED state. If |
348 | | * req_active=1, the connection must be active (i.e., the IDLE state is also |
349 | | * rejected). |
350 | | */ |
351 | | static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active) |
352 | 0 | { |
353 | 0 | if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch)) |
354 | 0 | return 0; |
355 | | |
356 | 0 | if (req_active && !ossl_quic_channel_is_active(qc->ch)) |
357 | 0 | return 0; |
358 | | |
359 | 0 | return 1; |
360 | 0 | } |
361 | | |
362 | | /* |
363 | | * QUIC Front-End I/O API: Initialization |
364 | | * ====================================== |
365 | | * |
366 | | * SSL_new => ossl_quic_new |
367 | | * ossl_quic_init |
368 | | * SSL_reset => ossl_quic_reset |
369 | | * SSL_clear => ossl_quic_clear |
370 | | * ossl_quic_deinit |
371 | | * SSL_free => ossl_quic_free |
372 | | * |
373 | | * SSL_set_options => ossl_quic_set_options |
374 | | * SSL_get_options => ossl_quic_get_options |
375 | | * SSL_clear_options => ossl_quic_clear_options |
376 | | * |
377 | | */ |
378 | | |
379 | | /* SSL_new */ |
380 | | SSL *ossl_quic_new(SSL_CTX *ctx) |
381 | 0 | { |
382 | 0 | QUIC_CONNECTION *qc = NULL; |
383 | 0 | SSL *ssl_base = NULL; |
384 | 0 | SSL_CONNECTION *sc = NULL; |
385 | |
|
386 | 0 | qc = OPENSSL_zalloc(sizeof(*qc)); |
387 | 0 | if (qc == NULL) { |
388 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); |
389 | 0 | return NULL; |
390 | 0 | } |
391 | 0 | #if defined(OPENSSL_THREADS) |
392 | 0 | if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) { |
393 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); |
394 | 0 | goto err; |
395 | 0 | } |
396 | 0 | #endif |
397 | | |
398 | | /* Initialise the QUIC_CONNECTION's stub header. */ |
399 | 0 | ssl_base = &qc->ssl; |
400 | 0 | if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) { |
401 | 0 | ssl_base = NULL; |
402 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
403 | 0 | goto err; |
404 | 0 | } |
405 | | |
406 | 0 | qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method()); |
407 | 0 | if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { |
408 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
409 | 0 | goto err; |
410 | 0 | } |
411 | | |
412 | | /* override the user_ssl of the inner connection */ |
413 | 0 | sc->s3.flags |= TLS1_FLAGS_QUIC; |
414 | | |
415 | | /* Restrict options derived from the SSL_CTX. */ |
416 | 0 | sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN; |
417 | 0 | sc->pha_enabled = 0; |
418 | |
|
419 | 0 | #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) |
420 | 0 | qc->is_thread_assisted |
421 | 0 | = (ssl_base->method == OSSL_QUIC_client_thread_method()); |
422 | 0 | #endif |
423 | |
|
424 | 0 | qc->as_server = 0; /* TODO(QUIC SERVER): add server support */ |
425 | 0 | qc->as_server_state = qc->as_server; |
426 | |
|
427 | 0 | qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; |
428 | 0 | qc->default_ssl_mode = qc->ssl.ctx->mode; |
429 | 0 | qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS; |
430 | 0 | qc->desires_blocking = 1; |
431 | 0 | qc->blocking = 0; |
432 | 0 | qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; |
433 | 0 | qc->last_error = SSL_ERROR_NONE; |
434 | |
|
435 | 0 | if (!create_channel(qc)) |
436 | 0 | goto err; |
437 | | |
438 | 0 | ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base); |
439 | 0 | ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg); |
440 | |
|
441 | 0 | qc_update_reject_policy(qc); |
442 | | |
443 | | /* |
444 | | * We do not create the default XSO yet. The reason for this is that the |
445 | | * stream ID of the default XSO will depend on whether the stream is client |
446 | | * or server-initiated, which depends on who transmits first. Since we do |
447 | | * not know whether the application will be using a client-transmits-first |
448 | | * or server-transmits-first protocol, we defer default XSO creation until |
449 | | * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first, |
450 | | * we take that as a cue that the client is expecting a server-initiated |
451 | | * stream, and vice versa if SSL_write() is called first. |
452 | | */ |
453 | 0 | return ssl_base; |
454 | | |
455 | 0 | err: |
456 | 0 | if (ssl_base == NULL) { |
457 | 0 | #if defined(OPENSSL_THREADS) |
458 | 0 | ossl_crypto_mutex_free(&qc->mutex); |
459 | 0 | #endif |
460 | 0 | OPENSSL_free(qc); |
461 | 0 | } else { |
462 | 0 | SSL_free(ssl_base); |
463 | 0 | } |
464 | 0 | return NULL; |
465 | 0 | } |
466 | | |
467 | | /* SSL_free */ |
468 | | QUIC_TAKES_LOCK |
469 | | void ossl_quic_free(SSL *s) |
470 | 0 | { |
471 | 0 | QCTX ctx; |
472 | 0 | int is_default; |
473 | | |
474 | | /* We should never be called on anything but a QSO. */ |
475 | 0 | if (!expect_quic(s, &ctx)) |
476 | 0 | return; |
477 | | |
478 | 0 | quic_lock(ctx.qc); |
479 | |
|
480 | 0 | if (ctx.is_stream) { |
481 | | /* |
482 | | * When a QSSO is freed, the XSO is freed immediately, because the XSO |
483 | | * itself only contains API personality layer data. However the |
484 | | * underlying QUIC_STREAM is not freed immediately but is instead marked |
485 | | * as deleted for later collection. |
486 | | */ |
487 | |
|
488 | 0 | assert(ctx.qc->num_xso > 0); |
489 | 0 | --ctx.qc->num_xso; |
490 | | |
491 | | /* If a stream's send part has not been finished, auto-reset it. */ |
492 | 0 | if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY |
493 | 0 | || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND) |
494 | 0 | && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL)) |
495 | 0 | ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch), |
496 | 0 | ctx.xso->stream, 0); |
497 | | |
498 | | /* Do STOP_SENDING for the receive part, if applicable. */ |
499 | 0 | if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV |
500 | 0 | || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN) |
501 | 0 | ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch), |
502 | 0 | ctx.xso->stream, 0); |
503 | | |
504 | | /* Update stream state. */ |
505 | 0 | ctx.xso->stream->deleted = 1; |
506 | 0 | ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch), |
507 | 0 | ctx.xso->stream); |
508 | |
|
509 | 0 | is_default = (ctx.xso == ctx.qc->default_xso); |
510 | 0 | quic_unlock(ctx.qc); |
511 | | |
512 | | /* |
513 | | * Unref the connection in most cases; the XSO has a ref to the QC and |
514 | | * not vice versa. But for a default XSO, to avoid circular references, |
515 | | * the QC refs the XSO but the XSO does not ref the QC. If we are the |
516 | | * default XSO, we only get here when the QC is being torn down anyway, |
517 | | * so don't call SSL_free(qc) as we are already in it. |
518 | | */ |
519 | 0 | if (!is_default) |
520 | 0 | SSL_free(&ctx.qc->ssl); |
521 | | |
522 | | /* Note: SSL_free calls OPENSSL_free(xso) for us */ |
523 | 0 | return; |
524 | 0 | } |
525 | | |
526 | | /* |
527 | | * Free the default XSO, if any. The QUIC_STREAM is not deleted at this |
528 | | * stage, but is freed during the channel free when the whole QSM is freed. |
529 | | */ |
530 | 0 | if (ctx.qc->default_xso != NULL) { |
531 | 0 | QUIC_XSO *xso = ctx.qc->default_xso; |
532 | |
|
533 | 0 | quic_unlock(ctx.qc); |
534 | 0 | SSL_free(&xso->ssl); |
535 | 0 | quic_lock(ctx.qc); |
536 | 0 | ctx.qc->default_xso = NULL; |
537 | 0 | } |
538 | | |
539 | | /* Ensure we have no remaining XSOs. */ |
540 | 0 | assert(ctx.qc->num_xso == 0); |
541 | | |
542 | 0 | #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) |
543 | 0 | if (ctx.qc->is_thread_assisted && ctx.qc->started) { |
544 | 0 | ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist); |
545 | 0 | ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist); |
546 | 0 | } |
547 | 0 | #endif |
548 | |
|
549 | 0 | SSL_free(ctx.qc->tls); |
550 | |
|
551 | 0 | ossl_quic_channel_free(ctx.qc->ch); |
552 | 0 | ossl_quic_port_free(ctx.qc->port); |
553 | 0 | ossl_quic_engine_free(ctx.qc->engine); |
554 | |
|
555 | 0 | BIO_free_all(ctx.qc->net_rbio); |
556 | 0 | BIO_free_all(ctx.qc->net_wbio); |
557 | |
|
558 | 0 | quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */ |
559 | 0 | #if defined(OPENSSL_THREADS) |
560 | 0 | ossl_crypto_mutex_free(&ctx.qc->mutex); |
561 | 0 | #endif |
562 | | |
563 | | /* |
564 | | * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for |
565 | | * us |
566 | | */ |
567 | 0 | } |
568 | | |
569 | | /* SSL method init */ |
570 | | int ossl_quic_init(SSL *s) |
571 | 0 | { |
572 | | /* Same op as SSL_clear, forward the call. */ |
573 | 0 | return ossl_quic_clear(s); |
574 | 0 | } |
575 | | |
576 | | /* SSL method deinit */ |
577 | | void ossl_quic_deinit(SSL *s) |
578 | 0 | { |
579 | | /* No-op. */ |
580 | 0 | } |
581 | | |
582 | | /* SSL_clear (ssl_reset method) */ |
583 | | int ossl_quic_reset(SSL *s) |
584 | 0 | { |
585 | 0 | QCTX ctx; |
586 | |
|
587 | 0 | if (!expect_quic(s, &ctx)) |
588 | 0 | return 0; |
589 | | |
590 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); |
591 | 0 | return 0; |
592 | 0 | } |
593 | | |
594 | | /* ssl_clear method (unused) */ |
595 | | int ossl_quic_clear(SSL *s) |
596 | 0 | { |
597 | 0 | QCTX ctx; |
598 | |
|
599 | 0 | if (!expect_quic(s, &ctx)) |
600 | 0 | return 0; |
601 | | |
602 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED); |
603 | 0 | return 0; |
604 | 0 | } |
605 | | |
606 | | int ossl_quic_conn_set_override_now_cb(SSL *s, |
607 | | OSSL_TIME (*now_cb)(void *arg), |
608 | | void *now_cb_arg) |
609 | 0 | { |
610 | 0 | QCTX ctx; |
611 | |
|
612 | 0 | if (!expect_quic(s, &ctx)) |
613 | 0 | return 0; |
614 | | |
615 | 0 | quic_lock(ctx.qc); |
616 | |
|
617 | 0 | ctx.qc->override_now_cb = now_cb; |
618 | 0 | ctx.qc->override_now_cb_arg = now_cb_arg; |
619 | |
|
620 | 0 | quic_unlock(ctx.qc); |
621 | 0 | return 1; |
622 | 0 | } |
623 | | |
624 | | void ossl_quic_conn_force_assist_thread_wake(SSL *s) |
625 | 0 | { |
626 | 0 | QCTX ctx; |
627 | |
|
628 | 0 | if (!expect_quic(s, &ctx)) |
629 | 0 | return; |
630 | | |
631 | 0 | #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) |
632 | 0 | if (ctx.qc->is_thread_assisted && ctx.qc->started) |
633 | 0 | ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist); |
634 | 0 | #endif |
635 | 0 | } |
636 | | |
637 | | QUIC_NEEDS_LOCK |
638 | | static void qc_touch_default_xso(QUIC_CONNECTION *qc) |
639 | 0 | { |
640 | 0 | qc->default_xso_created = 1; |
641 | 0 | qc_update_reject_policy(qc); |
642 | 0 | } |
643 | | |
644 | | /* |
645 | | * Changes default XSO. Allows caller to keep reference to the old default XSO |
646 | | * (if any). Reference to new XSO is transferred from caller. |
647 | | */ |
648 | | QUIC_NEEDS_LOCK |
649 | | static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso, |
650 | | int touch, |
651 | | QUIC_XSO **old_xso) |
652 | 0 | { |
653 | 0 | int refs; |
654 | |
|
655 | 0 | *old_xso = NULL; |
656 | |
|
657 | 0 | if (qc->default_xso != xso) { |
658 | 0 | *old_xso = qc->default_xso; /* transfer old XSO ref to caller */ |
659 | |
|
660 | 0 | qc->default_xso = xso; |
661 | |
|
662 | 0 | if (xso == NULL) { |
663 | | /* |
664 | | * Changing to not having a default XSO. XSO becomes standalone and |
665 | | * now has a ref to the QC. |
666 | | */ |
667 | 0 | if (!ossl_assert(SSL_up_ref(&qc->ssl))) |
668 | 0 | return; |
669 | 0 | } else { |
670 | | /* |
671 | | * Changing from not having a default XSO to having one. The new XSO |
672 | | * will have had a reference to the QC we need to drop to avoid a |
673 | | * circular reference. |
674 | | * |
675 | | * Currently we never change directly from one default XSO to |
676 | | * another, though this function would also still be correct if this |
677 | | * weren't the case. |
678 | | */ |
679 | 0 | assert(*old_xso == NULL); |
680 | | |
681 | 0 | CRYPTO_DOWN_REF(&qc->ssl.references, &refs); |
682 | 0 | assert(refs > 0); |
683 | 0 | } |
684 | 0 | } |
685 | | |
686 | 0 | if (touch) |
687 | 0 | qc_touch_default_xso(qc); |
688 | 0 | } |
689 | | |
690 | | /* |
691 | | * Changes default XSO, releasing the reference to any previous default XSO. |
692 | | * Reference to new XSO is transferred from caller. |
693 | | */ |
694 | | QUIC_NEEDS_LOCK |
695 | | static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch) |
696 | 0 | { |
697 | 0 | QUIC_XSO *old_xso = NULL; |
698 | |
|
699 | 0 | qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso); |
700 | |
|
701 | 0 | if (old_xso != NULL) |
702 | 0 | SSL_free(&old_xso->ssl); |
703 | 0 | } |
704 | | |
705 | | QUIC_NEEDS_LOCK |
706 | | static void xso_update_options(QUIC_XSO *xso) |
707 | 0 | { |
708 | 0 | int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0); |
709 | |
|
710 | 0 | if (xso->stream->rstream != NULL) |
711 | 0 | ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse); |
712 | |
|
713 | 0 | if (xso->stream->sstream != NULL) |
714 | 0 | ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse); |
715 | 0 | } |
716 | | |
717 | | /* |
718 | | * SSL_set_options |
719 | | * --------------- |
720 | | * |
721 | | * Setting options on a QCSO |
722 | | * - configures the handshake-layer options; |
723 | | * - configures the default data-plane options for new streams; |
724 | | * - configures the data-plane options on the default XSO, if there is one. |
725 | | * |
726 | | * Setting options on a QSSO |
727 | | * - configures data-plane options for that stream only. |
728 | | */ |
729 | | QUIC_TAKES_LOCK |
730 | | static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value) |
731 | 0 | { |
732 | 0 | QCTX ctx; |
733 | 0 | uint64_t hs_mask_value, hs_or_value, ret; |
734 | |
|
735 | 0 | if (!expect_quic(ssl, &ctx)) |
736 | 0 | return 0; |
737 | | |
738 | 0 | quic_lock(ctx.qc); |
739 | |
|
740 | 0 | if (!ctx.is_stream) { |
741 | | /* |
742 | | * If we were called on the connection, we apply any handshake option |
743 | | * changes. |
744 | | */ |
745 | 0 | hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); |
746 | 0 | hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN); |
747 | |
|
748 | 0 | SSL_clear_options(ctx.qc->tls, hs_mask_value); |
749 | 0 | SSL_set_options(ctx.qc->tls, hs_or_value); |
750 | | |
751 | | /* Update defaults for new streams. */ |
752 | 0 | ctx.qc->default_ssl_options |
753 | 0 | = ((ctx.qc->default_ssl_options & ~mask_value) | or_value) |
754 | 0 | & OSSL_QUIC_PERMITTED_OPTIONS; |
755 | 0 | } |
756 | |
|
757 | 0 | if (ctx.xso != NULL) { |
758 | 0 | ctx.xso->ssl_options |
759 | 0 | = ((ctx.xso->ssl_options & ~mask_value) | or_value) |
760 | 0 | & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; |
761 | |
|
762 | 0 | xso_update_options(ctx.xso); |
763 | 0 | } |
764 | |
|
765 | 0 | ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options; |
766 | |
|
767 | 0 | quic_unlock(ctx.qc); |
768 | 0 | return ret; |
769 | 0 | } |
770 | | |
771 | | uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options) |
772 | 0 | { |
773 | 0 | return quic_mask_or_options(ssl, 0, options); |
774 | 0 | } |
775 | | |
776 | | /* SSL_clear_options */ |
777 | | uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options) |
778 | 0 | { |
779 | 0 | return quic_mask_or_options(ssl, options, 0); |
780 | 0 | } |
781 | | |
782 | | /* SSL_get_options */ |
783 | | uint64_t ossl_quic_get_options(const SSL *ssl) |
784 | 0 | { |
785 | 0 | return quic_mask_or_options((SSL *)ssl, 0, 0); |
786 | 0 | } |
787 | | |
788 | | /* |
789 | | * QUIC Front-End I/O API: Network BIO Configuration |
790 | | * ================================================= |
791 | | * |
792 | | * Handling the different BIOs is difficult: |
793 | | * |
794 | | * - It is more or less a requirement that we use non-blocking network I/O; |
795 | | * we need to be able to have timeouts on recv() calls, and make best effort |
796 | | * (non blocking) send() and recv() calls. |
797 | | * |
798 | | * The only sensible way to do this is to configure the socket into |
799 | | * non-blocking mode. We could try to do select() before calling send() or |
800 | | * recv() to get a guarantee that the call will not block, but this will |
801 | | * probably run into issues with buggy OSes which generate spurious socket |
802 | | * readiness events. In any case, relying on this to work reliably does not |
803 | | * seem sane. |
804 | | * |
805 | | * Timeouts could be handled via setsockopt() socket timeout options, but |
806 | | * this depends on OS support and adds another syscall to every network I/O |
807 | | * operation. It also has obvious thread safety concerns if we want to move |
808 | | * to concurrent use of a single socket at some later date. |
809 | | * |
810 | | * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to |
811 | | * be made non-blocking. However some OSes (e.g. Windows) do not support |
812 | | * this, so we cannot rely on this. |
813 | | * |
