Coverage Report

Created: 2025-06-13 06:55

/src/openssl/ssl/quic/quic_demux.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include "internal/quic_demux.h"
11
#include "internal/quic_wire_pkt.h"
12
#include "internal/common.h"
13
#include <openssl/lhash.h>
14
#include <openssl/err.h>
15
16
2.52k
#define URXE_DEMUX_STATE_FREE       0 /* on urx_free list */
17
0
#define URXE_DEMUX_STATE_PENDING    1 /* on urx_pending list */
18
0
#define URXE_DEMUX_STATE_ISSUED     2 /* on neither list */
19
20
158
#define DEMUX_MAX_MSGS_PER_CALL    32
21
22
79
#define DEMUX_DEFAULT_MTU        1500
23
24
struct quic_demux_st {
25
    /* The underlying transport BIO with datagram semantics. */
26
    BIO                        *net_bio;
27
28
    /*
29
     * QUIC short packets do not contain the length of the connection ID field,
30
     * therefore it must be known contextually. The demuxer requires connection
31
     * IDs of the same length to be used for all incoming packets.
32
     */
33
    size_t                      short_conn_id_len;
34
35
    /*
36
     * Our current understanding of the upper bound on an incoming datagram size
37
     * in bytes.
38
     */
39
    size_t                      mtu;
40
41
    /* The datagram_id to use for the next datagram we receive. */
42
    uint64_t                    next_datagram_id;
43
44
    /* Time retrieval callback. */
45
    OSSL_TIME                 (*now)(void *arg);
46
    void                       *now_arg;
47
48
    /* The default packet handler, if any. */
49
    ossl_quic_demux_cb_fn      *default_cb;
50
    void                       *default_cb_arg;
51
52
    /*
53
     * List of URXEs which are not currently in use (i.e., not filled with
54
     * unconsumed data). These are moved to the pending list as they are filled.
55
     */
56
    QUIC_URXE_LIST              urx_free;
57
58
    /*
59
     * List of URXEs which are filled with received encrypted data. These are
60
     * removed from this list as we invoke the callbacks for each of them. They
61
     * are then not on any list managed by us; we forget about them until our
62
     * user calls ossl_quic_demux_release_urxe to return the URXE to us, at
63
     * which point we add it to the free list.
64
     */
65
    QUIC_URXE_LIST              urx_pending;
66
67
    /* Whether to use local address support. */
68
    char                        use_local_addr;
69
};
70
71
QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio,
72
                                size_t short_conn_id_len,
73
                                OSSL_TIME (*now)(void *arg),
74
                                void *now_arg)
75
79
{
76
79
    QUIC_DEMUX *demux;
77
78
79
    demux = OPENSSL_zalloc(sizeof(QUIC_DEMUX));
79
79
    if (demux == NULL)
80
0
        return NULL;
81
82
79
    demux->net_bio                  = net_bio;
83
79
    demux->short_conn_id_len        = short_conn_id_len;
84
    /* We update this if possible when we get a BIO. */
85
79
    demux->mtu                      = DEMUX_DEFAULT_MTU;
86
79
    demux->now                      = now;
87
79
    demux->now_arg                  = now_arg;
88
89
79
    if (net_bio != NULL
90
79
        && BIO_dgram_get_local_addr_cap(net_bio)
91
79
        && BIO_dgram_set_local_addr_enable(net_bio, 1))
92
0
        demux->use_local_addr = 1;
93
94
79
    return demux;
95
79
}
96
97
static void demux_free_urxl(QUIC_URXE_LIST *l)
98
158
{
99
158
    QUIC_URXE *e, *enext;
100
101
2.68k
    for (e = ossl_list_urxe_head(l); e != NULL; e = enext) {
102
2.52k
        enext = ossl_list_urxe_next(e);
103
2.52k
        ossl_list_urxe_remove(l, e);
104
2.52k
        OPENSSL_free(e);
105
2.52k
    }
106
158
}
107
108
void ossl_quic_demux_free(QUIC_DEMUX *demux)
109
79
{
110
79
    if (demux == NULL)
111
0
        return;
112
113
    /* Free all URXEs we are holding. */
114
79
    demux_free_urxl(&demux->urx_free);
115
79
    demux_free_urxl(&demux->urx_pending);
116
117
79
    OPENSSL_free(demux);
118
79
}
119
120
void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio)
121
79
{
122
79
    unsigned int mtu;
123
124
79
    demux->net_bio = net_bio;
125
126
79
    if (net_bio != NULL) {
127
        /*
128
         * Try to determine our MTU if possible. The BIO is not required to
129
         * support this, in which case we remain at the last known MTU, or our
130
         * initial default.
