2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include <openssl/sslerr.h>
13 #include <crypto/rand.h>
14 #include "quic_local.h"
15 #include "internal/quic_tls.h"
16 #include "internal/quic_rx_depack.h"
17 #include "internal/quic_error.h"
18 #include "internal/quic_engine.h"
19 #include "internal/quic_port.h"
20 #include "internal/time.h"
22 typedef struct qctx_st QCTX;
24 static void aon_write_finish(QUIC_XSO *xso);
25 static int create_channel(QUIC_CONNECTION *qc);
26 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs);
27 static int qc_try_create_default_xso_for_write(QCTX *ctx);
28 static int qc_wait_for_default_xso_for_read(QCTX *ctx);
29 static void quic_lock(QUIC_CONNECTION *qc);
30 static void quic_unlock(QUIC_CONNECTION *qc);
31 static void quic_lock_for_io(QCTX *ctx);
32 static int quic_do_handshake(QCTX *ctx);
33 static void qc_update_reject_policy(QUIC_CONNECTION *qc);
34 static void qc_touch_default_xso(QUIC_CONNECTION *qc);
35 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch);
36 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
37 int touch, QUIC_XSO **old_xso);
38 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock);
39 static int quic_validate_for_write(QUIC_XSO *xso, int *err);
40 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active);
41 static int qc_blocking_mode(const QUIC_CONNECTION *qc);
42 static int xso_blocking_mode(const QUIC_XSO *xso);
43 static void qctx_maybe_autotick(QCTX *ctx);
44 static int qctx_should_autotick(QCTX *ctx);
47 * QUIC Front-End I/O API: Common Utilities
48 * ========================================
52 * Block until a predicate is met.
54 * Precondition: Must have a channel.
55 * Precondition: Must hold channel lock (unchecked).
58 static int block_until_pred(QUIC_CONNECTION *qc,
59 int (*pred)(void *arg), void *pred_arg,
64 assert(qc->ch != NULL);
67 * Any attempt to block auto-disables tick inhibition as otherwise we will
68 * hang around forever.
70 ossl_quic_engine_set_inhibit_tick(qc->engine, 0);
72 rtor = ossl_quic_channel_get_reactor(qc->ch);
73 return ossl_quic_reactor_block_until_pred(rtor, pred, pred_arg, flags,
77 static OSSL_TIME get_time(QUIC_CONNECTION *qc)
79 if (qc->override_now_cb != NULL)
80 return qc->override_now_cb(qc->override_now_cb_arg);
82 return ossl_time_now();
85 static OSSL_TIME get_time_cb(void *arg)
87 QUIC_CONNECTION *qc = arg;
93 * QCTX is a utility structure which provides information we commonly wish to
94 * unwrap upon an API call being dispatched to us, namely:
96 * - a pointer to the QUIC_CONNECTION (regardless of whether a QCSO or QSSO
98 * - a pointer to any applicable QUIC_XSO (e.g. if a QSSO was passed, or if
99 * a QCSO with a default stream was passed);
100 * - whether a QSSO was passed (xso == NULL must not be used to determine this
101 * because it may be non-NULL when a QCSO is passed if that QCSO has a
103 * - whether we are in "I/O context", meaning that non-normal errors can
104 * be reported via SSL_get_error() as well as via ERR. Functions such as
105 * SSL_read(), SSL_write() and SSL_do_handshake() are "I/O context"
106 * functions which are allowed to change the value returned by
107 * SSL_get_error. However, other functions (including functions which call
108 * SSL_do_handshake() implicitly) are not allowed to change the return value
114 int is_stream, in_io;
118 static void quic_set_last_error(QCTX *ctx, int last_error)
123 if (ctx->is_stream && ctx->xso != NULL)
124 ctx->xso->last_error = last_error;
125 else if (!ctx->is_stream && ctx->qc != NULL)
126 ctx->qc->last_error = last_error;
130 * Raise a 'normal' error, meaning one that can be reported via SSL_get_error()
131 * rather than via ERR. Note that normal errors must always be raised while
135 static int quic_raise_normal_error(QCTX *ctx,
139 quic_set_last_error(ctx, err);
145 * Raise a 'non-normal' error, meaning any error that is not reported via
146 * SSL_get_error() and must be reported via ERR.
148 * qc should be provided if available. In exceptional circumstances when qc is
149 * not known NULL may be passed. This should generally only happen when an
150 * expect_...() function defined below fails, which generally indicates a
151 * dispatch error or caller error.
153 * ctx should be NULL if the connection lock is not held.
155 static int quic_raise_non_normal_error(QCTX *ctx,
166 quic_set_last_error(ctx, SSL_ERROR_SSL);
168 if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN && ctx->qc != NULL)
169 ossl_quic_channel_restore_err_state(ctx->qc->ch);
173 ERR_set_debug(file, line, func);
176 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
182 #define QUIC_RAISE_NORMAL_ERROR(ctx, err) \
183 quic_raise_normal_error((ctx), (err))
185 #define QUIC_RAISE_NON_NORMAL_ERROR(ctx, reason, msg) \
186 quic_raise_non_normal_error((ctx), \
187 OPENSSL_FILE, OPENSSL_LINE, \
193 * Given a QCSO or QSSO, initialises a QCTX, determining the contextually
194 * applicable QUIC_CONNECTION pointer and, if applicable, QUIC_XSO pointer.
196 * After this returns 1, all fields of the passed QCTX are initialised.
197 * Returns 0 on failure. This function is intended to be used to provide API
198 * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
200 static int expect_quic(const SSL *s, QCTX *ctx)
210 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_PASSED_NULL_PARAMETER, NULL);
213 case SSL_TYPE_QUIC_CONNECTION:
214 qc = (QUIC_CONNECTION *)s;
216 ctx->xso = qc->default_xso;
221 case SSL_TYPE_QUIC_XSO:
230 return QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
235 * Like expect_quic(), but requires a QUIC_XSO be contextually available. In
236 * other words, requires that the passed QSO be a QSSO or a QCSO with a default
239 * remote_init determines if we expect the default XSO to be remotely created or
240 * not. If it is -1, do not instantiate a default XSO if one does not yet exist.
242 * Channel mutex is acquired and retained on success.
245 static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_init,
246 int in_io, QCTX *ctx)
248 if (!expect_quic(s, ctx))
252 quic_lock_for_io(ctx);
256 if (ctx->xso == NULL && remote_init >= 0) {
257 if (!quic_mutation_allowed(ctx->qc, /*req_active=*/0)) {
258 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
262 /* If we haven't finished the handshake, try to advance it. */
263 if (quic_do_handshake(ctx) < 1)
264 /* ossl_quic_do_handshake raised error here */
267 if (remote_init == 0) {
268 if (!qc_try_create_default_xso_for_write(ctx))
271 if (!qc_wait_for_default_xso_for_read(ctx))
275 ctx->xso = ctx->qc->default_xso;
278 if (ctx->xso == NULL) {
279 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
283 return 1; /* coverity[missing_unlock]: lock held */
286 quic_unlock(ctx->qc);
291 * Like expect_quic(), but fails if called on a QUIC_XSO. ctx->xso may still
292 * be non-NULL if the QCSO has a default stream.
294 static int ossl_unused expect_quic_conn_only(const SSL *s, QCTX *ctx)
296 if (!expect_quic(s, ctx))
300 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_CONN_USE_ONLY, NULL);
306 * Ensures that the channel mutex is held for a method which touches channel
309 * Precondition: Channel mutex is not held (unchecked)
311 static void quic_lock(QUIC_CONNECTION *qc)
313 #if defined(OPENSSL_THREADS)
314 ossl_crypto_mutex_lock(qc->mutex);
318 static void quic_lock_for_io(QCTX *ctx)
324 * We are entering an I/O function so we must update the values returned by
325 * SSL_get_error and SSL_want. Set no error. This will be overridden later
326 * if a call to QUIC_RAISE_NORMAL_ERROR or QUIC_RAISE_NON_NORMAL_ERROR
327 * occurs during the API call.
329 quic_set_last_error(ctx, SSL_ERROR_NONE);
332 /* Precondition: Channel mutex is held (unchecked) */
334 static void quic_unlock(QUIC_CONNECTION *qc)
336 #if defined(OPENSSL_THREADS)
337 ossl_crypto_mutex_unlock(qc->mutex);
342 * This predicate is the criterion which should determine API call rejection for
343 * *most* mutating API calls, particularly stream-related operations for send
346 * A call is rejected (this function returns 0) if shutdown is in progress
347 * (stream flushing), or we are in a TERMINATING or TERMINATED state. If
348 * req_active=1, the connection must be active (i.e., the IDLE state is also
351 static int quic_mutation_allowed(QUIC_CONNECTION *qc, int req_active)
353 if (qc->shutting_down || ossl_quic_channel_is_term_any(qc->ch))
356 if (req_active && !ossl_quic_channel_is_active(qc->ch))
363 * QUIC Front-End I/O API: Initialization
364 * ======================================
366 * SSL_new => ossl_quic_new
368 * SSL_reset => ossl_quic_reset
369 * SSL_clear => ossl_quic_clear
371 * SSL_free => ossl_quic_free
373 * SSL_set_options => ossl_quic_set_options
374 * SSL_get_options => ossl_quic_get_options
375 * SSL_clear_options => ossl_quic_clear_options
380 SSL *ossl_quic_new(SSL_CTX *ctx)
382 QUIC_CONNECTION *qc = NULL;
383 SSL *ssl_base = NULL;
384 SSL_CONNECTION *sc = NULL;
386 qc = OPENSSL_zalloc(sizeof(*qc));
388 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
391 #if defined(OPENSSL_THREADS)
392 if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
393 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
398 /* Initialise the QUIC_CONNECTION's stub header. */
400 if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
402 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
406 qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method());
407 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
408 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
412 /* override the user_ssl of the inner connection */
413 sc->s3.flags |= TLS1_FLAGS_QUIC;
415 /* Restrict options derived from the SSL_CTX. */
416 sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
419 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
420 qc->is_thread_assisted
421 = (ssl_base->method == OSSL_QUIC_client_thread_method());
424 qc->as_server = 0; /* TODO(QUIC SERVER): add server support */
425 qc->as_server_state = qc->as_server;
427 qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
428 qc->default_ssl_mode = qc->ssl.ctx->mode;
429 qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
430 qc->desires_blocking = 1;
432 qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
433 qc->last_error = SSL_ERROR_NONE;
435 if (!create_channel(qc))
438 ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
439 ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
441 qc_update_reject_policy(qc);
444 * We do not create the default XSO yet. The reason for this is that the
445 * stream ID of the default XSO will depend on whether the stream is client
446 * or server-initiated, which depends on who transmits first. Since we do
447 * not know whether the application will be using a client-transmits-first
448 * or server-transmits-first protocol, we defer default XSO creation until
449 * the client calls SSL_read() or SSL_write(). If it calls SSL_read() first,
450 * we take that as a cue that the client is expecting a server-initiated
451 * stream, and vice versa if SSL_write() is called first.
456 if (ssl_base == NULL) {
457 #if defined(OPENSSL_THREADS)
458 ossl_crypto_mutex_free(&qc->mutex);
469 void ossl_quic_free(SSL *s)
474 /* We should never be called on anything but a QSO. */
475 if (!expect_quic(s, &ctx))
482 * When a QSSO is freed, the XSO is freed immediately, because the XSO
483 * itself only contains API personality layer data. However the
484 * underlying QUIC_STREAM is not freed immediately but is instead marked
485 * as deleted for later collection.
488 assert(ctx.qc->num_xso > 0);
491 /* If a stream's send part has not been finished, auto-reset it. */
492 if (( ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_READY
493 || ctx.xso->stream->send_state == QUIC_SSTREAM_STATE_SEND)
494 && !ossl_quic_sstream_get_final_size(ctx.xso->stream->sstream, NULL))
495 ossl_quic_stream_map_reset_stream_send_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
498 /* Do STOP_SENDING for the receive part, if applicable. */
499 if ( ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_RECV
500 || ctx.xso->stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN)
501 ossl_quic_stream_map_stop_sending_recv_part(ossl_quic_channel_get_qsm(ctx.qc->ch),
504 /* Update stream state. */
505 ctx.xso->stream->deleted = 1;
506 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(ctx.qc->ch),
509 is_default = (ctx.xso == ctx.qc->default_xso);
513 * Unref the connection in most cases; the XSO has a ref to the QC and
514 * not vice versa. But for a default XSO, to avoid circular references,
515 * the QC refs the XSO but the XSO does not ref the QC. If we are the
516 * default XSO, we only get here when the QC is being torn down anyway,
517 * so don't call SSL_free(qc) as we are already in it.