814 | | * As such, we need to configure any FD in non-blocking mode. This may |
815 | | * confound users who pass a blocking socket to libssl. However, in practice |
816 | | * it would be extremely strange for a user of QUIC to pass an FD to us, |
817 | | * then also try and send receive traffic on the same socket(!). Thus the |
818 | | * impact of this should be limited, and can be documented. |
819 | | * |
820 | | * - We support both blocking and non-blocking operation in terms of the API |
821 | | * presented to the user. One prospect is to set the blocking mode based on |
822 | | * whether the socket passed to us was already in blocking mode. However, |
823 | | * Windows has no API for determining if a socket is in blocking mode (!), |
824 | | * therefore this cannot be done portably. Currently therefore we expose an |
825 | | * explicit API call to set this, and default to blocking mode. |
826 | | * |
827 | | * - We need to determine our initial destination UDP address. The "natural" |
828 | | * way for a user to do this is to set the peer variable on a BIO_dgram. |
829 | | * However, this has problems because BIO_dgram's peer variable is used for |
830 | | * both transmission and reception. This means it can be constantly being |
831 | | * changed to a malicious value (e.g. if some random unrelated entity on the |
832 | | * network starts sending traffic to us) on every read call. This is not a |
833 | | * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg |
834 | | * calls only, which do not use this variable. However, we do need to let |
835 | | * the user specify the peer in a 'normal' manner. The compromise here is |
836 | | * that we grab the current peer value set at the time the write BIO is set |
837 | | * and do not read the value again. |
838 | | * |
839 | | * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs. |
840 | | * Currently we do this by only supporting non-blocking mode. |
841 | | * |
842 | | */ |
843 | | |
844 | | /* |
845 | | * Determines what initial destination UDP address we should use, if possible. |
846 | | * If this fails the client must set the destination address manually, or use a |
847 | | * BIO which does not need a destination address. |
848 | | */ |
849 | | static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer) |
850 | 0 | { |
851 | 0 | if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0) |
852 | 0 | return 0; |
853 | | |
854 | 0 | return 1; |
855 | 0 | } |
856 | | |
857 | | static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc) |
858 | 0 | { |
859 | 0 | QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch); |
860 | |
|
861 | 0 | return ossl_quic_reactor_can_poll_r(rtor) |
862 | 0 | && ossl_quic_reactor_can_poll_w(rtor); |
863 | 0 | } |
864 | | |
865 | | static void qc_update_can_support_blocking(QUIC_CONNECTION *qc) |
866 | 0 | { |
867 | 0 | ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */ |
868 | 0 | } |
869 | | |
870 | | static void qc_update_blocking_mode(QUIC_CONNECTION *qc) |
871 | 0 | { |
872 | 0 | qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc); |
873 | 0 | } |
874 | | |
875 | | void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio) |
876 | 0 | { |
877 | 0 | QCTX ctx; |
878 | |
|
879 | 0 | if (!expect_quic(s, &ctx)) |
880 | 0 | return; |
881 | | |
882 | 0 | if (ctx.qc->net_rbio == net_rbio) |
883 | 0 | return; |
884 | | |
885 | 0 | if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio)) |
886 | 0 | return; |
887 | | |
888 | 0 | BIO_free_all(ctx.qc->net_rbio); |
889 | 0 | ctx.qc->net_rbio = net_rbio; |
890 | |
|
891 | 0 | if (net_rbio != NULL) |
892 | 0 | BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */ |
893 | | |
894 | | /* |
895 | | * Determine if the current pair of read/write BIOs now set allows blocking |
896 | | * mode to be supported. |
897 | | */ |
898 | 0 | qc_update_can_support_blocking(ctx.qc); |
899 | 0 | qc_update_blocking_mode(ctx.qc); |
900 | 0 | } |
901 | | |
902 | | void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio) |
903 | 0 | { |
904 | 0 | QCTX ctx; |
905 | |
|
906 | 0 | if (!expect_quic(s, &ctx)) |
907 | 0 | return; |
908 | | |
909 | 0 | if (ctx.qc->net_wbio == net_wbio) |
910 | 0 | return; |
911 | | |
912 | 0 | if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio)) |
913 | 0 | return; |
914 | | |
915 | 0 | BIO_free_all(ctx.qc->net_wbio); |
916 | 0 | ctx.qc->net_wbio = net_wbio; |
917 | |
|
918 | 0 | if (net_wbio != NULL) |
919 | 0 | BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */ |
920 | | |
921 | | /* |
922 | | * Determine if the current pair of read/write BIOs now set allows blocking |
923 | | * mode to be supported. |
924 | | */ |
925 | 0 | qc_update_can_support_blocking(ctx.qc); |
926 | 0 | qc_update_blocking_mode(ctx.qc); |
927 | 0 | } |
928 | | |
929 | | BIO *ossl_quic_conn_get_net_rbio(const SSL *s) |
930 | 0 | { |
931 | 0 | QCTX ctx; |
932 | |
|
933 | 0 | if (!expect_quic(s, &ctx)) |
934 | 0 | return NULL; |
935 | | |
936 | 0 | return ctx.qc->net_rbio; |
937 | 0 | } |
938 | | |
939 | | BIO *ossl_quic_conn_get_net_wbio(const SSL *s) |
940 | 0 | { |
941 | 0 | QCTX ctx; |
942 | |
|
943 | 0 | if (!expect_quic(s, &ctx)) |
944 | 0 | return NULL; |
945 | | |
946 | 0 | return ctx.qc->net_wbio; |
947 | 0 | } |
948 | | |
949 | | int ossl_quic_conn_get_blocking_mode(const SSL *s) |
950 | 0 | { |
951 | 0 | QCTX ctx; |
952 | |
|
953 | 0 | if (!expect_quic(s, &ctx)) |
954 | 0 | return 0; |
955 | | |
956 | 0 | if (ctx.is_stream) |
957 | 0 | return xso_blocking_mode(ctx.xso); |
958 | | |
959 | 0 | return qc_blocking_mode(ctx.qc); |
960 | 0 | } |
961 | | |
962 | | QUIC_TAKES_LOCK |
963 | | int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking) |
964 | 0 | { |
965 | 0 | int ret = 0; |
966 | 0 | QCTX ctx; |
967 | |
|
968 | 0 | if (!expect_quic(s, &ctx)) |
969 | 0 | return 0; |
970 | | |
971 | 0 | quic_lock(ctx.qc); |
972 | | |
973 | | /* Sanity check - can we support the request given the current network BIO? */ |
974 | 0 | if (blocking) { |
975 | | /* |
976 | | * If called directly on a QCSO, update our information on network BIO |
977 | | * capabilities. |
978 | | */ |
979 | 0 | if (!ctx.is_stream) |
980 | 0 | qc_update_can_support_blocking(ctx.qc); |
981 | | |
982 | | /* Cannot enable blocking mode if we do not have pollable FDs. */ |
983 | 0 | if (!qc_can_support_blocking_cached(ctx.qc)) { |
984 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL); |
985 | 0 | goto out; |
986 | 0 | } |
987 | 0 | } |
988 | | |
989 | 0 | if (!ctx.is_stream) |
990 | | /* |
991 | | * If called directly on a QCSO, update default and connection-level |
992 | | * blocking modes. |
993 | | */ |
994 | 0 | ctx.qc->desires_blocking = (blocking != 0); |
995 | |
|
996 | 0 | if (ctx.xso != NULL) { |
997 | | /* |
998 | | * If called on a QSSO or a QCSO with a default XSO, update the blocking |
999 | | * mode. |
1000 | | */ |
1001 | 0 | ctx.xso->desires_blocking = (blocking != 0); |
1002 | 0 | ctx.xso->desires_blocking_set = 1; |
1003 | 0 | } |
1004 | |
|
1005 | 0 | ret = 1; |
1006 | 0 | out: |
1007 | 0 | qc_update_blocking_mode(ctx.qc); |
1008 | 0 | quic_unlock(ctx.qc); |
1009 | 0 | return ret; |
1010 | 0 | } |
1011 | | |
1012 | | int ossl_quic_conn_set_initial_peer_addr(SSL *s, |
1013 | | const BIO_ADDR *peer_addr) |
1014 | 0 | { |
1015 | 0 | QCTX ctx; |
1016 | |
|
1017 | 0 | if (!expect_quic(s, &ctx)) |
1018 | 0 | return 0; |
1019 | | |
1020 | 0 | if (ctx.qc->started) |
1021 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, |
1022 | 0 | NULL); |
1023 | | |
1024 | 0 | if (peer_addr == NULL) { |
1025 | 0 | BIO_ADDR_clear(&ctx.qc->init_peer_addr); |
1026 | 0 | return 1; |
1027 | 0 | } |
1028 | | |
1029 | 0 | ctx.qc->init_peer_addr = *peer_addr; |
1030 | 0 | return 1; |
1031 | 0 | } |
1032 | | |
1033 | | /* |
1034 | | * QUIC Front-End I/O API: Asynchronous I/O Management |
1035 | | * =================================================== |
1036 | | * |
1037 | | * (BIO/)SSL_handle_events => ossl_quic_handle_events |
1038 | | * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout |
1039 | | * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd |
1040 | | * |
1041 | | */ |
1042 | | |
1043 | | /* Returns 1 if the connection is being used in blocking mode. */ |
1044 | | static int qc_blocking_mode(const QUIC_CONNECTION *qc) |
1045 | 0 | { |
1046 | 0 | return qc->blocking; |
1047 | 0 | } |
1048 | | |
1049 | | static int xso_blocking_mode(const QUIC_XSO *xso) |
1050 | 0 | { |
1051 | 0 | if (xso->desires_blocking_set) |
1052 | 0 | return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn); |
1053 | 0 | else |
1054 | | /* Only ever set if we can support blocking. */ |
1055 | 0 | return xso->conn->blocking; |
1056 | 0 | } |
1057 | | |
1058 | | /* SSL_handle_events; performs QUIC I/O and timeout processing. */ |
1059 | | QUIC_TAKES_LOCK |
1060 | | int ossl_quic_handle_events(SSL *s) |
1061 | 0 | { |
1062 | 0 | QCTX ctx; |
1063 | |
|
1064 | 0 | if (!expect_quic(s, &ctx)) |
1065 | 0 | return 0; |
1066 | | |
1067 | 0 | quic_lock(ctx.qc); |
1068 | 0 | ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0); |
1069 | 0 | quic_unlock(ctx.qc); |
1070 | 0 | return 1; |
1071 | 0 | } |
1072 | | |
1073 | | /* |
1074 | | * SSL_get_event_timeout. Get the time in milliseconds until the SSL object |
1075 | | * should next have events handled by the application by calling |
1076 | | * SSL_handle_events(). tv is set to 0 if the object should have events handled |
1077 | | * immediately. If no timeout is currently active, *is_infinite is set to 1 and |
1078 | | * the value of *tv is undefined. |
1079 | | */ |
1080 | | QUIC_TAKES_LOCK |
1081 | | int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite) |
1082 | 0 | { |
1083 | 0 | QCTX ctx; |
1084 | 0 | OSSL_TIME deadline = ossl_time_infinite(); |
1085 | |
|
1086 | 0 | if (!expect_quic(s, &ctx)) |
1087 | 0 | return 0; |
1088 | | |
1089 | 0 | quic_lock(ctx.qc); |
1090 | |
|
1091 | 0 | deadline |
1092 | 0 | = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch)); |
1093 | |
|
1094 | 0 | if (ossl_time_is_infinite(deadline)) { |
1095 | 0 | *is_infinite = 1; |
1096 | | |
1097 | | /* |
1098 | | * Robustness against faulty applications that don't check *is_infinite; |
1099 | | * harmless long timeout. |
1100 | | */ |
1101 | 0 | tv->tv_sec = 1000000; |
1102 | 0 | tv->tv_usec = 0; |
1103 | |
|
1104 | 0 | quic_unlock(ctx.qc); |
1105 | 0 | return 1; |
1106 | 0 | } |
1107 | | |
1108 | 0 | *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc))); |
1109 | 0 | *is_infinite = 0; |
1110 | 0 | quic_unlock(ctx.qc); |
1111 | 0 | return 1; |
1112 | 0 | } |
1113 | | |
1114 | | /* SSL_get_rpoll_descriptor */ |
1115 | | int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) |
1116 | 0 | { |
1117 | 0 | QCTX ctx; |
1118 | |
|
1119 | 0 | if (!expect_quic(s, &ctx)) |
1120 | 0 | return 0; |
1121 | | |
1122 | 0 | if (desc == NULL || ctx.qc->net_rbio == NULL) |
1123 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
1124 | 0 | NULL); |
1125 | | |
1126 | 0 | return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc); |
1127 | 0 | } |
1128 | | |
1129 | | /* SSL_get_wpoll_descriptor */ |
1130 | | int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc) |
1131 | 0 | { |
1132 | 0 | QCTX ctx; |
1133 | |
|
1134 | 0 | if (!expect_quic(s, &ctx)) |
1135 | 0 | return 0; |
1136 | | |
1137 | 0 | if (desc == NULL || ctx.qc->net_wbio == NULL) |
1138 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
1139 | 0 | NULL); |
1140 | | |
1141 | 0 | return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc); |
1142 | 0 | } |
1143 | | |
1144 | | /* SSL_net_read_desired */ |
1145 | | QUIC_TAKES_LOCK |
1146 | | int ossl_quic_get_net_read_desired(SSL *s) |
1147 | 0 | { |
1148 | 0 | QCTX ctx; |
1149 | 0 | int ret; |
1150 | |
|
1151 | 0 | if (!expect_quic(s, &ctx)) |
1152 | 0 | return 0; |
1153 | | |
1154 | 0 | quic_lock(ctx.qc); |
1155 | 0 | ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch)); |
1156 | 0 | quic_unlock(ctx.qc); |
1157 | 0 | return ret; |
1158 | 0 | } |
1159 | | |
1160 | | /* SSL_net_write_desired */ |
1161 | | QUIC_TAKES_LOCK |
1162 | | int ossl_quic_get_net_write_desired(SSL *s) |
1163 | 0 | { |
1164 | 0 | int ret; |
1165 | 0 | QCTX ctx; |
1166 | |
|
1167 | 0 | if (!expect_quic(s, &ctx)) |
1168 | 0 | return 0; |
1169 | | |
1170 | 0 | quic_lock(ctx.qc); |
1171 | 0 | ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch)); |
1172 | 0 | quic_unlock(ctx.qc); |
1173 | 0 | return ret; |
1174 | 0 | } |
1175 | | |
1176 | | /* |
1177 | | * QUIC Front-End I/O API: Connection Lifecycle Operations |
1178 | | * ======================================================= |
1179 | | * |
1180 | | * SSL_do_handshake => ossl_quic_do_handshake |
1181 | | * SSL_set_connect_state => ossl_quic_set_connect_state |
1182 | | * SSL_set_accept_state => ossl_quic_set_accept_state |
1183 | | * SSL_shutdown => ossl_quic_shutdown |
1184 | | * SSL_ctrl => ossl_quic_ctrl |
1185 | | * (BIO/)SSL_connect => ossl_quic_connect |
1186 | | * (BIO/)SSL_accept => ossl_quic_accept |
1187 | | * |
1188 | | */ |
1189 | | |
1190 | | QUIC_NEEDS_LOCK |
1191 | | static void qc_shutdown_flush_init(QUIC_CONNECTION *qc) |
1192 | 0 | { |
1193 | 0 | QUIC_STREAM_MAP *qsm; |
1194 | |
|
1195 | 0 | if (qc->shutting_down) |
1196 | 0 | return; |
1197 | | |
1198 | 0 | qsm = ossl_quic_channel_get_qsm(qc->ch); |
1199 | |
|
1200 | 0 | ossl_quic_stream_map_begin_shutdown_flush(qsm); |
1201 | 0 | qc->shutting_down = 1; |
1202 | 0 | } |
1203 | | |
1204 | | /* Returns 1 if all shutdown-flush streams have been done with. */ |
1205 | | QUIC_NEEDS_LOCK |
1206 | | static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc) |
1207 | 0 | { |
1208 | 0 | QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); |
1209 | |
|
1210 | 0 | return qc->shutting_down |
1211 | 0 | && ossl_quic_stream_map_is_shutdown_flush_finished(qsm); |
1212 | 0 | } |
1213 | | |
1214 | | /* SSL_shutdown */ |
1215 | | static int quic_shutdown_wait(void *arg) |
1216 | 0 | { |
1217 | 0 | QUIC_CONNECTION *qc = arg; |
1218 | |
|
1219 | 0 | return ossl_quic_channel_is_terminated(qc->ch); |
1220 | 0 | } |
1221 | | |
1222 | | /* Returns 1 if shutdown flush process has finished or is inapplicable. */ |
1223 | | static int quic_shutdown_flush_wait(void *arg) |
1224 | 0 | { |
1225 | 0 | QUIC_CONNECTION *qc = arg; |
1226 | |
|
1227 | 0 | return ossl_quic_channel_is_term_any(qc->ch) |
1228 | 0 | || qc_shutdown_flush_finished(qc); |
1229 | 0 | } |
1230 | | |
1231 | | static int quic_shutdown_peer_wait(void *arg) |
1232 | 0 | { |
1233 | 0 | QUIC_CONNECTION *qc = arg; |
1234 | 0 | return ossl_quic_channel_is_term_any(qc->ch); |
1235 | 0 | } |
1236 | | |
1237 | | QUIC_TAKES_LOCK |
1238 | | int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, |
1239 | | const SSL_SHUTDOWN_EX_ARGS *args, |
1240 | | size_t args_len) |
1241 | 0 | { |
1242 | 0 | int ret; |
1243 | 0 | QCTX ctx; |
1244 | 0 | int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0); |
1245 | 0 | int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0); |
1246 | 0 | int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0); |
1247 | |
|
1248 | 0 | if (!expect_quic(s, &ctx)) |
1249 | 0 | return -1; |
1250 | | |
1251 | 0 | if (ctx.is_stream) { |
1252 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL); |
1253 | 0 | return -1; |
1254 | 0 | } |
1255 | | |
1256 | 0 | quic_lock(ctx.qc); |
1257 | |
|
1258 | 0 | if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { |
1259 | 0 | quic_unlock(ctx.qc); |
1260 | 0 | return 1; |
1261 | 0 | } |
1262 | | |
1263 | | /* Phase 1: Stream Flushing */ |
1264 | 0 | if (!wait_peer && stream_flush) { |
1265 | 0 | qc_shutdown_flush_init(ctx.qc); |
1266 | |
|
1267 | 0 | if (!qc_shutdown_flush_finished(ctx.qc)) { |
1268 | 0 | if (!no_block && qc_blocking_mode(ctx.qc)) { |
1269 | 0 | ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0); |
1270 | 0 | if (ret < 1) { |
1271 | 0 | ret = 0; |
1272 | 0 | goto err; |
1273 | 0 | } |
1274 | 0 | } else { |
1275 | 0 | qctx_maybe_autotick(&ctx); |
1276 | 0 | } |
1277 | 0 | } |
1278 | | |
1279 | 0 | if (!qc_shutdown_flush_finished(ctx.qc)) { |
1280 | 0 | quic_unlock(ctx.qc); |
1281 | 0 | return 0; /* ongoing */ |
1282 | 0 | } |
1283 | 0 | } |
1284 | | |
1285 | | /* Phase 2: Connection Closure */ |
1286 | 0 | if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) { |
1287 | 0 | if (!no_block && qc_blocking_mode(ctx.qc)) { |
1288 | 0 | ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0); |
1289 | 0 | if (ret < 1) { |
1290 | 0 | ret = 0; |
1291 | 0 | goto err; |
1292 | 0 | } |
1293 | 0 | } else { |
1294 | 0 | qctx_maybe_autotick(&ctx); |
1295 | 0 | } |
1296 | | |
1297 | 0 | if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) { |
1298 | 0 | ret = 0; /* peer hasn't closed yet - still not done */ |
