curl_osslq.c 70 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #if defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
  26. #include <openssl/ssl.h>
  27. #include <openssl/bio.h>
  28. #include <openssl/err.h>
  29. #include <nghttp3/nghttp3.h>
  30. #include "urldata.h"
  31. #include "hash.h"
  32. #include "sendf.h"
  33. #include "strdup.h"
  34. #include "rand.h"
  35. #include "multiif.h"
  36. #include "strcase.h"
  37. #include "cfilters.h"
  38. #include "cf-socket.h"
  39. #include "connect.h"
  40. #include "progress.h"
  41. #include "strerror.h"
  42. #include "dynbuf.h"
  43. #include "http1.h"
  44. #include "select.h"
  45. #include "inet_pton.h"
  46. #include "vquic.h"
  47. #include "vquic_int.h"
  48. #include "vquic-tls.h"
  49. #include "vtls/keylog.h"
  50. #include "vtls/vtls.h"
  51. #include "vtls/openssl.h"
  52. #include "curl_osslq.h"
  53. #include "warnless.h"
  54. /* The last 3 #include files should be in this order */
  55. #include "curl_printf.h"
  56. #include "curl_memory.h"
  57. #include "memdebug.h"
  58. /* A stream window is the maximum amount we need to buffer for
  59. * each active transfer. We use HTTP/3 flow control and only ACK
  60. * when we take things out of the buffer.
  61. * Chunk size is large enough to take a full DATA frame */
  62. #define H3_STREAM_WINDOW_SIZE (128 * 1024)
  63. #define H3_STREAM_CHUNK_SIZE (16 * 1024)
  64. /* The pool keeps spares around and half of a full stream window
  65. * seems good. More does not seem to improve performance.
  66. * The benefit of the pool is that stream buffer to not keep
  67. * spares. Memory consumption goes down when streams run empty,
  68. * have a large upload done, etc. */
  69. #define H3_STREAM_POOL_SPARES \
  70. (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2
  71. /* Receive and Send max number of chunks just follows from the
  72. * chunk size and window size */
  73. #define H3_STREAM_RECV_CHUNKS \
  74. (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
  75. #define H3_STREAM_SEND_CHUNKS \
  76. (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE)
  77. #ifndef ARRAYSIZE
  78. #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
  79. #endif
  80. #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
  81. typedef uint32_t sslerr_t;
  82. #else
  83. typedef unsigned long sslerr_t;
  84. #endif
  85. /* How to access `call_data` from a cf_osslq filter */
  86. #undef CF_CTX_CALL_DATA
  87. #define CF_CTX_CALL_DATA(cf) \
  88. ((struct cf_osslq_ctx *)(cf)->ctx)->call_data
  89. static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
  90. struct Curl_easy *data);
  91. static const char *osslq_SSL_ERROR_to_str(int err)
  92. {
  93. switch(err) {
  94. case SSL_ERROR_NONE:
  95. return "SSL_ERROR_NONE";
  96. case SSL_ERROR_SSL:
  97. return "SSL_ERROR_SSL";
  98. case SSL_ERROR_WANT_READ:
  99. return "SSL_ERROR_WANT_READ";
  100. case SSL_ERROR_WANT_WRITE:
  101. return "SSL_ERROR_WANT_WRITE";
  102. case SSL_ERROR_WANT_X509_LOOKUP:
  103. return "SSL_ERROR_WANT_X509_LOOKUP";
  104. case SSL_ERROR_SYSCALL:
  105. return "SSL_ERROR_SYSCALL";
  106. case SSL_ERROR_ZERO_RETURN:
  107. return "SSL_ERROR_ZERO_RETURN";
  108. case SSL_ERROR_WANT_CONNECT:
  109. return "SSL_ERROR_WANT_CONNECT";
  110. case SSL_ERROR_WANT_ACCEPT:
  111. return "SSL_ERROR_WANT_ACCEPT";
  112. #if defined(SSL_ERROR_WANT_ASYNC)
  113. case SSL_ERROR_WANT_ASYNC:
  114. return "SSL_ERROR_WANT_ASYNC";
  115. #endif
  116. #if defined(SSL_ERROR_WANT_ASYNC_JOB)
  117. case SSL_ERROR_WANT_ASYNC_JOB:
  118. return "SSL_ERROR_WANT_ASYNC_JOB";
  119. #endif
  120. #if defined(SSL_ERROR_WANT_EARLY)
  121. case SSL_ERROR_WANT_EARLY:
  122. return "SSL_ERROR_WANT_EARLY";
  123. #endif
  124. default:
  125. return "SSL_ERROR unknown";
  126. }
  127. }
  128. /* Return error string for last OpenSSL error */
  129. static char *osslq_strerror(unsigned long error, char *buf, size_t size)
  130. {
  131. DEBUGASSERT(size);
  132. *buf = '\0';
  133. #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
  134. ERR_error_string_n((uint32_t)error, buf, size);
  135. #else
  136. ERR_error_string_n(error, buf, size);
  137. #endif
  138. if(!*buf) {
  139. const char *msg = error ? "Unknown error" : "No error";
  140. if(strlen(msg) < size)
  141. strcpy(buf, msg);
  142. }
  143. return buf;
  144. }
  145. static CURLcode make_bio_addr(BIO_ADDR **pbio_addr,
  146. const struct Curl_sockaddr_ex *addr)
  147. {
  148. BIO_ADDR *ba;
  149. CURLcode result = CURLE_FAILED_INIT;
  150. ba = BIO_ADDR_new();
  151. if(!ba) {
  152. result = CURLE_OUT_OF_MEMORY;
  153. goto out;
  154. }
  155. switch(addr->family) {
  156. case AF_INET: {
  157. struct sockaddr_in * const sin =
  158. (struct sockaddr_in * const)(void *)&addr->curl_sa_addr;
  159. if(!BIO_ADDR_rawmake(ba, AF_INET, &sin->sin_addr,
  160. sizeof(sin->sin_addr), sin->sin_port)) {
  161. goto out;
  162. }
  163. result = CURLE_OK;
  164. break;
  165. }
  166. #ifdef USE_IPV6
  167. case AF_INET6: {
  168. struct sockaddr_in6 * const sin =
  169. (struct sockaddr_in6 * const)(void *)&addr->curl_sa_addr;
  170. if(!BIO_ADDR_rawmake(ba, AF_INET6, &sin->sin6_addr,
  171. sizeof(sin->sin6_addr), sin->sin6_port)) {
  172. }
  173. result = CURLE_OK;
  174. break;
  175. }
  176. #endif /* USE_IPV6 */
  177. default:
  178. /* sunsupported */
  179. DEBUGASSERT(0);
  180. break;
  181. }
  182. out:
  183. if(result && ba) {
  184. BIO_ADDR_free(ba);
  185. ba = NULL;
  186. }
  187. *pbio_addr = ba;
  188. return result;
  189. }
  190. /* QUIC stream (not necessarily H3) */
  191. struct cf_osslq_stream {
  192. curl_int64_t id;
  193. SSL *ssl;
  194. struct bufq recvbuf; /* QUIC war data recv buffer */
  195. BIT(recvd_eos);
  196. BIT(closed);
  197. BIT(reset);
  198. BIT(send_blocked);
  199. };
  200. static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s,
  201. SSL *conn,
  202. uint64_t flags,
  203. struct bufc_pool *bufcp,
  204. void *user_data)
  205. {
  206. DEBUGASSERT(!s->ssl);
  207. Curl_bufq_initp(&s->recvbuf, bufcp, 1, BUFQ_OPT_NONE);
  208. s->ssl = SSL_new_stream(conn, flags);
  209. if(!s->ssl) {
  210. return CURLE_FAILED_INIT;
  211. }
  212. s->id = (curl_int64_t)SSL_get_stream_id(s->ssl);
  213. SSL_set_app_data(s->ssl, user_data);
  214. return CURLE_OK;
  215. }
  216. static void cf_osslq_stream_cleanup(struct cf_osslq_stream *s)
  217. {
  218. if(s->ssl) {
  219. SSL_set_app_data(s->ssl, NULL);
  220. SSL_free(s->ssl);
  221. }
  222. Curl_bufq_free(&s->recvbuf);
  223. memset(s, 0, sizeof(*s));
  224. }
  225. static void cf_osslq_stream_close(struct cf_osslq_stream *s)
  226. {
  227. if(s->ssl) {
  228. SSL_free(s->ssl);
  229. s->ssl = NULL;
  230. }
  231. }
  232. struct cf_osslq_h3conn {
  233. nghttp3_conn *conn;
  234. nghttp3_settings settings;
  235. struct cf_osslq_stream s_ctrl;
  236. struct cf_osslq_stream s_qpack_enc;
  237. struct cf_osslq_stream s_qpack_dec;
  238. struct cf_osslq_stream remote_ctrl[3]; /* uni streams opened by the peer */
  239. size_t remote_ctrl_n; /* number of peer streams opened */
  240. };
  241. static void cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn *h3)
  242. {
  243. size_t i;
  244. if(h3->conn)
  245. nghttp3_conn_del(h3->conn);
  246. cf_osslq_stream_cleanup(&h3->s_ctrl);
  247. cf_osslq_stream_cleanup(&h3->s_qpack_enc);
  248. cf_osslq_stream_cleanup(&h3->s_qpack_dec);
  249. for(i = 0; i < h3->remote_ctrl_n; ++i) {
  250. cf_osslq_stream_cleanup(&h3->remote_ctrl[i]);
  251. }
  252. }
  253. struct cf_osslq_ctx {
  254. struct cf_quic_ctx q;
  255. struct ssl_peer peer;
  256. struct curl_tls_ctx tls;
  257. struct cf_call_data call_data;
  258. struct cf_osslq_h3conn h3;
  259. struct curltime started_at; /* time the current attempt started */
  260. struct curltime handshake_at; /* time connect handshake finished */
  261. struct curltime first_byte_at; /* when first byte was recvd */
  262. struct bufc_pool stream_bufcp; /* chunk pool for streams */