520 SSL_free(&ctx.qc->ssl);
522 /* Note: SSL_free calls OPENSSL_free(xso) for us */
527 * Free the default XSO, if any. The QUIC_STREAM is not deleted at this
528 * stage, but is freed during the channel free when the whole QSM is freed.
530 if (ctx.qc->default_xso != NULL) {
531 QUIC_XSO *xso = ctx.qc->default_xso;
536 ctx.qc->default_xso = NULL;
539 /* Ensure we have no remaining XSOs. */
540 assert(ctx.qc->num_xso == 0);
542 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
543 if (ctx.qc->is_thread_assisted && ctx.qc->started) {
544 ossl_quic_thread_assist_wait_stopped(&ctx.qc->thread_assist);
545 ossl_quic_thread_assist_cleanup(&ctx.qc->thread_assist);
549 SSL_free(ctx.qc->tls);
551 ossl_quic_channel_free(ctx.qc->ch);
552 ossl_quic_port_free(ctx.qc->port);
553 ossl_quic_engine_free(ctx.qc->engine);
555 BIO_free_all(ctx.qc->net_rbio);
556 BIO_free_all(ctx.qc->net_wbio);
558 quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
559 #if defined(OPENSSL_THREADS)
560 ossl_crypto_mutex_free(&ctx.qc->mutex);
564 * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
569 /* SSL method init */
570 int ossl_quic_init(SSL *s)
572 /* Same op as SSL_clear, forward the call. */
573 return ossl_quic_clear(s);
576 /* SSL method deinit */
577 void ossl_quic_deinit(SSL *s)
582 /* SSL_clear (ssl_reset method) */
583 int ossl_quic_reset(SSL *s)
587 if (!expect_quic(s, &ctx))
590 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
594 /* ssl_clear method (unused) */
595 int ossl_quic_clear(SSL *s)
599 if (!expect_quic(s, &ctx))
602 ERR_raise(ERR_LIB_SSL, ERR_R_UNSUPPORTED);
606 int ossl_quic_conn_set_override_now_cb(SSL *s,
607 OSSL_TIME (*now_cb)(void *arg),
612 if (!expect_quic(s, &ctx))
617 ctx.qc->override_now_cb = now_cb;
618 ctx.qc->override_now_cb_arg = now_cb_arg;
624 void ossl_quic_conn_force_assist_thread_wake(SSL *s)
628 if (!expect_quic(s, &ctx))
631 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
632 if (ctx.qc->is_thread_assisted && ctx.qc->started)
633 ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
638 static void qc_touch_default_xso(QUIC_CONNECTION *qc)
640 qc->default_xso_created = 1;
641 qc_update_reject_policy(qc);
645 * Changes default XSO. Allows caller to keep reference to the old default XSO
646 * (if any). Reference to new XSO is transferred from caller.
649 static void qc_set_default_xso_keep_ref(QUIC_CONNECTION *qc, QUIC_XSO *xso,
657 if (qc->default_xso != xso) {
658 *old_xso = qc->default_xso; /* transfer old XSO ref to caller */
660 qc->default_xso = xso;
664 * Changing to not having a default XSO. XSO becomes standalone and
665 * now has a ref to the QC.
667 if (!ossl_assert(SSL_up_ref(&qc->ssl)))
671 * Changing from not having a default XSO to having one. The new XSO
672 * will have had a reference to the QC we need to drop to avoid a
673 * circular reference.
675 * Currently we never change directly from one default XSO to
676 * another, though this function would also still be correct if this
679 assert(*old_xso == NULL);
681 CRYPTO_DOWN_REF(&qc->ssl.references, &refs);
687 qc_touch_default_xso(qc);
691 * Changes default XSO, releasing the reference to any previous default XSO.
692 * Reference to new XSO is transferred from caller.
695 static void qc_set_default_xso(QUIC_CONNECTION *qc, QUIC_XSO *xso, int touch)
697 QUIC_XSO *old_xso = NULL;
699 qc_set_default_xso_keep_ref(qc, xso, touch, &old_xso);
702 SSL_free(&old_xso->ssl);
706 static void xso_update_options(QUIC_XSO *xso)
708 int cleanse = ((xso->ssl_options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
710 if (xso->stream->rstream != NULL)
711 ossl_quic_rstream_set_cleanse(xso->stream->rstream, cleanse);
713 if (xso->stream->sstream != NULL)
714 ossl_quic_sstream_set_cleanse(xso->stream->sstream, cleanse);
721 * Setting options on a QCSO
722 * - configures the handshake-layer options;
723 * - configures the default data-plane options for new streams;
724 * - configures the data-plane options on the default XSO, if there is one.
726 * Setting options on a QSSO
727 * - configures data-plane options for that stream only.
730 static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
733 uint64_t hs_mask_value, hs_or_value, ret;
735 if (!expect_quic(ssl, &ctx))
740 if (!ctx.is_stream) {
742 * If we were called on the connection, we apply any handshake option
745 hs_mask_value = (mask_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
746 hs_or_value = (or_value & OSSL_QUIC_PERMITTED_OPTIONS_CONN);
748 SSL_clear_options(ctx.qc->tls, hs_mask_value);
749 SSL_set_options(ctx.qc->tls, hs_or_value);
751 /* Update defaults for new streams. */
752 ctx.qc->default_ssl_options
753 = ((ctx.qc->default_ssl_options & ~mask_value) | or_value)
754 & OSSL_QUIC_PERMITTED_OPTIONS;
757 if (ctx.xso != NULL) {
759 = ((ctx.xso->ssl_options & ~mask_value) | or_value)
760 & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
762 xso_update_options(ctx.xso);
765 ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
771 uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
773 return quic_mask_or_options(ssl, 0, options);
776 /* SSL_clear_options */
777 uint64_t ossl_quic_clear_options(SSL *ssl, uint64_t options)
779 return quic_mask_or_options(ssl, options, 0);
782 /* SSL_get_options */
783 uint64_t ossl_quic_get_options(const SSL *ssl)
785 return quic_mask_or_options((SSL *)ssl, 0, 0);
789 * QUIC Front-End I/O API: Network BIO Configuration
790 * =================================================
792 * Handling the different BIOs is difficult:
794 * - It is more or less a requirement that we use non-blocking network I/O;
795 * we need to be able to have timeouts on recv() calls, and make best effort
796 * (non blocking) send() and recv() calls.
798 * The only sensible way to do this is to configure the socket into
799 * non-blocking mode. We could try to do select() before calling send() or
800 * recv() to get a guarantee that the call will not block, but this will
801 * probably run into issues with buggy OSes which generate spurious socket
802 * readiness events. In any case, relying on this to work reliably does not
805 * Timeouts could be handled via setsockopt() socket timeout options, but
806 * this depends on OS support and adds another syscall to every network I/O
807 * operation. It also has obvious thread safety concerns if we want to move
808 * to concurrent use of a single socket at some later date.
810 * Some OSes support a MSG_DONTWAIT flag which allows a single I/O option to
811 * be made non-blocking. However some OSes (e.g. Windows) do not support
812 * this, so we cannot rely on this.
814 * As such, we need to configure any FD in non-blocking mode. This may
815 * confound users who pass a blocking socket to libssl. However, in practice
816 * it would be extremely strange for a user of QUIC to pass an FD to us,
817 * then also try and send receive traffic on the same socket(!). Thus the
818 * impact of this should be limited, and can be documented.
820 * - We support both blocking and non-blocking operation in terms of the API
821 * presented to the user. One prospect is to set the blocking mode based on
822 * whether the socket passed to us was already in blocking mode. However,
823 * Windows has no API for determining if a socket is in blocking mode (!),
824 * therefore this cannot be done portably. Currently therefore we expose an
825 * explicit API call to set this, and default to blocking mode.
827 * - We need to determine our initial destination UDP address. The "natural"
828 * way for a user to do this is to set the peer variable on a BIO_dgram.
829 * However, this has problems because BIO_dgram's peer variable is used for
830 * both transmission and reception. This means it can be constantly being
831 * changed to a malicious value (e.g. if some random unrelated entity on the
832 * network starts sending traffic to us) on every read call. This is not a
833 * direct issue because we use the 'stateless' BIO_sendmmsg and BIO_recvmmsg
834 * calls only, which do not use this variable. However, we do need to let
835 * the user specify the peer in a 'normal' manner. The compromise here is
836 * that we grab the current peer value set at the time the write BIO is set
837 * and do not read the value again.
839 * - We also need to support memory BIOs (e.g. BIO_dgram_pair) or custom BIOs.
840 * Currently we do this by only supporting non-blocking mode.
845 * Determines what initial destination UDP address we should use, if possible.
846 * If this fails the client must set the destination address manually, or use a
847 * BIO which does not need a destination address.
849 static int csm_analyse_init_peer_addr(BIO *net_wbio, BIO_ADDR *peer)
851 if (BIO_dgram_detect_peer_addr(net_wbio, peer) <= 0)
857 static int qc_can_support_blocking_cached(QUIC_CONNECTION *qc)
859 QUIC_REACTOR *rtor = ossl_quic_channel_get_reactor(qc->ch);
861 return ossl_quic_reactor_can_poll_r(rtor)
862 && ossl_quic_reactor_can_poll_w(rtor);
865 static void qc_update_can_support_blocking(QUIC_CONNECTION *qc)
867 ossl_quic_port_update_poll_descriptors(qc->port); /* best effort */
870 static void qc_update_blocking_mode(QUIC_CONNECTION *qc)
872 qc->blocking = qc->desires_blocking && qc_can_support_blocking_cached(qc);
875 void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_rbio)
879 if (!expect_quic(s, &ctx))
882 if (ctx.qc->net_rbio == net_rbio)
885 if (!ossl_quic_port_set_net_rbio(ctx.qc->port, net_rbio))
888 BIO_free_all(ctx.qc->net_rbio);
889 ctx.qc->net_rbio = net_rbio;
891 if (net_rbio != NULL)
892 BIO_set_nbio(net_rbio, 1); /* best effort autoconfig */
895 * Determine if the current pair of read/write BIOs now set allows blocking
896 * mode to be supported.
898 qc_update_can_support_blocking(ctx.qc);
899 qc_update_blocking_mode(ctx.qc);
902 void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio)
906 if (!expect_quic(s, &ctx))
909 if (ctx.qc->net_wbio == net_wbio)
912 if (!ossl_quic_port_set_net_wbio(ctx.qc->port, net_wbio))
915 BIO_free_all(ctx.qc->net_wbio);
916 ctx.qc->net_wbio = net_wbio;
918 if (net_wbio != NULL)
919 BIO_set_nbio(net_wbio, 1); /* best effort autoconfig */
922 * Determine if the current pair of read/write BIOs now set allows blocking
923 * mode to be supported.