1299 | 0 | goto err; |
1300 | 0 | } |
1301 | | |
1302 | | /* |
1303 | | * We are at least terminating - go through the normal process of |
1304 | | * waiting until we are in the TERMINATED state. |
1305 | | */ |
1306 | 0 | } |
1307 | | |
1308 | | /* Block mutation ops regardless of if we did stream flush. */ |
1309 | 0 | ctx.qc->shutting_down = 1; |
1310 | | |
1311 | | /* |
1312 | | * This call is a no-op if we are already terminating, so it doesn't |
1313 | | * affect the wait_peer case. |
1314 | | */ |
1315 | 0 | ossl_quic_channel_local_close(ctx.qc->ch, |
1316 | 0 | args != NULL ? args->quic_error_code : 0, |
1317 | 0 | args != NULL ? args->quic_reason : NULL); |
1318 | |
|
1319 | 0 | SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN); |
1320 | |
|
1321 | 0 | if (ossl_quic_channel_is_terminated(ctx.qc->ch)) { |
1322 | 0 | quic_unlock(ctx.qc); |
1323 | 0 | return 1; |
1324 | 0 | } |
1325 | | |
1326 | | /* Phase 3: Terminating Wait Time */ |
1327 | 0 | if (!no_block && qc_blocking_mode(ctx.qc) |
1328 | 0 | && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) { |
1329 | 0 | ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0); |
1330 | 0 | if (ret < 1) { |
1331 | 0 | ret = 0; |
1332 | 0 | goto err; |
1333 | 0 | } |
1334 | 0 | } else { |
1335 | 0 | qctx_maybe_autotick(&ctx); |
1336 | 0 | } |
1337 | | |
1338 | 0 | ret = ossl_quic_channel_is_terminated(ctx.qc->ch); |
1339 | 0 | err: |
1340 | 0 | quic_unlock(ctx.qc); |
1341 | 0 | return ret; |
1342 | 0 | } |
1343 | | |
1344 | | /* SSL_ctrl */ |
1345 | | long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) |
1346 | 0 | { |
1347 | 0 | QCTX ctx; |
1348 | |
|
1349 | 0 | if (!expect_quic(s, &ctx)) |
1350 | 0 | return 0; |
1351 | | |
1352 | 0 | switch (cmd) { |
1353 | 0 | case SSL_CTRL_MODE: |
1354 | | /* If called on a QCSO, update the default mode. */ |
1355 | 0 | if (!ctx.is_stream) |
1356 | 0 | ctx.qc->default_ssl_mode |= (uint32_t)larg; |
1357 | | |
1358 | | /* |
1359 | | * If we were called on a QSSO or have a default stream, we also update |
1360 | | * that. |
1361 | | */ |
1362 | 0 | if (ctx.xso != NULL) { |
1363 | | /* Cannot enable EPW while AON write in progress. */ |
1364 | 0 | if (ctx.xso->aon_write_in_progress) |
1365 | 0 | larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; |
1366 | |
|
1367 | 0 | ctx.xso->ssl_mode |= (uint32_t)larg; |
1368 | 0 | return ctx.xso->ssl_mode; |
1369 | 0 | } |
1370 | | |
1371 | 0 | return ctx.qc->default_ssl_mode; |
1372 | 0 | case SSL_CTRL_CLEAR_MODE: |
1373 | 0 | if (!ctx.is_stream) |
1374 | 0 | ctx.qc->default_ssl_mode &= ~(uint32_t)larg; |
1375 | |
|
1376 | 0 | if (ctx.xso != NULL) { |
1377 | 0 | ctx.xso->ssl_mode &= ~(uint32_t)larg; |
1378 | 0 | return ctx.xso->ssl_mode; |
1379 | 0 | } |
1380 | | |
1381 | 0 | return ctx.qc->default_ssl_mode; |
1382 | | |
1383 | 0 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
1384 | 0 | ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg); |
1385 | | /* This ctrl also needs to be passed to the internal SSL object */ |
1386 | 0 | return SSL_ctrl(ctx.qc->tls, cmd, larg, parg); |
1387 | | |
1388 | 0 | case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */ |
1389 | 0 | { |
1390 | 0 | int is_infinite; |
1391 | |
|
1392 | 0 | if (!ossl_quic_get_event_timeout(s, parg, &is_infinite)) |
1393 | 0 | return 0; |
1394 | | |
1395 | 0 | return !is_infinite; |
1396 | 0 | } |
1397 | 0 | case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */ |
1398 | | /* For legacy compatibility with DTLS calls. */ |
1399 | 0 | return ossl_quic_handle_events(s) == 1 ? 1 : -1; |
1400 | | |
1401 | | /* Mask ctrls we shouldn't support for QUIC. */ |
1402 | 0 | case SSL_CTRL_GET_READ_AHEAD: |
1403 | 0 | case SSL_CTRL_SET_READ_AHEAD: |
1404 | 0 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
1405 | 0 | case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: |
1406 | 0 | case SSL_CTRL_SET_MAX_PIPELINES: |
1407 | 0 | return 0; |
1408 | | |
1409 | 0 | default: |
1410 | | /* |
1411 | | * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl |
1412 | | * implementation. Either SSL_ctrl will handle it itself by direct |
1413 | | * access into handshake layer state, or failing that, it will be passed |
1414 | | * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not |
1415 | | * supported by anything, the handshake layer's ctrl method will finally |
1416 | | * return 0. |
1417 | | */ |
1418 | 0 | return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1); |
1419 | 0 | } |
1420 | 0 | } |
1421 | | |
1422 | | /* SSL_set_connect_state */ |
1423 | | void ossl_quic_set_connect_state(SSL *s) |
1424 | 0 | { |
1425 | 0 | QCTX ctx; |
1426 | |
|
1427 | 0 | if (!expect_quic(s, &ctx)) |
1428 | 0 | return; |
1429 | | |
1430 | | /* Cannot be changed after handshake started */ |
1431 | 0 | if (ctx.qc->started || ctx.is_stream) |
1432 | 0 | return; |
1433 | | |
1434 | 0 | ctx.qc->as_server_state = 0; |
1435 | 0 | } |
1436 | | |
1437 | | /* SSL_set_accept_state */ |
1438 | | void ossl_quic_set_accept_state(SSL *s) |
1439 | 0 | { |
1440 | 0 | QCTX ctx; |
1441 | |
|
1442 | 0 | if (!expect_quic(s, &ctx)) |
1443 | 0 | return; |
1444 | | |
1445 | | /* Cannot be changed after handshake started */ |
1446 | 0 | if (ctx.qc->started || ctx.is_stream) |
1447 | 0 | return; |
1448 | | |
1449 | 0 | ctx.qc->as_server_state = 1; |
1450 | 0 | } |
1451 | | |
1452 | | /* SSL_do_handshake */ |
1453 | | struct quic_handshake_wait_args { |
1454 | | QUIC_CONNECTION *qc; |
1455 | | }; |
1456 | | |
1457 | | static int tls_wants_non_io_retry(QUIC_CONNECTION *qc) |
1458 | 0 | { |
1459 | 0 | int want = SSL_want(qc->tls); |
1460 | |
|
1461 | 0 | if (want == SSL_X509_LOOKUP |
1462 | 0 | || want == SSL_CLIENT_HELLO_CB |
1463 | 0 | || want == SSL_RETRY_VERIFY) |
1464 | 0 | return 1; |
1465 | | |
1466 | 0 | return 0; |
1467 | 0 | } |
1468 | | |
1469 | | static int quic_handshake_wait(void *arg) |
1470 | 0 | { |
1471 | 0 | struct quic_handshake_wait_args *args = arg; |
1472 | |
|
1473 | 0 | if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) |
1474 | 0 | return -1; |
1475 | | |
1476 | 0 | if (ossl_quic_channel_is_handshake_complete(args->qc->ch)) |
1477 | 0 | return 1; |
1478 | | |
1479 | 0 | if (tls_wants_non_io_retry(args->qc)) |
1480 | 0 | return 1; |
1481 | | |
1482 | 0 | return 0; |
1483 | 0 | } |
1484 | | |
1485 | | static int configure_channel(QUIC_CONNECTION *qc) |
1486 | 0 | { |
1487 | 0 | assert(qc->ch != NULL); |
1488 | | |
1489 | 0 | if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio) |
1490 | 0 | || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio) |
1491 | 0 | || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr)) |
1492 | 0 | return 0; |
1493 | | |
1494 | 0 | return 1; |
1495 | 0 | } |
1496 | | |
1497 | | QUIC_NEEDS_LOCK |
1498 | | static int create_channel(QUIC_CONNECTION *qc) |
1499 | 0 | { |
1500 | 0 | QUIC_ENGINE_ARGS engine_args = {0}; |
1501 | 0 | QUIC_PORT_ARGS port_args = {0}; |
1502 | |
|
1503 | 0 | engine_args.libctx = qc->ssl.ctx->libctx; |
1504 | 0 | engine_args.propq = qc->ssl.ctx->propq; |
1505 | 0 | engine_args.mutex = qc->mutex; |
1506 | 0 | engine_args.now_cb = get_time_cb; |
1507 | 0 | engine_args.now_cb_arg = qc; |
1508 | 0 | qc->engine = ossl_quic_engine_new(&engine_args); |
1509 | 0 | if (qc->engine == NULL) { |
1510 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
1511 | 0 | return 0; |
1512 | 0 | } |
1513 | | |
1514 | 0 | port_args.channel_ctx = qc->ssl.ctx; |
1515 | 0 | qc->port = ossl_quic_engine_create_port(qc->engine, &port_args); |
1516 | 0 | if (qc->port == NULL) { |
1517 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
1518 | 0 | ossl_quic_engine_free(qc->engine); |
1519 | 0 | return 0; |
1520 | 0 | } |
1521 | | |
1522 | 0 | qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); |
1523 | 0 | if (qc->ch == NULL) { |
1524 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
1525 | 0 | ossl_quic_port_free(qc->port); |
1526 | 0 | ossl_quic_engine_free(qc->engine); |
1527 | 0 | return 0; |
1528 | 0 | } |
1529 | | |
1530 | 0 | return 1; |
1531 | 0 | } |
1532 | | |
1533 | | /* |
1534 | | * Configures a channel with the information we have accumulated via calls made |
1535 | | * to us from the application prior to starting a handshake attempt. |
1536 | | */ |
1537 | | QUIC_NEEDS_LOCK |
1538 | | static int ensure_channel_started(QCTX *ctx) |
1539 | 0 | { |
1540 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
1541 | |
|
1542 | 0 | if (!qc->started) { |
1543 | 0 | if (!configure_channel(qc)) { |
1544 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, |
1545 | 0 | "failed to configure channel"); |
1546 | 0 | return 0; |
1547 | 0 | } |
1548 | | |
1549 | 0 | if (!ossl_quic_channel_start(qc->ch)) { |
1550 | 0 | ossl_quic_channel_restore_err_state(qc->ch); |
1551 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, |
1552 | 0 | "failed to start channel"); |
1553 | 0 | return 0; |
1554 | 0 | } |
1555 | | |
1556 | 0 | #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST) |
1557 | 0 | if (qc->is_thread_assisted) |
1558 | 0 | if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch, |
1559 | 0 | qc->override_now_cb, |
1560 | 0 | qc->override_now_cb_arg)) { |
1561 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, |
1562 | 0 | "failed to start assist thread"); |
1563 | 0 | return 0; |
1564 | 0 | } |
1565 | 0 | #endif |
1566 | 0 | } |
1567 | | |
1568 | 0 | qc->started = 1; |
1569 | 0 | return 1; |
1570 | 0 | } |
1571 | | |
1572 | | QUIC_NEEDS_LOCK |
1573 | | static int quic_do_handshake(QCTX *ctx) |
1574 | 0 | { |
1575 | 0 | int ret; |
1576 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
1577 | |
|
1578 | 0 | if (ossl_quic_channel_is_handshake_complete(qc->ch)) |
1579 | | /* Handshake already completed. */ |
1580 | 0 | return 1; |
1581 | | |
1582 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/0)) |
1583 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
1584 | | |
1585 | 0 | if (qc->as_server != qc->as_server_state) { |
1586 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); |
1587 | 0 | return -1; /* Non-protocol error */ |
1588 | 0 | } |
1589 | | |
1590 | 0 | if (qc->net_rbio == NULL || qc->net_wbio == NULL) { |
1591 | | /* Need read and write BIOs. */ |
1592 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL); |
1593 | 0 | return -1; /* Non-protocol error */ |
1594 | 0 | } |
1595 | | |
1596 | | /* |
1597 | | * We need to determine our addressing mode. There are basically two |
1598 | | * ways we can use L4 addresses: |
1599 | | * |
1600 | | * - Addressed mode, in which our BIO_sendmmsg calls have destination |
1601 | | * addresses attached to them which we expect the underlying network BIO |
1602 | | * to handle; |
1603 | | * |
1604 | | * - Unaddressed mode, in which the BIO provided to us on the |
1605 | | * network side neither provides us with L4 addresses nor is capable of |
1606 | | * honouring ones we provide. We don't know where the QUIC traffic we |
1607 | | * send ends up exactly and trust the application to know what it is |
1608 | | * doing. |
1609 | | * |
1610 | | * Addressed mode is preferred because it enables support for connection |
1611 | | * migration, multipath, etc. in the future. Addressed mode is automatically |
1612 | | * enabled if we are using e.g. BIO_s_datagram, with or without |
1613 | | * BIO_s_connect. |
1614 | | * |
1615 | | * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to |
1616 | | * use unaddressed mode unless that BIO supports capability flags indicating |
1617 | | * it can provide and honour L4 addresses. |
1618 | | * |
1619 | | * Our strategy for determining address mode is simple: we probe the |
1620 | | * underlying network BIOs for their capabilities. If the network BIOs |
1621 | | * support what we need, we use addressed mode. Otherwise, we use |
1622 | | * unaddressed mode. |
1623 | | * |
1624 | | * If addressed mode is chosen, we require an initial peer address to be |
1625 | | * set. If this is not set, we fail. If unaddressed mode is used, we do not |
1626 | | * require this, as such an address is superfluous, though it can be set if |
1627 | | * desired. |
1628 | | */ |
1629 | 0 | if (!qc->started && !qc->addressing_probe_done) { |
1630 | 0 | long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio); |
1631 | 0 | long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio); |
1632 | |
|
1633 | 0 | qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0); |
1634 | 0 | qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0); |
1635 | 0 | qc->addressing_probe_done = 1; |
1636 | 0 | } |
1637 | |
|
1638 | 0 | if (!qc->started && qc->addressed_mode_w |
1639 | 0 | && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { |
1640 | | /* |
1641 | | * We are trying to connect and are using addressed mode, which means we |
1642 | | * need an initial peer address; if we do not have a peer address yet, |
1643 | | * we should try to autodetect one. |
1644 | | * |
1645 | | * We do this as late as possible because some BIOs (e.g. BIO_s_connect) |
1646 | | * may not be able to provide us with a peer address until they have |
1647 | | * finished their own processing. They may not be able to perform this |
1648 | | * processing until an application has finished configuring that BIO |
1649 | | * (e.g. with setter calls), which might happen after SSL_set_bio is |
1650 | | * called. |
1651 | | */ |
1652 | 0 | if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr)) |
1653 | | /* best effort */ |
1654 | 0 | BIO_ADDR_clear(&qc->init_peer_addr); |
1655 | 0 | else |
1656 | 0 | ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr); |
1657 | 0 | } |
1658 | |
|
1659 | 0 | if (!qc->started |
1660 | 0 | && qc->addressed_mode_w |
1661 | 0 | && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { |
1662 | | /* |
1663 | | * If we still don't have a peer address in addressed mode, we can't do |
1664 | | * anything. |
1665 | | */ |
1666 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL); |
1667 | 0 | return -1; /* Non-protocol error */ |
1668 | 0 | } |
1669 | | |
1670 | | /* |
1671 | | * Start connection process. Note we may come here multiple times in |
1672 | | * non-blocking mode, which is fine. |
1673 | | */ |
1674 | 0 | if (!ensure_channel_started(ctx)) /* raises on failure */ |
1675 | 0 | return -1; /* Non-protocol error */ |
1676 | | |
1677 | 0 | if (ossl_quic_channel_is_handshake_complete(qc->ch)) |
1678 | | /* The handshake is now done. */ |
1679 | 0 | return 1; |
1680 | | |
1681 | 0 | if (!qc_blocking_mode(qc)) { |
1682 | | /* Try to advance the reactor. */ |
1683 | 0 | qctx_maybe_autotick(ctx); |
1684 | |
|
1685 | 0 | if (ossl_quic_channel_is_handshake_complete(qc->ch)) |
1686 | | /* The handshake is now done. */ |
1687 | 0 | return 1; |
1688 | | |
1689 | 0 | if (ossl_quic_channel_is_term_any(qc->ch)) { |
1690 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
1691 | 0 | return 0; |
1692 | 0 | } else if (qc->desires_blocking) { |
1693 | | /* |
1694 | | * As a special case when doing a handshake when blocking mode is |
1695 | | * desired yet not available, see if the network BIOs have become |
1696 | | * poll descriptor-enabled. This supports BIOs such as BIO_s_connect |
1697 | | * which do late creation of socket FDs and therefore cannot expose |
1698 | | * a poll descriptor until after a network BIO is set on the QCSO. |
1699 | | */ |
1700 | 0 | assert(!qc->blocking); |
1701 | 0 | qc_update_can_support_blocking(qc); |
1702 | 0 | qc_update_blocking_mode(qc); |
1703 | 0 | } |
1704 | 0 | } |
1705 | | |
1706 | | /* |
1707 | | * We are either in blocking mode or just entered it due to the code above. |
1708 | | */ |
1709 | 0 | if (qc_blocking_mode(qc)) { |
1710 | | /* In blocking mode, wait for the handshake to complete. */ |
1711 | 0 | struct quic_handshake_wait_args args; |
1712 | |
|
1713 | 0 | args.qc = qc; |
1714 | |
|
1715 | 0 | ret = block_until_pred(qc, quic_handshake_wait, &args, 0); |
1716 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/1)) { |
1717 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
1718 | 0 | return 0; /* Shutdown before completion */ |
1719 | 0 | } else if (ret <= 0) { |
1720 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
1721 | 0 | return -1; /* Non-protocol error */ |
1722 | 0 | } |
1723 | | |
1724 | 0 | if (tls_wants_non_io_retry(qc)) { |
1725 | 0 | QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); |
1726 | 0 | return -1; |
1727 | 0 | } |
1728 | | |
1729 | 0 | assert(ossl_quic_channel_is_handshake_complete(qc->ch)); |
1730 | 0 | return 1; |
1731 | 0 | } |
1732 | | |
1733 | 0 | if (tls_wants_non_io_retry(qc)) { |
1734 | 0 | QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0)); |
1735 | 0 | return -1; |
1736 | 0 | } |
1737 | | |
1738 | | /* |
