/src/openssl/ssl/quic/quic_demux.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/quic_demux.h" |
11 | | #include "internal/quic_wire_pkt.h" |
12 | | #include "internal/common.h" |
13 | | #include <openssl/lhash.h> |
14 | | #include <openssl/err.h> |
15 | | |
16 | 2.52k | #define URXE_DEMUX_STATE_FREE 0 /* on urx_free list */ |
17 | 0 | #define URXE_DEMUX_STATE_PENDING 1 /* on urx_pending list */ |
18 | 0 | #define URXE_DEMUX_STATE_ISSUED 2 /* on neither list */ |
19 | | |
20 | 158 | #define DEMUX_MAX_MSGS_PER_CALL 32 |
21 | | |
22 | 79 | #define DEMUX_DEFAULT_MTU 1500 |
23 | | |
24 | | struct quic_demux_st { |
25 | | /* The underlying transport BIO with datagram semantics. */ |
26 | | BIO *net_bio; |
27 | | |
28 | | /* |
29 | | * QUIC short packets do not contain the length of the connection ID field, |
30 | | * therefore it must be known contextually. The demuxer requires connection |
31 | | * IDs of the same length to be used for all incoming packets. |
32 | | */ |
33 | | size_t short_conn_id_len; |
34 | | |
35 | | /* |
36 | | * Our current understanding of the upper bound on an incoming datagram size |
37 | | * in bytes. |
38 | | */ |
39 | | size_t mtu; |
40 | | |
41 | | /* The datagram_id to use for the next datagram we receive. */ |
42 | | uint64_t next_datagram_id; |
43 | | |
44 | | /* Time retrieval callback. */ |
45 | | OSSL_TIME (*now)(void *arg); |
46 | | void *now_arg; |
47 | | |
48 | | /* The default packet handler, if any. */ |
49 | | ossl_quic_demux_cb_fn *default_cb; |
50 | | void *default_cb_arg; |
51 | | |
52 | | /* |
53 | | * List of URXEs which are not currently in use (i.e., not filled with |
54 | | * unconsumed data). These are moved to the pending list as they are filled. |
55 | | */ |
56 | | QUIC_URXE_LIST urx_free; |
57 | | |
58 | | /* |
59 | | * List of URXEs which are filled with received encrypted data. These are |
60 | | * removed from this list as we invoke the callbacks for each of them. They |
61 | | * are then not on any list managed by us; we forget about them until our |
62 | | * user calls ossl_quic_demux_release_urxe to return the URXE to us, at |
63 | | * which point we add it to the free list. |
64 | | */ |
65 | | QUIC_URXE_LIST urx_pending; |
66 | | |
67 | | /* Whether to use local address support. */ |
68 | | char use_local_addr; |
69 | | }; |
70 | | |
71 | | QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio, |
72 | | size_t short_conn_id_len, |
73 | | OSSL_TIME (*now)(void *arg), |
74 | | void *now_arg) |
75 | 79 | { |
76 | 79 | QUIC_DEMUX *demux; |
77 | | |
78 | 79 | demux = OPENSSL_zalloc(sizeof(QUIC_DEMUX)); |
79 | 79 | if (demux == NULL) |
80 | 0 | return NULL; |
81 | | |
82 | 79 | demux->net_bio = net_bio; |
83 | 79 | demux->short_conn_id_len = short_conn_id_len; |
84 | | /* We update this if possible when we get a BIO. */ |
85 | 79 | demux->mtu = DEMUX_DEFAULT_MTU; |
86 | 79 | demux->now = now; |
87 | 79 | demux->now_arg = now_arg; |
88 | | |
89 | 79 | if (net_bio != NULL |
90 | 79 | && BIO_dgram_get_local_addr_cap(net_bio) |
91 | 79 | && BIO_dgram_set_local_addr_enable(net_bio, 1)) |
92 | 0 | demux->use_local_addr = 1; |
93 | | |
94 | 79 | return demux; |
95 | 79 | } |
96 | | |
97 | | static void demux_free_urxl(QUIC_URXE_LIST *l) |
98 | 158 | { |
99 | 158 | QUIC_URXE *e, *enext; |
100 | | |
101 | 2.68k | for (e = ossl_list_urxe_head(l); e != NULL; e = enext) { |
102 | 2.52k | enext = ossl_list_urxe_next(e); |