925 qc_update_can_support_blocking(ctx.qc);
926 qc_update_blocking_mode(ctx.qc);
929 BIO *ossl_quic_conn_get_net_rbio(const SSL *s)
933 if (!expect_quic(s, &ctx))
936 return ctx.qc->net_rbio;
939 BIO *ossl_quic_conn_get_net_wbio(const SSL *s)
943 if (!expect_quic(s, &ctx))
946 return ctx.qc->net_wbio;
949 int ossl_quic_conn_get_blocking_mode(const SSL *s)
953 if (!expect_quic(s, &ctx))
957 return xso_blocking_mode(ctx.xso);
959 return qc_blocking_mode(ctx.qc);
963 int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking)
968 if (!expect_quic(s, &ctx))
973 /* Sanity check - can we support the request given the current network BIO? */
976 * If called directly on a QCSO, update our information on network BIO
980 qc_update_can_support_blocking(ctx.qc);
982 /* Cannot enable blocking mode if we do not have pollable FDs. */
983 if (!qc_can_support_blocking_cached(ctx.qc)) {
984 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_UNSUPPORTED, NULL);
991 * If called directly on a QCSO, update default and connection-level
994 ctx.qc->desires_blocking = (blocking != 0);
996 if (ctx.xso != NULL) {
998 * If called on a QSSO or a QCSO with a default XSO, update the blocking
1001 ctx.xso->desires_blocking = (blocking != 0);
1002 ctx.xso->desires_blocking_set = 1;
1007 qc_update_blocking_mode(ctx.qc);
1008 quic_unlock(ctx.qc);
1012 int ossl_quic_conn_set_initial_peer_addr(SSL *s,
1013 const BIO_ADDR *peer_addr)
1017 if (!expect_quic(s, &ctx))
1020 if (ctx.qc->started)
1021 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
1024 if (peer_addr == NULL) {
1025 BIO_ADDR_clear(&ctx.qc->init_peer_addr);
1029 ctx.qc->init_peer_addr = *peer_addr;
1034 * QUIC Front-End I/O API: Asynchronous I/O Management
1035 * ===================================================
1037 * (BIO/)SSL_handle_events => ossl_quic_handle_events
1038 * (BIO/)SSL_get_event_timeout => ossl_quic_get_event_timeout
1039 * (BIO/)SSL_get_poll_fd => ossl_quic_get_poll_fd
1043 /* Returns 1 if the connection is being used in blocking mode. */
1044 static int qc_blocking_mode(const QUIC_CONNECTION *qc)
1046 return qc->blocking;
1049 static int xso_blocking_mode(const QUIC_XSO *xso)
1051 if (xso->desires_blocking_set)
1052 return xso->desires_blocking && qc_can_support_blocking_cached(xso->conn);
1054 /* Only ever set if we can support blocking. */
1055 return xso->conn->blocking;
1058 /* SSL_handle_events; performs QUIC I/O and timeout processing. */
1060 int ossl_quic_handle_events(SSL *s)
1064 if (!expect_quic(s, &ctx))
1068 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
1069 quic_unlock(ctx.qc);
1074 * SSL_get_event_timeout. Get the time in milliseconds until the SSL object
1075 * should next have events handled by the application by calling
1076 * SSL_handle_events(). tv is set to 0 if the object should have events handled
1077 * immediately. If no timeout is currently active, *is_infinite is set to 1 and
1078 * the value of *tv is undefined.
1081 int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
1084 OSSL_TIME deadline = ossl_time_infinite();
1086 if (!expect_quic(s, &ctx))
1092 = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch));
1094 if (ossl_time_is_infinite(deadline)) {
1098 * Robustness against faulty applications that don't check *is_infinite;
1099 * harmless long timeout.
1101 tv->tv_sec = 1000000;
1104 quic_unlock(ctx.qc);
1108 *tv = ossl_time_to_timeval(ossl_time_subtract(deadline, get_time(ctx.qc)));
1110 quic_unlock(ctx.qc);
1114 /* SSL_get_rpoll_descriptor */
1115 int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1119 if (!expect_quic(s, &ctx))
1122 if (desc == NULL || ctx.qc->net_rbio == NULL)
1123 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1126 return BIO_get_rpoll_descriptor(ctx.qc->net_rbio, desc);
1129 /* SSL_get_wpoll_descriptor */
1130 int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
1134 if (!expect_quic(s, &ctx))
1137 if (desc == NULL || ctx.qc->net_wbio == NULL)
1138 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
1141 return BIO_get_wpoll_descriptor(ctx.qc->net_wbio, desc);
1144 /* SSL_net_read_desired */
1146 int ossl_quic_get_net_read_desired(SSL *s)
1151 if (!expect_quic(s, &ctx))
1155 ret = ossl_quic_reactor_net_read_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1156 quic_unlock(ctx.qc);
1160 /* SSL_net_write_desired */
1162 int ossl_quic_get_net_write_desired(SSL *s)
1167 if (!expect_quic(s, &ctx))
1171 ret = ossl_quic_reactor_net_write_desired(ossl_quic_channel_get_reactor(ctx.qc->ch));
1172 quic_unlock(ctx.qc);
1177 * QUIC Front-End I/O API: Connection Lifecycle Operations
1178 * =======================================================
1180 * SSL_do_handshake => ossl_quic_do_handshake
1181 * SSL_set_connect_state => ossl_quic_set_connect_state
1182 * SSL_set_accept_state => ossl_quic_set_accept_state
1183 * SSL_shutdown => ossl_quic_shutdown
1184 * SSL_ctrl => ossl_quic_ctrl
1185 * (BIO/)SSL_connect => ossl_quic_connect
1186 * (BIO/)SSL_accept => ossl_quic_accept
1191 static void qc_shutdown_flush_init(QUIC_CONNECTION *qc)
1193 QUIC_STREAM_MAP *qsm;
1195 if (qc->shutting_down)
1198 qsm = ossl_quic_channel_get_qsm(qc->ch);
1200 ossl_quic_stream_map_begin_shutdown_flush(qsm);
1201 qc->shutting_down = 1;
1204 /* Returns 1 if all shutdown-flush streams have been done with. */
1206 static int qc_shutdown_flush_finished(QUIC_CONNECTION *qc)
1208 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
1210 return qc->shutting_down
1211 && ossl_quic_stream_map_is_shutdown_flush_finished(qsm);
1215 static int quic_shutdown_wait(void *arg)
1217 QUIC_CONNECTION *qc = arg;
1219 return ossl_quic_channel_is_terminated(qc->ch);
1222 /* Returns 1 if shutdown flush process has finished or is inapplicable. */
1223 static int quic_shutdown_flush_wait(void *arg)
1225 QUIC_CONNECTION *qc = arg;
1227 return ossl_quic_channel_is_term_any(qc->ch)
1228 || qc_shutdown_flush_finished(qc);
1231 static int quic_shutdown_peer_wait(void *arg)
1233 QUIC_CONNECTION *qc = arg;
1234 return ossl_quic_channel_is_term_any(qc->ch);
1238 int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
1239 const SSL_SHUTDOWN_EX_ARGS *args,
1244 int stream_flush = ((flags & SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH) == 0);
1245 int no_block = ((flags & SSL_SHUTDOWN_FLAG_NO_BLOCK) != 0);
1246 int wait_peer = ((flags & SSL_SHUTDOWN_FLAG_WAIT_PEER) != 0);
1248 if (!expect_quic(s, &ctx))
1251 if (ctx.is_stream) {
1252 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_CONN_USE_ONLY, NULL);
1258 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1259 quic_unlock(ctx.qc);
1263 /* Phase 1: Stream Flushing */
1264 if (!wait_peer && stream_flush) {
1265 qc_shutdown_flush_init(ctx.qc);
1267 if (!qc_shutdown_flush_finished(ctx.qc)) {
1268 if (!no_block && qc_blocking_mode(ctx.qc)) {
1269 ret = block_until_pred(ctx.qc, quic_shutdown_flush_wait, ctx.qc, 0);
1275 qctx_maybe_autotick(&ctx);
1279 if (!qc_shutdown_flush_finished(ctx.qc)) {
1280 quic_unlock(ctx.qc);
1281 return 0; /* ongoing */
1285 /* Phase 2: Connection Closure */
1286 if (wait_peer && !ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1287 if (!no_block && qc_blocking_mode(ctx.qc)) {
1288 ret = block_until_pred(ctx.qc, quic_shutdown_peer_wait, ctx.qc, 0);
1294 qctx_maybe_autotick(&ctx);
1297 if (!ossl_quic_channel_is_term_any(ctx.qc->ch)) {
1298 ret = 0; /* peer hasn't closed yet - still not done */
1303 * We are at least terminating - go through the normal process of
1304 * waiting until we are in the TERMINATED state.
1308 /* Block mutation ops regardless of if we did stream flush. */
1309 ctx.qc->shutting_down = 1;
1312 * This call is a no-op if we are already terminating, so it doesn't
1313 * affect the wait_peer case.
1315 ossl_quic_channel_local_close(ctx.qc->ch,
1316 args != NULL ? args->quic_error_code : 0,
1317 args != NULL ? args->quic_reason : NULL);
1319 SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
1321 if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
1322 quic_unlock(ctx.qc);
1326 /* Phase 3: Terminating Wait Time */
1327 if (!no_block && qc_blocking_mode(ctx.qc)
1328 && (flags & SSL_SHUTDOWN_FLAG_RAPID) == 0) {
1329 ret = block_until_pred(ctx.qc, quic_shutdown_wait, ctx.qc, 0);
1335 qctx_maybe_autotick(&ctx);
1338 ret = ossl_quic_channel_is_terminated(ctx.qc->ch);
1340 quic_unlock(ctx.qc);
1345 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
1349 if (!expect_quic(s, &ctx))
1354 /* If called on a QCSO, update the default mode. */
1356 ctx.qc->default_ssl_mode |= (uint32_t)larg;
1359 * If we were called on a QSSO or have a default stream, we also update
1362 if (ctx.xso != NULL) {
1363 /* Cannot enable EPW while AON write in progress. */
1364 if (ctx.xso->aon_write_in_progress)
1365 larg &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
1367 ctx.xso->ssl_mode |= (uint32_t)larg;
1368 return ctx.xso->ssl_mode;
1371 return ctx.qc->default_ssl_mode;
1372 case SSL_CTRL_CLEAR_MODE:
1374 ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
1376 if (ctx.xso != NULL) {
1377 ctx.xso->ssl_mode &= ~(uint32_t)larg;
1378 return ctx.xso->ssl_mode;
1381 return ctx.qc->default_ssl_mode;
1383 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1384 ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
1385 /* This ctrl also needs to be passed to the internal SSL object */
1386 return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
1388 case DTLS_CTRL_GET_TIMEOUT: /* DTLSv1_get_timeout */
1392 if (!ossl_quic_get_event_timeout(s, parg, &is_infinite))
1395 return !is_infinite;
1397 case DTLS_CTRL_HANDLE_TIMEOUT: /* DTLSv1_handle_timeout */
1398 /* For legacy compatibility with DTLS calls. */
1399 return ossl_quic_handle_events(s) == 1 ? 1 : -1;
1401 /* Mask ctrls we shouldn't support for QUIC. */
1402 case SSL_CTRL_GET_READ_AHEAD:
1403 case SSL_CTRL_SET_READ_AHEAD:
1404 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1405 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
1406 case SSL_CTRL_SET_MAX_PIPELINES:
1411 * Probably a TLS related ctrl. Send back to the frontend SSL_ctrl
1412 * implementation. Either SSL_ctrl will handle it itself by direct
1413 * access into handshake layer state, or failing that, it will be passed
1414 * to the handshake layer via the SSL_METHOD vtable. If the ctrl is not
1415 * supported by anything, the handshake layer's ctrl method will finally
1418 return ossl_ctrl_internal(&ctx.qc->ssl, cmd, larg, parg, /*no_quic=*/1);
1422 /* SSL_set_connect_state */
1423 void ossl_quic_set_connect_state(SSL *s)
1427 if (!expect_quic(s, &ctx))
1430 /* Cannot be changed after handshake started */
1431 if (ctx.qc->started || ctx.is_stream)
1434 ctx.qc->as_server_state = 0;
1437 /* SSL_set_accept_state */
1438 void ossl_quic_set_accept_state(SSL *s)
1442 if (!expect_quic(s, &ctx))
1445 /* Cannot be changed after handshake started */
1446 if (ctx.qc->started || ctx.is_stream)
1449 ctx.qc->as_server_state = 1;
1452 /* SSL_do_handshake */
1453 struct quic_handshake_wait_args {
1454 QUIC_CONNECTION *qc;
1457 static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
1459 int want = SSL_want(qc->tls);
1461 if (want == SSL_X509_LOOKUP
1462 || want == SSL_CLIENT_HELLO_CB
1463 || want == SSL_RETRY_VERIFY)
1469 static int quic_handshake_wait(void *arg)
1471 struct quic_handshake_wait_args *args = arg;
1473 if (!quic_mutation_allowed(args->qc, /*req_active=*/1))
1476 if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
1479 if (tls_wants_non_io_retry(args->qc))
1485 static int configure_channel(QUIC_CONNECTION *qc)
1487 assert(qc->ch != NULL);
1489 if (!ossl_quic_port_set_net_rbio(qc->port, qc->net_rbio)
1490 || !ossl_quic_port_set_net_wbio(qc->port, qc->net_wbio)
1491 || !ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr))
1498 static int create_channel(QUIC_CONNECTION *qc)
1500 QUIC_ENGINE_ARGS engine_args = {0};
1501 QUIC_PORT_ARGS port_args = {0};
1503 engine_args.libctx = qc->ssl.ctx->libctx;
1504 engine_args.propq = qc->ssl.ctx->propq;
1505 engine_args.mutex = qc->mutex;
1506 engine_args.now_cb = get_time_cb;
1507 engine_args.now_cb_arg = qc;
1508 qc->engine = ossl_quic_engine_new(&engine_args);
1509 if (qc->engine == NULL) {
1510 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1514 port_args.channel_ctx = qc->ssl.ctx;
1515 qc->port = ossl_quic_engine_create_port(qc->engine, &port_args);
1516 if (qc->port == NULL) {
1517 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1518 ossl_quic_engine_free(qc->engine);
1522 qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
1523 if (qc->ch == NULL) {
1524 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1525 ossl_quic_port_free(qc->port);
1526 ossl_quic_engine_free(qc->engine);
1534 * Configures a channel with the information we have accumulated via calls made
1535 * to us from the application prior to starting a handshake attempt.