1739 | | * Otherwise, indicate that the handshake isn't done yet. |
1740 | | * We can only get here in non-blocking mode. |
1741 | | */ |
1742 | 0 | QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); |
1743 | 0 | return -1; /* Non-protocol error */ |
1744 | 0 | } |
1745 | | |
1746 | | QUIC_TAKES_LOCK |
1747 | | int ossl_quic_do_handshake(SSL *s) |
1748 | 0 | { |
1749 | 0 | int ret; |
1750 | 0 | QCTX ctx; |
1751 | |
|
1752 | 0 | if (!expect_quic(s, &ctx)) |
1753 | 0 | return 0; |
1754 | | |
1755 | 0 | quic_lock_for_io(&ctx); |
1756 | |
|
1757 | 0 | ret = quic_do_handshake(&ctx); |
1758 | 0 | quic_unlock(ctx.qc); |
1759 | 0 | return ret; |
1760 | 0 | } |
1761 | | |
1762 | | /* SSL_connect */ |
1763 | | int ossl_quic_connect(SSL *s) |
1764 | 0 | { |
1765 | | /* Ensure we are in connect state (no-op if non-idle). */ |
1766 | 0 | ossl_quic_set_connect_state(s); |
1767 | | |
1768 | | /* Begin or continue the handshake */ |
1769 | 0 | return ossl_quic_do_handshake(s); |
1770 | 0 | } |
1771 | | |
1772 | | /* SSL_accept */ |
1773 | | int ossl_quic_accept(SSL *s) |
1774 | 0 | { |
1775 | | /* Ensure we are in accept state (no-op if non-idle). */ |
1776 | 0 | ossl_quic_set_accept_state(s); |
1777 | | |
1778 | | /* Begin or continue the handshake */ |
1779 | 0 | return ossl_quic_do_handshake(s); |
1780 | 0 | } |
1781 | | |
1782 | | /* |
1783 | | * QUIC Front-End I/O API: Stream Lifecycle Operations |
1784 | | * =================================================== |
1785 | | * |
1786 | | * SSL_stream_new => ossl_quic_conn_stream_new |
1787 | | * |
1788 | | */ |
1789 | | |
1790 | | /* |
1791 | | * Try to create the default XSO if it doesn't already exist. Returns 1 if the |
1792 | | * default XSO was created. Returns 0 if it was not (e.g. because it already |
1793 | | * exists). Note that this is NOT an error condition. |
1794 | | */ |
1795 | | QUIC_NEEDS_LOCK |
1796 | | static int qc_try_create_default_xso_for_write(QCTX *ctx) |
1797 | 0 | { |
1798 | 0 | uint64_t flags = 0; |
1799 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
1800 | |
|
1801 | 0 | if (qc->default_xso_created |
1802 | 0 | || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) |
1803 | | /* |
1804 | | * We only do this once. If the user detaches a previously created |
1805 | | * default XSO we don't auto-create another one. |
1806 | | */ |
1807 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); |
1808 | | |
1809 | | /* Create a locally-initiated stream. */ |
1810 | 0 | if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI) |
1811 | 0 | flags |= SSL_STREAM_FLAG_UNI; |
1812 | |
|
1813 | 0 | qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags, |
1814 | 0 | /*needs_lock=*/0), |
1815 | 0 | /*touch=*/0); |
1816 | 0 | if (qc->default_xso == NULL) |
1817 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
1818 | | |
1819 | 0 | qc_touch_default_xso(qc); |
1820 | 0 | return 1; |
1821 | 0 | } |
1822 | | |
1823 | | struct quic_wait_for_stream_args { |
1824 | | QUIC_CONNECTION *qc; |
1825 | | QUIC_STREAM *qs; |
1826 | | QCTX *ctx; |
1827 | | uint64_t expect_id; |
1828 | | }; |
1829 | | |
1830 | | QUIC_NEEDS_LOCK |
1831 | | static int quic_wait_for_stream(void *arg) |
1832 | 0 | { |
1833 | 0 | struct quic_wait_for_stream_args *args = arg; |
1834 | |
|
1835 | 0 | if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) { |
1836 | | /* If connection is torn down due to an error while blocking, stop. */ |
1837 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
1838 | 0 | return -1; |
1839 | 0 | } |
1840 | | |
1841 | 0 | args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), |
1842 | 0 | args->expect_id | QUIC_STREAM_DIR_BIDI); |
1843 | 0 | if (args->qs == NULL) |
1844 | 0 | args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch), |
1845 | 0 | args->expect_id | QUIC_STREAM_DIR_UNI); |
1846 | |
|
1847 | 0 | if (args->qs != NULL) |
1848 | 0 | return 1; /* stream now exists */ |
1849 | | |
1850 | 0 | return 0; /* did not get a stream, keep trying */ |
1851 | 0 | } |
1852 | | |
1853 | | QUIC_NEEDS_LOCK |
1854 | | static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek) |
1855 | 0 | { |
1856 | | /* Called on a QCSO and we don't currently have a default stream. */ |
1857 | 0 | uint64_t expect_id; |
1858 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
1859 | 0 | QUIC_STREAM *qs; |
1860 | 0 | int res; |
1861 | 0 | struct quic_wait_for_stream_args wargs; |
1862 | 0 | OSSL_RTT_INFO rtt_info; |
1863 | | |
1864 | | /* |
1865 | | * If default stream functionality is disabled or we already detached |
1866 | | * one, don't make another default stream and just fail. |
1867 | | */ |
1868 | 0 | if (qc->default_xso_created |
1869 | 0 | || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) |
1870 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); |
1871 | | |
1872 | | /* |
1873 | | * The peer may have opened a stream since we last ticked. So tick and |
1874 | | * see if the stream with ordinal 0 (remote, bidi/uni based on stream |
1875 | | * mode) exists yet. QUIC stream IDs must be allocated in order, so the |
1876 | | * first stream created by a peer must have an ordinal of 0. |
1877 | | */ |
1878 | 0 | expect_id = qc->as_server |
1879 | 0 | ? QUIC_STREAM_INITIATOR_CLIENT |
1880 | 0 | : QUIC_STREAM_INITIATOR_SERVER; |
1881 | |
|
1882 | 0 | qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), |
1883 | 0 | expect_id | QUIC_STREAM_DIR_BIDI); |
1884 | 0 | if (qs == NULL) |
1885 | 0 | qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), |
1886 | 0 | expect_id | QUIC_STREAM_DIR_UNI); |
1887 | |
|
1888 | 0 | if (qs == NULL) { |
1889 | 0 | qctx_maybe_autotick(ctx); |
1890 | |
|
1891 | 0 | qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch), |
1892 | 0 | expect_id); |
1893 | 0 | } |
1894 | |
|
1895 | 0 | if (qs == NULL) { |
1896 | 0 | if (peek) |
1897 | 0 | return 0; |
1898 | | |
1899 | 0 | if (!qc_blocking_mode(qc)) |
1900 | | /* Non-blocking mode, so just bail immediately. */ |
1901 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); |
1902 | | |
1903 | | /* Block until we have a stream. */ |
1904 | 0 | wargs.qc = qc; |
1905 | 0 | wargs.qs = NULL; |
1906 | 0 | wargs.ctx = ctx; |
1907 | 0 | wargs.expect_id = expect_id; |
1908 | |
|
1909 | 0 | res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0); |
1910 | 0 | if (res == 0) |
1911 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
1912 | 0 | else if (res < 0 || wargs.qs == NULL) |
1913 | | /* quic_wait_for_stream raised error here */ |
1914 | 0 | return 0; |
1915 | | |
1916 | 0 | qs = wargs.qs; |
1917 | 0 | } |
1918 | | |
1919 | | /* |
1920 | | * We now have qs != NULL. Remove it from the incoming stream queue so that |
1921 | | * it isn't also returned by any future SSL_accept_stream calls. |
1922 | | */ |
1923 | 0 | ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); |
1924 | 0 | ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch), |
1925 | 0 | qs, rtt_info.smoothed_rtt); |
1926 | | |
1927 | | /* |
1928 | | * Now make qs the default stream, creating the necessary XSO. |
1929 | | */ |
1930 | 0 | qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0); |
1931 | 0 | if (qc->default_xso == NULL) |
1932 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
1933 | | |
1934 | 0 | qc_touch_default_xso(qc); /* inhibits default XSO */ |
1935 | 0 | return 1; |
1936 | 0 | } |
1937 | | |
1938 | | QUIC_NEEDS_LOCK |
1939 | | static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs) |
1940 | 0 | { |
1941 | 0 | QUIC_XSO *xso = NULL; |
1942 | |
|
1943 | 0 | if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) { |
1944 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); |
1945 | 0 | goto err; |
1946 | 0 | } |
1947 | | |
1948 | 0 | if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) { |
1949 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); |
1950 | 0 | goto err; |
1951 | 0 | } |
1952 | | |
1953 | | /* XSO refs QC */ |
1954 | 0 | if (!SSL_up_ref(&qc->ssl)) { |
1955 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL); |
1956 | 0 | goto err; |
1957 | 0 | } |
1958 | | |
1959 | 0 | xso->conn = qc; |
1960 | 0 | xso->ssl_mode = qc->default_ssl_mode; |
1961 | 0 | xso->ssl_options |
1962 | 0 | = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM; |
1963 | 0 | xso->last_error = SSL_ERROR_NONE; |
1964 | |
|
1965 | 0 | xso->stream = qs; |
1966 | |
|
1967 | 0 | ++qc->num_xso; |
1968 | 0 | xso_update_options(xso); |
1969 | 0 | return xso; |
1970 | | |
1971 | 0 | err: |
1972 | 0 | OPENSSL_free(xso); |
1973 | 0 | return NULL; |
1974 | 0 | } |
1975 | | |
1976 | | struct quic_new_stream_wait_args { |
1977 | | QUIC_CONNECTION *qc; |
1978 | | int is_uni; |
1979 | | }; |
1980 | | |
1981 | | static int quic_new_stream_wait(void *arg) |
1982 | 0 | { |
1983 | 0 | struct quic_new_stream_wait_args *args = arg; |
1984 | 0 | QUIC_CONNECTION *qc = args->qc; |
1985 | |
|
1986 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/1)) |
1987 | 0 | return -1; |
1988 | | |
1989 | 0 | if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni)) |
1990 | 0 | return 1; |
1991 | | |
1992 | 0 | return 0; |
1993 | 0 | } |
1994 | | |
1995 | | /* locking depends on need_lock */ |
1996 | | static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock) |
1997 | 0 | { |
1998 | 0 | int ret; |
1999 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
2000 | 0 | QUIC_XSO *xso = NULL; |
2001 | 0 | QUIC_STREAM *qs = NULL; |
2002 | 0 | int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0); |
2003 | 0 | int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0); |
2004 | 0 | int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0); |
2005 | |
|
2006 | 0 | if (need_lock) |
2007 | 0 | quic_lock(qc); |
2008 | |
|
2009 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/0)) { |
2010 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2011 | 0 | goto err; |
2012 | 0 | } |
2013 | | |
2014 | 0 | if (!advance |
2015 | 0 | && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) { |
2016 | 0 | struct quic_new_stream_wait_args args; |
2017 | | |
2018 | | /* |
2019 | | * Stream count flow control currently doesn't permit this stream to be |
2020 | | * opened. |
2021 | | */ |
2022 | 0 | if (no_blocking || !qc_blocking_mode(qc)) { |
2023 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL); |
2024 | 0 | goto err; |
2025 | 0 | } |
2026 | | |
2027 | 0 | args.qc = qc; |
2028 | 0 | args.is_uni = is_uni; |
2029 | | |
2030 | | /* Blocking mode - wait until we can get a stream. */ |
2031 | 0 | ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0); |
2032 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/1)) { |
2033 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2034 | 0 | goto err; /* Shutdown before completion */ |
2035 | 0 | } else if (ret <= 0) { |
2036 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2037 | 0 | goto err; /* Non-protocol error */ |
2038 | 0 | } |
2039 | 0 | } |
2040 | | |
2041 | 0 | qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni); |
2042 | 0 | if (qs == NULL) { |
2043 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2044 | 0 | goto err; |
2045 | 0 | } |
2046 | | |
2047 | 0 | xso = create_xso_from_stream(qc, qs); |
2048 | 0 | if (xso == NULL) |
2049 | 0 | goto err; |
2050 | | |
2051 | 0 | qc_touch_default_xso(qc); /* inhibits default XSO */ |
2052 | 0 | if (need_lock) |
2053 | 0 | quic_unlock(qc); |
2054 | |
|
2055 | 0 | return &xso->ssl; |
2056 | | |
2057 | 0 | err: |
2058 | 0 | OPENSSL_free(xso); |
2059 | 0 | ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs); |
2060 | 0 | if (need_lock) |
2061 | 0 | quic_unlock(qc); |
2062 | |
|
2063 | 0 | return NULL; |
2064 | |
|
2065 | 0 | } |
2066 | | |
2067 | | QUIC_TAKES_LOCK |
2068 | | SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags) |
2069 | 0 | { |
2070 | 0 | QCTX ctx; |
2071 | |
|
2072 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
2073 | 0 | return NULL; |
2074 | | |
2075 | 0 | return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1); |
2076 | 0 | } |
2077 | | |
2078 | | /* |
2079 | | * QUIC Front-End I/O API: Steady-State Operations |
2080 | | * =============================================== |
2081 | | * |
2082 | | * Here we dispatch calls to the steady-state front-end I/O API functions; that |
2083 | | * is, the functions used during the established phase of a QUIC connection |
2084 | | * (e.g. SSL_read, SSL_write). |
2085 | | * |
2086 | | * Each function must handle both blocking and non-blocking modes. As discussed |
2087 | | * above, all QUIC I/O is implemented using non-blocking mode internally. |
2088 | | * |
2089 | | * SSL_get_error => partially implemented by ossl_quic_get_error |
2090 | | * SSL_want => ossl_quic_want |
2091 | | * (BIO/)SSL_read => ossl_quic_read |
2092 | | * (BIO/)SSL_write => ossl_quic_write |
2093 | | * SSL_pending => ossl_quic_pending |
2094 | | * SSL_stream_conclude => ossl_quic_conn_stream_conclude |
2095 | | * SSL_key_update => ossl_quic_key_update |
2096 | | */ |
2097 | | |
2098 | | /* SSL_get_error */ |
2099 | | int ossl_quic_get_error(const SSL *s, int i) |
2100 | 0 | { |
2101 | 0 | QCTX ctx; |
2102 | 0 | int net_error, last_error; |
2103 | |
|
2104 | 0 | if (!expect_quic(s, &ctx)) |
2105 | 0 | return 0; |
2106 | | |
2107 | 0 | quic_lock(ctx.qc); |
2108 | 0 | net_error = ossl_quic_channel_net_error(ctx.qc->ch); |
2109 | 0 | last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error; |
2110 | 0 | quic_unlock(ctx.qc); |
2111 | |
|
2112 | 0 | if (net_error) |
2113 | 0 | return SSL_ERROR_SYSCALL; |
2114 | | |
2115 | 0 | return last_error; |
2116 | 0 | } |
2117 | | |
2118 | | /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */ |
2119 | | static int error_to_want(int error) |
2120 | 0 | { |
2121 | 0 | switch (error) { |
2122 | 0 | case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */ |
2123 | 0 | case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */ |
2124 | 0 | case SSL_ERROR_ZERO_RETURN: |
2125 | 0 | default: |
2126 | 0 | return SSL_NOTHING; |
2127 | | |
2128 | 0 | case SSL_ERROR_WANT_READ: |
2129 | 0 | return SSL_READING; |
2130 | | |
2131 | 0 | case SSL_ERROR_WANT_WRITE: |
2132 | 0 | return SSL_WRITING; |
2133 | | |
2134 | 0 | case SSL_ERROR_WANT_RETRY_VERIFY: |
2135 | 0 | return SSL_RETRY_VERIFY; |
2136 | | |
2137 | 0 | case SSL_ERROR_WANT_CLIENT_HELLO_CB: |
2138 | 0 | return SSL_CLIENT_HELLO_CB; |
2139 | | |
2140 | 0 | case SSL_ERROR_WANT_X509_LOOKUP: |
2141 | 0 | return SSL_X509_LOOKUP; |
2142 | 0 | } |
2143 | 0 | } |
2144 | | |
2145 | | /* SSL_want */ |
2146 | | int ossl_quic_want(const SSL *s) |
2147 | 0 | { |
2148 | 0 | QCTX ctx; |
2149 | 0 | int w; |
2150 | |
|
2151 | 0 | if (!expect_quic(s, &ctx)) |
2152 | 0 | return SSL_NOTHING; |
2153 | | |
2154 | 0 | quic_lock(ctx.qc); |
2155 | |
|
2156 | 0 | w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error); |
2157 | |
|
2158 | 0 | quic_unlock(ctx.qc); |
2159 | 0 | return w; |
2160 | 0 | } |
2161 | | |
2162 | | /* |
2163 | | * SSL_write |
2164 | | * --------- |
2165 | | * |
2166 | | * The set of functions below provide the implementation of the public SSL_write |
2167 | | * function. We must handle: |
2168 | | * |
2169 | | * - both blocking and non-blocking operation at the application level, |
2170 | | * depending on how we are configured; |
2171 | | * |
2172 | | * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off; |
2173 | | * |
2174 | | * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. |
2175 | | * |
2176 | | */ |
2177 | | QUIC_NEEDS_LOCK |
2178 | | static void quic_post_write(QUIC_XSO *xso, int did_append, |
2179 | | int did_append_all, uint64_t flags, |
2180 | | int do_tick) |
2181 | 0 | { |
2182 | | /* |
2183 | | * We have appended at least one byte to the stream. |
2184 | | * Potentially mark stream as active, depending on FC. |
2185 | | */ |
2186 | 0 | if (did_append) |
2187 | 0 | ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch), |
2188 | 0 | xso->stream); |
2189 | |
|
2190 | 0 | if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0) |
2191 | 0 | ossl_quic_sstream_fin(xso->stream->sstream); |
2192 | | |
2193 | | /* |
2194 | | * Try and send. |
2195 | | * |
2196 | | * TODO(QUIC FUTURE): It is probably inefficient to try and do this |
2197 | | * immediately, plus we should eventually consider Nagle's algorithm. |
2198 | | */ |
2199 | 0 | if (do_tick) |
2200 | 0 | ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0); |
2201 | 0 | } |
2202 | | |
2203 | | struct quic_write_again_args { |
2204 | | QUIC_XSO *xso; |
2205 | | const unsigned char *buf; |
2206 | | size_t len; |
2207 | | size_t total_written; |
2208 | | int err; |
2209 | | uint64_t flags; |
2210 | | }; |
2211 | | |
2212 | | /* |
2213 | | * Absolute maximum write buffer size, enforced to prevent a rogue peer from |