  263. struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */
  264. size_t max_stream_window; /* max flow window for one stream */
  265. uint64_t max_idle_ms; /* max idle time for QUIC connection */
  266. BIT(initialized);
  267. BIT(got_first_byte); /* if first byte was received */
  268. BIT(x509_store_setup); /* if x509 store has been set up */
  269. BIT(protocol_shutdown); /* QUIC connection is shut down */
  270. BIT(need_recv); /* QUIC connection needs to receive */
  271. BIT(need_send); /* QUIC connection needs to send */
  272. };
  273. static void h3_stream_hash_free(void *stream);
  274. static void cf_osslq_ctx_init(struct cf_osslq_ctx *ctx)
  275. {
  276. DEBUGASSERT(!ctx->initialized);
  277. Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE,
  278. H3_STREAM_POOL_SPARES);
  279. Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free);
  280. ctx->initialized = TRUE;
  281. }
  282. static void cf_osslq_ctx_free(struct cf_osslq_ctx *ctx)
  283. {
  284. if(ctx && ctx->initialized) {
  285. Curl_bufcp_free(&ctx->stream_bufcp);
  286. Curl_hash_clean(&ctx->streams);
  287. Curl_hash_destroy(&ctx->streams);
  288. Curl_ssl_peer_cleanup(&ctx->peer);
  289. }
  290. free(ctx);
  291. }
  292. static void cf_osslq_ctx_close(struct cf_osslq_ctx *ctx)
  293. {
  294. struct cf_call_data save = ctx->call_data;
  295. cf_osslq_h3conn_cleanup(&ctx->h3);
  296. Curl_vquic_tls_cleanup(&ctx->tls);
  297. vquic_ctx_free(&ctx->q);
  298. ctx->call_data = save;
  299. }
  300. static CURLcode cf_osslq_shutdown(struct Curl_cfilter *cf,
  301. struct Curl_easy *data, bool *done)
  302. {
  303. struct cf_osslq_ctx *ctx = cf->ctx;
  304. struct cf_call_data save;
  305. CURLcode result = CURLE_OK;
  306. int rc;
  307. CF_DATA_SAVE(save, cf, data);
  308. if(cf->shutdown || ctx->protocol_shutdown) {
  309. *done = TRUE;
  310. return CURLE_OK;
  311. }
  312. CF_DATA_SAVE(save, cf, data);
  313. *done = FALSE;
  314. ctx->need_send = FALSE;
  315. ctx->need_recv = FALSE;
  316. rc = SSL_shutdown_ex(ctx->tls.ossl.ssl,
  317. SSL_SHUTDOWN_FLAG_NO_BLOCK, NULL, 0);
  318. if(rc == 0) { /* ongoing */
  319. CURL_TRC_CF(data, cf, "shutdown ongoing");
  320. ctx->need_recv = TRUE;
  321. goto out;
  322. }
  323. else if(rc == 1) { /* done */
  324. CURL_TRC_CF(data, cf, "shutdown finished");
  325. *done = TRUE;
  326. goto out;
  327. }
  328. else {
  329. long sslerr;
  330. char err_buffer[256];
  331. int err = SSL_get_error(ctx->tls.ossl.ssl, rc);
  332. switch(err) {
  333. case SSL_ERROR_NONE:
  334. case SSL_ERROR_ZERO_RETURN:
  335. CURL_TRC_CF(data, cf, "shutdown not received, but closed");
  336. *done = TRUE;
  337. goto out;
  338. case SSL_ERROR_WANT_READ:
  339. /* SSL has send its notify and now wants to read the reply
  340. * from the server. We are not really interested in that. */
  341. CURL_TRC_CF(data, cf, "shutdown sent, want receive");
  342. ctx->need_recv = TRUE;
  343. goto out;
  344. case SSL_ERROR_WANT_WRITE:
  345. CURL_TRC_CF(data, cf, "shutdown send blocked");
  346. ctx->need_send = TRUE;
  347. goto out;
  348. default:
  349. /* We give up on this. */
  350. sslerr = ERR_get_error();
  351. CURL_TRC_CF(data, cf, "shutdown, ignore recv error: '%s', errno %d",
  352. (sslerr ?
  353. osslq_strerror(sslerr, err_buffer, sizeof(err_buffer)) :
  354. osslq_SSL_ERROR_to_str(err)),
  355. SOCKERRNO);
  356. *done = TRUE;
  357. result = CURLE_OK;
  358. goto out;
  359. }
  360. }
  361. out:
  362. CF_DATA_RESTORE(cf, save);
  363. return result;
  364. }
  365. static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data)
  366. {
  367. struct cf_osslq_ctx *ctx = cf->ctx;
  368. struct cf_call_data save;
  369. CF_DATA_SAVE(save, cf, data);
  370. if(ctx && ctx->tls.ossl.ssl) {
  371. CURL_TRC_CF(data, cf, "cf_osslq_close()");
  372. if(!cf->shutdown && !ctx->protocol_shutdown) {
  373. /* last best effort, which OpenSSL calls a "rapid" shutdown. */
  374. SSL_shutdown_ex(ctx->tls.ossl.ssl,
  375. (SSL_SHUTDOWN_FLAG_NO_BLOCK | SSL_SHUTDOWN_FLAG_RAPID),
  376. NULL, 0);
  377. }
  378. cf_osslq_ctx_close(ctx);
  379. }
  380. cf->connected = FALSE;
  381. CF_DATA_RESTORE(cf, save);
  382. }
  383. static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
  384. {
  385. struct cf_osslq_ctx *ctx = cf->ctx;
  386. struct cf_call_data save;
  387. CF_DATA_SAVE(save, cf, data);
  388. CURL_TRC_CF(data, cf, "destroy");
  389. if(ctx) {
  390. CURL_TRC_CF(data, cf, "cf_osslq_destroy()");
  391. if(ctx->tls.ossl.ssl)
  392. cf_osslq_ctx_close(ctx);
  393. cf_osslq_ctx_free(ctx);
  394. }
  395. cf->ctx = NULL;
  396. /* No CF_DATA_RESTORE(cf, save) possible */
  397. (void)save;
  398. }
  399. static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
  400. SSL *stream_ssl,
  401. struct Curl_cfilter *cf,
  402. struct Curl_easy *data)
  403. {
  404. struct cf_osslq_ctx *ctx = cf->ctx;
  405. curl_int64_t stream_id = (curl_int64_t)SSL_get_stream_id(stream_ssl);
  406. if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) {
  407. /* rejected, we are full */
  408. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] rejecting remote stream",
  409. stream_id);
  410. SSL_free(stream_ssl);
  411. return CURLE_FAILED_INIT;
  412. }
  413. switch(SSL_get_stream_type(stream_ssl)) {
  414. case SSL_STREAM_TYPE_READ: {
  415. struct cf_osslq_stream *nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
  416. nstream->id = stream_id;
  417. nstream->ssl = stream_ssl;
  418. Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
  419. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] accepted remote uni stream",
  420. stream_id);
  421. break;
  422. }
  423. default:
  424. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reject remote non-uni-read"
  425. " stream", stream_id);
  426. SSL_free(stream_ssl);
  427. return CURLE_FAILED_INIT;
  428. }
  429. return CURLE_OK;
  430. }
  431. static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf,
  432. struct Curl_easy *data,
  433. int detail, CURLcode def_result)
  434. {
  435. struct cf_osslq_ctx *ctx = cf->ctx;
  436. CURLcode result = def_result;
  437. sslerr_t errdetail;
  438. char ebuf[256] = "unknown";
  439. const char *err_descr = ebuf;
  440. long lerr;
  441. int lib;
  442. int reason;
  443. struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
  444. errdetail = ERR_get_error();
  445. lib = ERR_GET_LIB(errdetail);
  446. reason = ERR_GET_REASON(errdetail);
  447. if((lib == ERR_LIB_SSL) &&
  448. ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
  449. (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
  450. result = CURLE_PEER_FAILED_VERIFICATION;
  451. lerr = SSL_get_verify_result(ctx->tls.ossl.ssl);
  452. if(lerr != X509_V_OK) {
  453. ssl_config->certverifyresult = lerr;
  454. msnprintf(ebuf, sizeof(ebuf),
  455. "SSL certificate problem: %s",
  456. X509_verify_cert_error_string(lerr));
  457. }
  458. else
  459. err_descr = "SSL certificate verification failed";
  460. }
  461. #if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)
  462. /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
  463. OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
  464. else if((lib == ERR_LIB_SSL) &&
  465. (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
  466. /* If client certificate is required, communicate the
  467. error to client */
  468. result = CURLE_SSL_CLIENTCERT;
  469. osslq_strerror(errdetail, ebuf, sizeof(ebuf));
  470. }
  471. #endif
  472. else if((lib == ERR_LIB_SSL) && (reason == SSL_R_PROTOCOL_IS_SHUTDOWN)) {
  473. ctx->protocol_shutdown = TRUE;
  474. err_descr = "QUIC connection has been shut down";
  475. result = def_result;
  476. }
  477. else {
  478. result = def_result;
  479. osslq_strerror(errdetail, ebuf, sizeof(ebuf));
  480. }
  481. /* detail is already set to the SSL error above */
  482. /* If we e.g. use SSLv2 request-method and the server does not like us
  483. * (RST connection, etc.), OpenSSL gives no explanation whatsoever and
  484. * the SO_ERROR is also lost.