103 | 2.52k | ossl_list_urxe_remove(l, e); |
104 | 2.52k | OPENSSL_free(e); |
105 | 2.52k | } |
106 | 158 | } |
107 | | |
108 | | void ossl_quic_demux_free(QUIC_DEMUX *demux) |
109 | 79 | { |
110 | 79 | if (demux == NULL) |
111 | 0 | return; |
112 | | |
113 | | /* Free all URXEs we are holding. */ |
114 | 79 | demux_free_urxl(&demux->urx_free); |
115 | 79 | demux_free_urxl(&demux->urx_pending); |
116 | | |
117 | 79 | OPENSSL_free(demux); |
118 | 79 | } |
119 | | |
120 | | void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio) |
121 | 79 | { |
122 | 79 | unsigned int mtu; |
123 | | |
124 | 79 | demux->net_bio = net_bio; |
125 | | |
126 | 79 | if (net_bio != NULL) { |
127 | | /* |
128 | | * Try to determine our MTU if possible. The BIO is not required to |
129 | | * support this, in which case we remain at the last known MTU, or our |
130 | | * initial default. |
131 | | */ |
132 | 79 | mtu = BIO_dgram_get_mtu(net_bio); |
133 | 79 | if (mtu >= QUIC_MIN_INITIAL_DGRAM_LEN) |
134 | 79 | ossl_quic_demux_set_mtu(demux, mtu); /* best effort */ |
135 | 79 | } |
136 | 79 | } |
137 | | |
138 | | int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu) |
139 | 79 | { |
140 | 79 | if (mtu < QUIC_MIN_INITIAL_DGRAM_LEN) |
141 | 0 | return 0; |
142 | | |
143 | 79 | demux->mtu = mtu; |
144 | 79 | return 1; |
145 | 79 | } |
146 | | |
147 | | void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux, |
148 | | ossl_quic_demux_cb_fn *cb, |
149 | | void *cb_arg) |
150 | 79 | { |
151 | 79 | demux->default_cb = cb; |
152 | 79 | demux->default_cb_arg = cb_arg; |
153 | 79 | } |
154 | | |
155 | | static QUIC_URXE *demux_alloc_urxe(size_t alloc_len) |
156 | 2.52k | { |
157 | 2.52k | QUIC_URXE *e; |
158 | | |
159 | 2.52k | if (alloc_len >= SIZE_MAX - sizeof(QUIC_URXE)) |
160 | 0 | return NULL; |
161 | | |
162 | 2.52k | e = OPENSSL_malloc(sizeof(QUIC_URXE) + alloc_len); |
163 | 2.52k | if (e == NULL) |
164 | 0 | return NULL; |
165 | | |
166 | 2.52k | ossl_list_urxe_init_elem(e); |
167 | 2.52k | e->alloc_len = alloc_len; |
168 | 2.52k | e->data_len = 0; |
169 | 2.52k | return e; |
170 | 2.52k | } |
171 | | |
172 | | static QUIC_URXE *demux_resize_urxe(QUIC_DEMUX *demux, QUIC_URXE *e, |
173 | | size_t new_alloc_len) |
174 | 0 | { |
175 | 0 | QUIC_URXE *e2, *prev; |
176 | |
|
177 | 0 | if (!ossl_assert(e->demux_state == URXE_DEMUX_STATE_FREE)) |
178 | | /* Never attempt to resize a URXE which is not on the free list. */ |
179 | 0 | return NULL; |
180 | | |
181 | 0 | prev = ossl_list_urxe_prev(e); |
182 | 0 | ossl_list_urxe_remove(&demux->urx_free, e); |
183 | |
|
184 | 0 | e2 = OPENSSL_realloc(e, sizeof(QUIC_URXE) + new_alloc_len); |
185 | 0 | if (e2 == NULL) { |
186 | | /* Failed to resize, abort. */ |
187 | 0 | if (prev == NULL) |
188 | 0 | ossl_list_urxe_insert_head(&demux->urx_free, e); |
189 | 0 | else |
190 | 0 | ossl_list_urxe_insert_after(&demux->urx_free, prev, e); |
191 | |
|
192 | 0 | return NULL; |
193 | 0 | } |
194 | | |
195 | 0 | if (prev == NULL) |
196 | 0 | ossl_list_urxe_insert_head(&demux->urx_free, e2); |
197 | 0 | else |
198 | 0 | ossl_list_urxe_insert_after(&demux->urx_free, prev, e2); |
199 | |
|
200 | 0 | e2->alloc_len = new_alloc_len; |
201 | 0 | return e2; |
202 | 0 | } |
203 | | |
204 | | static QUIC_URXE *demux_reserve_urxe(QUIC_DEMUX *demux, QUIC_URXE *e, |
205 | | size_t alloc_len) |
206 | 5.05k | { |