2214 | | * deliberately inducing DoS. This has been chosen based on the optimal buffer |
2215 | | * size for an RTT of 500ms and a bandwidth of 100 Mb/s. |
2216 | | */ |
2217 | 0 | #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024) |
2218 | | |
2219 | | /* |
2220 | | * Ensure spare buffer space available (up until a limit, at least). |
2221 | | */ |
2222 | | QUIC_NEEDS_LOCK |
2223 | | static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare) |
2224 | 0 | { |
2225 | 0 | size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream); |
2226 | 0 | size_t avail = ossl_quic_sstream_get_buffer_avail(sstream); |
2227 | 0 | size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare; |
2228 | 0 | size_t new_sz, growth; |
2229 | |
|
2230 | 0 | if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE) |
2231 | 0 | return 1; |
2232 | | |
2233 | 0 | growth = spare_ - avail; |
2234 | 0 | if (cur_sz + growth > MAX_WRITE_BUF_SIZE) |
2235 | 0 | new_sz = MAX_WRITE_BUF_SIZE; |
2236 | 0 | else |
2237 | 0 | new_sz = cur_sz + growth; |
2238 | |
|
2239 | 0 | return ossl_quic_sstream_set_buffer_size(sstream, new_sz); |
2240 | 0 | } |
2241 | | |
2242 | | /* |
2243 | | * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded |
2244 | | * as needed according to flow control. |
2245 | | */ |
2246 | | QUIC_NEEDS_LOCK |
2247 | | static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf, |
2248 | | size_t len, size_t *actual_written) |
2249 | 0 | { |
2250 | 0 | QUIC_SSTREAM *sstream = xso->stream->sstream; |
2251 | 0 | uint64_t cur = ossl_quic_sstream_get_cur_size(sstream); |
2252 | 0 | uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc); |
2253 | 0 | uint64_t permitted = (cwm >= cur ? cwm - cur : 0); |
2254 | |
|
2255 | 0 | if (len > permitted) |
2256 | 0 | len = (size_t)permitted; |
2257 | |
|
2258 | 0 | if (!sstream_ensure_spare(sstream, len)) |
2259 | 0 | return 0; |
2260 | | |
2261 | 0 | return ossl_quic_sstream_append(sstream, buf, len, actual_written); |
2262 | 0 | } |
2263 | | |
2264 | | QUIC_NEEDS_LOCK |
2265 | | static int quic_write_again(void *arg) |
2266 | 0 | { |
2267 | 0 | struct quic_write_again_args *args = arg; |
2268 | 0 | size_t actual_written = 0; |
2269 | |
|
2270 | 0 | if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1)) |
2271 | | /* If connection is torn down due to an error while blocking, stop. */ |
2272 | 0 | return -2; |
2273 | | |
2274 | 0 | if (!quic_validate_for_write(args->xso, &args->err)) |
2275 | | /* |
2276 | | * Stream may have become invalid for write due to connection events |
2277 | | * while we blocked. |
2278 | | */ |
2279 | 0 | return -2; |
2280 | | |
2281 | 0 | args->err = ERR_R_INTERNAL_ERROR; |
2282 | 0 | if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written)) |
2283 | 0 | return -2; |
2284 | | |
2285 | 0 | quic_post_write(args->xso, actual_written > 0, |
2286 | 0 | args->len == actual_written, args->flags, 0); |
2287 | |
|
2288 | 0 | args->buf += actual_written; |
2289 | 0 | args->len -= actual_written; |
2290 | 0 | args->total_written += actual_written; |
2291 | |
|
2292 | 0 | if (args->len == 0) |
2293 | | /* Written everything, done. */ |
2294 | 0 | return 1; |
2295 | | |
2296 | | /* Not written everything yet, keep trying. */ |
2297 | 0 | return 0; |
2298 | 0 | } |
2299 | | |
2300 | | QUIC_NEEDS_LOCK |
2301 | | static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, |
2302 | | uint64_t flags, size_t *written) |
2303 | 0 | { |
2304 | 0 | int res; |
2305 | 0 | QUIC_XSO *xso = ctx->xso; |
2306 | 0 | struct quic_write_again_args args; |
2307 | 0 | size_t actual_written = 0; |
2308 | | |
2309 | | /* First make a best effort to append as much of the data as possible. */ |
2310 | 0 | if (!xso_sstream_append(xso, buf, len, &actual_written)) { |
2311 | | /* Stream already finished or allocation error. */ |
2312 | 0 | *written = 0; |
2313 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2314 | 0 | } |
2315 | | |
2316 | 0 | quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1); |
2317 | |
|
2318 | 0 | if (actual_written == len) { |
2319 | | /* Managed to append everything on the first try. */ |
2320 | 0 | *written = actual_written; |
2321 | 0 | return 1; |
2322 | 0 | } |
2323 | | |
2324 | | /* |
2325 | | * We did not manage to append all of the data immediately, so the stream |
2326 | | * buffer has probably filled up. This means we need to block until some of |
2327 | | * it is freed up. |
2328 | | */ |
2329 | 0 | args.xso = xso; |
2330 | 0 | args.buf = (const unsigned char *)buf + actual_written; |
2331 | 0 | args.len = len - actual_written; |
2332 | 0 | args.total_written = 0; |
2333 | 0 | args.err = ERR_R_INTERNAL_ERROR; |
2334 | 0 | args.flags = flags; |
2335 | |
|
2336 | 0 | res = block_until_pred(xso->conn, quic_write_again, &args, 0); |
2337 | 0 | if (res <= 0) { |
2338 | 0 | if (!quic_mutation_allowed(xso->conn, /*req_active=*/1)) |
2339 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2340 | 0 | else |
2341 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL); |
2342 | 0 | } |
2343 | | |
2344 | 0 | *written = args.total_written; |
2345 | 0 | return 1; |
2346 | 0 | } |
2347 | | |
2348 | | /* |
2349 | | * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE) |
2350 | | * write semantics. |
2351 | | */ |
2352 | | static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf, |
2353 | | size_t buf_len, size_t already_sent) |
2354 | 0 | { |
2355 | 0 | assert(!xso->aon_write_in_progress); |
2356 | | |
2357 | 0 | xso->aon_write_in_progress = 1; |
2358 | 0 | xso->aon_buf_base = buf; |
2359 | 0 | xso->aon_buf_pos = already_sent; |
2360 | 0 | xso->aon_buf_len = buf_len; |
2361 | 0 | } |
2362 | | |
2363 | | static void aon_write_finish(QUIC_XSO *xso) |
2364 | 0 | { |
2365 | 0 | xso->aon_write_in_progress = 0; |
2366 | 0 | xso->aon_buf_base = NULL; |
2367 | 0 | xso->aon_buf_pos = 0; |
2368 | 0 | xso->aon_buf_len = 0; |
2369 | 0 | } |
2370 | | |
2371 | | QUIC_NEEDS_LOCK |
2372 | | static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf, |
2373 | | size_t len, uint64_t flags, |
2374 | | size_t *written) |
2375 | 0 | { |
2376 | 0 | QUIC_XSO *xso = ctx->xso; |
2377 | 0 | const void *actual_buf; |
2378 | 0 | size_t actual_len, actual_written = 0; |
2379 | 0 | int accept_moving_buffer |
2380 | 0 | = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0); |
2381 | |
|
2382 | 0 | if (xso->aon_write_in_progress) { |
2383 | | /* |
2384 | | * We are in the middle of an AON write (i.e., a previous write did not |
2385 | | * manage to append all data to the SSTREAM and we have Enable Partial |
2386 | | * Write (EPW) mode disabled.) |
2387 | | */ |
2388 | 0 | if ((!accept_moving_buffer && xso->aon_buf_base != buf) |
2389 | 0 | || len != xso->aon_buf_len) |
2390 | | /* |
2391 | | * Pointer must not have changed if we are not in accept moving |
2392 | | * buffer mode. Length must never change. |
2393 | | */ |
2394 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL); |
2395 | | |
2396 | 0 | actual_buf = (unsigned char *)buf + xso->aon_buf_pos; |
2397 | 0 | actual_len = len - xso->aon_buf_pos; |
2398 | 0 | assert(actual_len > 0); |
2399 | 0 | } else { |
2400 | 0 | actual_buf = buf; |
2401 | 0 | actual_len = len; |
2402 | 0 | } |
2403 | | |
2404 | | /* First make a best effort to append as much of the data as possible. */ |
2405 | 0 | if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) { |
2406 | | /* Stream already finished or allocation error. */ |
2407 | 0 | *written = 0; |
2408 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2409 | 0 | } |
2410 | | |
2411 | 0 | quic_post_write(xso, actual_written > 0, actual_written == actual_len, |
2412 | 0 | flags, qctx_should_autotick(ctx)); |
2413 | |
|
2414 | 0 | if (actual_written == actual_len) { |
2415 | | /* We have sent everything. */ |
2416 | 0 | if (xso->aon_write_in_progress) { |
2417 | | /* |
2418 | | * We have sent everything, and we were in the middle of an AON |
2419 | | * write. The output write length is the total length of the AON |
2420 | | * buffer, not however many bytes we managed to write to the stream |
2421 | | * in this call. |
2422 | | */ |
2423 | 0 | *written = xso->aon_buf_len; |
2424 | 0 | aon_write_finish(xso); |
2425 | 0 | } else { |
2426 | 0 | *written = actual_written; |
2427 | 0 | } |
2428 | |
|
2429 | 0 | return 1; |
2430 | 0 | } |
2431 | | |
2432 | 0 | if (xso->aon_write_in_progress) { |
2433 | | /* |
2434 | | * AON write is in progress but we have not written everything yet. We |
2435 | | * may have managed to send zero bytes, or some number of bytes less |
2436 | | * than the total remaining which need to be appended during this |
2437 | | * AON operation. |
2438 | | */ |
2439 | 0 | xso->aon_buf_pos += actual_written; |
2440 | 0 | assert(xso->aon_buf_pos < xso->aon_buf_len); |
2441 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); |
2442 | 0 | } |
2443 | | |
2444 | | /* |
2445 | | * Not in an existing AON operation but partial write is not enabled, so we |
2446 | | * need to begin a new AON operation. However we needn't bother if we didn't |
2447 | | * actually append anything. |
2448 | | */ |
2449 | 0 | if (actual_written > 0) |
2450 | 0 | aon_write_begin(xso, buf, len, actual_written); |
2451 | | |
2452 | | /* |
2453 | | * AON - We do not publicly admit to having appended anything until AON |
2454 | | * completes. |
2455 | | */ |
2456 | 0 | *written = 0; |
2457 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE); |
2458 | 0 | } |
2459 | | |
2460 | | QUIC_NEEDS_LOCK |
2461 | | static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len, |
2462 | | uint64_t flags, size_t *written) |
2463 | 0 | { |
2464 | 0 | QUIC_XSO *xso = ctx->xso; |
2465 | | |
2466 | | /* Simple best effort operation. */ |
2467 | 0 | if (!xso_sstream_append(xso, buf, len, written)) { |
2468 | | /* Stream already finished or allocation error. */ |
2469 | 0 | *written = 0; |
2470 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2471 | 0 | } |
2472 | | |
2473 | 0 | quic_post_write(xso, *written > 0, *written == len, flags, |
2474 | 0 | qctx_should_autotick(ctx)); |
2475 | |
|
2476 | 0 | if (*written == 0) |
2477 | | /* SSL_write_ex returns 0 if it didn't read anything. */ |
2478 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); |
2479 | | |
2480 | 0 | return 1; |
2481 | 0 | } |
2482 | | |
2483 | | QUIC_NEEDS_LOCK |
2484 | | static int quic_validate_for_write(QUIC_XSO *xso, int *err) |
2485 | 0 | { |
2486 | 0 | QUIC_STREAM_MAP *qsm; |
2487 | |
|
2488 | 0 | if (xso == NULL || xso->stream == NULL) { |
2489 | 0 | *err = ERR_R_INTERNAL_ERROR; |
2490 | 0 | return 0; |
2491 | 0 | } |
2492 | | |
2493 | 0 | switch (xso->stream->send_state) { |
2494 | 0 | default: |
2495 | 0 | case QUIC_SSTREAM_STATE_NONE: |
2496 | 0 | *err = SSL_R_STREAM_RECV_ONLY; |
2497 | 0 | return 0; |
2498 | | |
2499 | 0 | case QUIC_SSTREAM_STATE_READY: |
2500 | 0 | qsm = ossl_quic_channel_get_qsm(xso->conn->ch); |
2501 | |
|
2502 | 0 | if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) { |
2503 | 0 | *err = ERR_R_INTERNAL_ERROR; |
2504 | 0 | return 0; |
2505 | 0 | } |
2506 | | |
2507 | | /* FALLTHROUGH */ |
2508 | 0 | case QUIC_SSTREAM_STATE_SEND: |
2509 | 0 | case QUIC_SSTREAM_STATE_DATA_SENT: |
2510 | 0 | case QUIC_SSTREAM_STATE_DATA_RECVD: |
2511 | 0 | if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) { |
2512 | 0 | *err = SSL_R_STREAM_FINISHED; |
2513 | 0 | return 0; |
2514 | 0 | } |
2515 | | |
2516 | 0 | return 1; |
2517 | | |
2518 | 0 | case QUIC_SSTREAM_STATE_RESET_SENT: |
2519 | 0 | case QUIC_SSTREAM_STATE_RESET_RECVD: |
2520 | 0 | *err = SSL_R_STREAM_RESET; |
2521 | 0 | return 0; |
2522 | 0 | } |
2523 | 0 | } |
2524 | | |
2525 | | QUIC_TAKES_LOCK |
2526 | | int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, |
2527 | | uint64_t flags, size_t *written) |
2528 | 0 | { |
2529 | 0 | int ret; |
2530 | 0 | QCTX ctx; |
2531 | 0 | int partial_write, err; |
2532 | |
|
2533 | 0 | *written = 0; |
2534 | |
|
2535 | 0 | if (len == 0) { |
2536 | | /* Do not autocreate default XSO for zero-length writes. */ |
2537 | 0 | if (!expect_quic(s, &ctx)) |
2538 | 0 | return 0; |
2539 | | |
2540 | 0 | quic_lock_for_io(&ctx); |
2541 | 0 | } else { |
2542 | 0 | if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx)) |
2543 | 0 | return 0; |
2544 | 0 | } |
2545 | | |
2546 | 0 | partial_write = ((ctx.xso != NULL) |
2547 | 0 | ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0); |
2548 | |
|
2549 | 0 | if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) { |
2550 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL); |
2551 | 0 | goto out; |
2552 | 0 | } |
2553 | | |
2554 | 0 | if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { |
2555 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2556 | 0 | goto out; |
2557 | 0 | } |
2558 | | |
2559 | | /* |
2560 | | * If we haven't finished the handshake, try to advance it. |
2561 | | * We don't accept writes until the handshake is completed. |
2562 | | */ |
2563 | 0 | if (quic_do_handshake(&ctx) < 1) { |
2564 | 0 | ret = 0; |
2565 | 0 | goto out; |
2566 | 0 | } |
2567 | | |
2568 | | /* Ensure correct stream state, stream send part not concluded, etc. */ |
2569 | 0 | if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) { |
2570 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); |
2571 | 0 | goto out; |
2572 | 0 | } |
2573 | | |
2574 | 0 | if (len == 0) { |
2575 | 0 | if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0) |
2576 | 0 | quic_post_write(ctx.xso, 0, 1, flags, |
2577 | 0 | qctx_should_autotick(&ctx)); |
2578 | |
|
2579 | 0 | ret = 1; |
2580 | 0 | goto out; |
2581 | 0 | } |
2582 | | |
2583 | 0 | if (xso_blocking_mode(ctx.xso)) |
2584 | 0 | ret = quic_write_blocking(&ctx, buf, len, flags, written); |
2585 | 0 | else if (partial_write) |
2586 | 0 | ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written); |
2587 | 0 | else |
2588 | 0 | ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written); |
2589 | |
|
2590 | 0 | out: |
2591 | 0 | quic_unlock(ctx.qc); |
2592 | 0 | return ret; |
2593 | 0 | } |
2594 | | |
2595 | | QUIC_TAKES_LOCK |
2596 | | int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) |
2597 | 0 | { |
2598 | 0 | return ossl_quic_write_flags(s, buf, len, 0, written); |
2599 | 0 | } |
2600 | | |
2601 | | /* |
2602 | | * SSL_read |
2603 | | * -------- |
2604 | | */ |
2605 | | struct quic_read_again_args { |
2606 | | QCTX *ctx; |
2607 | | QUIC_STREAM *stream; |
2608 | | void *buf; |
2609 | | size_t len; |
2610 | | size_t *bytes_read; |
2611 | | int peek; |
2612 | | }; |
2613 | | |
2614 | | QUIC_NEEDS_LOCK |
2615 | | static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos) |
2616 | 0 | { |
2617 | 0 | QUIC_STREAM_MAP *qsm; |
2618 | |
|
2619 | 0 | *eos = 0; |
2620 | |
|
2621 | 0 | if (xso == NULL || xso->stream == NULL) { |
2622 | 0 | *err = ERR_R_INTERNAL_ERROR; |
2623 | 0 | return 0; |
2624 | 0 | } |
2625 | | |
2626 | 0 | switch (xso->stream->recv_state) { |
2627 | 0 | default: |
2628 | 0 | case QUIC_RSTREAM_STATE_NONE: |
2629 | 0 | *err = SSL_R_STREAM_SEND_ONLY; |
2630 | 0 | return 0; |
2631 | | |
2632 | 0 | case QUIC_RSTREAM_STATE_RECV: |
2633 | 0 | case QUIC_RSTREAM_STATE_SIZE_KNOWN: |
2634 | 0 | case QUIC_RSTREAM_STATE_DATA_RECVD: |
2635 | 0 | return 1; |
2636 | | |
2637 | 0 | case QUIC_RSTREAM_STATE_DATA_READ: |
2638 | 0 | *eos = 1; |
2639 | 0 | return 0; |
2640 | | |
2641 | 0 | case QUIC_RSTREAM_STATE_RESET_RECVD: |
2642 | 0 | qsm = ossl_quic_channel_get_qsm(xso->conn->ch); |
2643 | 0 | ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream); |
2644 | | |
2645 | | /* FALLTHROUGH */ |
2646 | 0 | case QUIC_RSTREAM_STATE_RESET_READ: |
2647 | 0 | *err = SSL_R_STREAM_RESET; |
2648 | 0 | return 0; |
2649 | 0 | } |
2650 | 0 | } |
2651 | | |
2652 | | QUIC_NEEDS_LOCK |
2653 | | static int quic_read_actual(QCTX *ctx, |
2654 | | QUIC_STREAM *stream, |
2655 | | void *buf, size_t buf_len, |
2656 | | size_t *bytes_read, |
2657 | | int peek) |
2658 | 0 | { |
2659 | 0 | int is_fin = 0, err, eos; |
2660 | 0 | QUIC_CONNECTION *qc = ctx->qc; |
2661 | |
|
2662 | 0 | if (!quic_validate_for_read(ctx->xso, &err, &eos)) { |
2663 | 0 | if (eos) { |
2664 | 0 | ctx->xso->retired_fin = 1; |
2665 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); |
2666 | 0 | } else { |
2667 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL); |
2668 | 0 | } |
2669 | 0 | } |
2670 | | |
2671 | 0 | if (peek) { |
2672 | 0 | if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len, |
2673 | 0 | bytes_read, &is_fin)) |
2674 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2675 | |
|
2676 | 0 | } else { |
2677 | 0 | if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len, |
2678 | 0 | bytes_read, &is_fin)) |
2679 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2680 | 0 | } |
2681 | | |