  485. */
  486. if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
  487. char extramsg[80]="";
  488. int sockerr = SOCKERRNO;
  489. struct ip_quadruple ip;
  490. Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
  491. if(sockerr && detail == SSL_ERROR_SYSCALL)
  492. Curl_strerror(sockerr, extramsg, sizeof(extramsg));
  493. failf(data, "QUIC connect: %s in connection to %s:%d (%s)",
  494. extramsg[0] ? extramsg : osslq_SSL_ERROR_to_str(detail),
  495. ctx->peer.dispname, ip.remote_port, ip.remote_ip);
  496. }
  497. else {
  498. /* Could be a CERT problem */
  499. failf(data, "%s", err_descr);
  500. }
  501. return result;
  502. }
  503. static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf,
  504. struct Curl_easy *data)
  505. {
  506. struct cf_osslq_ctx *ctx = cf->ctx;
  507. cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
  508. cf->conn->httpversion = 30;
  509. return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer);
  510. }
  511. /**
  512. * All about the H3 internals of a stream
  513. */
  514. struct h3_stream_ctx {
  515. struct cf_osslq_stream s;
  516. struct bufq sendbuf; /* h3 request body */
  517. struct bufq recvbuf; /* h3 response body */
  518. struct h1_req_parser h1; /* h1 request parsing */
  519. size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
  520. size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
  521. curl_uint64_t error3; /* HTTP/3 stream error code */
  522. curl_off_t upload_left; /* number of request bytes left to upload */
  523. curl_off_t download_recvd; /* number of response DATA bytes received */
  524. int status_code; /* HTTP status code */
  525. bool resp_hds_complete; /* we have a complete, final response */
  526. bool closed; /* TRUE on stream close */
  527. bool reset; /* TRUE on stream reset */
  528. bool send_closed; /* stream is local closed */
  529. BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
  530. };
  531. #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\
  532. data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL))
  533. static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
  534. {
  535. cf_osslq_stream_cleanup(&stream->s);
  536. Curl_bufq_free(&stream->sendbuf);
  537. Curl_bufq_free(&stream->recvbuf);
  538. Curl_h1_req_parse_free(&stream->h1);
  539. free(stream);
  540. }
  541. static void h3_stream_hash_free(void *stream)
  542. {
  543. DEBUGASSERT(stream);
  544. h3_stream_ctx_free((struct h3_stream_ctx *)stream);
  545. }
  546. static CURLcode h3_data_setup(struct Curl_cfilter *cf,
  547. struct Curl_easy *data)
  548. {
  549. struct cf_osslq_ctx *ctx = cf->ctx;
  550. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  551. if(!data)
  552. return CURLE_FAILED_INIT;
  553. if(stream)
  554. return CURLE_OK;
  555. stream = calloc(1, sizeof(*stream));
  556. if(!stream)
  557. return CURLE_OUT_OF_MEMORY;
  558. stream->s.id = -1;
  559. /* on send, we control how much we put into the buffer */
  560. Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp,
  561. H3_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE);
  562. stream->sendbuf_len_in_flight = 0;
  563. /* on recv, we need a flexible buffer limit since we also write
  564. * headers to it that are not counted against the nghttp3 flow limits. */
  565. Curl_bufq_initp(&stream->recvbuf, &ctx->stream_bufcp,
  566. H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT);
  567. stream->recv_buf_nonflow = 0;
  568. Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
  569. if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) {
  570. h3_stream_ctx_free(stream);
  571. return CURLE_OUT_OF_MEMORY;
  572. }
  573. return CURLE_OK;
  574. }
  575. static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
  576. {
  577. struct cf_osslq_ctx *ctx = cf->ctx;
  578. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  579. (void)cf;
  580. if(stream) {
  581. CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done",
  582. stream->s.id);
  583. if(ctx->h3.conn && !stream->closed) {
  584. nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
  585. nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
  586. NGHTTP3_H3_REQUEST_CANCELLED);
  587. nghttp3_conn_set_stream_user_data(ctx->h3.conn, stream->s.id, NULL);
  588. stream->closed = TRUE;
  589. }
  590. Curl_hash_offt_remove(&ctx->streams, data->mid);
  591. }
  592. }
  593. static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf,
  594. struct Curl_easy *data,
  595. int64_t stream_id)
  596. {
  597. struct cf_osslq_ctx *ctx = cf->ctx;
  598. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  599. if(stream && stream->s.id == stream_id) {
  600. return &stream->s;
  601. }
  602. else if(ctx->h3.s_ctrl.id == stream_id) {
  603. return &ctx->h3.s_ctrl;
  604. }
  605. else if(ctx->h3.s_qpack_enc.id == stream_id) {
  606. return &ctx->h3.s_qpack_enc;
  607. }
  608. else if(ctx->h3.s_qpack_dec.id == stream_id) {
  609. return &ctx->h3.s_qpack_dec;
  610. }
  611. else {
  612. struct Curl_llist_node *e;
  613. DEBUGASSERT(data->multi);
  614. for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
  615. struct Curl_easy *sdata = Curl_node_elem(e);
  616. if(sdata->conn != data->conn)
  617. continue;
  618. stream = H3_STREAM_CTX(ctx, sdata);
  619. if(stream && stream->s.id == stream_id) {
  620. return &stream->s;
  621. }
  622. }
  623. }
  624. return NULL;
  625. }
  626. static void h3_drain_stream(struct Curl_cfilter *cf,
  627. struct Curl_easy *data)
  628. {
  629. struct cf_osslq_ctx *ctx = cf->ctx;
  630. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  631. unsigned char bits;
  632. (void)cf;
  633. bits = CURL_CSELECT_IN;
  634. if(stream && stream->upload_left && !stream->send_closed)
  635. bits |= CURL_CSELECT_OUT;
  636. if(data->state.select_bits != bits) {
  637. data->state.select_bits = bits;
  638. Curl_expire(data, 0, EXPIRE_RUN_NOW);
  639. }
  640. }
  641. static CURLcode h3_data_pause(struct Curl_cfilter *cf,
  642. struct Curl_easy *data,
  643. bool pause)
  644. {
  645. if(!pause) {
  646. /* unpaused. make it run again right away */
  647. h3_drain_stream(cf, data);
  648. Curl_expire(data, 0, EXPIRE_RUN_NOW);
  649. }
  650. return CURLE_OK;
  651. }
  652. static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
  653. uint64_t app_error_code, void *user_data,
  654. void *stream_user_data)
  655. {
  656. struct Curl_cfilter *cf = user_data;
  657. struct cf_osslq_ctx *ctx = cf->ctx;
  658. struct Curl_easy *data = stream_user_data;
  659. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  660. (void)conn;
  661. (void)stream_id;
  662. /* we might be called by nghttp3 after we already cleaned up */
  663. if(!stream)
  664. return 0;
  665. stream->closed = TRUE;
  666. stream->error3 = app_error_code;
  667. if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
  668. stream->reset = TRUE;
  669. stream->send_closed = TRUE;
  670. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64,
  671. stream->s.id, stream->error3);
  672. }
  673. else {
  674. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->s.id);
  675. }
  676. h3_drain_stream(cf, data);
  677. return 0;
  678. }
  679. /*
  680. * write_resp_raw() copies response data in raw format to the `data`'s
  681. * receive buffer. If not enough space is available, it appends to the
  682. * `data`'s overflow buffer.