1538 static int ensure_channel_started(QCTX *ctx)
1540 QUIC_CONNECTION *qc = ctx->qc;
1543 if (!configure_channel(qc)) {
1544 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1545 "failed to configure channel");
1549 if (!ossl_quic_channel_start(qc->ch)) {
1550 ossl_quic_channel_restore_err_state(qc->ch);
1551 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1552 "failed to start channel");
1556 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
1557 if (qc->is_thread_assisted)
1558 if (!ossl_quic_thread_assist_init_start(&qc->thread_assist, qc->ch,
1559 qc->override_now_cb,
1560 qc->override_now_cb_arg)) {
1561 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR,
1562 "failed to start assist thread");
1573 static int quic_do_handshake(QCTX *ctx)
1576 QUIC_CONNECTION *qc = ctx->qc;
1578 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1579 /* Handshake already completed. */
1582 if (!quic_mutation_allowed(qc, /*req_active=*/0))
1583 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1585 if (qc->as_server != qc->as_server_state) {
1586 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
1587 return -1; /* Non-protocol error */
1590 if (qc->net_rbio == NULL || qc->net_wbio == NULL) {
1591 /* Need read and write BIOs. */
1592 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BIO_NOT_SET, NULL);
1593 return -1; /* Non-protocol error */
1597 * We need to determine our addressing mode. There are basically two
1598 * ways we can use L4 addresses:
1600 * - Addressed mode, in which our BIO_sendmmsg calls have destination
1601 * addresses attached to them which we expect the underlying network BIO
1604 * - Unaddressed mode, in which the BIO provided to us on the
1605 * network side neither provides us with L4 addresses nor is capable of
1606 * honouring ones we provide. We don't know where the QUIC traffic we
1607 * send ends up exactly and trust the application to know what it is
1610 * Addressed mode is preferred because it enables support for connection
1611 * migration, multipath, etc. in the future. Addressed mode is automatically
1612 * enabled if we are using e.g. BIO_s_datagram, with or without
1615 * If we are passed a BIO_s_dgram_pair (or some custom BIO) we may have to
1616 * use unaddressed mode unless that BIO supports capability flags indicating
1617 * it can provide and honour L4 addresses.
1619 * Our strategy for determining address mode is simple: we probe the
1620 * underlying network BIOs for their capabilities. If the network BIOs
1621 * support what we need, we use addressed mode. Otherwise, we use
1624 * If addressed mode is chosen, we require an initial peer address to be
1625 * set. If this is not set, we fail. If unaddressed mode is used, we do not
1626 * require this, as such an address is superfluous, though it can be set if
1629 if (!qc->started && !qc->addressing_probe_done) {
1630 long rcaps = BIO_dgram_get_effective_caps(qc->net_rbio);
1631 long wcaps = BIO_dgram_get_effective_caps(qc->net_wbio);
1633 qc->addressed_mode_r = ((rcaps & BIO_DGRAM_CAP_PROVIDES_SRC_ADDR) != 0);
1634 qc->addressed_mode_w = ((wcaps & BIO_DGRAM_CAP_HANDLES_DST_ADDR) != 0);
1635 qc->addressing_probe_done = 1;
1638 if (!qc->started && qc->addressed_mode_w
1639 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1641 * We are trying to connect and are using addressed mode, which means we
1642 * need an initial peer address; if we do not have a peer address yet,
1643 * we should try to autodetect one.
1645 * We do this as late as possible because some BIOs (e.g. BIO_s_connect)
1646 * may not be able to provide us with a peer address until they have
1647 * finished their own processing. They may not be able to perform this
1648 * processing until an application has finished configuring that BIO
1649 * (e.g. with setter calls), which might happen after SSL_set_bio is
1652 if (!csm_analyse_init_peer_addr(qc->net_wbio, &qc->init_peer_addr))
1654 BIO_ADDR_clear(&qc->init_peer_addr);
1656 ossl_quic_channel_set_peer_addr(qc->ch, &qc->init_peer_addr);
1660 && qc->addressed_mode_w
1661 && BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) {
1663 * If we still don't have a peer address in addressed mode, we can't do
1666 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL);
1667 return -1; /* Non-protocol error */
1671 * Start connection process. Note we may come here multiple times in
1672 * non-blocking mode, which is fine.
1674 if (!ensure_channel_started(ctx)) /* raises on failure */
1675 return -1; /* Non-protocol error */
1677 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1678 /* The handshake is now done. */
1681 if (!qc_blocking_mode(qc)) {
1682 /* Try to advance the reactor. */
1683 qctx_maybe_autotick(ctx);
1685 if (ossl_quic_channel_is_handshake_complete(qc->ch))
1686 /* The handshake is now done. */
1689 if (ossl_quic_channel_is_term_any(qc->ch)) {
1690 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1692 } else if (qc->desires_blocking) {
1694 * As a special case when doing a handshake when blocking mode is
1695 * desired yet not available, see if the network BIOs have become
1696 * poll descriptor-enabled. This supports BIOs such as BIO_s_connect
1697 * which do late creation of socket FDs and therefore cannot expose
1698 * a poll descriptor until after a network BIO is set on the QCSO.
1700 assert(!qc->blocking);
1701 qc_update_can_support_blocking(qc);
1702 qc_update_blocking_mode(qc);
1707 * We are either in blocking mode or just entered it due to the code above.
1709 if (qc_blocking_mode(qc)) {
1710 /* In blocking mode, wait for the handshake to complete. */
1711 struct quic_handshake_wait_args args;
1715 ret = block_until_pred(qc, quic_handshake_wait, &args, 0);
1716 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
1717 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1718 return 0; /* Shutdown before completion */
1719 } else if (ret <= 0) {
1720 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1721 return -1; /* Non-protocol error */
1724 if (tls_wants_non_io_retry(qc)) {
1725 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1729 assert(ossl_quic_channel_is_handshake_complete(qc->ch));
1733 if (tls_wants_non_io_retry(qc)) {
1734 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
1739 * Otherwise, indicate that the handshake isn't done yet.
1740 * We can only get here in non-blocking mode.
1742 QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1743 return -1; /* Non-protocol error */
1747 int ossl_quic_do_handshake(SSL *s)
1752 if (!expect_quic(s, &ctx))
1755 quic_lock_for_io(&ctx);
1757 ret = quic_do_handshake(&ctx);
1758 quic_unlock(ctx.qc);
1763 int ossl_quic_connect(SSL *s)
1765 /* Ensure we are in connect state (no-op if non-idle). */
1766 ossl_quic_set_connect_state(s);
1768 /* Begin or continue the handshake */
1769 return ossl_quic_do_handshake(s);
1773 int ossl_quic_accept(SSL *s)
1775 /* Ensure we are in accept state (no-op if non-idle). */
1776 ossl_quic_set_accept_state(s);
1778 /* Begin or continue the handshake */
1779 return ossl_quic_do_handshake(s);
1783 * QUIC Front-End I/O API: Stream Lifecycle Operations
1784 * ===================================================
1786 * SSL_stream_new => ossl_quic_conn_stream_new
1791 * Try to create the default XSO if it doesn't already exist. Returns 1 if the
1792 * default XSO was created. Returns 0 if it was not (e.g. because it already
1793 * exists). Note that this is NOT an error condition.
1796 static int qc_try_create_default_xso_for_write(QCTX *ctx)
1799 QUIC_CONNECTION *qc = ctx->qc;
1801 if (qc->default_xso_created
1802 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1804 * We only do this once. If the user detaches a previously created
1805 * default XSO we don't auto-create another one.
1807 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1809 /* Create a locally-initiated stream. */
1810 if (qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
1811 flags |= SSL_STREAM_FLAG_UNI;
1813 qc_set_default_xso(qc, (QUIC_XSO *)quic_conn_stream_new(ctx, flags,
1816 if (qc->default_xso == NULL)
1817 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1819 qc_touch_default_xso(qc);
1823 struct quic_wait_for_stream_args {
1824 QUIC_CONNECTION *qc;
1831 static int quic_wait_for_stream(void *arg)
1833 struct quic_wait_for_stream_args *args = arg;
1835 if (!quic_mutation_allowed(args->qc, /*req_active=*/1)) {
1836 /* If connection is torn down due to an error while blocking, stop. */
1837 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
1841 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1842 args->expect_id | QUIC_STREAM_DIR_BIDI);
1843 if (args->qs == NULL)
1844 args->qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(args->qc->ch),
1845 args->expect_id | QUIC_STREAM_DIR_UNI);
1847 if (args->qs != NULL)
1848 return 1; /* stream now exists */
1850 return 0; /* did not get a stream, keep trying */
1854 static int qc_wait_for_default_xso_for_read(QCTX *ctx)
1856 /* Called on a QCSO and we don't currently have a default stream. */
1858 QUIC_CONNECTION *qc = ctx->qc;
1861 struct quic_wait_for_stream_args wargs;
1862 OSSL_RTT_INFO rtt_info;
1865 * If default stream functionality is disabled or we already detached
1866 * one, don't make another default stream and just fail.
1868 if (qc->default_xso_created
1869 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
1870 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
1873 * The peer may have opened a stream since we last ticked. So tick and
1874 * see if the stream with ordinal 0 (remote, bidi/uni based on stream
1875 * mode) exists yet. QUIC stream IDs must be allocated in order, so the
1876 * first stream created by a peer must have an ordinal of 0.
1878 expect_id = qc->as_server
1879 ? QUIC_STREAM_INITIATOR_CLIENT
1880 : QUIC_STREAM_INITIATOR_SERVER;
1882 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1883 expect_id | QUIC_STREAM_DIR_BIDI);
1885 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1886 expect_id | QUIC_STREAM_DIR_UNI);
1889 qctx_maybe_autotick(ctx);
1891 qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(qc->ch),
1896 if (!qc_blocking_mode(qc))
1897 /* Non-blocking mode, so just bail immediately. */
1898 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ);
1900 /* Block until we have a stream. */
1904 wargs.expect_id = expect_id;
1906 res = block_until_pred(qc, quic_wait_for_stream, &wargs, 0);
1908 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1909 else if (res < 0 || wargs.qs == NULL)
1910 /* quic_wait_for_stream raised error here */
1917 * We now have qs != NULL. Remove it from the incoming stream queue so that
1918 * it isn't also returned by any future SSL_accept_stream calls.
1920 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
1921 ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
1922 qs, rtt_info.smoothed_rtt);
1925 * Now make qs the default stream, creating the necessary XSO.