2682 | 0 | if (!peek) { |
2683 | 0 | if (*bytes_read > 0) { |
2684 | | /* |
2685 | | * We have read at least one byte from the stream. Inform stream-level |
2686 | | * RXFC of the retirement of controlled bytes. Update the active stream |
2687 | | * status (the RXFC may now want to emit a frame granting more credit to |
2688 | | * the peer). |
2689 | | */ |
2690 | 0 | OSSL_RTT_INFO rtt_info; |
2691 | |
|
2692 | 0 | ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info); |
2693 | |
|
2694 | 0 | if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read, |
2695 | 0 | rtt_info.smoothed_rtt)) |
2696 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL); |
2697 | 0 | } |
2698 | | |
2699 | 0 | if (is_fin && !peek) { |
2700 | 0 | QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch); |
2701 | |
|
2702 | 0 | ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream); |
2703 | 0 | } |
2704 | |
|
2705 | 0 | if (*bytes_read > 0) |
2706 | 0 | ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch), |
2707 | 0 | stream); |
2708 | 0 | } |
2709 | | |
2710 | 0 | if (*bytes_read == 0 && is_fin) { |
2711 | 0 | ctx->xso->retired_fin = 1; |
2712 | 0 | return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN); |
2713 | 0 | } |
2714 | | |
2715 | 0 | return 1; |
2716 | 0 | } |
2717 | | |
2718 | | QUIC_NEEDS_LOCK |
2719 | | static int quic_read_again(void *arg) |
2720 | 0 | { |
2721 | 0 | struct quic_read_again_args *args = arg; |
2722 | |
|
2723 | 0 | if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) { |
2724 | | /* If connection is torn down due to an error while blocking, stop. */ |
2725 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2726 | 0 | return -1; |
2727 | 0 | } |
2728 | | |
2729 | 0 | if (!quic_read_actual(args->ctx, args->stream, |
2730 | 0 | args->buf, args->len, args->bytes_read, |
2731 | 0 | args->peek)) |
2732 | 0 | return -1; |
2733 | | |
2734 | 0 | if (*args->bytes_read > 0) |
2735 | | /* got at least one byte, the SSL_read op can finish now */ |
2736 | 0 | return 1; |
2737 | | |
2738 | 0 | return 0; /* did not read anything, keep trying */ |
2739 | 0 | } |
2740 | | |
2741 | | QUIC_TAKES_LOCK |
2742 | | static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek) |
2743 | 0 | { |
2744 | 0 | int ret, res; |
2745 | 0 | QCTX ctx; |
2746 | 0 | struct quic_read_again_args args; |
2747 | |
|
2748 | 0 | *bytes_read = 0; |
2749 | |
|
2750 | 0 | if (!expect_quic(s, &ctx)) |
2751 | 0 | return 0; |
2752 | | |
2753 | 0 | quic_lock_for_io(&ctx); |
2754 | |
|
2755 | 0 | if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) { |
2756 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2757 | 0 | goto out; |
2758 | 0 | } |
2759 | | |
2760 | | /* If we haven't finished the handshake, try to advance it. */ |
2761 | 0 | if (quic_do_handshake(&ctx) < 1) { |
2762 | 0 | ret = 0; /* ossl_quic_do_handshake raised error here */ |
2763 | 0 | goto out; |
2764 | 0 | } |
2765 | | |
2766 | 0 | if (ctx.xso == NULL) { |
2767 | | /* |
2768 | | * Called on a QCSO and we don't currently have a default stream. |
2769 | | * |
2770 | | * Wait until we get a stream initiated by the peer (blocking mode) or |
2771 | | * fail if we don't have one yet (non-blocking mode). |
2772 | | */ |
2773 | 0 | if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) { |
2774 | 0 | ret = 0; /* error already raised here */ |
2775 | 0 | goto out; |
2776 | 0 | } |
2777 | | |
2778 | 0 | ctx.xso = ctx.qc->default_xso; |
2779 | 0 | } |
2780 | | |
2781 | 0 | if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { |
2782 | 0 | ret = 0; /* quic_read_actual raised error here */ |
2783 | 0 | goto out; |
2784 | 0 | } |
2785 | | |
2786 | 0 | if (*bytes_read > 0) { |
2787 | | /* |
2788 | | * Even though we succeeded, tick the reactor here to ensure we are |
2789 | | * handling other aspects of the QUIC connection. |
2790 | | */ |
2791 | 0 | qctx_maybe_autotick(&ctx); |
2792 | 0 | ret = 1; |
2793 | 0 | } else if (xso_blocking_mode(ctx.xso)) { |
2794 | | /* |
2795 | | * We were not able to read anything immediately, so our stream |
2796 | | * buffer is empty. This means we need to block until we get |
2797 | | * at least one byte. |
2798 | | */ |
2799 | 0 | args.ctx = &ctx; |
2800 | 0 | args.stream = ctx.xso->stream; |
2801 | 0 | args.buf = buf; |
2802 | 0 | args.len = len; |
2803 | 0 | args.bytes_read = bytes_read; |
2804 | 0 | args.peek = peek; |
2805 | |
|
2806 | 0 | res = block_until_pred(ctx.qc, quic_read_again, &args, 0); |
2807 | 0 | if (res == 0) { |
2808 | 0 | ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); |
2809 | 0 | goto out; |
2810 | 0 | } else if (res < 0) { |
2811 | 0 | ret = 0; /* quic_read_again raised error here */ |
2812 | 0 | goto out; |
2813 | 0 | } |
2814 | | |
2815 | 0 | ret = 1; |
2816 | 0 | } else { |
2817 | | /* |
2818 | | * We did not get any bytes and are not in blocking mode. |
2819 | | * Tick to see if this delivers any more. |
2820 | | */ |
2821 | 0 | qctx_maybe_autotick(&ctx); |
2822 | | |
2823 | | /* Try the read again. */ |
2824 | 0 | if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) { |
2825 | 0 | ret = 0; /* quic_read_actual raised error here */ |
2826 | 0 | goto out; |
2827 | 0 | } |
2828 | | |
2829 | 0 | if (*bytes_read > 0) |
2830 | 0 | ret = 1; /* Succeeded this time. */ |
2831 | 0 | else |
2832 | 0 | ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ); |
2833 | 0 | } |
2834 | | |
2835 | 0 | out: |
2836 | 0 | quic_unlock(ctx.qc); |
2837 | 0 | return ret; |
2838 | 0 | } |
2839 | | |
2840 | | int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read) |
2841 | 0 | { |
2842 | 0 | return quic_read(s, buf, len, bytes_read, 0); |
2843 | 0 | } |
2844 | | |
2845 | | int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read) |
2846 | 0 | { |
2847 | 0 | return quic_read(s, buf, len, bytes_read, 1); |
2848 | 0 | } |
2849 | | |
2850 | | /* |
2851 | | * SSL_pending |
2852 | | * ----------- |
2853 | | */ |
2854 | | |
2855 | | QUIC_TAKES_LOCK |
2856 | | static size_t ossl_quic_pending_int(const SSL *s, int check_channel) |
2857 | 0 | { |
2858 | 0 | QCTX ctx; |
2859 | 0 | size_t avail = 0; |
2860 | |
|
2861 | 0 | if (!expect_quic(s, &ctx)) |
2862 | 0 | return 0; |
2863 | | |
2864 | 0 | quic_lock(ctx.qc); |
2865 | |
|
2866 | 0 | if (ctx.xso == NULL) { |
2867 | | /* No XSO yet, but there might be a default XSO eligible to be created. */ |
2868 | 0 | if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) { |
2869 | 0 | ctx.xso = ctx.qc->default_xso; |
2870 | 0 | } else { |
2871 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL); |
2872 | 0 | goto out; |
2873 | 0 | } |
2874 | 0 | } |
2875 | | |
2876 | 0 | if (ctx.xso->stream == NULL) { |
2877 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); |
2878 | 0 | goto out; |
2879 | 0 | } |
2880 | | |
2881 | 0 | if (check_channel) |
2882 | 0 | avail = ossl_quic_stream_recv_pending(ctx.xso->stream, |
2883 | 0 | /*include_fin=*/1) |
2884 | 0 | || ossl_quic_channel_has_pending(ctx.qc->ch) |
2885 | 0 | || ossl_quic_channel_is_term_any(ctx.qc->ch); |
2886 | 0 | else |
2887 | 0 | avail = ossl_quic_stream_recv_pending(ctx.xso->stream, |
2888 | 0 | /*include_fin=*/0); |
2889 | |
|
2890 | 0 | out: |
2891 | 0 | quic_unlock(ctx.qc); |
2892 | 0 | return avail; |
2893 | 0 | } |
2894 | | |
2895 | | size_t ossl_quic_pending(const SSL *s) |
2896 | 0 | { |
2897 | 0 | return ossl_quic_pending_int(s, /*check_channel=*/0); |
2898 | 0 | } |
2899 | | |
2900 | | int ossl_quic_has_pending(const SSL *s) |
2901 | 0 | { |
2902 | | /* Do we have app-side pending data or pending URXEs or RXEs? */ |
2903 | 0 | return ossl_quic_pending_int(s, /*check_channel=*/1) > 0; |
2904 | 0 | } |
2905 | | |
2906 | | /* |
2907 | | * SSL_stream_conclude |
2908 | | * ------------------- |
2909 | | */ |
2910 | | QUIC_TAKES_LOCK |
2911 | | int ossl_quic_conn_stream_conclude(SSL *s) |
2912 | 0 | { |
2913 | 0 | QCTX ctx; |
2914 | 0 | QUIC_STREAM *qs; |
2915 | 0 | int err; |
2916 | |
|
2917 | 0 | if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx)) |
2918 | 0 | return 0; |
2919 | | |
2920 | 0 | qs = ctx.xso->stream; |
2921 | |
|
2922 | 0 | if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) { |
2923 | 0 | quic_unlock(ctx.qc); |
2924 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
2925 | 0 | } |
2926 | | |
2927 | 0 | if (!quic_validate_for_write(ctx.xso, &err)) { |
2928 | 0 | quic_unlock(ctx.qc); |
2929 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); |
2930 | 0 | } |
2931 | | |
2932 | 0 | if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) { |
2933 | 0 | quic_unlock(ctx.qc); |
2934 | 0 | return 1; |
2935 | 0 | } |
2936 | | |
2937 | 0 | ossl_quic_sstream_fin(qs->sstream); |
2938 | 0 | quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx)); |
2939 | 0 | quic_unlock(ctx.qc); |
2940 | 0 | return 1; |
2941 | 0 | } |
2942 | | |
2943 | | /* |
2944 | | * SSL_inject_net_dgram |
2945 | | * -------------------- |
2946 | | */ |
2947 | | QUIC_TAKES_LOCK |
2948 | | int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, |
2949 | | size_t buf_len, |
2950 | | const BIO_ADDR *peer, |
2951 | | const BIO_ADDR *local) |
2952 | 0 | { |
2953 | 0 | int ret; |
2954 | 0 | QCTX ctx; |
2955 | 0 | QUIC_DEMUX *demux; |
2956 | |
|
2957 | 0 | if (!expect_quic(s, &ctx)) |
2958 | 0 | return 0; |
2959 | | |
2960 | 0 | quic_lock(ctx.qc); |
2961 | |
|
2962 | 0 | demux = ossl_quic_channel_get0_demux(ctx.qc->ch); |
2963 | 0 | ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local); |
2964 | |
|
2965 | 0 | quic_unlock(ctx.qc); |
2966 | 0 | return ret; |
2967 | 0 | } |
2968 | | |
2969 | | /* |
2970 | | * SSL_get0_connection |
2971 | | * ------------------- |
2972 | | */ |
2973 | | SSL *ossl_quic_get0_connection(SSL *s) |
2974 | 0 | { |
2975 | 0 | QCTX ctx; |
2976 | |
|
2977 | 0 | if (!expect_quic(s, &ctx)) |
2978 | 0 | return NULL; |
2979 | | |
2980 | 0 | return &ctx.qc->ssl; |
2981 | 0 | } |
2982 | | |
2983 | | /* |
2984 | | * SSL_get_stream_type |
2985 | | * ------------------- |
2986 | | */ |
2987 | | int ossl_quic_get_stream_type(SSL *s) |
2988 | 0 | { |
2989 | 0 | QCTX ctx; |
2990 | |
|
2991 | 0 | if (!expect_quic(s, &ctx)) |
2992 | 0 | return SSL_STREAM_TYPE_BIDI; |
2993 | | |
2994 | 0 | if (ctx.xso == NULL) { |
2995 | | /* |
2996 | | * If deferred XSO creation has yet to occur, proceed according to the |
2997 | | * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know |
2998 | | * what kind of stream will be created yet, so return BIDI on the basis |
2999 | | * that at this time, the client still has the option of calling |
3000 | | * SSL_read() or SSL_write() first. |
3001 | | */ |
3002 | 0 | if (ctx.qc->default_xso_created |
3003 | 0 | || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) |
3004 | 0 | return SSL_STREAM_TYPE_NONE; |
3005 | 0 | else |
3006 | 0 | return SSL_STREAM_TYPE_BIDI; |
3007 | 0 | } |
3008 | | |
3009 | 0 | if (ossl_quic_stream_is_bidi(ctx.xso->stream)) |
3010 | 0 | return SSL_STREAM_TYPE_BIDI; |
3011 | | |
3012 | 0 | if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server) |
3013 | 0 | return SSL_STREAM_TYPE_READ; |
3014 | 0 | else |
3015 | 0 | return SSL_STREAM_TYPE_WRITE; |
3016 | 0 | } |
3017 | | |
3018 | | /* |
3019 | | * SSL_get_stream_id |
3020 | | * ----------------- |
3021 | | */ |
3022 | | QUIC_TAKES_LOCK |
3023 | | uint64_t ossl_quic_get_stream_id(SSL *s) |
3024 | 0 | { |
3025 | 0 | QCTX ctx; |
3026 | 0 | uint64_t id; |
3027 | |
|
3028 | 0 | if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) |
3029 | 0 | return UINT64_MAX; |
3030 | | |
3031 | 0 | id = ctx.xso->stream->id; |
3032 | 0 | quic_unlock(ctx.qc); |
3033 | |
|
3034 | 0 | return id; |
3035 | 0 | } |
3036 | | |
3037 | | /* |
3038 | | * SSL_is_stream_local |
3039 | | * ------------------- |
3040 | | */ |
3041 | | QUIC_TAKES_LOCK |
3042 | | int ossl_quic_is_stream_local(SSL *s) |
3043 | 0 | { |
3044 | 0 | QCTX ctx; |
3045 | 0 | int is_local; |
3046 | |
|
3047 | 0 | if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx)) |
3048 | 0 | return -1; |
3049 | | |
3050 | 0 | is_local = ossl_quic_stream_is_local_init(ctx.xso->stream); |
3051 | 0 | quic_unlock(ctx.qc); |
3052 | |
|
3053 | 0 | return is_local; |
3054 | 0 | } |
3055 | | |
3056 | | /* |
3057 | | * SSL_set_default_stream_mode |
3058 | | * --------------------------- |
3059 | | */ |
3060 | | QUIC_TAKES_LOCK |
3061 | | int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode) |
3062 | 0 | { |
3063 | 0 | QCTX ctx; |
3064 | |
|
3065 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3066 | 0 | return 0; |
3067 | | |
3068 | 0 | quic_lock(ctx.qc); |
3069 | |
|
3070 | 0 | if (ctx.qc->default_xso_created) { |
3071 | 0 | quic_unlock(ctx.qc); |
3072 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, |
3073 | 0 | "too late to change default stream mode"); |
3074 | 0 | } |
3075 | | |
3076 | 0 | switch (mode) { |
3077 | 0 | case SSL_DEFAULT_STREAM_MODE_NONE: |
3078 | 0 | case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI: |
3079 | 0 | case SSL_DEFAULT_STREAM_MODE_AUTO_UNI: |
3080 | 0 | ctx.qc->default_stream_mode = mode; |
3081 | 0 | break; |
3082 | 0 | default: |
3083 | 0 | quic_unlock(ctx.qc); |
3084 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
3085 | 0 | "bad default stream type"); |
3086 | 0 | } |
3087 | | |
3088 | 0 | quic_unlock(ctx.qc); |
3089 | 0 | return 1; |
3090 | 0 | } |
3091 | | |
3092 | | /* |
3093 | | * SSL_detach_stream |
3094 | | * ----------------- |
3095 | | */ |
3096 | | QUIC_TAKES_LOCK |
3097 | | SSL *ossl_quic_detach_stream(SSL *s) |
3098 | 0 | { |
3099 | 0 | QCTX ctx; |
3100 | 0 | QUIC_XSO *xso = NULL; |
3101 | |
|
3102 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3103 | 0 | return NULL; |
3104 | | |
3105 | 0 | quic_lock(ctx.qc); |
3106 | | |
3107 | | /* Calling this function inhibits default XSO autocreation. */ |
3108 | | /* QC ref to any default XSO is transferred to us and to caller. */ |
3109 | 0 | qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso); |
3110 | |
|
3111 | 0 | quic_unlock(ctx.qc); |
3112 | |
|
3113 | 0 | return xso != NULL ? &xso->ssl : NULL; |
3114 | 0 | } |
3115 | | |
3116 | | /* |
3117 | | * SSL_attach_stream |
3118 | | * ----------------- |
3119 | | */ |
3120 | | QUIC_TAKES_LOCK |
3121 | | int ossl_quic_attach_stream(SSL *conn, SSL *stream) |
3122 | 0 | { |
3123 | 0 | QCTX ctx; |
3124 | 0 | QUIC_XSO *xso; |
3125 | 0 | int nref; |
3126 | |
|
3127 | 0 | if (!expect_quic_conn_only(conn, &ctx)) |
3128 | 0 | return 0; |
3129 | | |
3130 | 0 | if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO) |
3131 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER, |
3132 | 0 | "stream to attach must be a valid QUIC stream"); |
3133 | | |
3134 | 0 | xso = (QUIC_XSO *)stream; |
3135 | |
|
3136 | 0 | quic_lock(ctx.qc); |
3137 | |
|
3138 | 0 | if (ctx.qc->default_xso != NULL) { |
3139 | 0 | quic_unlock(ctx.qc); |
3140 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, |
3141 | 0 | "connection already has a default stream"); |
3142 | 0 | } |
3143 | | |
3144 | | /* |
3145 | | * It is a caller error for the XSO being attached as a default XSO to have |
3146 | | * more than one ref. |
3147 | | */ |
3148 | 0 | if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) { |
3149 | 0 | quic_unlock(ctx.qc); |
3150 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, |
3151 | 0 | "ref"); |
3152 | 0 | } |
3153 | | |
3154 | 0 | if (nref != 1) { |
3155 | 0 | quic_unlock(ctx.qc); |
3156 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
3157 | 0 | "stream being attached must have " |
3158 | 0 | "only 1 reference"); |
3159 | 0 | } |
3160 | | |
3161 | | /* Caller's reference to the XSO is transferred to us. */ |
3162 | | /* Calling this function inhibits default XSO autocreation. */ |
3163 | 0 | qc_set_default_xso(ctx.qc, xso, /*touch=*/1); |
3164 | |
|
3165 | 0 | quic_unlock(ctx.qc); |
3166 | 0 | return 1; |
3167 | 0 | } |
3168 | | |
3169 | | /* |
3170 | | * SSL_set_incoming_stream_policy |
3171 | | * ------------------------------ |
3172 | | */ |
3173 | | QUIC_NEEDS_LOCK |
3174 | | static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc) |
3175 | 0 | { |
3176 | 0 | switch (qc->incoming_stream_policy) { |
3177 | 0 | case SSL_INCOMING_STREAM_POLICY_AUTO: |
3178 | 0 | if ((qc->default_xso == NULL && !qc->default_xso_created) |
3179 | 0 | || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) |
3180 | 0 | return SSL_INCOMING_STREAM_POLICY_ACCEPT; |
3181 | 0 | else |
3182 | 0 | return SSL_INCOMING_STREAM_POLICY_REJECT; |
3183 | | |
3184 | 0 | default: |
3185 | 0 | return qc->incoming_stream_policy; |
3186 | 0 | } |
3187 | 0 | } |
3188 | | |
3189 | | QUIC_NEEDS_LOCK |
3190 | | static void qc_update_reject_policy(QUIC_CONNECTION *qc) |
3191 | 0 | { |
3192 | 0 | int policy = qc_get_effective_incoming_stream_policy(qc); |