  683. */
  684. static CURLcode write_resp_raw(struct Curl_cfilter *cf,
  685. struct Curl_easy *data,
  686. const void *mem, size_t memlen,
  687. bool flow)
  688. {
  689. struct cf_osslq_ctx *ctx = cf->ctx;
  690. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  691. CURLcode result = CURLE_OK;
  692. ssize_t nwritten;
  693. (void)cf;
  694. if(!stream) {
  695. return CURLE_RECV_ERROR;
  696. }
  697. nwritten = Curl_bufq_write(&stream->recvbuf, mem, memlen, &result);
  698. if(nwritten < 0) {
  699. return result;
  700. }
  701. if(!flow)
  702. stream->recv_buf_nonflow += (size_t)nwritten;
  703. if((size_t)nwritten < memlen) {
  704. /* This MUST not happen. Our recbuf is dimensioned to hold the
  705. * full max_stream_window and then some for this very reason. */
  706. DEBUGASSERT(0);
  707. return CURLE_RECV_ERROR;
  708. }
  709. return result;
  710. }
  711. static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
  712. const uint8_t *buf, size_t buflen,
  713. void *user_data, void *stream_user_data)
  714. {
  715. struct Curl_cfilter *cf = user_data;
  716. struct cf_osslq_ctx *ctx = cf->ctx;
  717. struct Curl_easy *data = stream_user_data;
  718. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  719. CURLcode result;
  720. (void)conn;
  721. (void)stream3_id;
  722. if(!stream)
  723. return NGHTTP3_ERR_CALLBACK_FAILURE;
  724. result = write_resp_raw(cf, data, buf, buflen, TRUE);
  725. if(result) {
  726. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, ERROR %d",
  727. stream->s.id, buflen, result);
  728. return NGHTTP3_ERR_CALLBACK_FAILURE;
  729. }
  730. stream->download_recvd += (curl_off_t)buflen;
  731. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, total=%zd",
  732. stream->s.id, buflen, stream->download_recvd);
  733. h3_drain_stream(cf, data);
  734. return 0;
  735. }
  736. static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id,
  737. size_t consumed, void *user_data,
  738. void *stream_user_data)
  739. {
  740. struct Curl_cfilter *cf = user_data;
  741. struct cf_osslq_ctx *ctx = cf->ctx;
  742. struct Curl_easy *data = stream_user_data;
  743. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  744. (void)conn;
  745. (void)stream_id;
  746. if(stream)
  747. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] deferred consume %zu bytes",
  748. stream->s.id, consumed);
  749. return 0;
  750. }
  751. static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid,
  752. int32_t token, nghttp3_rcbuf *name,
  753. nghttp3_rcbuf *value, uint8_t flags,
  754. void *user_data, void *stream_user_data)
  755. {
  756. struct Curl_cfilter *cf = user_data;
  757. curl_int64_t stream_id = sid;
  758. struct cf_osslq_ctx *ctx = cf->ctx;
  759. nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
  760. nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
  761. struct Curl_easy *data = stream_user_data;
  762. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  763. CURLcode result = CURLE_OK;
  764. (void)conn;
  765. (void)stream_id;
  766. (void)token;
  767. (void)flags;
  768. (void)cf;
  769. /* we might have cleaned up this transfer already */
  770. if(!stream)
  771. return 0;
  772. if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
  773. char line[14]; /* status line is always 13 characters long */
  774. size_t ncopy;
  775. result = Curl_http_decode_status(&stream->status_code,
  776. (const char *)h3val.base, h3val.len);
  777. if(result)
  778. return -1;
  779. ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
  780. stream->status_code);
  781. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, line);
  782. result = write_resp_raw(cf, data, line, ncopy, FALSE);
  783. if(result) {
  784. return -1;
  785. }
  786. }
  787. else {
  788. /* store as an HTTP1-style header */
  789. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s",
  790. stream_id, (int)h3name.len, h3name.base,
  791. (int)h3val.len, h3val.base);
  792. result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE);
  793. if(result) {
  794. return -1;
  795. }
  796. result = write_resp_raw(cf, data, ": ", 2, FALSE);
  797. if(result) {
  798. return -1;
  799. }
  800. result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE);
  801. if(result) {
  802. return -1;
  803. }
  804. result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
  805. if(result) {
  806. return -1;
  807. }
  808. }
  809. return 0;
  810. }
  811. static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid,
  812. int fin, void *user_data, void *stream_user_data)
  813. {
  814. struct Curl_cfilter *cf = user_data;
  815. struct cf_osslq_ctx *ctx = cf->ctx;
  816. struct Curl_easy *data = stream_user_data;
  817. curl_int64_t stream_id = sid;
  818. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  819. CURLcode result = CURLE_OK;
  820. (void)conn;
  821. (void)stream_id;
  822. (void)fin;
  823. (void)cf;
  824. if(!stream)
  825. return 0;
  826. /* add a CRLF only if we have received some headers */
  827. result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
  828. if(result) {
  829. return -1;
  830. }
  831. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d",
  832. stream_id, stream->status_code);
  833. if(stream->status_code / 100 != 1) {
  834. stream->resp_hds_complete = TRUE;
  835. }
  836. h3_drain_stream(cf, data);
  837. return 0;
  838. }
  839. static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t sid,
  840. uint64_t app_error_code, void *user_data,
  841. void *stream_user_data)
  842. {
  843. struct Curl_cfilter *cf = user_data;
  844. struct cf_osslq_ctx *ctx = cf->ctx;
  845. struct Curl_easy *data = stream_user_data;
  846. curl_int64_t stream_id = sid;
  847. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  848. (void)conn;
  849. (void)app_error_code;
  850. if(!stream || !stream->s.ssl)
  851. return 0;
  852. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] stop_sending", stream_id);
  853. cf_osslq_stream_close(&stream->s);
  854. return 0;
  855. }
  856. static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid,
  857. uint64_t app_error_code, void *user_data,
  858. void *stream_user_data) {
  859. struct Curl_cfilter *cf = user_data;
  860. struct cf_osslq_ctx *ctx = cf->ctx;
  861. struct Curl_easy *data = stream_user_data;
  862. curl_int64_t stream_id = sid;
  863. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  864. int rv;
  865. (void)conn;
  866. if(stream && stream->s.ssl) {
  867. SSL_STREAM_RESET_ARGS args = {0};
  868. args.quic_error_code = app_error_code;
  869. rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args));
  870. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv);
  871. if(!rv) {
  872. return NGHTTP3_ERR_CALLBACK_FAILURE;
  873. }
  874. }
  875. return 0;
  876. }
  877. static nghttp3_ssize
  878. cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
  879. nghttp3_vec *vec, size_t veccnt,
  880. uint32_t *pflags, void *user_data,
  881. void *stream_user_data)
  882. {
  883. struct Curl_cfilter *cf = user_data;
  884. struct cf_osslq_ctx *ctx = cf->ctx;
  885. struct Curl_easy *data = stream_user_data;
  886. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  887. ssize_t nwritten = 0;
  888. size_t nvecs = 0;
  889. (void)cf;
  890. (void)conn;
  891. (void)stream_id;
  892. (void)user_data;
  893. (void)veccnt;
  894. if(!stream)
  895. return NGHTTP3_ERR_CALLBACK_FAILURE;
  896. /* nghttp3 keeps references to the sendbuf data until it is ACKed
  897. * by the server (see `cb_h3_acked_req_body()` for updates).
  898. * `sendbuf_len_in_flight` is the amount of bytes in `sendbuf`
  899. * that we have already passed to nghttp3, but which have not been
  900. * ACKed yet.
  901. * Any amount beyond `sendbuf_len_in_flight` we need still to pass
  902. * to nghttp3. Do that now, if we can. */
  903. if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
  904. nvecs = 0;
  905. while(nvecs < veccnt &&
  906. Curl_bufq_peek_at(&stream->sendbuf,
  907. stream->sendbuf_len_in_flight,
  908. (const unsigned char **)&vec[nvecs].base,
  909. &vec[nvecs].len)) {
  910. stream->sendbuf_len_in_flight += vec[nvecs].len;
  911. nwritten += vec[nvecs].len;
  912. ++nvecs;
  913. }
  914. DEBUGASSERT(nvecs > 0); /* we SHOULD have been be able to peek */
  915. }
  916. if(nwritten > 0 && stream->upload_left != -1)
  917. stream->upload_left -= nwritten;
  918. /* When we stopped sending and everything in `sendbuf` is "in flight",
  919. * we are at the end of the request body. */
  920. if(stream->upload_left == 0) {
  921. *pflags = NGHTTP3_DATA_FLAG_EOF;
  922. stream->send_closed = TRUE;
  923. }
  924. else if(!nwritten) {
  925. /* Not EOF, and nothing to give, we signal WOULDBLOCK. */
  926. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN",
  927. stream->s.id);
  928. return NGHTTP3_ERR_WOULDBLOCK;
  929. }
  930. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> "
  931. "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")",
  932. stream->s.id, (int)nvecs,
  933. *pflags == NGHTTP3_DATA_FLAG_EOF ? " EOF" : "",
  934. nwritten, Curl_bufq_len(&stream->sendbuf),
  935. stream->upload_left);
  936. return (nghttp3_ssize)nvecs;
  937. }
  938. static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
  939. uint64_t datalen, void *user_data,
  940. void *stream_user_data)
  941. {
  942. struct Curl_cfilter *cf = user_data;
  943. struct cf_osslq_ctx *ctx = cf->ctx;
  944. struct Curl_easy *data = stream_user_data;
  945. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  946. size_t skiplen;
  947. (void)cf;
  948. if(!stream)
  949. return 0;
  950. /* The server acknowledged `datalen` of bytes from our request body.