1927 qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
1928 if (qc->default_xso == NULL)
1929 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
1931 qc_touch_default_xso(qc); /* inhibits default XSO */
1936 static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs)
1938 QUIC_XSO *xso = NULL;
1940 if ((xso = OPENSSL_zalloc(sizeof(*xso))) == NULL) {
1941 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
1945 if (!ossl_ssl_init(&xso->ssl, qc->ssl.ctx, qc->ssl.method, SSL_TYPE_QUIC_XSO)) {
1946 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
1951 if (!SSL_up_ref(&qc->ssl)) {
1952 QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SSL_LIB, NULL);
1957 xso->ssl_mode = qc->default_ssl_mode;
1959 = qc->default_ssl_options & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
1960 xso->last_error = SSL_ERROR_NONE;
1965 xso_update_options(xso);
1973 struct quic_new_stream_wait_args {
1974 QUIC_CONNECTION *qc;
1978 static int quic_new_stream_wait(void *arg)
1980 struct quic_new_stream_wait_args *args = arg;
1981 QUIC_CONNECTION *qc = args->qc;
1983 if (!quic_mutation_allowed(qc, /*req_active=*/1))
1986 if (ossl_quic_channel_is_new_local_stream_admissible(qc->ch, args->is_uni))
1992 /* locking depends on need_lock */
1993 static SSL *quic_conn_stream_new(QCTX *ctx, uint64_t flags, int need_lock)
1996 QUIC_CONNECTION *qc = ctx->qc;
1997 QUIC_XSO *xso = NULL;
1998 QUIC_STREAM *qs = NULL;
1999 int is_uni = ((flags & SSL_STREAM_FLAG_UNI) != 0);
2000 int no_blocking = ((flags & SSL_STREAM_FLAG_NO_BLOCK) != 0);
2001 int advance = ((flags & SSL_STREAM_FLAG_ADVANCE) != 0);
2006 if (!quic_mutation_allowed(qc, /*req_active=*/0)) {
2007 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2012 && !ossl_quic_channel_is_new_local_stream_admissible(qc->ch, is_uni)) {
2013 struct quic_new_stream_wait_args args;
2016 * Stream count flow control currently doesn't permit this stream to be
2019 if (no_blocking || !qc_blocking_mode(qc)) {
2020 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_COUNT_LIMITED, NULL);
2025 args.is_uni = is_uni;
2027 /* Blocking mode - wait until we can get a stream. */
2028 ret = block_until_pred(ctx->qc, quic_new_stream_wait, &args, 0);
2029 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
2030 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2031 goto err; /* Shutdown before completion */
2032 } else if (ret <= 0) {
2033 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2034 goto err; /* Non-protocol error */
2038 qs = ossl_quic_channel_new_stream_local(qc->ch, is_uni);
2040 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2044 xso = create_xso_from_stream(qc, qs);
2048 qc_touch_default_xso(qc); /* inhibits default XSO */
2056 ossl_quic_stream_map_release(ossl_quic_channel_get_qsm(qc->ch), qs);
2065 SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags)
2069 if (!expect_quic_conn_only(s, &ctx))
2072 return quic_conn_stream_new(&ctx, flags, /*need_lock=*/1);
2076 * QUIC Front-End I/O API: Steady-State Operations
2077 * ===============================================
2079 * Here we dispatch calls to the steady-state front-end I/O API functions; that
2080 * is, the functions used during the established phase of a QUIC connection
2081 * (e.g. SSL_read, SSL_write).
2083 * Each function must handle both blocking and non-blocking modes. As discussed
2084 * above, all QUIC I/O is implemented using non-blocking mode internally.
2086 * SSL_get_error => partially implemented by ossl_quic_get_error
2087 * SSL_want => ossl_quic_want
2088 * (BIO/)SSL_read => ossl_quic_read
2089 * (BIO/)SSL_write => ossl_quic_write
2090 * SSL_pending => ossl_quic_pending
2091 * SSL_stream_conclude => ossl_quic_conn_stream_conclude
2092 * SSL_key_update => ossl_quic_key_update
2096 int ossl_quic_get_error(const SSL *s, int i)
2099 int net_error, last_error;
2101 if (!expect_quic(s, &ctx))
2105 net_error = ossl_quic_channel_net_error(ctx.qc->ch);
2106 last_error = ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error;
2107 quic_unlock(ctx.qc);
2110 return SSL_ERROR_SYSCALL;
2115 /* Converts a code returned by SSL_get_error to a code returned by SSL_want. */
2116 static int error_to_want(int error)
2119 case SSL_ERROR_WANT_CONNECT: /* never used - UDP is connectionless */
2120 case SSL_ERROR_WANT_ACCEPT: /* never used - UDP is connectionless */
2121 case SSL_ERROR_ZERO_RETURN:
2125 case SSL_ERROR_WANT_READ:
2128 case SSL_ERROR_WANT_WRITE:
2131 case SSL_ERROR_WANT_RETRY_VERIFY:
2132 return SSL_RETRY_VERIFY;
2134 case SSL_ERROR_WANT_CLIENT_HELLO_CB:
2135 return SSL_CLIENT_HELLO_CB;
2137 case SSL_ERROR_WANT_X509_LOOKUP:
2138 return SSL_X509_LOOKUP;
2143 int ossl_quic_want(const SSL *s)
2148 if (!expect_quic(s, &ctx))
2153 w = error_to_want(ctx.is_stream ? ctx.xso->last_error : ctx.qc->last_error);
2155 quic_unlock(ctx.qc);
2163 * The set of functions below provide the implementation of the public SSL_write
2164 * function. We must handle:
2166 * - both blocking and non-blocking operation at the application level,
2167 * depending on how we are configured;
2169 * - SSL_MODE_ENABLE_PARTIAL_WRITE being on or off;
2171 * - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
2175 static void quic_post_write(QUIC_XSO *xso, int did_append,
2176 int did_append_all, uint64_t flags,
2180 * We have appended at least one byte to the stream.
2181 * Potentially mark stream as active, depending on FC.
2184 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(xso->conn->ch),
2187 if (did_append_all && (flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2188 ossl_quic_sstream_fin(xso->stream->sstream);
2193 * TODO(QUIC FUTURE): It is probably inefficient to try and do this
2194 * immediately, plus we should eventually consider Nagle's algorithm.
2197 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0);
2200 struct quic_write_again_args {
2202 const unsigned char *buf;
2204 size_t total_written;
2210 * Absolute maximum write buffer size, enforced to prevent a rogue peer from
2211 * deliberately inducing DoS. This has been chosen based on the optimal buffer
2212 * size for an RTT of 500ms and a bandwidth of 100 Mb/s.
2214 #define MAX_WRITE_BUF_SIZE (6 * 1024 * 1024)
2217 * Ensure spare buffer space available (up until a limit, at least).
2220 static int sstream_ensure_spare(QUIC_SSTREAM *sstream, uint64_t spare)
2222 size_t cur_sz = ossl_quic_sstream_get_buffer_size(sstream);
2223 size_t avail = ossl_quic_sstream_get_buffer_avail(sstream);
2224 size_t spare_ = (spare > SIZE_MAX) ? SIZE_MAX : (size_t)spare;
2225 size_t new_sz, growth;
2227 if (spare_ <= avail || cur_sz == MAX_WRITE_BUF_SIZE)
2230 growth = spare_ - avail;
2231 if (cur_sz + growth > MAX_WRITE_BUF_SIZE)
2232 new_sz = MAX_WRITE_BUF_SIZE;
2234 new_sz = cur_sz + growth;
2236 return ossl_quic_sstream_set_buffer_size(sstream, new_sz);
2240 * Append to a QUIC_STREAM's QUIC_SSTREAM, ensuring buffer space is expanded
2241 * as needed according to flow control.
2244 static int xso_sstream_append(QUIC_XSO *xso, const unsigned char *buf,
2245 size_t len, size_t *actual_written)
2247 QUIC_SSTREAM *sstream = xso->stream->sstream;
2248 uint64_t cur = ossl_quic_sstream_get_cur_size(sstream);
2249 uint64_t cwm = ossl_quic_txfc_get_cwm(&xso->stream->txfc);
2250 uint64_t permitted = (cwm >= cur ? cwm - cur : 0);
2252 if (len > permitted)
2253 len = (size_t)permitted;
2255 if (!sstream_ensure_spare(sstream, len))
2258 return ossl_quic_sstream_append(sstream, buf, len, actual_written);
2262 static int quic_write_again(void *arg)
2264 struct quic_write_again_args *args = arg;
2265 size_t actual_written = 0;
2267 if (!quic_mutation_allowed(args->xso->conn, /*req_active=*/1))
2268 /* If connection is torn down due to an error while blocking, stop. */
2271 if (!quic_validate_for_write(args->xso, &args->err))
2273 * Stream may have become invalid for write due to connection events
2278 args->err = ERR_R_INTERNAL_ERROR;
2279 if (!xso_sstream_append(args->xso, args->buf, args->len, &actual_written))
2282 quic_post_write(args->xso, actual_written > 0,
2283 args->len == actual_written, args->flags, 0);
2285 args->buf += actual_written;
2286 args->len -= actual_written;
2287 args->total_written += actual_written;
2290 /* Written everything, done. */
2293 /* Not written everything yet, keep trying. */
2298 static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len,
2299 uint64_t flags, size_t *written)
2302 QUIC_XSO *xso = ctx->xso;
2303 struct quic_write_again_args args;
2304 size_t actual_written = 0;
2306 /* First make a best effort to append as much of the data as possible. */
2307 if (!xso_sstream_append(xso, buf, len, &actual_written)) {
2308 /* Stream already finished or allocation error. */
2310 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2313 quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1);
2315 if (actual_written == len) {
2316 /* Managed to append everything on the first try. */
2317 *written = actual_written;
2322 * We did not manage to append all of the data immediately, so the stream
2323 * buffer has probably filled up. This means we need to block until some of
2327 args.buf = (const unsigned char *)buf + actual_written;
2328 args.len = len - actual_written;
2329 args.total_written = 0;
2330 args.err = ERR_R_INTERNAL_ERROR;
2333 res = block_until_pred(xso->conn, quic_write_again, &args, 0);
2335 if (!quic_mutation_allowed(xso->conn, /*req_active=*/1))
2336 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2338 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL);
2341 *written = args.total_written;
2346 * Functions to manage All-or-Nothing (AON) (that is, non-ENABLE_PARTIAL_WRITE)
2349 static void aon_write_begin(QUIC_XSO *xso, const unsigned char *buf,
2350 size_t buf_len, size_t already_sent)
2352 assert(!xso->aon_write_in_progress);
2354 xso->aon_write_in_progress = 1;
2355 xso->aon_buf_base = buf;
2356 xso->aon_buf_pos = already_sent;
2357 xso->aon_buf_len = buf_len;
2360 static void aon_write_finish(QUIC_XSO *xso)
2362 xso->aon_write_in_progress = 0;
2363 xso->aon_buf_base = NULL;
2364 xso->aon_buf_pos = 0;
2365 xso->aon_buf_len = 0;
2369 static int quic_write_nonblocking_aon(QCTX *ctx, const void *buf,
2370 size_t len, uint64_t flags,
2373 QUIC_XSO *xso = ctx->xso;
2374 const void *actual_buf;
2375 size_t actual_len, actual_written = 0;
2376 int accept_moving_buffer
2377 = ((xso->ssl_mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) != 0);
2379 if (xso->aon_write_in_progress) {
2381 * We are in the middle of an AON write (i.e., a previous write did not
2382 * manage to append all data to the SSTREAM and we have Enable Partial
2383 * Write (EPW) mode disabled.)
2385 if ((!accept_moving_buffer && xso->aon_buf_base != buf)
2386 || len != xso->aon_buf_len)
2388 * Pointer must not have changed if we are not in accept moving
2389 * buffer mode. Length must never change.
2391 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_BAD_WRITE_RETRY, NULL);
2393 actual_buf = (unsigned char *)buf + xso->aon_buf_pos;
2394 actual_len = len - xso->aon_buf_pos;
2395 assert(actual_len > 0);
2401 /* First make a best effort to append as much of the data as possible. */
2402 if (!xso_sstream_append(xso, actual_buf, actual_len, &actual_written)) {
2403 /* Stream already finished or allocation error. */
2405 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2408 quic_post_write(xso, actual_written > 0, actual_written == actual_len,
2409 flags, qctx_should_autotick(ctx));
2411 if (actual_written == actual_len) {
2412 /* We have sent everything. */
2413 if (xso->aon_write_in_progress) {
2415 * We have sent everything, and we were in the middle of an AON
2416 * write. The output write length is the total length of the AON
2417 * buffer, not however many bytes we managed to write to the stream
2420 *written = xso->aon_buf_len;
2421 aon_write_finish(xso);
2423 *written = actual_written;
2429 if (xso->aon_write_in_progress) {
2431 * AON write is in progress but we have not written everything yet. We
2432 * may have managed to send zero bytes, or some number of bytes less
2433 * than the total remaining which need to be appended during this
2436 xso->aon_buf_pos += actual_written;
2437 assert(xso->aon_buf_pos < xso->aon_buf_len);
2438 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2442 * Not in an existing AON operation but partial write is not enabled, so we
2443 * need to begin a new AON operation. However we needn't bother if we didn't
2444 * actually append anything.