3193 | 0 | int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT); |
3194 | |
|
3195 | 0 | ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch, |
3196 | 0 | enable_reject, |
3197 | 0 | qc->incoming_stream_aec); |
3198 | 0 | } |
3199 | | |
3200 | | QUIC_TAKES_LOCK |
3201 | | int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, |
3202 | | uint64_t aec) |
3203 | 0 | { |
3204 | 0 | int ret = 1; |
3205 | 0 | QCTX ctx; |
3206 | |
|
3207 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3208 | 0 | return 0; |
3209 | | |
3210 | 0 | quic_lock(ctx.qc); |
3211 | |
|
3212 | 0 | switch (policy) { |
3213 | 0 | case SSL_INCOMING_STREAM_POLICY_AUTO: |
3214 | 0 | case SSL_INCOMING_STREAM_POLICY_ACCEPT: |
3215 | 0 | case SSL_INCOMING_STREAM_POLICY_REJECT: |
3216 | 0 | ctx.qc->incoming_stream_policy = policy; |
3217 | 0 | ctx.qc->incoming_stream_aec = aec; |
3218 | 0 | break; |
3219 | | |
3220 | 0 | default: |
3221 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); |
3222 | 0 | ret = 0; |
3223 | 0 | break; |
3224 | 0 | } |
3225 | | |
3226 | 0 | qc_update_reject_policy(ctx.qc); |
3227 | 0 | quic_unlock(ctx.qc); |
3228 | 0 | return ret; |
3229 | 0 | } |
3230 | | |
3231 | | /* |
3232 | | * SSL_get_value, SSL_set_value |
3233 | | * ---------------------------- |
3234 | | */ |
3235 | | QUIC_TAKES_LOCK |
3236 | | static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_, |
3237 | | uint64_t *p_value_out, uint64_t *p_value_in) |
3238 | 0 | { |
3239 | 0 | int ret = 0; |
3240 | 0 | uint64_t value_out = 0, value_in; |
3241 | |
|
3242 | 0 | quic_lock(ctx->qc); |
3243 | |
|
3244 | 0 | switch (class_) { |
3245 | 0 | case SSL_VALUE_CLASS_FEATURE_REQUEST: |
3246 | 0 | value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch); |
3247 | |
|
3248 | 0 | if (p_value_in != NULL) { |
3249 | 0 | value_in = *p_value_in; |
3250 | 0 | if (value_in > OSSL_QUIC_VLINT_MAX) { |
3251 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
3252 | 0 | NULL); |
3253 | 0 | goto err; |
3254 | 0 | } |
3255 | | |
3256 | 0 | if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) { |
3257 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE, |
3258 | 0 | NULL); |
3259 | 0 | goto err; |
3260 | 0 | } |
3261 | | |
3262 | 0 | ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in); |
3263 | 0 | } |
3264 | 0 | break; |
3265 | | |
3266 | 0 | case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: |
3267 | 0 | case SSL_VALUE_CLASS_FEATURE_NEGOTIATED: |
3268 | 0 | if (p_value_in != NULL) { |
3269 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP, |
3270 | 0 | NULL); |
3271 | 0 | goto err; |
3272 | 0 | } |
3273 | | |
3274 | 0 | if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) { |
3275 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE, |
3276 | 0 | NULL); |
3277 | 0 | goto err; |
3278 | 0 | } |
3279 | | |
3280 | 0 | value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED) |
3281 | 0 | ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch) |
3282 | 0 | : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch); |
3283 | 0 | break; |
3284 | | |
3285 | 0 | default: |
3286 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, |
3287 | 0 | NULL); |
3288 | 0 | goto err; |
3289 | 0 | } |
3290 | | |
3291 | 0 | ret = 1; |
3292 | 0 | err: |
3293 | 0 | quic_unlock(ctx->qc); |
3294 | 0 | if (ret && p_value_out != NULL) |
3295 | 0 | *p_value_out = value_out; |
3296 | |
|
3297 | 0 | return ret; |
3298 | 0 | } |
3299 | | |
3300 | | QUIC_TAKES_LOCK |
3301 | | static int qc_get_stream_avail(QCTX *ctx, uint32_t class_, |
3302 | | int is_uni, int is_remote, |
3303 | | uint64_t *value) |
3304 | 0 | { |
3305 | 0 | int ret = 0; |
3306 | |
|
3307 | 0 | if (class_ != SSL_VALUE_CLASS_GENERIC) { |
3308 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, |
3309 | 0 | NULL); |
3310 | 0 | return 0; |
3311 | 0 | } |
3312 | | |
3313 | 0 | quic_lock(ctx->qc); |
3314 | |
|
3315 | 0 | *value = is_remote |
3316 | 0 | ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni) |
3317 | 0 | : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni); |
3318 | |
|
3319 | 0 | ret = 1; |
3320 | 0 | quic_unlock(ctx->qc); |
3321 | 0 | return ret; |
3322 | 0 | } |
3323 | | |
3324 | | QUIC_NEEDS_LOCK |
3325 | | static int qctx_should_autotick(QCTX *ctx) |
3326 | 0 | { |
3327 | 0 | int event_handling_mode; |
3328 | |
|
3329 | 0 | if (ctx->is_stream) { |
3330 | 0 | event_handling_mode = ctx->xso->event_handling_mode; |
3331 | 0 | if (event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_INHERIT) |
3332 | 0 | return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT; |
3333 | 0 | } |
3334 | | |
3335 | 0 | event_handling_mode = ctx->qc->event_handling_mode; |
3336 | 0 | return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT; |
3337 | 0 | } |
3338 | | |
3339 | | QUIC_NEEDS_LOCK |
3340 | | static void qctx_maybe_autotick(QCTX *ctx) |
3341 | 0 | { |
3342 | 0 | if (!qctx_should_autotick(ctx)) |
3343 | 0 | return; |
3344 | | |
3345 | 0 | ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx->qc->ch), 0); |
3346 | 0 | } |
3347 | | |
3348 | | QUIC_TAKES_LOCK |
3349 | | static int qc_getset_event_handling(QCTX *ctx, uint32_t class_, |
3350 | | uint64_t *p_value_out, |
3351 | | uint64_t *p_value_in) |
3352 | 0 | { |
3353 | 0 | int ret = 0; |
3354 | 0 | uint64_t value_out = 0; |
3355 | |
|
3356 | 0 | quic_lock(ctx->qc); |
3357 | |
|
3358 | 0 | if (class_ != SSL_VALUE_CLASS_GENERIC) { |
3359 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, |
3360 | 0 | NULL); |
3361 | 0 | goto err; |
3362 | 0 | } |
3363 | | |
3364 | 0 | if (p_value_in != NULL) { |
3365 | 0 | switch (*p_value_in) { |
3366 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: |
3367 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: |
3368 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: |
3369 | 0 | break; |
3370 | 0 | default: |
3371 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, |
3372 | 0 | NULL); |
3373 | 0 | goto err; |
3374 | 0 | } |
3375 | | |
3376 | 0 | value_out = *p_value_in; |
3377 | 0 | if (ctx->is_stream) |
3378 | 0 | ctx->xso->event_handling_mode = (int)value_out; |
3379 | 0 | else |
3380 | 0 | ctx->qc->event_handling_mode = (int)value_out; |
3381 | 0 | } else { |
3382 | 0 | value_out = ctx->is_stream |
3383 | 0 | ? ctx->xso->event_handling_mode |
3384 | 0 | : ctx->qc->event_handling_mode; |
3385 | 0 | } |
3386 | | |
3387 | 0 | ret = 1; |
3388 | 0 | err: |
3389 | 0 | quic_unlock(ctx->qc); |
3390 | 0 | if (ret && p_value_out != NULL) |
3391 | 0 | *p_value_out = value_out; |
3392 | |
|
3393 | 0 | return ret; |
3394 | 0 | } |
3395 | | |
3396 | | QUIC_TAKES_LOCK |
3397 | | static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_, |
3398 | | uint64_t *p_value_out, |
3399 | | size_t (*getter)(QUIC_SSTREAM *sstream)) |
3400 | 0 | { |
3401 | 0 | int ret = 0; |
3402 | 0 | size_t value = 0; |
3403 | |
|
3404 | 0 | quic_lock(ctx->qc); |
3405 | |
|
3406 | 0 | if (class_ != SSL_VALUE_CLASS_GENERIC) { |
3407 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS, |
3408 | 0 | NULL); |
3409 | 0 | goto err; |
3410 | 0 | } |
3411 | | |
3412 | 0 | if (ctx->xso == NULL) { |
3413 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL); |
3414 | 0 | goto err; |
3415 | 0 | } |
3416 | | |
3417 | 0 | if (!ossl_quic_stream_has_send(ctx->xso->stream)) { |
3418 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL); |
3419 | 0 | goto err; |
3420 | 0 | } |
3421 | | |
3422 | 0 | if (ossl_quic_stream_has_send_buffer(ctx->xso->stream)) |
3423 | 0 | value = getter(ctx->xso->stream->sstream); |
3424 | |
|
3425 | 0 | ret = 1; |
3426 | 0 | err: |
3427 | 0 | quic_unlock(ctx->qc); |
3428 | 0 | *p_value_out = (uint64_t)value; |
3429 | 0 | return ret; |
3430 | 0 | } |
3431 | | |
3432 | | QUIC_NEEDS_LOCK |
3433 | | static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id) |
3434 | 0 | { |
3435 | 0 | switch (id) { |
3436 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE: |
3437 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_SIZE: |
3438 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_USED: |
3439 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: |
3440 | 0 | return expect_quic(s, ctx); |
3441 | 0 | default: |
3442 | 0 | return expect_quic_conn_only(s, ctx); |
3443 | 0 | } |
3444 | 0 | } |
3445 | | |
3446 | | QUIC_TAKES_LOCK |
3447 | | int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id, |
3448 | | uint64_t *value) |
3449 | 0 | { |
3450 | 0 | QCTX ctx; |
3451 | |
|
3452 | 0 | if (!expect_quic_for_value(s, &ctx, id)) |
3453 | 0 | return 0; |
3454 | | |
3455 | 0 | if (value == NULL) |
3456 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, |
3457 | 0 | ERR_R_PASSED_INVALID_ARGUMENT, NULL); |
3458 | | |
3459 | 0 | switch (id) { |
3460 | 0 | case SSL_VALUE_QUIC_IDLE_TIMEOUT: |
3461 | 0 | return qc_getset_idle_timeout(&ctx, class_, value, NULL); |
3462 | | |
3463 | 0 | case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: |
3464 | 0 | return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value); |
3465 | 0 | case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: |
3466 | 0 | return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value); |
3467 | 0 | case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: |
3468 | 0 | return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value); |
3469 | 0 | case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: |
3470 | 0 | return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value); |
3471 | | |
3472 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE: |
3473 | 0 | return qc_getset_event_handling(&ctx, class_, value, NULL); |
3474 | | |
3475 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_SIZE: |
3476 | 0 | return qc_get_stream_write_buf_stat(&ctx, class_, value, |
3477 | 0 | ossl_quic_sstream_get_buffer_size); |
3478 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_USED: |
3479 | 0 | return qc_get_stream_write_buf_stat(&ctx, class_, value, |
3480 | 0 | ossl_quic_sstream_get_buffer_used); |
3481 | 0 | case SSL_VALUE_STREAM_WRITE_BUF_AVAIL: |
3482 | 0 | return qc_get_stream_write_buf_stat(&ctx, class_, value, |
3483 | 0 | ossl_quic_sstream_get_buffer_avail); |
3484 | | |
3485 | 0 | default: |
3486 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, |
3487 | 0 | SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); |
3488 | 0 | } |
3489 | | |
3490 | 0 | return 1; |
3491 | 0 | } |
3492 | | |
3493 | | QUIC_TAKES_LOCK |
3494 | | int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id, |
3495 | | uint64_t value) |
3496 | 0 | { |
3497 | 0 | QCTX ctx; |
3498 | |
|
3499 | 0 | if (!expect_quic_for_value(s, &ctx, id)) |
3500 | 0 | return 0; |
3501 | | |
3502 | 0 | switch (id) { |
3503 | 0 | case SSL_VALUE_QUIC_IDLE_TIMEOUT: |
3504 | 0 | return qc_getset_idle_timeout(&ctx, class_, NULL, &value); |
3505 | | |
3506 | 0 | case SSL_VALUE_EVENT_HANDLING_MODE: |
3507 | 0 | return qc_getset_event_handling(&ctx, class_, NULL, &value); |
3508 | | |
3509 | 0 | default: |
3510 | 0 | return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, |
3511 | 0 | SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL); |
3512 | 0 | } |
3513 | | |
3514 | 0 | return 1; |
3515 | 0 | } |
3516 | | |
3517 | | /* |
3518 | | * SSL_accept_stream |
3519 | | * ----------------- |
3520 | | */ |
3521 | | struct wait_for_incoming_stream_args { |
3522 | | QCTX *ctx; |
3523 | | QUIC_STREAM *qs; |
3524 | | }; |
3525 | | |
3526 | | QUIC_NEEDS_LOCK |
3527 | | static int wait_for_incoming_stream(void *arg) |
3528 | 0 | { |
3529 | 0 | struct wait_for_incoming_stream_args *args = arg; |
3530 | 0 | QUIC_CONNECTION *qc = args->ctx->qc; |
3531 | 0 | QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch); |
3532 | |
|
3533 | 0 | if (!quic_mutation_allowed(qc, /*req_active=*/1)) { |
3534 | | /* If connection is torn down due to an error while blocking, stop. */ |
3535 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); |
3536 | 0 | return -1; |
3537 | 0 | } |
3538 | | |
3539 | 0 | args->qs = ossl_quic_stream_map_peek_accept_queue(qsm); |
3540 | 0 | if (args->qs != NULL) |
3541 | 0 | return 1; /* got a stream */ |
3542 | | |
3543 | 0 | return 0; /* did not get a stream, keep trying */ |
3544 | 0 | } |
3545 | | |
3546 | | QUIC_TAKES_LOCK |
3547 | | SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags) |
3548 | 0 | { |
3549 | 0 | QCTX ctx; |
3550 | 0 | int ret; |
3551 | 0 | SSL *new_s = NULL; |
3552 | 0 | QUIC_STREAM_MAP *qsm; |
3553 | 0 | QUIC_STREAM *qs; |
3554 | 0 | QUIC_XSO *xso; |
3555 | 0 | OSSL_RTT_INFO rtt_info; |
3556 | |
|
3557 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3558 | 0 | return NULL; |
3559 | | |
3560 | 0 | quic_lock(ctx.qc); |
3561 | |
|
3562 | 0 | if (qc_get_effective_incoming_stream_policy(ctx.qc) |
3563 | 0 | == SSL_INCOMING_STREAM_POLICY_REJECT) { |
3564 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); |
3565 | 0 | goto out; |
3566 | 0 | } |
3567 | | |
3568 | 0 | qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); |
3569 | |
|
3570 | 0 | qs = ossl_quic_stream_map_peek_accept_queue(qsm); |
3571 | 0 | if (qs == NULL) { |
3572 | 0 | if (qc_blocking_mode(ctx.qc) |
3573 | 0 | && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) { |
3574 | 0 | struct wait_for_incoming_stream_args args; |
3575 | |
|
3576 | 0 | args.ctx = &ctx; |
3577 | 0 | args.qs = NULL; |
3578 | |
|
3579 | 0 | ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0); |
3580 | 0 | if (ret == 0) { |
3581 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); |
3582 | 0 | goto out; |
3583 | 0 | } else if (ret < 0 || args.qs == NULL) { |
3584 | 0 | goto out; |
3585 | 0 | } |
3586 | | |
3587 | 0 | qs = args.qs; |
3588 | 0 | } else { |
3589 | 0 | goto out; |
3590 | 0 | } |
3591 | 0 | } |
3592 | | |
3593 | 0 | xso = create_xso_from_stream(ctx.qc, qs); |
3594 | 0 | if (xso == NULL) |
3595 | 0 | goto out; |
3596 | | |
3597 | 0 | ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info); |
3598 | 0 | ossl_quic_stream_map_remove_from_accept_queue(qsm, qs, |
3599 | 0 | rtt_info.smoothed_rtt); |
3600 | 0 | new_s = &xso->ssl; |
3601 | | |
3602 | | /* Calling this function inhibits default XSO autocreation. */ |
3603 | 0 | qc_touch_default_xso(ctx.qc); /* inhibits default XSO */ |
3604 | |
|
3605 | 0 | out: |
3606 | 0 | quic_unlock(ctx.qc); |
3607 | 0 | return new_s; |
3608 | 0 | } |
3609 | | |
3610 | | /* |
3611 | | * SSL_get_accept_stream_queue_len |
3612 | | * ------------------------------- |
3613 | | */ |
3614 | | QUIC_TAKES_LOCK |
3615 | | size_t ossl_quic_get_accept_stream_queue_len(SSL *s) |
3616 | 0 | { |
3617 | 0 | QCTX ctx; |
3618 | 0 | size_t v; |
3619 | |
|
3620 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3621 | 0 | return 0; |
3622 | | |
3623 | 0 | quic_lock(ctx.qc); |
3624 | |
|
3625 | 0 | v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch)); |
3626 | |
|
3627 | 0 | quic_unlock(ctx.qc); |
3628 | 0 | return v; |
3629 | 0 | } |
3630 | | |
3631 | | /* |
3632 | | * SSL_stream_reset |
3633 | | * ---------------- |
3634 | | */ |
3635 | | int ossl_quic_stream_reset(SSL *ssl, |
3636 | | const SSL_STREAM_RESET_ARGS *args, |
3637 | | size_t args_len) |
3638 | 0 | { |
3639 | 0 | QCTX ctx; |
3640 | 0 | QUIC_STREAM_MAP *qsm; |
3641 | 0 | QUIC_STREAM *qs; |
3642 | 0 | uint64_t error_code; |
3643 | 0 | int ok, err; |
3644 | |
|
3645 | 0 | if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx)) |
3646 | 0 | return 0; |
3647 | | |
3648 | 0 | qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); |
3649 | 0 | qs = ctx.xso->stream; |
3650 | 0 | error_code = (args != NULL ? args->quic_error_code : 0); |
3651 | |
|
3652 | 0 | if (!quic_validate_for_write(ctx.xso, &err)) { |
3653 | 0 | ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); |
3654 | 0 | goto err; |
3655 | 0 | } |
3656 | | |
3657 | 0 | ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code); |
3658 | 0 | if (ok) |
3659 | 0 | ctx.xso->requested_reset = 1; |
3660 | |
|
3661 | 0 | err: |
3662 | 0 | quic_unlock(ctx.qc); |
3663 | 0 | return ok; |
3664 | 0 | } |
3665 | | |
3666 | | /* |
3667 | | * SSL_get_stream_read_state |
3668 | | * ------------------------- |
3669 | | */ |
3670 | | static void quic_classify_stream(QUIC_CONNECTION *qc, |
3671 | | QUIC_STREAM *qs, |
3672 | | int is_write, |
3673 | | int *state, |
3674 | | uint64_t *app_error_code) |
3675 | 0 | { |
3676 | 0 | int local_init; |
3677 | 0 | uint64_t final_size; |
3678 | |
|
3679 | 0 | local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server); |
3680 | |
|
3681 | 0 | if (app_error_code != NULL) |
3682 | 0 | *app_error_code = UINT64_MAX; |
3683 | 0 | else |
3684 | 0 | app_error_code = &final_size; /* throw away value */ |
3685 | |
|
3686 | 0 | if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) { |
3687 | | /* |