  951. * This is a delta. We have kept this data in `sendbuf` for
  952. * re-transmissions and can free it now. */
  953. if(datalen >= (uint64_t)stream->sendbuf_len_in_flight)
  954. skiplen = stream->sendbuf_len_in_flight;
  955. else
  956. skiplen = (size_t)datalen;
  957. Curl_bufq_skip(&stream->sendbuf, skiplen);
  958. stream->sendbuf_len_in_flight -= skiplen;
  959. /* Resume upload processing if we have more data to send */
  960. if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) {
  961. int rv = nghttp3_conn_resume_stream(conn, stream_id);
  962. if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
  963. return NGHTTP3_ERR_CALLBACK_FAILURE;
  964. }
  965. }
  966. return 0;
  967. }
  968. static nghttp3_callbacks ngh3_callbacks = {
  969. cb_h3_acked_stream_data,
  970. cb_h3_stream_close,
  971. cb_h3_recv_data,
  972. cb_h3_deferred_consume,
  973. NULL, /* begin_headers */
  974. cb_h3_recv_header,
  975. cb_h3_end_headers,
  976. NULL, /* begin_trailers */
  977. cb_h3_recv_header,
  978. NULL, /* end_trailers */
  979. cb_h3_stop_sending,
  980. NULL, /* end_stream */
  981. cb_h3_reset_stream,
  982. NULL, /* shutdown */
  983. NULL /* recv_settings */
  984. };
  985. static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn,
  986. void *user_data)
  987. {
  988. struct cf_osslq_h3conn *h3 = &ctx->h3;
  989. CURLcode result;
  990. int rc;
  991. nghttp3_settings_default(&h3->settings);
  992. rc = nghttp3_conn_client_new(&h3->conn,
  993. &ngh3_callbacks,
  994. &h3->settings,
  995. nghttp3_mem_default(),
  996. user_data);
  997. if(rc) {
  998. result = CURLE_OUT_OF_MEMORY;
  999. goto out;
  1000. }
  1001. result = cf_osslq_stream_open(&h3->s_ctrl, conn,
  1002. SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
  1003. &ctx->stream_bufcp, NULL);
  1004. if(result) {
  1005. result = CURLE_QUIC_CONNECT_ERROR;
  1006. goto out;
  1007. }
  1008. result = cf_osslq_stream_open(&h3->s_qpack_enc, conn,
  1009. SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
  1010. &ctx->stream_bufcp, NULL);
  1011. if(result) {
  1012. result = CURLE_QUIC_CONNECT_ERROR;
  1013. goto out;
  1014. }
  1015. result = cf_osslq_stream_open(&h3->s_qpack_dec, conn,
  1016. SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
  1017. &ctx->stream_bufcp, NULL);
  1018. if(result) {
  1019. result = CURLE_QUIC_CONNECT_ERROR;
  1020. goto out;
  1021. }
  1022. rc = nghttp3_conn_bind_control_stream(h3->conn, h3->s_ctrl.id);
  1023. if(rc) {
  1024. result = CURLE_QUIC_CONNECT_ERROR;
  1025. goto out;
  1026. }
  1027. rc = nghttp3_conn_bind_qpack_streams(h3->conn, h3->s_qpack_enc.id,
  1028. h3->s_qpack_dec.id);
  1029. if(rc) {
  1030. result = CURLE_QUIC_CONNECT_ERROR;
  1031. goto out;
  1032. }
  1033. result = CURLE_OK;
  1034. out:
  1035. return result;
  1036. }
  1037. static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf,
  1038. struct Curl_easy *data)
  1039. {
  1040. struct cf_osslq_ctx *ctx = cf->ctx;
  1041. CURLcode result;
  1042. int rv;
  1043. const struct Curl_sockaddr_ex *peer_addr = NULL;
  1044. BIO *bio = NULL;
  1045. BIO_ADDR *baddr = NULL;
  1046. DEBUGASSERT(ctx->initialized);
  1047. result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC);
  1048. if(result)
  1049. goto out;
  1050. #define H3_ALPN "\x2h3"
  1051. result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer,
  1052. H3_ALPN, sizeof(H3_ALPN) - 1,
  1053. NULL, NULL, NULL);
  1054. if(result)
  1055. goto out;
  1056. result = vquic_ctx_init(&ctx->q);
  1057. if(result)
  1058. goto out;
  1059. result = CURLE_QUIC_CONNECT_ERROR;
  1060. Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd, &peer_addr, NULL);
  1061. if(!peer_addr)
  1062. goto out;
  1063. ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
  1064. rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
  1065. &ctx->q.local_addrlen);
  1066. if(rv == -1)
  1067. goto out;
  1068. result = make_bio_addr(&baddr, peer_addr);
  1069. if(result) {
  1070. failf(data, "error creating BIO_ADDR from sockaddr");
  1071. goto out;
  1072. }
  1073. /* Type conversions, see #12861: OpenSSL wants an `int`, but on 64-bit
  1074. * Win32 systems, Microsoft defines SOCKET as `unsigned long long`.
  1075. */
  1076. #if defined(_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H)
  1077. if(ctx->q.sockfd > INT_MAX) {
  1078. failf(data, "Windows socket identifier larger than MAX_INT, "
  1079. "unable to set in OpenSSL dgram API.");
  1080. result = CURLE_QUIC_CONNECT_ERROR;
  1081. goto out;
  1082. }
  1083. bio = BIO_new_dgram((int)ctx->q.sockfd, BIO_NOCLOSE);
  1084. #else
  1085. bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE);
  1086. #endif
  1087. if(!bio) {
  1088. result = CURLE_OUT_OF_MEMORY;
  1089. goto out;
  1090. }
  1091. if(!SSL_set1_initial_peer_addr(ctx->tls.ossl.ssl, baddr)) {
  1092. failf(data, "failed to set the initial peer address");
  1093. result = CURLE_FAILED_INIT;
  1094. goto out;
  1095. }
  1096. if(!SSL_set_blocking_mode(ctx->tls.ossl.ssl, 0)) {
  1097. failf(data, "failed to turn off blocking mode");
  1098. result = CURLE_FAILED_INIT;
  1099. goto out;
  1100. }
  1101. #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
  1102. /* Added in OpenSSL v3.3.x */
  1103. if(!SSL_set_feature_request_uint(ctx->tls.ossl.ssl,
  1104. SSL_VALUE_QUIC_IDLE_TIMEOUT,
  1105. CURL_QUIC_MAX_IDLE_MS)) {
  1106. CURL_TRC_CF(data, cf, "error setting idle timeout, ");
  1107. result = CURLE_FAILED_INIT;
  1108. goto out;
  1109. }
  1110. #endif
  1111. SSL_set_bio(ctx->tls.ossl.ssl, bio, bio);
  1112. bio = NULL;
  1113. SSL_set_connect_state(ctx->tls.ossl.ssl);
  1114. SSL_set_incoming_stream_policy(ctx->tls.ossl.ssl,
  1115. SSL_INCOMING_STREAM_POLICY_ACCEPT, 0);
  1116. /* setup the H3 things on top of the QUIC connection */
  1117. result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf);
  1118. out:
  1119. if(bio)
  1120. BIO_free(bio);
  1121. if(baddr)
  1122. BIO_ADDR_free(baddr);
  1123. CURL_TRC_CF(data, cf, "QUIC tls init -> %d", result);
  1124. return result;
  1125. }
  1126. struct h3_quic_recv_ctx {
  1127. struct Curl_cfilter *cf;
  1128. struct Curl_easy *data;
  1129. struct cf_osslq_stream *s;
  1130. };
  1131. static ssize_t h3_quic_recv(void *reader_ctx,
  1132. unsigned char *buf, size_t len,
  1133. CURLcode *err)
  1134. {
  1135. struct h3_quic_recv_ctx *x = reader_ctx;
  1136. size_t nread;
  1137. int rv;
  1138. *err = CURLE_OK;
  1139. rv = SSL_read_ex(x->s->ssl, buf, len, &nread);
  1140. if(rv <= 0) {
  1141. int detail = SSL_get_error(x->s->ssl, rv);
  1142. if(detail == SSL_ERROR_WANT_READ || detail == SSL_ERROR_WANT_WRITE) {
  1143. *err = CURLE_AGAIN;
  1144. return -1;
  1145. }
  1146. else if(detail == SSL_ERROR_ZERO_RETURN) {
  1147. CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> EOS",
  1148. x->s->id);
  1149. x->s->recvd_eos = TRUE;