2446 if (actual_written > 0)
2447 aon_write_begin(xso, buf, len, actual_written);
2450 * AON - We do not publicly admit to having appended anything until AON
2454 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_WRITE);
2458 static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len,
2459 uint64_t flags, size_t *written)
2461 QUIC_XSO *xso = ctx->xso;
2463 /* Simple best effort operation. */
2464 if (!xso_sstream_append(xso, buf, len, written)) {
2465 /* Stream already finished or allocation error. */
2467 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2470 quic_post_write(xso, *written > 0, *written == len, flags,
2471 qctx_should_autotick(ctx));
2476 static int quic_validate_for_write(QUIC_XSO *xso, int *err)
2478 QUIC_STREAM_MAP *qsm;
2480 if (xso == NULL || xso->stream == NULL) {
2481 *err = ERR_R_INTERNAL_ERROR;
2485 switch (xso->stream->send_state) {
2487 case QUIC_SSTREAM_STATE_NONE:
2488 *err = SSL_R_STREAM_RECV_ONLY;
2491 case QUIC_SSTREAM_STATE_READY:
2492 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2494 if (!ossl_quic_stream_map_ensure_send_part_id(qsm, xso->stream)) {
2495 *err = ERR_R_INTERNAL_ERROR;
2500 case QUIC_SSTREAM_STATE_SEND:
2501 case QUIC_SSTREAM_STATE_DATA_SENT:
2502 case QUIC_SSTREAM_STATE_DATA_RECVD:
2503 if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) {
2504 *err = SSL_R_STREAM_FINISHED;
2510 case QUIC_SSTREAM_STATE_RESET_SENT:
2511 case QUIC_SSTREAM_STATE_RESET_RECVD:
2512 *err = SSL_R_STREAM_RESET;
2518 int ossl_quic_write_flags(SSL *s, const void *buf, size_t len,
2519 uint64_t flags, size_t *written)
2523 int partial_write, err;
2527 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx))
2530 partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0);
2532 if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) {
2533 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL);
2537 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2538 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2543 * If we haven't finished the handshake, try to advance it.
2544 * We don't accept writes until the handshake is completed.
2546 if (quic_do_handshake(&ctx) < 1) {
2551 /* Ensure correct stream state, stream send part not concluded, etc. */
2552 if (!quic_validate_for_write(ctx.xso, &err)) {
2553 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2558 if ((flags & SSL_WRITE_FLAG_CONCLUDE) != 0)
2559 quic_post_write(ctx.xso, 0, 1, flags,
2560 qctx_should_autotick(&ctx));
2566 if (xso_blocking_mode(ctx.xso))
2567 ret = quic_write_blocking(&ctx, buf, len, flags, written);
2568 else if (partial_write)
2569 ret = quic_write_nonblocking_epw(&ctx, buf, len, flags, written);
2571 ret = quic_write_nonblocking_aon(&ctx, buf, len, flags, written);
2574 quic_unlock(ctx.qc);
2579 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
2581 return ossl_quic_write_flags(s, buf, len, 0, written);
2588 struct quic_read_again_args {
2590 QUIC_STREAM *stream;
2598 static int quic_validate_for_read(QUIC_XSO *xso, int *err, int *eos)
2600 QUIC_STREAM_MAP *qsm;
2604 if (xso == NULL || xso->stream == NULL) {
2605 *err = ERR_R_INTERNAL_ERROR;
2609 switch (xso->stream->recv_state) {
2611 case QUIC_RSTREAM_STATE_NONE:
2612 *err = SSL_R_STREAM_SEND_ONLY;
2615 case QUIC_RSTREAM_STATE_RECV:
2616 case QUIC_RSTREAM_STATE_SIZE_KNOWN:
2617 case QUIC_RSTREAM_STATE_DATA_RECVD:
2620 case QUIC_RSTREAM_STATE_DATA_READ:
2624 case QUIC_RSTREAM_STATE_RESET_RECVD:
2625 qsm = ossl_quic_channel_get_qsm(xso->conn->ch);
2626 ossl_quic_stream_map_notify_app_read_reset_recv_part(qsm, xso->stream);
2629 case QUIC_RSTREAM_STATE_RESET_READ:
2630 *err = SSL_R_STREAM_RESET;
2636 static int quic_read_actual(QCTX *ctx,
2637 QUIC_STREAM *stream,
2638 void *buf, size_t buf_len,
2642 int is_fin = 0, err, eos;
2643 QUIC_CONNECTION *qc = ctx->qc;
2645 if (!quic_validate_for_read(ctx->xso, &err, &eos)) {
2647 ctx->xso->retired_fin = 1;
2648 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2650 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, err, NULL);
2655 if (!ossl_quic_rstream_peek(stream->rstream, buf, buf_len,
2656 bytes_read, &is_fin))
2657 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2660 if (!ossl_quic_rstream_read(stream->rstream, buf, buf_len,
2661 bytes_read, &is_fin))
2662 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2666 if (*bytes_read > 0) {
2668 * We have read at least one byte from the stream. Inform stream-level
2669 * RXFC of the retirement of controlled bytes. Update the active stream
2670 * status (the RXFC may now want to emit a frame granting more credit to
2673 OSSL_RTT_INFO rtt_info;
2675 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
2677 if (!ossl_quic_rxfc_on_retire(&stream->rxfc, *bytes_read,
2678 rtt_info.smoothed_rtt))
2679 return QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, NULL);
2682 if (is_fin && !peek) {
2683 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(ctx->qc->ch);
2685 ossl_quic_stream_map_notify_totally_read(qsm, ctx->xso->stream);
2688 if (*bytes_read > 0)
2689 ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(qc->ch),
2693 if (*bytes_read == 0 && is_fin) {
2694 ctx->xso->retired_fin = 1;
2695 return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_ZERO_RETURN);
2702 static int quic_read_again(void *arg)
2704 struct quic_read_again_args *args = arg;
2706 if (!quic_mutation_allowed(args->ctx->qc, /*req_active=*/1)) {
2707 /* If connection is torn down due to an error while blocking, stop. */
2708 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2712 if (!quic_read_actual(args->ctx, args->stream,
2713 args->buf, args->len, args->bytes_read,
2717 if (*args->bytes_read > 0)
2718 /* got at least one byte, the SSL_read op can finish now */
2721 return 0; /* did not read anything, keep trying */
2725 static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek)
2729 struct quic_read_again_args args;
2733 if (!expect_quic(s, &ctx))
2736 quic_lock_for_io(&ctx);
2738 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
2739 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2743 /* If we haven't finished the handshake, try to advance it. */
2744 if (quic_do_handshake(&ctx) < 1) {
2745 ret = 0; /* ossl_quic_do_handshake raised error here */
2749 if (ctx.xso == NULL) {
2751 * Called on a QCSO and we don't currently have a default stream.
2753 * Wait until we get a stream initiated by the peer (blocking mode) or
2754 * fail if we don't have one yet (non-blocking mode).
2756 if (!qc_wait_for_default_xso_for_read(&ctx)) {
2757 ret = 0; /* error already raised here */
2761 ctx.xso = ctx.qc->default_xso;
2764 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2765 ret = 0; /* quic_read_actual raised error here */
2769 if (*bytes_read > 0) {
2771 * Even though we succeeded, tick the reactor here to ensure we are
2772 * handling other aspects of the QUIC connection.
2774 qctx_maybe_autotick(&ctx);
2776 } else if (xso_blocking_mode(ctx.xso)) {
2778 * We were not able to read anything immediately, so our stream
2779 * buffer is empty. This means we need to block until we get
2780 * at least one byte.
2783 args.stream = ctx.xso->stream;
2786 args.bytes_read = bytes_read;
2789 res = block_until_pred(ctx.qc, quic_read_again, &args, 0);
2791 ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2793 } else if (res < 0) {
2794 ret = 0; /* quic_read_again raised error here */
2801 * We did not get any bytes and are not in blocking mode.
2802 * Tick to see if this delivers any more.
2804 qctx_maybe_autotick(&ctx);
2806 /* Try the read again. */
2807 if (!quic_read_actual(&ctx, ctx.xso->stream, buf, len, bytes_read, peek)) {
2808 ret = 0; /* quic_read_actual raised error here */
2812 if (*bytes_read > 0)
2813 ret = 1; /* Succeeded this time. */
2815 ret = QUIC_RAISE_NORMAL_ERROR(&ctx, SSL_ERROR_WANT_READ);
2819 quic_unlock(ctx.qc);
2823 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read)
2825 return quic_read(s, buf, len, bytes_read, 0);
2828 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *bytes_read)
2830 return quic_read(s, buf, len, bytes_read, 1);
2839 static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
2846 if (!expect_quic(s, &ctx))
2851 if (ctx.xso == NULL) {
2852 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL);
2856 if (ctx.xso->stream == NULL
2857 || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) {
2858 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
2862 if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
2865 if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
2869 quic_unlock(ctx.qc);
2873 size_t ossl_quic_pending(const SSL *s)
2875 return ossl_quic_pending_int(s, /*check_channel=*/0);
2878 int ossl_quic_has_pending(const SSL *s)
2880 /* Do we have app-side pending data or pending URXEs or RXEs? */
2881 return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
2885 * SSL_stream_conclude
2886 * -------------------
2889 int ossl_quic_conn_stream_conclude(SSL *s)
2895 if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
2898 qs = ctx.xso->stream;
2900 if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
2901 quic_unlock(ctx.qc);
2902 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
2905 if (!quic_validate_for_write(ctx.xso, &err)) {
2906 quic_unlock(ctx.qc);
2907 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
2910 if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
2911 quic_unlock(ctx.qc);
2915 ossl_quic_sstream_fin(qs->sstream);
2916 quic_post_write(ctx.xso, 1, 0, 0, qctx_should_autotick(&ctx));
2917 quic_unlock(ctx.qc);
2922 * SSL_inject_net_dgram
2923 * --------------------
2926 int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
2928 const BIO_ADDR *peer,
2929 const BIO_ADDR *local)
2935 if (!expect_quic(s, &ctx))
2940 demux = ossl_quic_channel_get0_demux(ctx.qc->ch);
2941 ret = ossl_quic_demux_inject(demux, buf, buf_len, peer, local);
2943 quic_unlock(ctx.qc);
2948 * SSL_get0_connection
2949 * -------------------
2951 SSL *ossl_quic_get0_connection(SSL *s)
2955 if (!expect_quic(s, &ctx))
2958 return &ctx.qc->ssl;
2962 * SSL_get_stream_type
2963 * -------------------
2965 int ossl_quic_get_stream_type(SSL *s)
2969 if (!expect_quic(s, &ctx))
2970 return SSL_STREAM_TYPE_BIDI;
2972 if (ctx.xso == NULL) {
2974 * If deferred XSO creation has yet to occur, proceed according to the
2975 * default stream mode. If AUTO_BIDI or AUTO_UNI is set, we cannot know
2976 * what kind of stream will be created yet, so return BIDI on the basis
2977 * that at this time, the client still has the option of calling
2978 * SSL_read() or SSL_write() first.
2980 if (ctx.qc->default_xso_created
2981 || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
2982 return SSL_STREAM_TYPE_NONE;
2984 return SSL_STREAM_TYPE_BIDI;
2987 if (ossl_quic_stream_is_bidi(ctx.xso->stream))
2988 return SSL_STREAM_TYPE_BIDI;
2990 if (ossl_quic_stream_is_server_init(ctx.xso->stream) != ctx.qc->as_server)
2991 return SSL_STREAM_TYPE_READ;
2993 return SSL_STREAM_TYPE_WRITE;
3001 uint64_t ossl_quic_get_stream_id(SSL *s)
3006 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3009 id = ctx.xso->stream->id;
3010 quic_unlock(ctx.qc);
3016 * SSL_is_stream_local
3017 * -------------------
3020 int ossl_quic_is_stream_local(SSL *s)
3025 if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, /*io=*/0, &ctx))
3028 is_local = ossl_quic_stream_is_local_init(ctx.xso->stream);
3029 quic_unlock(ctx.qc);
3035 * SSL_set_default_stream_mode
3036 * ---------------------------
3039 int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode)
3043 if (!expect_quic_conn_only(s, &ctx))
3048 if (ctx.qc->default_xso_created) {
3049 quic_unlock(ctx.qc);
3050 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3051 "too late to change default stream mode");
3055 case SSL_DEFAULT_STREAM_MODE_NONE:
3056 case SSL_DEFAULT_STREAM_MODE_AUTO_BIDI:
3057 case SSL_DEFAULT_STREAM_MODE_AUTO_UNI:
3058 ctx.qc->default_stream_mode = mode;
3061 quic_unlock(ctx.qc);
3062 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3063 "bad default stream type");
3066 quic_unlock(ctx.qc);
3075 SSL *ossl_quic_detach_stream(SSL *s)
3078 QUIC_XSO *xso = NULL;
3080 if (!expect_quic_conn_only(s, &ctx))
3085 /* Calling this function inhibits default XSO autocreation. */
3086 /* QC ref to any default XSO is transferred to us and to caller. */
3087 qc_set_default_xso_keep_ref(ctx.qc, NULL, /*touch=*/1, &xso);
3089 quic_unlock(ctx.qc);
3091 return xso != NULL ? &xso->ssl : NULL;
3099 int ossl_quic_attach_stream(SSL *conn, SSL *stream)
3105 if (!expect_quic_conn_only(conn, &ctx))
3108 if (stream == NULL || stream->type != SSL_TYPE_QUIC_XSO)
3109 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_NULL_PARAMETER,
3110 "stream to attach must be a valid QUIC stream");
3112 xso = (QUIC_XSO *)stream;
3116 if (ctx.qc->default_xso != NULL) {
3117 quic_unlock(ctx.qc);
3118 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
3119 "connection already has a default stream");
3123 * It is a caller error for the XSO being attached as a default XSO to have
3124 * more than one ref.