131
         */
132
79
        mtu = BIO_dgram_get_mtu(net_bio);
133
79
        if (mtu >= QUIC_MIN_INITIAL_DGRAM_LEN)
134
79
            ossl_quic_demux_set_mtu(demux, mtu); /* best effort */
135
79
    }
136
79
}
137
138
int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu)
139
79
{
140
79
    if (mtu < QUIC_MIN_INITIAL_DGRAM_LEN)
141
0
        return 0;
142
143
79
    demux->mtu = mtu;
144
79
    return 1;
145
79
}
146
147
void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux,
148
                                         ossl_quic_demux_cb_fn *cb,
149
                                         void *cb_arg)
150
79
{
151
79
    demux->default_cb       = cb;
152
79
    demux->default_cb_arg   = cb_arg;
153
79
}
154
155
static QUIC_URXE *demux_alloc_urxe(size_t alloc_len)
156
2.52k
{
157
2.52k
    QUIC_URXE *e;
158
159
2.52k
    if (alloc_len >= SIZE_MAX - sizeof(QUIC_URXE))
160
0
        return NULL;
161
162
2.52k
    e = OPENSSL_malloc(sizeof(QUIC_URXE) + alloc_len);
163
2.52k
    if (e == NULL)
164
0
        return NULL;
165
166
2.52k
    ossl_list_urxe_init_elem(e);
167
2.52k
    e->alloc_len   = alloc_len;
168
2.52k
    e->data_len    = 0;
169
2.52k
    return e;
170
2.52k
}
171
172
static QUIC_URXE *demux_resize_urxe(QUIC_DEMUX *demux, QUIC_URXE *e,
173
                                    size_t new_alloc_len)
174
0
{
175
0
    QUIC_URXE *e2, *prev;
176
177
0
    if (!ossl_assert(e->demux_state == URXE_DEMUX_STATE_FREE))
178
        /* Never attempt to resize a URXE which is not on the free list. */
179
0
        return NULL;
180
181
0
    prev = ossl_list_urxe_prev(e);
182
0
    ossl_list_urxe_remove(&demux->urx_free, e);
183
184
0
    e2 = OPENSSL_realloc(e, sizeof(QUIC_URXE) + new_alloc_len);
185
0
    if (e2 == NULL) {
186
        /* Failed to resize, abort. */
187
0
        if (prev == NULL)
188
0
            ossl_list_urxe_insert_head(&demux->urx_free, e);
189
0
        else
190
0
            ossl_list_urxe_insert_after(&demux->urx_free, prev, e);
191
192
0
        return NULL;
193
0
    }
194
195
0
    if (prev == NULL)
196
0
        ossl_list_urxe_insert_head(&demux->urx_free, e2);
197
0
    else
198
0
        ossl_list_urxe_insert_after(&demux->urx_free, prev, e2);
199
200
0
    e2->alloc_len = new_alloc_len;
201
0
    return e2;
202
0
}
203
204
static QUIC_URXE *demux_reserve_urxe(QUIC_DEMUX *demux, QUIC_URXE *e,
205
                                     size_t alloc_len)
206
5.05k
{
207
5.05k
    return e->alloc_len < alloc_len ? demux_resize_urxe(demux, e, alloc_len) : e;
208
5.05k
}
209
210
static int demux_ensure_free_urxe(QUIC_DEMUX *demux, size_t min_num_free)
211
158
{
212
158
    QUIC_URXE *e;
213
214
2.68k
    while (ossl_list_urxe_num(&demux->urx_free) < min_num_free) {
215
2.52k
        e = demux_alloc_urxe(demux->mtu);
216
2.52k
        if (e == NULL)
217
0
            return 0;
218
219
2.52k
        ossl_list_urxe_insert_tail(&demux->urx_free, e);
220
2.52k
        e->demux_state = URXE_DEMUX_STATE_FREE;
221
2.52k
    }
222
223
158
    return 1;
224
158
}
225
226
/*
227
 * Receive datagrams from network, placing them into URXEs.
228
 *
229
 * Returns 1 on success or 0 on failure.
230
 *
231
 * Precondition: at least one URXE is free
232
 * Precondition: there are no pending URXEs
233
 */
234
static int demux_recv(QUIC_DEMUX *demux)
235
158
{
236
158
    BIO_MSG msg[DEMUX_MAX_MSGS_PER_CALL];
237
158
    size_t rd, i;
238
158
    QUIC_URXE *urxe = ossl_list_urxe_head(&demux->urx_free), *unext;
239
158
    OSSL_TIME now;
240
241
    /* This should never be called when we have any pending URXE. */
242
158
    assert(ossl_list_urxe_head(&demux->urx_pending) == NULL);
243
158
    assert(urxe->demux_state == URXE_DEMUX_STATE_FREE);
244
245
158
    if (demux->net_bio == NULL)
246
        /*
247
         * If no BIO is plugged in, treat this as no datagram being available.