  1150. return 0;
  1151. }
  1152. else if(SSL_get_stream_read_state(x->s->ssl) ==
  1153. SSL_STREAM_STATE_RESET_REMOTE) {
  1154. uint64_t app_error_code = NGHTTP3_H3_NO_ERROR;
  1155. SSL_get_stream_read_error_code(x->s->ssl, &app_error_code);
  1156. CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, "
  1157. "rv=%d, app_err=%" FMT_PRIu64,
  1158. x->s->id, rv, (curl_uint64_t)app_error_code);
  1159. if(app_error_code != NGHTTP3_H3_NO_ERROR) {
  1160. x->s->reset = TRUE;
  1161. }
  1162. x->s->recvd_eos = TRUE;
  1163. return 0;
  1164. }
  1165. else {
  1166. *err = cf_osslq_ssl_err(x->cf, x->data, detail, CURLE_RECV_ERROR);
  1167. return -1;
  1168. }
  1169. }
  1170. return (ssize_t)nread;
  1171. }
  1172. static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s,
  1173. struct Curl_cfilter *cf,
  1174. struct Curl_easy *data)
  1175. {
  1176. struct cf_osslq_ctx *ctx = cf->ctx;
  1177. CURLcode result = CURLE_OK;
  1178. ssize_t nread;
  1179. struct h3_quic_recv_ctx x;
  1180. bool eagain = FALSE;
  1181. size_t total_recv_len = 0;
  1182. DEBUGASSERT(s);
  1183. if(s->closed)
  1184. return CURLE_OK;
  1185. x.cf = cf;
  1186. x.data = data;
  1187. x.s = s;
  1188. while(s->ssl && !s->closed && !eagain &&
  1189. (total_recv_len < H3_STREAM_CHUNK_SIZE)) {
  1190. if(Curl_bufq_is_empty(&s->recvbuf) && !s->recvd_eos) {
  1191. while(!eagain && !s->recvd_eos && !Curl_bufq_is_full(&s->recvbuf)) {
  1192. nread = Curl_bufq_sipn(&s->recvbuf, 0, h3_quic_recv, &x, &result);
  1193. if(nread < 0) {
  1194. if(result != CURLE_AGAIN)
  1195. goto out;
  1196. result = CURLE_OK;
  1197. eagain = TRUE;
  1198. }
  1199. }
  1200. }
  1201. /* Forward what we have to nghttp3 */
  1202. if(!Curl_bufq_is_empty(&s->recvbuf)) {
  1203. const unsigned char *buf;
  1204. size_t blen;
  1205. while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) {
  1206. nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id,
  1207. buf, blen, 0);
  1208. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forward %zu bytes "
  1209. "to nghttp3 -> %zd", s->id, blen, nread);
  1210. if(nread < 0) {
  1211. failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s",
  1212. blen, nghttp3_strerror((int)nread));
  1213. result = CURLE_RECV_ERROR;
  1214. goto out;
  1215. }
  1216. /* success, `nread` is the flow for QUIC to count as "consumed",
  1217. * not sure how that will work with OpenSSL. Anyways, without error,
  1218. * all data that we passed is not owned by nghttp3. */
  1219. Curl_bufq_skip(&s->recvbuf, blen);
  1220. total_recv_len += blen;
  1221. }
  1222. }
  1223. /* When we forwarded everything, handle RESET/EOS */
  1224. if(Curl_bufq_is_empty(&s->recvbuf) && !s->closed) {
  1225. int rv;
  1226. result = CURLE_OK;
  1227. if(s->reset) {
  1228. uint64_t app_error;
  1229. if(!SSL_get_stream_read_error_code(s->ssl, &app_error)) {
  1230. failf(data, "SSL_get_stream_read_error_code returned error");
  1231. result = CURLE_RECV_ERROR;
  1232. goto out;
  1233. }
  1234. rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, app_error);
  1235. s->closed = TRUE;
  1236. if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
  1237. failf(data, "nghttp3_conn_close_stream returned error: %s",
  1238. nghttp3_strerror(rv));
  1239. result = CURLE_RECV_ERROR;
  1240. goto out;
  1241. }
  1242. }
  1243. else if(s->recvd_eos) {
  1244. rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id,
  1245. NGHTTP3_H3_NO_ERROR);
  1246. s->closed = TRUE;
  1247. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] close nghttp3 stream -> %d",
  1248. s->id, rv);
  1249. if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
  1250. failf(data, "nghttp3_conn_close_stream returned error: %s",
  1251. nghttp3_strerror(rv));
  1252. result = CURLE_RECV_ERROR;
  1253. goto out;
  1254. }
  1255. }
  1256. }
  1257. }
  1258. out:
  1259. if(result)
  1260. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_osslq_stream_recv -> %d",
  1261. s->id, result);
  1262. return result;
  1263. }
  1264. static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
  1265. struct Curl_easy *data)
  1266. {
  1267. struct cf_osslq_ctx *ctx = cf->ctx;
  1268. CURLcode result = CURLE_OK;
  1269. if(!ctx->tls.ossl.ssl)
  1270. goto out;
  1271. ERR_clear_error();
  1272. /* 1. Check for new incoming streams */
  1273. while(1) {
  1274. SSL *snew = SSL_accept_stream(ctx->tls.ossl.ssl,
  1275. SSL_ACCEPT_STREAM_NO_BLOCK);
  1276. if(!snew)
  1277. break;
  1278. (void)cf_osslq_h3conn_add_stream(&ctx->h3, snew, cf, data);
  1279. }
  1280. if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
  1281. int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
  1282. result = cf_osslq_ssl_err(cf, data, detail, CURLE_RECV_ERROR);
  1283. }
  1284. if(ctx->h3.conn) {
  1285. size_t i;
  1286. for(i = 0; i < ctx->h3.remote_ctrl_n; ++i) {
  1287. result = cf_osslq_stream_recv(&ctx->h3.remote_ctrl[i], cf, data);
  1288. if(result)
  1289. goto out;
  1290. }
  1291. }
  1292. if(ctx->h3.conn) {
  1293. struct Curl_llist_node *e;
  1294. struct h3_stream_ctx *stream;
  1295. /* PULL all open streams */
  1296. DEBUGASSERT(data->multi);
  1297. for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
  1298. struct Curl_easy *sdata = Curl_node_elem(e);
  1299. if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) {
  1300. stream = H3_STREAM_CTX(ctx, sdata);
  1301. if(stream && !stream->closed &&
  1302. !Curl_bufq_is_full(&stream->recvbuf)) {
  1303. result = cf_osslq_stream_recv(&stream->s, cf, sdata);
  1304. if(result)
  1305. goto out;
  1306. }
  1307. }
  1308. }
  1309. }
  1310. out:
  1311. CURL_TRC_CF(data, cf, "progress_ingress -> %d", result);
  1312. return result;
  1313. }
  1314. /* Iterate over all streams and check if blocked can be unblocked */
  1315. static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf,
  1316. struct Curl_easy *data)
  1317. {
  1318. struct cf_osslq_ctx *ctx = cf->ctx;
  1319. struct h3_stream_ctx *stream;
  1320. if(ctx->h3.conn) {
  1321. struct Curl_llist_node *e;
  1322. for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) {
  1323. struct Curl_easy *sdata = Curl_node_elem(e);
  1324. if(sdata->conn == data->conn) {
  1325. stream = H3_STREAM_CTX(ctx, sdata);
  1326. if(stream && stream->s.ssl && stream->s.send_blocked &&
  1327. !SSL_want_write(stream->s.ssl)) {
  1328. nghttp3_conn_unblock_stream(ctx->h3.conn, stream->s.id);
  1329. stream->s.send_blocked = FALSE;
  1330. h3_drain_stream(cf, sdata);
  1331. CURL_TRC_CF(sdata, cf, "unblocked");
  1332. }
  1333. }
  1334. }
  1335. }
  1336. return CURLE_OK;
  1337. }
  1338. static CURLcode h3_send_streams(struct Curl_cfilter *cf,
  1339. struct Curl_easy *data)
  1340. {
  1341. struct cf_osslq_ctx *ctx = cf->ctx;
  1342. CURLcode result = CURLE_OK;
  1343. if(!ctx->tls.ossl.ssl || !ctx->h3.conn)
  1344. goto out;