3126 if (!CRYPTO_GET_REF(&xso->ssl.references, &nref)) {
3127 quic_unlock(ctx.qc);
3128 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR,
3133 quic_unlock(ctx.qc);
3134 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3135 "stream being attached must have "
3136 "only 1 reference");
3139 /* Caller's reference to the XSO is transferred to us. */
3140 /* Calling this function inhibits default XSO autocreation. */
3141 qc_set_default_xso(ctx.qc, xso, /*touch=*/1);
3143 quic_unlock(ctx.qc);
3148 * SSL_set_incoming_stream_policy
3149 * ------------------------------
3152 static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc)
3154 switch (qc->incoming_stream_policy) {
3155 case SSL_INCOMING_STREAM_POLICY_AUTO:
3156 if ((qc->default_xso == NULL && !qc->default_xso_created)
3157 || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
3158 return SSL_INCOMING_STREAM_POLICY_ACCEPT;
3160 return SSL_INCOMING_STREAM_POLICY_REJECT;
3163 return qc->incoming_stream_policy;
3168 static void qc_update_reject_policy(QUIC_CONNECTION *qc)
3170 int policy = qc_get_effective_incoming_stream_policy(qc);
3171 int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT);
3173 ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch,
3175 qc->incoming_stream_aec);
3179 int ossl_quic_set_incoming_stream_policy(SSL *s, int policy,
3185 if (!expect_quic_conn_only(s, &ctx))
3191 case SSL_INCOMING_STREAM_POLICY_AUTO:
3192 case SSL_INCOMING_STREAM_POLICY_ACCEPT:
3193 case SSL_INCOMING_STREAM_POLICY_REJECT:
3194 ctx.qc->incoming_stream_policy = policy;
3195 ctx.qc->incoming_stream_aec = aec;
3199 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3204 qc_update_reject_policy(ctx.qc);
3205 quic_unlock(ctx.qc);
3210 * SSL_get_value, SSL_set_value
3211 * ----------------------------
3214 static int qc_getset_idle_timeout(QCTX *ctx, uint32_t class_,
3215 uint64_t *p_value_out, uint64_t *p_value_in)
3218 uint64_t value_out = 0, value_in;
3223 case SSL_VALUE_CLASS_FEATURE_REQUEST:
3224 value_out = ossl_quic_channel_get_max_idle_timeout_request(ctx->qc->ch);
3226 if (p_value_in != NULL) {
3227 value_in = *p_value_in;
3228 if (value_in > OSSL_QUIC_VLINT_MAX) {
3229 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3234 if (ossl_quic_channel_have_generated_transport_params(ctx->qc->ch)) {
3235 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NOT_RENEGOTIABLE,
3240 ossl_quic_channel_set_max_idle_timeout_request(ctx->qc->ch, value_in);
3244 case SSL_VALUE_CLASS_FEATURE_PEER_REQUEST:
3245 case SSL_VALUE_CLASS_FEATURE_NEGOTIATED:
3246 if (p_value_in != NULL) {
3247 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_OP,
3252 if (!ossl_quic_channel_is_handshake_complete(ctx->qc->ch)) {
3253 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE,
3258 value_out = (class_ == SSL_VALUE_CLASS_FEATURE_NEGOTIATED)
3259 ? ossl_quic_channel_get_max_idle_timeout_actual(ctx->qc->ch)
3260 : ossl_quic_channel_get_max_idle_timeout_peer_request(ctx->qc->ch);
3264 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3271 quic_unlock(ctx->qc);
3272 if (ret && p_value_out != NULL)
3273 *p_value_out = value_out;
3279 static int qc_get_stream_avail(QCTX *ctx, uint32_t class_,
3280 int is_uni, int is_remote,
3285 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3286 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3294 ? ossl_quic_channel_get_remote_stream_count_avail(ctx->qc->ch, is_uni)
3295 : ossl_quic_channel_get_local_stream_count_avail(ctx->qc->ch, is_uni);
3298 quic_unlock(ctx->qc);
3303 static int qctx_should_autotick(QCTX *ctx)
3305 int event_handling_mode;
3307 if (ctx->is_stream) {
3308 event_handling_mode = ctx->xso->event_handling_mode;
3309 if (event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_INHERIT)
3310 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3313 event_handling_mode = ctx->qc->event_handling_mode;
3314 return event_handling_mode != SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT;
3318 static void qctx_maybe_autotick(QCTX *ctx)
3320 if (!qctx_should_autotick(ctx))
3323 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx->qc->ch), 0);
3327 static int qc_getset_event_handling(QCTX *ctx, uint32_t class_,
3328 uint64_t *p_value_out,
3329 uint64_t *p_value_in)
3332 uint64_t value_out = 0;
3336 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3337 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3342 if (p_value_in != NULL) {
3343 switch (*p_value_in) {
3344 case SSL_VALUE_EVENT_HANDLING_MODE_INHERIT:
3345 case SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT:
3346 case SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT:
3349 QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT,
3354 value_out = *p_value_in;
3356 ctx->xso->event_handling_mode = (int)value_out;
3358 ctx->qc->event_handling_mode = (int)value_out;
3360 value_out = ctx->is_stream
3361 ? ctx->xso->event_handling_mode
3362 : ctx->qc->event_handling_mode;
3367 quic_unlock(ctx->qc);
3368 if (ret && p_value_out != NULL)
3369 *p_value_out = value_out;
3375 static int qc_get_stream_write_buf_stat(QCTX *ctx, uint32_t class_,
3376 uint64_t *p_value_out,
3377 size_t (*getter)(QUIC_SSTREAM *sstream))
3384 if (class_ != SSL_VALUE_CLASS_GENERIC) {
3385 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS,
3390 if (ctx->xso == NULL) {
3391 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_NO_STREAM, NULL);
3395 if (!ossl_quic_stream_has_send(ctx->xso->stream)) {
3396 QUIC_RAISE_NON_NORMAL_ERROR(ctx, SSL_R_STREAM_RECV_ONLY, NULL);
3400 if (ossl_quic_stream_has_send_buffer(ctx->xso->stream))
3401 value = getter(ctx->xso->stream->sstream);
3405 quic_unlock(ctx->qc);
3406 *p_value_out = (uint64_t)value;
3411 static int expect_quic_for_value(SSL *s, QCTX *ctx, uint32_t id)
3414 case SSL_VALUE_EVENT_HANDLING_MODE:
3415 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3416 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3417 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3418 return expect_quic(s, ctx);
3420 return expect_quic_conn_only(s, ctx);
3425 int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
3430 if (!expect_quic_for_value(s, &ctx, id))
3434 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3435 ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3438 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3439 return qc_getset_idle_timeout(&ctx, class_, value, NULL);
3441 case SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL:
3442 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/0, value);
3443 case SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL:
3444 return qc_get_stream_avail(&ctx, class_, /*uni=*/0, /*remote=*/1, value);
3445 case SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL:
3446 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/0, value);
3447 case SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL:
3448 return qc_get_stream_avail(&ctx, class_, /*uni=*/1, /*remote=*/1, value);
3450 case SSL_VALUE_EVENT_HANDLING_MODE:
3451 return qc_getset_event_handling(&ctx, class_, value, NULL);
3453 case SSL_VALUE_STREAM_WRITE_BUF_SIZE:
3454 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3455 ossl_quic_sstream_get_buffer_size);
3456 case SSL_VALUE_STREAM_WRITE_BUF_USED:
3457 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3458 ossl_quic_sstream_get_buffer_used);
3459 case SSL_VALUE_STREAM_WRITE_BUF_AVAIL:
3460 return qc_get_stream_write_buf_stat(&ctx, class_, value,
3461 ossl_quic_sstream_get_buffer_avail);
3464 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3465 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3472 int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
3477 if (!expect_quic_for_value(s, &ctx, id))
3481 case SSL_VALUE_QUIC_IDLE_TIMEOUT:
3482 return qc_getset_idle_timeout(&ctx, class_, NULL, &value);
3484 case SSL_VALUE_EVENT_HANDLING_MODE:
3485 return qc_getset_event_handling(&ctx, class_, NULL, &value);
3488 return QUIC_RAISE_NON_NORMAL_ERROR(&ctx,
3489 SSL_R_UNSUPPORTED_CONFIG_VALUE, NULL);
3499 struct wait_for_incoming_stream_args {
3505 static int wait_for_incoming_stream(void *arg)
3507 struct wait_for_incoming_stream_args *args = arg;
3508 QUIC_CONNECTION *qc = args->ctx->qc;
3509 QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(qc->ch);
3511 if (!quic_mutation_allowed(qc, /*req_active=*/1)) {
3512 /* If connection is torn down due to an error while blocking, stop. */
3513 QUIC_RAISE_NON_NORMAL_ERROR(args->ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
3517 args->qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3518 if (args->qs != NULL)
3519 return 1; /* got a stream */
3521 return 0; /* did not get a stream, keep trying */
3525 SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags)
3530 QUIC_STREAM_MAP *qsm;
3533 OSSL_RTT_INFO rtt_info;
3535 if (!expect_quic_conn_only(s, &ctx))
3540 if (qc_get_effective_incoming_stream_policy(ctx.qc)
3541 == SSL_INCOMING_STREAM_POLICY_REJECT) {
3542 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3546 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3548 qs = ossl_quic_stream_map_peek_accept_queue(qsm);
3550 if (qc_blocking_mode(ctx.qc)
3551 && (flags & SSL_ACCEPT_STREAM_NO_BLOCK) == 0) {
3552 struct wait_for_incoming_stream_args args;
3557 ret = block_until_pred(ctx.qc, wait_for_incoming_stream, &args, 0);
3559 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3561 } else if (ret < 0 || args.qs == NULL) {
3571 xso = create_xso_from_stream(ctx.qc, qs);
3575 ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(ctx.qc->ch), &rtt_info);
3576 ossl_quic_stream_map_remove_from_accept_queue(qsm, qs,
3577 rtt_info.smoothed_rtt);
3580 /* Calling this function inhibits default XSO autocreation. */
3581 qc_touch_default_xso(ctx.qc); /* inhibits default XSO */
3584 quic_unlock(ctx.qc);
3589 * SSL_get_accept_stream_queue_len
3590 * -------------------------------
3593 size_t ossl_quic_get_accept_stream_queue_len(SSL *s)
3598 if (!expect_quic_conn_only(s, &ctx))
3603 v = ossl_quic_stream_map_get_total_accept_queue_len(ossl_quic_channel_get_qsm(ctx.qc->ch));
3605 quic_unlock(ctx.qc);
3613 int ossl_quic_stream_reset(SSL *ssl,
3614 const SSL_STREAM_RESET_ARGS *args,
3618 QUIC_STREAM_MAP *qsm;
3620 uint64_t error_code;
3623 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/0, /*io=*/0, &ctx))
3626 qsm = ossl_quic_channel_get_qsm(ctx.qc->ch);
3627 qs = ctx.xso->stream;
3628 error_code = (args != NULL ? args->quic_error_code : 0);
3630 if (!quic_validate_for_write(ctx.xso, &err)) {
3631 ok = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
3635 ok = ossl_quic_stream_map_reset_stream_send_part(qsm, qs, error_code);
3637 ctx.xso->requested_reset = 1;
3640 quic_unlock(ctx.qc);
3645 * SSL_get_stream_read_state
3646 * -------------------------
3648 static void quic_classify_stream(QUIC_CONNECTION *qc,
3652 uint64_t *app_error_code)
3655 uint64_t final_size;
3657 local_init = (ossl_quic_stream_is_server_init(qs) == qc->as_server);
3659 if (app_error_code != NULL)
3660 *app_error_code = UINT64_MAX;
3662 app_error_code = &final_size; /* throw away value */
3664 if (!ossl_quic_stream_is_bidi(qs) && local_init != is_write) {
3666 * Unidirectional stream and this direction of transmission doesn't
3669 *state = SSL_STREAM_STATE_WRONG_DIR;
3670 } else if (ossl_quic_channel_is_term_any(qc->ch)) {
3671 /* Connection already closed. */
3672 *state = SSL_STREAM_STATE_CONN_CLOSED;
3673 } else if (!is_write && qs->recv_state == QUIC_RSTREAM_STATE_DATA_READ) {
3674 /* Application has read a FIN. */
3675 *state = SSL_STREAM_STATE_FINISHED;
3676 } else if ((!is_write && qs->stop_sending)
3677 || (is_write && ossl_quic_stream_send_is_reset(qs))) {
3679 * Stream has been reset locally. FIN takes precedence over this for the
3680 * read case as the application need not care if the stream is reset
3681 * after a FIN has been successfully processed.