248
         */
249
0
        return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL;
250
251
    /*
252
     * Opportunistically receive as many messages as possible in a single
253
     * syscall, determined by how many free URXEs are available.
254
     */
255
5.21k
    for (i = 0; i < (ossl_ssize_t)OSSL_NELEM(msg);
256
5.05k
            ++i, urxe = ossl_list_urxe_next(urxe)) {
257
5.05k
        if (urxe == NULL) {
258
            /* We need at least one URXE to receive into. */
259
0
            if (!ossl_assert(i > 0))
260
0
                return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
261
262
0
            break;
263
0
        }
264
265
        /* Ensure the URXE is big enough. */
266
5.05k
        urxe = demux_reserve_urxe(demux, urxe, demux->mtu);
267
5.05k
        if (urxe == NULL)
268
            /* Allocation error, fail. */
269
0
            return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
270
271
        /* Ensure we zero any fields added to BIO_MSG at a later date. */
272
5.05k
        memset(&msg[i], 0, sizeof(BIO_MSG));
273
5.05k
        msg[i].data     = ossl_quic_urxe_data(urxe);
274
5.05k
        msg[i].data_len = urxe->alloc_len;
275
5.05k
        msg[i].peer     = &urxe->peer;
276
5.05k
        BIO_ADDR_clear(&urxe->peer);
277
5.05k
        if (demux->use_local_addr)
278
0
            msg[i].local = &urxe->local;
279
5.05k
        else
280
5.05k
            BIO_ADDR_clear(&urxe->local);
281
5.05k
    }
282
283
158
    ERR_set_mark();
284
158
    if (!BIO_recvmmsg(demux->net_bio, msg, sizeof(BIO_MSG), i, 0, &rd)) {
285
158
        if (BIO_err_is_non_fatal(ERR_peek_last_error())) {
286
            /* Transient error, clear the error and stop. */
287
158
            ERR_pop_to_mark();
288
158
            return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL;
289
158
        } else {
290
            /* Non-transient error, do not clear the error. */
291
0
            ERR_clear_last_mark();
292
0
            return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
293
0
        }
294
158
    }
295
296
0
    ERR_clear_last_mark();
297
0
    now = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero();
298
299
0
    urxe = ossl_list_urxe_head(&demux->urx_free);
300
0
    for (i = 0; i < rd; ++i, urxe = unext) {
301
0
        unext = ossl_list_urxe_next(urxe);
302
        /* Set URXE with actual length of received datagram. */
303
0
        urxe->data_len      = msg[i].data_len;
304
        /* Time we received datagram. */
305
0
        urxe->time          = now;
306
0
        urxe->datagram_id   = demux->next_datagram_id++;
307
        /* Move from free list to pending list. */
308
0
        ossl_list_urxe_remove(&demux->urx_free, urxe);
309
0
        ossl_list_urxe_insert_tail(&demux->urx_pending, urxe);
310
0
        urxe->demux_state = URXE_DEMUX_STATE_PENDING;
311
0
    }
312
313
0
    return QUIC_DEMUX_PUMP_RES_OK;
314
158
}
315
316
/* Extract destination connection ID from the first packet in a datagram. */
317
static int demux_identify_conn_id(QUIC_DEMUX *demux,
318
                                  QUIC_URXE *e,
319
                                  QUIC_CONN_ID *dst_conn_id)
320
0
{
321
0
    return ossl_quic_wire_get_pkt_hdr_dst_conn_id(ossl_quic_urxe_data(e),
322
0
                                                  e->data_len,
323
0
                                                  demux->short_conn_id_len,
324
0
                                                  dst_conn_id);
325
0
}
326
327
/*
328
 * Process a single pending URXE.
329
 * Returning 1 on success, 0 on failure.
330
 */
331
static int demux_process_pending_urxe(QUIC_DEMUX *demux, QUIC_URXE *e)
332
0
{
333
0
    QUIC_CONN_ID dst_conn_id;
334
0
    int dst_conn_id_ok = 0;
335
336
    /* The next URXE we process should be at the head of the pending list. */
337
0
    if (!ossl_assert(e == ossl_list_urxe_head(&demux->urx_pending)))
338
0
        return 0;
339
340
0
    assert(e->demux_state == URXE_DEMUX_STATE_PENDING);
341
342
    /* Determine the DCID of the first packet in the datagram. */
343
0
    dst_conn_id_ok = demux_identify_conn_id(demux, e, &dst_conn_id);
344
345
0
    ossl_list_urxe_remove(&demux->urx_pending, e);
346
0
    if (demux->default_cb != NULL) {
347
        /*
348
         * Pass to default handler for routing. The URXE now belongs to the
349
         * callback.