3688 | | * Unidirectional stream and this direction of transmission doesn't |
3689 | | * exist. |
3690 | | */ |
3691 | 0 | *state = SSL_STREAM_STATE_WRONG_DIR; |
3692 | 0 | } else if (ossl_quic_channel_is_term_any(qc->ch)) { |
3693 | | /* Connection already closed. */ |
3694 | 0 | *state = SSL_STREAM_STATE_CONN_CLOSED; |
3695 | 0 | } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) { |
3696 | | /* Application has read a FIN. */ |
3697 | 0 | *state = SSL_STREAM_STATE_FINISHED; |
3698 | 0 | } else if ((!is_write && qs->stop_sending) |
3699 | 0 | || (is_write && ossl_quic_stream_send_is_reset(qs))) { |
3700 | | /* |
3701 | | * Stream has been reset locally. FIN takes precedence over this for the |
3702 | | * read case as the application need not care if the stream is reset |
3703 | | * after a FIN has been successfully processed. |
3704 | | */ |
3705 | 0 | *state = SSL_STREAM_STATE_RESET_LOCAL; |
3706 | 0 | *app_error_code = !is_write |
3707 | 0 | ? qs->stop_sending_aec |
3708 | 0 | : qs->reset_stream_aec; |
3709 | 0 | } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs)) |
3710 | 0 | || (is_write && qs->peer_stop_sending)) { |
3711 | | /* |
3712 | | * Stream has been reset remotely. */ |
3713 | 0 | *state = SSL_STREAM_STATE_RESET_REMOTE; |
3714 | 0 | *app_error_code = !is_write |
3715 | 0 | ? qs->peer_reset_stream_aec |
3716 | 0 | : qs->peer_stop_sending_aec; |
3717 | 0 | } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream, |
3718 | 0 | &final_size)) { |
3719 | | /* |
3720 | | * Stream has been finished. Stream reset takes precedence over this for |
3721 | | * the write case as peer may not have received all data. |
3722 | | */ |
3723 | 0 | *state = SSL_STREAM_STATE_FINISHED; |
3724 | 0 | } else { |
3725 | | /* Stream still healthy. */ |
3726 | 0 | *state = SSL_STREAM_STATE_OK; |
3727 | 0 | } |
3728 | 0 | } |
3729 | | |
3730 | | static int quic_get_stream_state(SSL *ssl, int is_write) |
3731 | 0 | { |
3732 | 0 | QCTX ctx; |
3733 | 0 | int state; |
3734 | |
|
3735 | 0 | if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) |
3736 | 0 | return SSL_STREAM_STATE_NONE; |
3737 | | |
3738 | 0 | quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL); |
3739 | 0 | quic_unlock(ctx.qc); |
3740 | 0 | return state; |
3741 | 0 | } |
3742 | | |
3743 | | int ossl_quic_get_stream_read_state(SSL *ssl) |
3744 | 0 | { |
3745 | 0 | return quic_get_stream_state(ssl, /*is_write=*/0); |
3746 | 0 | } |
3747 | | |
3748 | | /* |
3749 | | * SSL_get_stream_write_state |
3750 | | * -------------------------- |
3751 | | */ |
3752 | | int ossl_quic_get_stream_write_state(SSL *ssl) |
3753 | 0 | { |
3754 | 0 | return quic_get_stream_state(ssl, /*is_write=*/1); |
3755 | 0 | } |
3756 | | |
3757 | | /* |
3758 | | * SSL_get_stream_read_error_code |
3759 | | * ------------------------------ |
3760 | | */ |
3761 | | static int quic_get_stream_error_code(SSL *ssl, int is_write, |
3762 | | uint64_t *app_error_code) |
3763 | 0 | { |
3764 | 0 | QCTX ctx; |
3765 | 0 | int state; |
3766 | |
|
3767 | 0 | if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) |
3768 | 0 | return -1; |
3769 | | |
3770 | 0 | quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0, |
3771 | 0 | &state, app_error_code); |
3772 | |
|
3773 | 0 | quic_unlock(ctx.qc); |
3774 | 0 | switch (state) { |
3775 | 0 | case SSL_STREAM_STATE_FINISHED: |
3776 | 0 | return 0; |
3777 | 0 | case SSL_STREAM_STATE_RESET_LOCAL: |
3778 | 0 | case SSL_STREAM_STATE_RESET_REMOTE: |
3779 | 0 | return 1; |
3780 | 0 | default: |
3781 | 0 | return -1; |
3782 | 0 | } |
3783 | 0 | } |
3784 | | |
3785 | | int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code) |
3786 | 0 | { |
3787 | 0 | return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code); |
3788 | 0 | } |
3789 | | |
3790 | | /* |
3791 | | * SSL_get_stream_write_error_code |
3792 | | * ------------------------------- |
3793 | | */ |
3794 | | int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code) |
3795 | 0 | { |
3796 | 0 | return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code); |
3797 | 0 | } |
3798 | | |
3799 | | /* |
3800 | | * Write buffer size mutation |
3801 | | * -------------------------- |
3802 | | */ |
3803 | | int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size) |
3804 | 0 | { |
3805 | 0 | int ret = 0; |
3806 | 0 | QCTX ctx; |
3807 | |
|
3808 | 0 | if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx)) |
3809 | 0 | return 0; |
3810 | | |
3811 | 0 | if (!ossl_quic_stream_has_send(ctx.xso->stream)) { |
3812 | | /* Called on a unidirectional receive-only stream - error. */ |
3813 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL); |
3814 | 0 | goto out; |
3815 | 0 | } |
3816 | | |
3817 | 0 | if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) { |
3818 | | /* |
3819 | | * If the stream has a send part but we have disposed of it because we |
3820 | | * no longer need it, this is a no-op. |
3821 | | */ |
3822 | 0 | ret = 1; |
3823 | 0 | goto out; |
3824 | 0 | } |
3825 | | |
3826 | 0 | if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) { |
3827 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); |
3828 | 0 | goto out; |
3829 | 0 | } |
3830 | | |
3831 | 0 | ret = 1; |
3832 | |
|
3833 | 0 | out: |
3834 | 0 | quic_unlock(ctx.qc); |
3835 | 0 | return ret; |
3836 | 0 | } |
3837 | | |
3838 | | /* |
3839 | | * SSL_get_conn_close_info |
3840 | | * ----------------------- |
3841 | | */ |
3842 | | int ossl_quic_get_conn_close_info(SSL *ssl, |
3843 | | SSL_CONN_CLOSE_INFO *info, |
3844 | | size_t info_len) |
3845 | 0 | { |
3846 | 0 | QCTX ctx; |
3847 | 0 | const QUIC_TERMINATE_CAUSE *tc; |
3848 | |
|
3849 | 0 | if (!expect_quic_conn_only(ssl, &ctx)) |
3850 | 0 | return -1; |
3851 | | |
3852 | 0 | tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch); |
3853 | 0 | if (tc == NULL) |
3854 | 0 | return 0; |
3855 | | |
3856 | 0 | info->error_code = tc->error_code; |
3857 | 0 | info->frame_type = tc->frame_type; |
3858 | 0 | info->reason = tc->reason; |
3859 | 0 | info->reason_len = tc->reason_len; |
3860 | 0 | info->flags = 0; |
3861 | 0 | if (!tc->remote) |
3862 | 0 | info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL; |
3863 | 0 | if (!tc->app) |
3864 | 0 | info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT; |
3865 | 0 | return 1; |
3866 | 0 | } |
3867 | | |
3868 | | /* |
3869 | | * SSL_key_update |
3870 | | * -------------- |
3871 | | */ |
3872 | | int ossl_quic_key_update(SSL *ssl, int update_type) |
3873 | 0 | { |
3874 | 0 | QCTX ctx; |
3875 | |
|
3876 | 0 | if (!expect_quic_conn_only(ssl, &ctx)) |
3877 | 0 | return 0; |
3878 | | |
3879 | 0 | switch (update_type) { |
3880 | 0 | case SSL_KEY_UPDATE_NOT_REQUESTED: |
3881 | | /* |
3882 | | * QUIC signals peer key update implicily by triggering a local |
3883 | | * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED. |
3884 | | */ |
3885 | 0 | case SSL_KEY_UPDATE_REQUESTED: |
3886 | 0 | break; |
3887 | | |
3888 | 0 | default: |
3889 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); |
3890 | 0 | return 0; |
3891 | 0 | } |
3892 | | |
3893 | 0 | quic_lock(ctx.qc); |
3894 | | |
3895 | | /* Attempt to perform a TXKU. */ |
3896 | 0 | if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) { |
3897 | 0 | QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL); |
3898 | 0 | quic_unlock(ctx.qc); |
3899 | 0 | return 0; |
3900 | 0 | } |
3901 | | |
3902 | 0 | quic_unlock(ctx.qc); |
3903 | 0 | return 1; |
3904 | 0 | } |
3905 | | |
3906 | | /* |
3907 | | * SSL_get_key_update_type |
3908 | | * ----------------------- |
3909 | | */ |
3910 | | int ossl_quic_get_key_update_type(const SSL *s) |
3911 | 0 | { |
3912 | | /* |
3913 | | * We always handle key updates immediately so a key update is never |
3914 | | * pending. |
3915 | | */ |
3916 | 0 | return SSL_KEY_UPDATE_NONE; |
3917 | 0 | } |
3918 | | |
3919 | | /* |
3920 | | * QUIC Front-End I/O API: SSL_CTX Management |
3921 | | * ========================================== |
3922 | | */ |
3923 | | |
3924 | | long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
3925 | 0 | { |
3926 | 0 | switch (cmd) { |
3927 | 0 | default: |
3928 | 0 | return ssl3_ctx_ctrl(ctx, cmd, larg, parg); |
3929 | 0 | } |
3930 | 0 | } |
3931 | | |
3932 | | long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) |
3933 | 0 | { |
3934 | 0 | QCTX ctx; |
3935 | |
|
3936 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3937 | 0 | return 0; |
3938 | | |
3939 | 0 | switch (cmd) { |
3940 | 0 | case SSL_CTRL_SET_MSG_CALLBACK: |
3941 | 0 | ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp, |
3942 | 0 | &ctx.qc->ssl); |
3943 | | /* This callback also needs to be set on the internal SSL object */ |
3944 | 0 | return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);; |
3945 | |
|
3946 | 0 | default: |
3947 | | /* Probably a TLS related ctrl. Defer to our internal SSL object */ |
3948 | 0 | return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp); |
3949 | 0 | } |
3950 | 0 | } |
3951 | | |
3952 | | long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) |
3953 | 0 | { |
3954 | 0 | return ssl3_ctx_callback_ctrl(ctx, cmd, fp); |
3955 | 0 | } |
3956 | | |
3957 | | int ossl_quic_renegotiate_check(SSL *ssl, int initok) |
3958 | 0 | { |
3959 | | /* We never do renegotiation. */ |
3960 | 0 | return 0; |
3961 | 0 | } |
3962 | | |
3963 | | const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) |
3964 | 0 | { |
3965 | 0 | const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); |
3966 | |
|
3967 | 0 | if ((ciph->algorithm2 & SSL_QUIC) == 0) |
3968 | 0 | return NULL; |
3969 | | |
3970 | 0 | return ciph; |
3971 | 0 | } |
3972 | | |
3973 | | /* |
3974 | | * These functions define the TLSv1.2 (and below) ciphers that are supported by |
3975 | | * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any. |
3976 | | */ |
3977 | | |
3978 | | int ossl_quic_num_ciphers(void) |
3979 | 0 | { |
3980 | 0 | return 0; |
3981 | 0 | } |
3982 | | |
3983 | | const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u) |
3984 | 0 | { |
3985 | 0 | return NULL; |
3986 | 0 | } |
3987 | | |
3988 | | /* |
3989 | | * SSL_get_shutdown() |
3990 | | * ------------------ |
3991 | | */ |
3992 | | int ossl_quic_get_shutdown(const SSL *s) |
3993 | 0 | { |
3994 | 0 | QCTX ctx; |
3995 | 0 | int shut = 0; |
3996 | |
|
3997 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
3998 | 0 | return 0; |
3999 | | |
4000 | 0 | if (ossl_quic_channel_is_term_any(ctx.qc->ch)) { |
4001 | 0 | shut |= SSL_SENT_SHUTDOWN; |
4002 | 0 | if (!ossl_quic_channel_is_closing(ctx.qc->ch)) |
4003 | 0 | shut |= SSL_RECEIVED_SHUTDOWN; |
4004 | 0 | } |
4005 | |
|
4006 | 0 | return shut; |
4007 | 0 | } |
4008 | | |
4009 | | /* |
4010 | | * QUIC Polling Support APIs |
4011 | | * ========================= |
4012 | | */ |
4013 | | |
4014 | | /* Do we have the R (read) condition? */ |
4015 | | QUIC_NEEDS_LOCK |
4016 | | static int test_poll_event_r(QUIC_XSO *xso) |
4017 | 0 | { |
4018 | 0 | int fin = 0; |
4019 | 0 | size_t avail = 0; |
4020 | |
|
4021 | 0 | return ossl_quic_stream_has_recv_buffer(xso->stream) |
4022 | 0 | && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin) |
4023 | 0 | && (avail > 0 || (fin && !xso->retired_fin)); |
4024 | 0 | } |
4025 | | |
4026 | | /* Do we have the ER (exception: read) condition? */ |
4027 | | QUIC_NEEDS_LOCK |
4028 | | static int test_poll_event_er(QUIC_XSO *xso) |
4029 | 0 | { |
4030 | 0 | return ossl_quic_stream_has_recv(xso->stream) |
4031 | 0 | && ossl_quic_stream_recv_is_reset(xso->stream) |
4032 | 0 | && !xso->retired_fin; |
4033 | 0 | } |
4034 | | |
4035 | | /* Do we have the W (write) condition? */ |
4036 | | QUIC_NEEDS_LOCK |
4037 | | static int test_poll_event_w(QUIC_XSO *xso) |
4038 | 0 | { |
4039 | 0 | return !xso->conn->shutting_down |
4040 | 0 | && ossl_quic_stream_has_send_buffer(xso->stream) |
4041 | 0 | && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream) |
4042 | 0 | && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL) |
4043 | 0 | && quic_mutation_allowed(xso->conn, /*req_active=*/1); |
4044 | 0 | } |
4045 | | |
4046 | | /* Do we have the EW (exception: write) condition? */ |
4047 | | QUIC_NEEDS_LOCK |
4048 | | static int test_poll_event_ew(QUIC_XSO *xso) |
4049 | 0 | { |
4050 | 0 | return ossl_quic_stream_has_send(xso->stream) |
4051 | 0 | && xso->stream->peer_stop_sending |
4052 | 0 | && !xso->requested_reset |
4053 | 0 | && !xso->conn->shutting_down; |
4054 | 0 | } |
4055 | | |
4056 | | /* Do we have the EC (exception: connection) condition? */ |
4057 | | QUIC_NEEDS_LOCK |
4058 | | static int test_poll_event_ec(QUIC_CONNECTION *qc) |
4059 | 0 | { |
4060 | 0 | return ossl_quic_channel_is_term_any(qc->ch); |
4061 | 0 | } |
4062 | | |
4063 | | /* Do we have the ECD (exception: connection drained) condition? */ |
4064 | | QUIC_NEEDS_LOCK |
4065 | | static int test_poll_event_ecd(QUIC_CONNECTION *qc) |
4066 | 0 | { |
4067 | 0 | return ossl_quic_channel_is_terminated(qc->ch); |
4068 | 0 | } |
4069 | | |
4070 | | /* Do we have the IS (incoming: stream) condition? */ |
4071 | | QUIC_NEEDS_LOCK |
4072 | | static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni) |
4073 | 0 | { |
4074 | 0 | return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch), |
4075 | 0 | is_uni); |
4076 | 0 | } |
4077 | | |
4078 | | /* Do we have the OS (outgoing: stream) condition? */ |
4079 | | QUIC_NEEDS_LOCK |
4080 | | static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni) |
4081 | 0 | { |
4082 | | /* Is it currently possible for us to make an outgoing stream? */ |
4083 | 0 | return quic_mutation_allowed(qc, /*req_active=*/1) |
4084 | 0 | && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0; |
4085 | 0 | } |
4086 | | |
4087 | | QUIC_TAKES_LOCK |
4088 | | int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, |
4089 | | uint64_t *p_revents) |
4090 | 0 | { |
4091 | 0 | QCTX ctx; |
4092 | 0 | uint64_t revents = 0; |
4093 | |
|
4094 | 0 | if (!expect_quic(ssl, &ctx)) |
4095 | 0 | return 0; |
4096 | | |
4097 | 0 | quic_lock(ctx.qc); |
4098 | |
|
4099 | 0 | if (do_tick) |
4100 | 0 | ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0); |
4101 | |
|
4102 | 0 | if (ctx.xso != NULL) { |
4103 | | /* SSL object has a stream component. */ |
4104 | |
|
4105 | 0 | if ((events & SSL_POLL_EVENT_R) != 0 |
4106 | 0 | && test_poll_event_r(ctx.xso)) |
4107 | 0 | revents |= SSL_POLL_EVENT_R; |
4108 | |
|
4109 | 0 | if ((events & SSL_POLL_EVENT_ER) != 0 |
4110 | 0 | && test_poll_event_er(ctx.xso)) |
4111 | 0 | revents |= SSL_POLL_EVENT_ER; |
4112 | |
|
4113 | 0 | if ((events & SSL_POLL_EVENT_W) != 0 |
4114 | 0 | && test_poll_event_w(ctx.xso)) |
4115 | 0 | revents |= SSL_POLL_EVENT_W; |
4116 | |
|
4117 | 0 | if ((events & SSL_POLL_EVENT_EW) != 0 |
4118 | 0 | && test_poll_event_ew(ctx.xso)) |
4119 | 0 | revents |= SSL_POLL_EVENT_EW; |
4120 | 0 | } |
4121 | |
|
4122 | 0 | if (!ctx.is_stream) { |
4123 | 0 | if ((events & SSL_POLL_EVENT_EC) != 0 |
4124 | 0 | && test_poll_event_ec(ctx.qc)) |
4125 | 0 | revents |= SSL_POLL_EVENT_EC; |
4126 | |
|
4127 | 0 | if ((events & SSL_POLL_EVENT_ECD) != 0 |
4128 | 0 | && test_poll_event_ecd(ctx.qc)) |
4129 | 0 | revents |= SSL_POLL_EVENT_ECD; |
4130 | |
|
4131 | 0 | if ((events & SSL_POLL_EVENT_ISB) != 0 |
4132 | 0 | && test_poll_event_is(ctx.qc, /*uni=*/0)) |
4133 | 0 | revents |= SSL_POLL_EVENT_ISB; |
4134 | |
|
4135 | 0 | if ((events & SSL_POLL_EVENT_ISU) != 0 |
4136 | 0 | && test_poll_event_is(ctx.qc, /*uni=*/1)) |
4137 | 0 | revents |= SSL_POLL_EVENT_ISU; |
4138 | |
|
4139 | 0 | if ((events & SSL_POLL_EVENT_OSB) != 0 |
4140 | 0 | && test_poll_event_os(ctx.qc, /*uni=*/0)) |
4141 | 0 | revents |= SSL_POLL_EVENT_OSB; |
4142 | |
|
4143 | 0 | if ((events & SSL_POLL_EVENT_OSU) != 0 |
4144 | 0 | && test_poll_event_os(ctx.qc, /*uni=*/1)) |
4145 | 0 | revents |= SSL_POLL_EVENT_OSU; |
4146 | 0 | } |
4147 | |
|
4148 | 0 | quic_unlock(ctx.qc); |
4149 | 0 | *p_revents = revents; |
4150 | 0 | return 1; |
4151 | 0 | } |
4152 | | |
4153 | | /* |
4154 | | * Internal Testing APIs |
4155 | | * ===================== |
4156 | | */ |
4157 | | |
4158 | | QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s) |
4159 | 0 | { |
4160 | 0 | QCTX ctx; |
4161 | |
|
4162 | 0 | if (!expect_quic_conn_only(s, &ctx)) |
4163 | 0 | return NULL; |
4164 | | |
4165 | 0 | return ctx.qc->ch; |
4166 | 0 | } |
4167 | | |
4168 | | int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title) |
4169 | 0 | { |
4170 | 0 | #ifndef OPENSSL_NO_QLOG |
4171 | 0 | OPENSSL_free(ctx->qlog_title); |
4172 | 0 | ctx->qlog_title = NULL; |
4173 | |
|
4174 | 0 | if (title == NULL) |
4175 | 0 | return 1; |
4176 | | |
4177 | 0 | if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL) |
4178 | 0 | return 0; |
4179 | 0 | #endif |
4180 | | |
4181 | 0 | return 1; |
4182 | 0 | } |