207 | 5.05k | return e->alloc_len < alloc_len ? demux_resize_urxe(demux, e, alloc_len) : e; |
208 | 5.05k | } |
209 | | |
210 | | static int demux_ensure_free_urxe(QUIC_DEMUX *demux, size_t min_num_free) |
211 | 158 | { |
212 | 158 | QUIC_URXE *e; |
213 | | |
214 | 2.68k | while (ossl_list_urxe_num(&demux->urx_free) < min_num_free) { |
215 | 2.52k | e = demux_alloc_urxe(demux->mtu); |
216 | 2.52k | if (e == NULL) |
217 | 0 | return 0; |
218 | | |
219 | 2.52k | ossl_list_urxe_insert_tail(&demux->urx_free, e); |
220 | 2.52k | e->demux_state = URXE_DEMUX_STATE_FREE; |
221 | 2.52k | } |
222 | | |
223 | 158 | return 1; |
224 | 158 | } |
225 | | |
226 | | /* |
227 | | * Receive datagrams from network, placing them into URXEs. |
228 | | * |
229 | | * Returns 1 on success or 0 on failure. |
230 | | * |
231 | | * Precondition: at least one URXE is free |
232 | | * Precondition: there are no pending URXEs |
233 | | */ |
234 | | static int demux_recv(QUIC_DEMUX *demux) |
235 | 158 | { |
236 | 158 | BIO_MSG msg[DEMUX_MAX_MSGS_PER_CALL]; |
237 | 158 | size_t rd, i; |
238 | 158 | QUIC_URXE *urxe = ossl_list_urxe_head(&demux->urx_free), *unext; |
239 | 158 | OSSL_TIME now; |
240 | | |
241 | | /* This should never be called when we have any pending URXE. */ |
242 | 158 | assert(ossl_list_urxe_head(&demux->urx_pending) == NULL); |
243 | 158 | assert(urxe->demux_state == URXE_DEMUX_STATE_FREE); |
244 | | |
245 | 158 | if (demux->net_bio == NULL) |
246 | | /* |
247 | | * If no BIO is plugged in, treat this as no datagram being available. |
248 | | */ |
249 | 0 | return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL; |
250 | | |
251 | | /* |
252 | | * Opportunistically receive as many messages as possible in a single |
253 | | * syscall, determined by how many free URXEs are available. |
254 | | */ |
255 | 5.21k | for (i = 0; i < (ossl_ssize_t)OSSL_NELEM(msg); |
256 | 5.05k | ++i, urxe = ossl_list_urxe_next(urxe)) { |
257 | 5.05k | if (urxe == NULL) { |
258 | | /* We need at least one URXE to receive into. */ |
259 | 0 | if (!ossl_assert(i > 0)) |
260 | 0 | return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL; |
261 | | |
262 | 0 | break; |
263 | 0 | } |
264 | | |
265 | | /* Ensure the URXE is big enough. */ |
266 | 5.05k | urxe = demux_reserve_urxe(demux, urxe, demux->mtu); |
267 | 5.05k | if (urxe == NULL) |
268 | | /* Allocation error, fail. */ |
269 | 0 | return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL; |
270 | | |
271 | | /* Ensure we zero any fields added to BIO_MSG at a later date. */ |
272 | 5.05k | memset(&msg[i], 0, sizeof(BIO_MSG)); |
273 | 5.05k | msg[i].data = ossl_quic_urxe_data(urxe); |
274 | 5.05k | msg[i].data_len = urxe->alloc_len; |
275 | 5.05k | msg[i].peer = &urxe->peer; |
276 | 5.05k | BIO_ADDR_clear(&urxe->peer); |
277 | 5.05k | if (demux->use_local_addr) |
278 | 0 | msg[i].local = &urxe->local; |
279 | 5.05k | else |
280 | 5.05k | BIO_ADDR_clear(&urxe->local); |
281 | 5.05k | } |
282 | | |
283 | 158 | ERR_set_mark(); |
284 | 158 | if (!BIO_recvmmsg(demux->net_bio, msg, sizeof(BIO_MSG), i, 0, &rd)) { |
285 | 158 | if (BIO_err_is_non_fatal(ERR_peek_last_error())) { |
286 | | /* Transient error, clear the error and stop. */ |
287 | 158 | ERR_pop_to_mark(); |
288 | 158 | return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL; |
289 | 158 | } else { |
290 | | /* Non-transient error, do not clear the error. */ |
291 | 0 | ERR_clear_last_mark(); |