  1345. for(;;) {
  1346. struct cf_osslq_stream *s = NULL;
  1347. nghttp3_vec vec[16];
  1348. nghttp3_ssize n, i;
  1349. int64_t stream_id;
  1350. size_t written;
  1351. int eos, ok, rv;
  1352. size_t total_len, acked_len = 0;
  1353. bool blocked = FALSE, eos_written = FALSE;
  1354. n = nghttp3_conn_writev_stream(ctx->h3.conn, &stream_id, &eos,
  1355. vec, ARRAYSIZE(vec));
  1356. if(n < 0) {
  1357. failf(data, "nghttp3_conn_writev_stream returned error: %s",
  1358. nghttp3_strerror((int)n));
  1359. result = CURLE_SEND_ERROR;
  1360. goto out;
  1361. }
  1362. if(stream_id < 0) {
  1363. result = CURLE_OK;
  1364. goto out;
  1365. }
  1366. /* Get the stream for this data */
  1367. s = cf_osslq_get_qstream(cf, data, stream_id);
  1368. if(!s) {
  1369. failf(data, "nghttp3_conn_writev_stream gave unknown stream %"
  1370. FMT_PRId64, (curl_int64_t)stream_id);
  1371. result = CURLE_SEND_ERROR;
  1372. goto out;
  1373. }
  1374. /* Now write the data to the stream's SSL*, it may not all fit! */
  1375. DEBUGASSERT(s->id == stream_id);
  1376. for(i = 0, total_len = 0; i < n; ++i) {
  1377. total_len += vec[i].len;
  1378. }
  1379. for(i = 0; (i < n) && !blocked; ++i) {
  1380. /* Without stream->s.ssl, we closed that already, so
  1381. * pretend the write did succeed. */
  1382. uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0;
  1383. written = vec[i].len;
  1384. ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
  1385. &written);
  1386. if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
  1387. eos_written = TRUE;
  1388. if(ok) {
  1389. /* As OpenSSL buffers the data, we count this as acknowledged
  1390. * from nghttp3's point of view */
  1391. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send %zu bytes to QUIC ok",
  1392. s->id, vec[i].len);
  1393. acked_len += vec[i].len;
  1394. }
  1395. else {
  1396. int detail = SSL_get_error(s->ssl, 0);
  1397. switch(detail) {
  1398. case SSL_ERROR_WANT_WRITE:
  1399. case SSL_ERROR_WANT_READ:
  1400. /* QUIC blocked us from writing more */
  1401. CURL_TRC_CF(data, cf, "[%"FMT_PRId64 "] send %zu bytes to "
  1402. "QUIC blocked", s->id, vec[i].len);
  1403. written = 0;
  1404. nghttp3_conn_block_stream(ctx->h3.conn, s->id);
  1405. s->send_blocked = blocked = TRUE;
  1406. break;
  1407. default:
  1408. failf(data, "[%"FMT_PRId64 "] send %zu bytes to QUIC, SSL error %d",
  1409. s->id, vec[i].len, detail);
  1410. result = cf_osslq_ssl_err(cf, data, detail, CURLE_HTTP3);
  1411. goto out;
  1412. }
  1413. }
  1414. }
  1415. if(acked_len > 0 || (eos && !s->send_blocked)) {
  1416. /* Since QUIC buffers the data written internally, we can tell
  1417. * nghttp3 that it can move forward on it */
  1418. ctx->q.last_io = Curl_now();
  1419. rv = nghttp3_conn_add_write_offset(ctx->h3.conn, s->id, acked_len);
  1420. if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
  1421. failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
  1422. nghttp3_strerror(rv));
  1423. result = CURLE_SEND_ERROR;
  1424. goto out;
  1425. }
  1426. rv = nghttp3_conn_add_ack_offset(ctx->h3.conn, s->id, acked_len);
  1427. if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) {
  1428. failf(data, "nghttp3_conn_add_ack_offset returned error: %s\n",
  1429. nghttp3_strerror(rv));
  1430. result = CURLE_SEND_ERROR;
  1431. goto out;
  1432. }
  1433. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forwarded %zu/%zu h3 bytes "
  1434. "to QUIC, eos=%d", s->id, acked_len, total_len, eos);
  1435. }
  1436. if(eos && !s->send_blocked && !eos_written) {
  1437. /* wrote everything and H3 indicates end of stream */
  1438. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] closing QUIC stream", s->id);
  1439. SSL_stream_conclude(s->ssl, 0);
  1440. }
  1441. }
  1442. out:
  1443. CURL_TRC_CF(data, cf, "h3_send_streams -> %d", result);
  1444. return result;
  1445. }
  1446. static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
  1447. struct Curl_easy *data)
  1448. {
  1449. struct cf_osslq_ctx *ctx = cf->ctx;
  1450. CURLcode result = CURLE_OK;
  1451. if(!ctx->tls.ossl.ssl)
  1452. goto out;
  1453. ERR_clear_error();
  1454. result = h3_send_streams(cf, data);
  1455. if(result)
  1456. goto out;
  1457. if(!SSL_handle_events(ctx->tls.ossl.ssl)) {
  1458. int detail = SSL_get_error(ctx->tls.ossl.ssl, 0);
  1459. result = cf_osslq_ssl_err(cf, data, detail, CURLE_SEND_ERROR);
  1460. }
  1461. result = cf_osslq_check_and_unblock(cf, data);
  1462. out:
  1463. CURL_TRC_CF(data, cf, "progress_egress -> %d", result);
  1464. return result;
  1465. }
  1466. static CURLcode check_and_set_expiry(struct Curl_cfilter *cf,
  1467. struct Curl_easy *data)
  1468. {
  1469. struct cf_osslq_ctx *ctx = cf->ctx;
  1470. CURLcode result = CURLE_OK;
  1471. struct timeval tv;
  1472. timediff_t timeoutms;
  1473. int is_infinite = 1;
  1474. if(ctx->tls.ossl.ssl &&
  1475. SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite) &&
  1476. !is_infinite) {
  1477. timeoutms = curlx_tvtoms(&tv);
  1478. /* QUIC want to be called again latest at the returned timeout */
  1479. if(timeoutms <= 0) {
  1480. result = cf_progress_ingress(cf, data);
  1481. if(result)
  1482. goto out;
  1483. result = cf_progress_egress(cf, data);
  1484. if(result)
  1485. goto out;
  1486. if(SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite)) {
  1487. timeoutms = curlx_tvtoms(&tv);
  1488. }
  1489. }
  1490. if(!is_infinite) {
  1491. Curl_expire(data, timeoutms, EXPIRE_QUIC);
  1492. CURL_TRC_CF(data, cf, "QUIC expiry in %ldms", (long)timeoutms);
  1493. }
  1494. }
  1495. out:
  1496. return result;
  1497. }
  1498. static CURLcode cf_osslq_connect(struct Curl_cfilter *cf,
  1499. struct Curl_easy *data,
  1500. bool blocking, bool *done)
  1501. {
  1502. struct cf_osslq_ctx *ctx = cf->ctx;
  1503. CURLcode result = CURLE_OK;
  1504. struct cf_call_data save;
  1505. struct curltime now;
  1506. int err;
  1507. if(cf->connected) {
  1508. *done = TRUE;
  1509. return CURLE_OK;
  1510. }
  1511. /* Connect the UDP filter first */
  1512. if(!cf->next->connected) {
  1513. result = Curl_conn_cf_connect(cf->next, data, blocking, done);
  1514. if(result || !*done)
  1515. return result;
  1516. }
  1517. *done = FALSE;
  1518. now = Curl_now();
  1519. CF_DATA_SAVE(save, cf, data);
  1520. if(!ctx->tls.ossl.ssl) {
  1521. ctx->started_at = now;
  1522. result = cf_osslq_ctx_start(cf, data);
  1523. if(result)
  1524. goto out;
  1525. }
  1526. if(!ctx->got_first_byte) {
  1527. int readable = SOCKET_READABLE(ctx->q.sockfd, 0);
  1528. if(readable > 0 && (readable & CURL_CSELECT_IN)) {
  1529. ctx->got_first_byte = TRUE;
  1530. ctx->first_byte_at = Curl_now();
  1531. }
  1532. }
  1533. /* Since OpenSSL does its own send/recv internally, we may miss the
  1534. * moment to populate the x509 store right before the server response.