3683 *state = SSL_STREAM_STATE_RESET_LOCAL;
3684 *app_error_code = !is_write
3685 ? qs->stop_sending_aec
3686 : qs->reset_stream_aec;
3687 } else if ((!is_write && ossl_quic_stream_recv_is_reset(qs))
3688 || (is_write && qs->peer_stop_sending)) {
3690 * Stream has been reset remotely. */
3691 *state = SSL_STREAM_STATE_RESET_REMOTE;
3692 *app_error_code = !is_write
3693 ? qs->peer_reset_stream_aec
3694 : qs->peer_stop_sending_aec;
3695 } else if (is_write && ossl_quic_sstream_get_final_size(qs->sstream,
3698 * Stream has been finished. Stream reset takes precedence over this for
3699 * the write case as peer may not have received all data.
3701 *state = SSL_STREAM_STATE_FINISHED;
3703 /* Stream still healthy. */
3704 *state = SSL_STREAM_STATE_OK;
3708 static int quic_get_stream_state(SSL *ssl, int is_write)
3713 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3714 return SSL_STREAM_STATE_NONE;
3716 quic_classify_stream(ctx.qc, ctx.xso->stream, is_write, &state, NULL);
3717 quic_unlock(ctx.qc);
3721 int ossl_quic_get_stream_read_state(SSL *ssl)
3723 return quic_get_stream_state(ssl, /*is_write=*/0);
3727 * SSL_get_stream_write_state
3728 * --------------------------
3730 int ossl_quic_get_stream_write_state(SSL *ssl)
3732 return quic_get_stream_state(ssl, /*is_write=*/1);
3736 * SSL_get_stream_read_error_code
3737 * ------------------------------
3739 static int quic_get_stream_error_code(SSL *ssl, int is_write,
3740 uint64_t *app_error_code)
3745 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3748 quic_classify_stream(ctx.qc, ctx.xso->stream, /*is_write=*/0,
3749 &state, app_error_code);
3751 quic_unlock(ctx.qc);
3753 case SSL_STREAM_STATE_FINISHED:
3755 case SSL_STREAM_STATE_RESET_LOCAL:
3756 case SSL_STREAM_STATE_RESET_REMOTE:
3763 int ossl_quic_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code)
3765 return quic_get_stream_error_code(ssl, /*is_write=*/0, app_error_code);
3769 * SSL_get_stream_write_error_code
3770 * -------------------------------
3772 int ossl_quic_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code)
3774 return quic_get_stream_error_code(ssl, /*is_write=*/1, app_error_code);
3778 * Write buffer size mutation
3779 * --------------------------
3781 int ossl_quic_set_write_buffer_size(SSL *ssl, size_t size)
3786 if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, /*io=*/0, &ctx))
3789 if (!ossl_quic_stream_has_send(ctx.xso->stream)) {
3790 /* Called on a unidirectional receive-only stream - error. */
3791 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, NULL);
3795 if (!ossl_quic_stream_has_send_buffer(ctx.xso->stream)) {
3797 * If the stream has a send part but we have disposed of it because we
3798 * no longer need it, this is a no-op.
3804 if (!ossl_quic_sstream_set_buffer_size(ctx.xso->stream->sstream, size)) {
3805 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL);
3812 quic_unlock(ctx.qc);
3817 * SSL_get_conn_close_info
3818 * -----------------------
3820 int ossl_quic_get_conn_close_info(SSL *ssl,
3821 SSL_CONN_CLOSE_INFO *info,
3825 const QUIC_TERMINATE_CAUSE *tc;
3827 if (!expect_quic_conn_only(ssl, &ctx))
3830 tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
3834 info->error_code = tc->error_code;
3835 info->frame_type = tc->frame_type;
3836 info->reason = tc->reason;
3837 info->reason_len = tc->reason_len;
3840 info->flags |= SSL_CONN_CLOSE_FLAG_LOCAL;
3842 info->flags |= SSL_CONN_CLOSE_FLAG_TRANSPORT;
3850 int ossl_quic_key_update(SSL *ssl, int update_type)
3854 if (!expect_quic_conn_only(ssl, &ctx))
3857 switch (update_type) {
3858 case SSL_KEY_UPDATE_NOT_REQUESTED:
3860 * QUIC signals peer key update implicily by triggering a local
3861 * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED.
3863 case SSL_KEY_UPDATE_REQUESTED:
3867 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
3873 /* Attempt to perform a TXKU. */
3874 if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) {
3875 QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_TOO_MANY_KEY_UPDATES, NULL);
3876 quic_unlock(ctx.qc);
3880 quic_unlock(ctx.qc);
3885 * SSL_get_key_update_type
3886 * -----------------------
3888 int ossl_quic_get_key_update_type(const SSL *s)
3891 * We always handle key updates immediately so a key update is never
3894 return SSL_KEY_UPDATE_NONE;
3898 * QUIC Front-End I/O API: SSL_CTX Management
3899 * ==========================================
3902 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3906 return ssl3_ctx_ctrl(ctx, cmd, larg, parg);
3910 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3914 if (!expect_quic_conn_only(s, &ctx))
3918 case SSL_CTRL_SET_MSG_CALLBACK:
3919 ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
3921 /* This callback also needs to be set on the internal SSL object */
3922 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);;
3925 /* Probably a TLS related ctrl. Defer to our internal SSL object */
3926 return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
3930 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3932 return ssl3_ctx_callback_ctrl(ctx, cmd, fp);
3935 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
3937 /* We never do renegotiation. */
3941 const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
3943 const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
3945 if ((ciph->algorithm2 & SSL_QUIC) == 0)
3952 * These functions define the TLSv1.2 (and below) ciphers that are supported by
3953 * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
3956 int ossl_quic_num_ciphers(void)
3961 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
3967 * SSL_get_shutdown()
3968 * ------------------
3970 int ossl_quic_get_shutdown(const SSL *s)
3975 if (!expect_quic_conn_only(s, &ctx))
3978 if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
3979 shut |= SSL_SENT_SHUTDOWN;
3980 if (!ossl_quic_channel_is_closing(ctx.qc->ch))
3981 shut |= SSL_RECEIVED_SHUTDOWN;
3988 * QUIC Polling Support APIs
3989 * =========================
3992 /* Do we have the R (read) condition? */
3994 static int test_poll_event_r(QUIC_XSO *xso)
3999 return ossl_quic_stream_has_recv_buffer(xso->stream)
4000 && ossl_quic_rstream_available(xso->stream->rstream, &avail, &fin)
4001 && (avail > 0 || (fin && !xso->retired_fin));
4004 /* Do we have the ER (exception: read) condition? */
4006 static int test_poll_event_er(QUIC_XSO *xso)
4008 return ossl_quic_stream_has_recv(xso->stream)
4009 && ossl_quic_stream_recv_is_reset(xso->stream)
4010 && !xso->retired_fin;
4013 /* Do we have the W (write) condition? */
4015 static int test_poll_event_w(QUIC_XSO *xso)
4017 return !xso->conn->shutting_down
4018 && ossl_quic_stream_has_send_buffer(xso->stream)
4019 && ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
4020 && !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
4021 && quic_mutation_allowed(xso->conn, /*req_active=*/1);
4024 /* Do we have the EW (exception: write) condition? */
4026 static int test_poll_event_ew(QUIC_XSO *xso)
4028 return ossl_quic_stream_has_send(xso->stream)
4029 && xso->stream->peer_stop_sending
4030 && !xso->requested_reset
4031 && !xso->conn->shutting_down;
4034 /* Do we have the EC (exception: connection) condition? */
4036 static int test_poll_event_ec(QUIC_CONNECTION *qc)
4038 return ossl_quic_channel_is_term_any(qc->ch);
4041 /* Do we have the ECD (exception: connection drained) condition? */
4043 static int test_poll_event_ecd(QUIC_CONNECTION *qc)
4045 return ossl_quic_channel_is_terminated(qc->ch);
4048 /* Do we have the IS (incoming: stream) condition? */
4050 static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
4052 return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
4056 /* Do we have the OS (outgoing: stream) condition? */
4058 static int test_poll_event_os(QUIC_CONNECTION *qc, int is_uni)
4060 /* Is it currently possible for us to make an outgoing stream? */
4061 return quic_mutation_allowed(qc, /*req_active=*/1)
4062 && ossl_quic_channel_get_local_stream_count_avail(qc->ch, is_uni) > 0;
4066 int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick,
4067 uint64_t *p_revents)
4070 uint64_t revents = 0;
4072 if (!expect_quic(ssl, &ctx))
4078 ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0);
4080 if (ctx.xso != NULL) {
4081 /* SSL object has a stream component. */
4083 if ((events & SSL_POLL_EVENT_R) != 0
4084 && test_poll_event_r(ctx.xso))
4085 revents |= SSL_POLL_EVENT_R;
4087 if ((events & SSL_POLL_EVENT_ER) != 0
4088 && test_poll_event_er(ctx.xso))
4089 revents |= SSL_POLL_EVENT_ER;
4091 if ((events & SSL_POLL_EVENT_W) != 0
4092 && test_poll_event_w(ctx.xso))
4093 revents |= SSL_POLL_EVENT_W;
4095 if ((events & SSL_POLL_EVENT_EW) != 0
4096 && test_poll_event_ew(ctx.xso))
4097 revents |= SSL_POLL_EVENT_EW;
4100 if (!ctx.is_stream) {
4101 if ((events & SSL_POLL_EVENT_EC) != 0
4102 && test_poll_event_ec(ctx.qc))
4103 revents |= SSL_POLL_EVENT_EC;
4105 if ((events & SSL_POLL_EVENT_ECD) != 0
4106 && test_poll_event_ecd(ctx.qc))
4107 revents |= SSL_POLL_EVENT_ECD;
4109 if ((events & SSL_POLL_EVENT_ISB) != 0
4110 && test_poll_event_is(ctx.qc, /*uni=*/0))
4111 revents |= SSL_POLL_EVENT_ISB;
4113 if ((events & SSL_POLL_EVENT_ISU) != 0
4114 && test_poll_event_is(ctx.qc, /*uni=*/1))
4115 revents |= SSL_POLL_EVENT_ISU;
4117 if ((events & SSL_POLL_EVENT_OSB) != 0
4118 && test_poll_event_os(ctx.qc, /*uni=*/0))
4119 revents |= SSL_POLL_EVENT_OSB;
4121 if ((events & SSL_POLL_EVENT_OSU) != 0
4122 && test_poll_event_os(ctx.qc, /*uni=*/1))
4123 revents |= SSL_POLL_EVENT_OSU;
4126 quic_unlock(ctx.qc);
4127 *p_revents = revents;
4132 * Internal Testing APIs
4133 * =====================
4136 QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s)
4140 if (!expect_quic_conn_only(s, &ctx))
4146 int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title)
4148 #ifndef OPENSSL_NO_QLOG
4149 OPENSSL_free(ctx->qlog_title);
4150 ctx->qlog_title = NULL;
4155 if ((ctx->qlog_title = OPENSSL_strdup(title)) == NULL)