292 | 0 | return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL; |
293 | 0 | } |
294 | 158 | } |
295 | | |
296 | 0 | ERR_clear_last_mark(); |
297 | 0 | now = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero(); |
298 | |
|
299 | 0 | urxe = ossl_list_urxe_head(&demux->urx_free); |
300 | 0 | for (i = 0; i < rd; ++i, urxe = unext) { |
301 | 0 | unext = ossl_list_urxe_next(urxe); |
302 | | /* Set URXE with actual length of received datagram. */ |
303 | 0 | urxe->data_len = msg[i].data_len; |
304 | | /* Time we received datagram. */ |
305 | 0 | urxe->time = now; |
306 | 0 | urxe->datagram_id = demux->next_datagram_id++; |
307 | | /* Move from free list to pending list. */ |
308 | 0 | ossl_list_urxe_remove(&demux->urx_free, urxe); |
309 | 0 | ossl_list_urxe_insert_tail(&demux->urx_pending, urxe); |
310 | 0 | urxe->demux_state = URXE_DEMUX_STATE_PENDING; |
311 | 0 | } |
312 | |
|
313 | 0 | return QUIC_DEMUX_PUMP_RES_OK; |
314 | 158 | } |
315 | | |
316 | | /* Extract destination connection ID from the first packet in a datagram. */ |
317 | | static int demux_identify_conn_id(QUIC_DEMUX *demux, |
318 | | QUIC_URXE *e, |
319 | | QUIC_CONN_ID *dst_conn_id) |
320 | 0 | { |
321 | 0 | return ossl_quic_wire_get_pkt_hdr_dst_conn_id(ossl_quic_urxe_data(e), |
322 | 0 | e->data_len, |
323 | 0 | demux->short_conn_id_len, |
324 | 0 | dst_conn_id); |
325 | 0 | } |
326 | | |
327 | | /* |
328 | | * Process a single pending URXE. |
329 | | * Returning 1 on success, 0 on failure. |
330 | | */ |
331 | | static int demux_process_pending_urxe(QUIC_DEMUX *demux, QUIC_URXE *e) |
332 | 0 | { |
333 | 0 | QUIC_CONN_ID dst_conn_id; |
334 | 0 | int dst_conn_id_ok = 0; |
335 | | |
336 | | /* The next URXE we process should be at the head of the pending list. */ |
337 | 0 | if (!ossl_assert(e == ossl_list_urxe_head(&demux->urx_pending))) |
338 | 0 | return 0; |
339 | | |
340 | 0 | assert(e->demux_state == URXE_DEMUX_STATE_PENDING); |
341 | | |
342 | | /* Determine the DCID of the first packet in the datagram. */ |
343 | 0 | dst_conn_id_ok = demux_identify_conn_id(demux, e, &dst_conn_id); |
344 | |
|
345 | 0 | ossl_list_urxe_remove(&demux->urx_pending, e); |
346 | 0 | if (demux->default_cb != NULL) { |
347 | | /* |
348 | | * Pass to default handler for routing. The URXE now belongs to the |
349 | | * callback. |
350 | | */ |
351 | 0 | e->demux_state = URXE_DEMUX_STATE_ISSUED; |
352 | 0 | demux->default_cb(e, demux->default_cb_arg, |
353 | 0 | dst_conn_id_ok ? &dst_conn_id : NULL); |
354 | 0 | } else { |
355 | | /* Discard. */ |
356 | 0 | ossl_list_urxe_insert_tail(&demux->urx_free, e); |
357 | 0 | e->demux_state = URXE_DEMUX_STATE_FREE; |
358 | 0 | } |
359 | |
|
360 | 0 | return 1; /* keep processing pending URXEs */ |
361 | 0 | } |
362 | | |
363 | | /* Process pending URXEs to generate callbacks. */ |
364 | | static int demux_process_pending_urxl(QUIC_DEMUX *demux) |
365 | 0 | { |
366 | 0 | QUIC_URXE *e; |
367 | 0 | int ret; |
368 | |
|
369 | 0 | while ((e = ossl_list_urxe_head(&demux->urx_pending)) != NULL) |
370 | 0 | if ((ret = demux_process_pending_urxe(demux, e)) <= 0) |
371 | 0 | return ret; |
372 | | |
373 | 0 | return 1; |
374 | 0 | } |
375 | | |
376 | | /* |
377 | | * Drain the pending URXE list, processing any pending URXEs by making their |
378 | | * callbacks. If no URXEs are pending, a network read is attempted first. |
379 | | */ |
380 | | int ossl_quic_demux_pump(QUIC_DEMUX *demux) |
381 | 158 | { |