350
         */
351
0
        e->demux_state = URXE_DEMUX_STATE_ISSUED;
352
0
        demux->default_cb(e, demux->default_cb_arg,
353
0
                          dst_conn_id_ok ? &dst_conn_id : NULL);
354
0
    } else {
355
        /* Discard. */
356
0
        ossl_list_urxe_insert_tail(&demux->urx_free, e);
357
0
        e->demux_state = URXE_DEMUX_STATE_FREE;
358
0
    }
359
360
0
    return 1; /* keep processing pending URXEs */
361
0
}
362
363
/* Process pending URXEs to generate callbacks. */
364
static int demux_process_pending_urxl(QUIC_DEMUX *demux)
365
0
{
366
0
    QUIC_URXE *e;
367
0
    int ret;
368
369
0
    while ((e = ossl_list_urxe_head(&demux->urx_pending)) != NULL)
370
0
        if ((ret = demux_process_pending_urxe(demux, e)) <= 0)
371
0
            return ret;
372
373
0
    return 1;
374
0
}
375
376
/*
377
 * Drain the pending URXE list, processing any pending URXEs by making their
378
 * callbacks. If no URXEs are pending, a network read is attempted first.
379
 */
380
int ossl_quic_demux_pump(QUIC_DEMUX *demux)
381
158
{
382
158
    int ret;
383
384
158
    if (ossl_list_urxe_head(&demux->urx_pending) == NULL) {
385
158
        ret = demux_ensure_free_urxe(demux, DEMUX_MAX_MSGS_PER_CALL);
386
158
        if (ret != 1)
387
0
            return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
388
389
158
        ret = demux_recv(demux);
390
158
        if (ret != QUIC_DEMUX_PUMP_RES_OK)
391
158
            return ret;
392
393
        /*
394
         * If demux_recv returned successfully, we should always have something.
395
         */
396
0
        assert(ossl_list_urxe_head(&demux->urx_pending) != NULL);
397
0
    }
398
399
0
    if ((ret = demux_process_pending_urxl(demux)) <= 0)
400
0
        return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
401
402
0
    return QUIC_DEMUX_PUMP_RES_OK;
403
0
}
404
405
/* Artificially inject a packet into the demuxer for testing purposes. */
406
int ossl_quic_demux_inject(QUIC_DEMUX *demux,
407
                           const unsigned char *buf,
408
                           size_t buf_len,
409
                           const BIO_ADDR *peer,
410
                           const BIO_ADDR *local)
411
0
{
412
0
    int ret;
413
0
    QUIC_URXE *urxe;
414
415
0
    ret = demux_ensure_free_urxe(demux, 1);
416
0
    if (ret != 1)
417
0
        return 0;
418
419
0
    urxe = ossl_list_urxe_head(&demux->urx_free);
420
421
0
    assert(urxe->demux_state == URXE_DEMUX_STATE_FREE);
422
423
0
    urxe = demux_reserve_urxe(demux, urxe, buf_len);
424
0
    if (urxe == NULL)
425
0
        return 0;
426
427
0
    memcpy(ossl_quic_urxe_data(urxe), buf, buf_len);
428
0
    urxe->data_len = buf_len;
429
430
0
    if (peer != NULL)
431
0
        urxe->peer = *peer;
432
0
    else
433
0
        BIO_ADDR_clear(&urxe->peer);
434
435
0
    if (local != NULL)
436
0
        urxe->local = *local;
437
0
    else
438
0
        BIO_ADDR_clear(&urxe->local);
439
440
0
    urxe->time
441
0
        = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero();
442
443
    /* Move from free list to pending list. */
444
0
    ossl_list_urxe_remove(&demux->urx_free, urxe);
445
0
    urxe->datagram_id = demux->next_datagram_id++;
446
0
    ossl_list_urxe_insert_tail(&demux->urx_pending, urxe);
447
0
    urxe->demux_state = URXE_DEMUX_STATE_PENDING;
448
449
0
    return demux_process_pending_urxl(demux) > 0;
450
0
}
451
452
/* Called by our user to return a URXE to the free list. */
453
void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux,
454
                                  QUIC_URXE *e)
455
0
{
456
0
    assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL);
457
0
    assert(e->demux_state == URXE_DEMUX_STATE_ISSUED);
458
0
    ossl_list_urxe_insert_tail(&demux->urx_free, e);
459
0
    e->demux_state = URXE_DEMUX_STATE_FREE;
460
0
}
461
462
void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux,
463
                                   QUIC_URXE *e)
464
0
{
465
0
    assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL);
466
0
    assert(e->demux_state == URXE_DEMUX_STATE_ISSUED);
467
0
    ossl_list_urxe_insert_head(&demux->urx_pending, e);
468
0
    e->demux_state = URXE_DEMUX_STATE_PENDING;
469
0
}
470
471
int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux)
472
0
{
473
0
    return ossl_list_urxe_head(&demux->urx_pending) != NULL;
474
0
}