382 | 158 | int ret; |
383 | | |
384 | 158 | if (ossl_list_urxe_head(&demux->urx_pending) == NULL) { |
385 | 158 | ret = demux_ensure_free_urxe(demux, DEMUX_MAX_MSGS_PER_CALL); |
386 | 158 | if (ret != 1) |
387 | 0 | return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL; |
388 | | |
389 | 158 | ret = demux_recv(demux); |
390 | 158 | if (ret != QUIC_DEMUX_PUMP_RES_OK) |
391 | 158 | return ret; |
392 | | |
393 | | /* |
394 | | * If demux_recv returned successfully, we should always have something. |
395 | | */ |
396 | 0 | assert(ossl_list_urxe_head(&demux->urx_pending) != NULL); |
397 | 0 | } |
398 | | |
399 | 0 | if ((ret = demux_process_pending_urxl(demux)) <= 0) |
400 | 0 | return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL; |
401 | | |
402 | 0 | return QUIC_DEMUX_PUMP_RES_OK; |
403 | 0 | } |
404 | | |
405 | | /* Artificially inject a packet into the demuxer for testing purposes. */ |
406 | | int ossl_quic_demux_inject(QUIC_DEMUX *demux, |
407 | | const unsigned char *buf, |
408 | | size_t buf_len, |
409 | | const BIO_ADDR *peer, |
410 | | const BIO_ADDR *local) |
411 | 0 | { |
412 | 0 | int ret; |
413 | 0 | QUIC_URXE *urxe; |
414 | |
|
415 | 0 | ret = demux_ensure_free_urxe(demux, 1); |
416 | 0 | if (ret != 1) |
417 | 0 | return 0; |
418 | | |
419 | 0 | urxe = ossl_list_urxe_head(&demux->urx_free); |
420 | |
|
421 | 0 | assert(urxe->demux_state == URXE_DEMUX_STATE_FREE); |
422 | | |
423 | 0 | urxe = demux_reserve_urxe(demux, urxe, buf_len); |
424 | 0 | if (urxe == NULL) |
425 | 0 | return 0; |
426 | | |
427 | 0 | memcpy(ossl_quic_urxe_data(urxe), buf, buf_len); |
428 | 0 | urxe->data_len = buf_len; |
429 | |
|
430 | 0 | if (peer != NULL) |
431 | 0 | urxe->peer = *peer; |
432 | 0 | else |
433 | 0 | BIO_ADDR_clear(&urxe->peer); |
434 | |
|
435 | 0 | if (local != NULL) |
436 | 0 | urxe->local = *local; |
437 | 0 | else |
438 | 0 | BIO_ADDR_clear(&urxe->local); |
439 | |
|
440 | 0 | urxe->time |
441 | 0 | = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero(); |
442 | | |
443 | | /* Move from free list to pending list. */ |
444 | 0 | ossl_list_urxe_remove(&demux->urx_free, urxe); |
445 | 0 | urxe->datagram_id = demux->next_datagram_id++; |
446 | 0 | ossl_list_urxe_insert_tail(&demux->urx_pending, urxe); |
447 | 0 | urxe->demux_state = URXE_DEMUX_STATE_PENDING; |
448 | |
|
449 | 0 | return demux_process_pending_urxl(demux) > 0; |
450 | 0 | } |
451 | | |
452 | | /* Called by our user to return a URXE to the free list. */ |
453 | | void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux, |
454 | | QUIC_URXE *e) |
455 | 0 | { |
456 | 0 | assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL); |
457 | 0 | assert(e->demux_state == URXE_DEMUX_STATE_ISSUED); |
458 | 0 | ossl_list_urxe_insert_tail(&demux->urx_free, e); |
459 | 0 | e->demux_state = URXE_DEMUX_STATE_FREE; |
460 | 0 | } |
461 | | |
462 | | void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux, |
463 | | QUIC_URXE *e) |
464 | 0 | { |
465 | 0 | assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL); |
466 | 0 | assert(e->demux_state == URXE_DEMUX_STATE_ISSUED); |
467 | 0 | ossl_list_urxe_insert_head(&demux->urx_pending, e); |
468 | 0 | e->demux_state = URXE_DEMUX_STATE_PENDING; |
469 | 0 | } |
470 | | |
471 | | int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux) |
472 | 0 | { |
473 | 0 | return ossl_list_urxe_head(&demux->urx_pending) != NULL; |
474 | 0 | } |