  1535. * Do it instead before we start the handshake, at the loss of the
  1536. * time to set this up. */
  1537. result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data);
  1538. if(result)
  1539. goto out;
  1540. ERR_clear_error();
  1541. err = SSL_do_handshake(ctx->tls.ossl.ssl);
  1542. if(err == 1) {
  1543. /* connected */
  1544. ctx->handshake_at = now;
  1545. ctx->q.last_io = now;
  1546. CURL_TRC_CF(data, cf, "handshake complete after %dms",
  1547. (int)Curl_timediff(now, ctx->started_at));
  1548. result = cf_osslq_verify_peer(cf, data);
  1549. if(!result) {
  1550. CURL_TRC_CF(data, cf, "peer verified");
  1551. cf->connected = TRUE;
  1552. cf->conn->alpn = CURL_HTTP_VERSION_3;
  1553. *done = TRUE;
  1554. connkeep(cf->conn, "HTTP/3 default");
  1555. }
  1556. }
  1557. else {
  1558. int detail = SSL_get_error(ctx->tls.ossl.ssl, err);
  1559. switch(detail) {
  1560. case SSL_ERROR_WANT_READ:
  1561. ctx->q.last_io = now;
  1562. CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV");
  1563. goto out;
  1564. case SSL_ERROR_WANT_WRITE:
  1565. ctx->q.last_io = now;
  1566. CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_SEND");
  1567. result = CURLE_OK;
  1568. goto out;
  1569. #ifdef SSL_ERROR_WANT_ASYNC
  1570. case SSL_ERROR_WANT_ASYNC:
  1571. ctx->q.last_io = now;
  1572. CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_ASYNC");
  1573. result = CURLE_OK;
  1574. goto out;
  1575. #endif
  1576. #ifdef SSL_ERROR_WANT_RETRY_VERIFY
  1577. case SSL_ERROR_WANT_RETRY_VERIFY:
  1578. result = CURLE_OK;
  1579. goto out;
  1580. #endif
  1581. default:
  1582. result = cf_osslq_ssl_err(cf, data, detail, CURLE_COULDNT_CONNECT);
  1583. goto out;
  1584. }
  1585. }
  1586. out:
  1587. if(result == CURLE_RECV_ERROR && ctx->tls.ossl.ssl &&
  1588. ctx->protocol_shutdown) {
  1589. /* When a QUIC server instance is shutting down, it may send us a
  1590. * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
  1591. * state. The CONNECT may work in the near future again. Indicate
  1592. * that as a "weird" reply. */
  1593. result = CURLE_WEIRD_SERVER_REPLY;
  1594. }
  1595. #ifndef CURL_DISABLE_VERBOSE_STRINGS
  1596. if(result) {
  1597. struct ip_quadruple ip;
  1598. Curl_cf_socket_peek(cf->next, data, NULL, NULL, &ip);
  1599. infof(data, "QUIC connect to %s port %u failed: %s",
  1600. ip.remote_ip, ip.remote_port, curl_easy_strerror(result));
  1601. }
  1602. #endif
  1603. if(!result)
  1604. result = check_and_set_expiry(cf, data);
  1605. if(result || *done)
  1606. CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);
  1607. CF_DATA_RESTORE(cf, save);
  1608. return result;
  1609. }
  1610. static ssize_t h3_stream_open(struct Curl_cfilter *cf,
  1611. struct Curl_easy *data,
  1612. const void *buf, size_t len,
  1613. CURLcode *err)
  1614. {
  1615. struct cf_osslq_ctx *ctx = cf->ctx;
  1616. struct h3_stream_ctx *stream = NULL;
  1617. struct dynhds h2_headers;
  1618. size_t nheader;
  1619. nghttp3_nv *nva = NULL;
  1620. int rc = 0;
  1621. unsigned int i;
  1622. ssize_t nwritten = -1;
  1623. nghttp3_data_reader reader;
  1624. nghttp3_data_reader *preader = NULL;
  1625. Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
  1626. *err = h3_data_setup(cf, data);
  1627. if(*err)
  1628. goto out;
  1629. stream = H3_STREAM_CTX(ctx, data);
  1630. DEBUGASSERT(stream);
  1631. if(!stream) {
  1632. *err = CURLE_FAILED_INIT;
  1633. goto out;
  1634. }
  1635. nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err);
  1636. if(nwritten < 0)
  1637. goto out;
  1638. if(!stream->h1.done) {
  1639. /* need more data */
  1640. goto out;
  1641. }
  1642. DEBUGASSERT(stream->h1.req);
  1643. *err = Curl_http_req_to_h2(&h2_headers, stream->h1.req, data);
  1644. if(*err) {
  1645. nwritten = -1;
  1646. goto out;
  1647. }
  1648. /* no longer needed */
  1649. Curl_h1_req_parse_free(&stream->h1);
  1650. nheader = Curl_dynhds_count(&h2_headers);
  1651. nva = malloc(sizeof(nghttp3_nv) * nheader);
  1652. if(!nva) {
  1653. *err = CURLE_OUT_OF_MEMORY;
  1654. nwritten = -1;
  1655. goto out;
  1656. }
  1657. for(i = 0; i < nheader; ++i) {
  1658. struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i);
  1659. nva[i].name = (unsigned char *)e->name;
  1660. nva[i].namelen = e->namelen;
  1661. nva[i].value = (unsigned char *)e->value;
  1662. nva[i].valuelen = e->valuelen;
  1663. nva[i].flags = NGHTTP3_NV_FLAG_NONE;
  1664. }
  1665. DEBUGASSERT(stream->s.id == -1);
  1666. *err = cf_osslq_stream_open(&stream->s, ctx->tls.ossl.ssl, 0,
  1667. &ctx->stream_bufcp, data);
  1668. if(*err) {
  1669. failf(data, "cannot get bidi streams");
  1670. *err = CURLE_SEND_ERROR;
  1671. goto out;
  1672. }
  1673. switch(data->state.httpreq) {
  1674. case HTTPREQ_POST:
  1675. case HTTPREQ_POST_FORM:
  1676. case HTTPREQ_POST_MIME:
  1677. case HTTPREQ_PUT:
  1678. /* known request body size or -1 */
  1679. if(data->state.infilesize != -1)
  1680. stream->upload_left = data->state.infilesize;
  1681. else
  1682. /* data sending without specifying the data amount up front */
  1683. stream->upload_left = -1; /* unknown */
  1684. break;
  1685. default:
  1686. /* there is not request body */
  1687. stream->upload_left = 0; /* no request body */
  1688. break;
  1689. }
  1690. stream->send_closed = (stream->upload_left == 0);
  1691. if(!stream->send_closed) {
  1692. reader.read_data = cb_h3_read_req_body;
  1693. preader = &reader;
  1694. }
  1695. rc = nghttp3_conn_submit_request(ctx->h3.conn, stream->s.id,
  1696. nva, nheader, preader, data);
  1697. if(rc) {
  1698. switch(rc) {
  1699. case NGHTTP3_ERR_CONN_CLOSING:
  1700. CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64"] failed to send, "
  1701. "connection is closing", stream->s.id);
  1702. break;
  1703. default:
  1704. CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64 "] failed to send -> %d (%s)",
  1705. stream->s.id, rc, nghttp3_strerror(rc));
  1706. break;
  1707. }
  1708. *err = CURLE_SEND_ERROR;
  1709. nwritten = -1;
  1710. goto out;
  1711. }
  1712. if(Curl_trc_is_verbose(data)) {
  1713. infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s",
  1714. stream->s.id, data->state.url);
  1715. for(i = 0; i < nheader; ++i) {
  1716. infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]",
  1717. stream->s.id,
  1718. (int)nva[i].namelen, nva[i].name,
  1719. (int)nva[i].valuelen, nva[i].value);
  1720. }
  1721. }
  1722. out:
  1723. free(nva);
  1724. Curl_dynhds_free(&h2_headers);
  1725. return nwritten;
  1726. }
  1727. static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data,
  1728. const void *buf, size_t len, bool eos,
  1729. CURLcode *err)
  1730. {
  1731. struct cf_osslq_ctx *ctx = cf->ctx;
  1732. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  1733. struct cf_call_data save;
  1734. ssize_t nwritten;
  1735. CURLcode result;
  1736. (void)eos; /* TODO: use to end stream */
  1737. CF_DATA_SAVE(save, cf, data);
  1738. DEBUGASSERT(cf->connected);
  1739. DEBUGASSERT(ctx->tls.ossl.ssl);
  1740. DEBUGASSERT(ctx->h3.conn);
  1741. *err = CURLE_OK;
  1742. result = cf_progress_ingress(cf, data);
  1743. if(result) {
  1744. *err = result;
  1745. nwritten = -1;
  1746. goto out;
  1747. }
  1748. result = cf_progress_egress(cf, data);
  1749. if(result) {
  1750. *err = result;
  1751. nwritten = -1;
  1752. goto out;
  1753. }
  1754. if(!stream || stream->s.id < 0) {
  1755. nwritten = h3_stream_open(cf, data, buf, len, err);
  1756. if(nwritten < 0) {
  1757. CURL_TRC_CF(data, cf, "failed to open stream -> %d", *err);
  1758. goto out;
  1759. }
  1760. stream = H3_STREAM_CTX(ctx, data);
  1761. }
  1762. else if(stream->closed) {
  1763. if(stream->resp_hds_complete) {
  1764. /* Server decided to close the stream after having sent us a final
  1765. * response. This is valid if it is not interested in the request
  1766. * body. This happens on 30x or 40x responses.
  1767. * We silently discard the data sent, since this is not a transport
  1768. * error situation. */
  1769. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data"
  1770. "on closed stream with response", stream->s.id);
  1771. *err = CURLE_OK;
  1772. nwritten = (ssize_t)len;
  1773. goto out;
  1774. }
  1775. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) "
  1776. "-> stream closed", stream->s.id, len);
  1777. *err = CURLE_HTTP3;
  1778. nwritten = -1;
  1779. goto out;
  1780. }
  1781. else {
  1782. nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err);
  1783. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to "
  1784. "sendbuf(len=%zu) -> %zd, %d",
  1785. stream->s.id, len, nwritten, *err);
  1786. if(nwritten < 0) {
  1787. goto out;
  1788. }
  1789. (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
  1790. }
  1791. result = cf_progress_egress(cf, data);
  1792. if(result) {
  1793. *err = result;
  1794. nwritten = -1;
  1795. }
  1796. out:
  1797. result = check_and_set_expiry(cf, data);
  1798. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d",
  1799. stream ? stream->s.id : -1, len, nwritten, *err);
  1800. CF_DATA_RESTORE(cf, save);
  1801. return nwritten;
  1802. }
  1803. static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
  1804. struct Curl_easy *data,
  1805. struct h3_stream_ctx *stream,
  1806. CURLcode *err)
  1807. {
  1808. ssize_t nread = -1;
  1809. (void)cf;
  1810. if(stream->reset) {
  1811. failf(data,
  1812. "HTTP/3 stream %" FMT_PRId64 " reset by server",
  1813. stream->s.id);
  1814. *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3;
  1815. goto out;
  1816. }
  1817. else if(!stream->resp_hds_complete) {
  1818. failf(data,
  1819. "HTTP/3 stream %" FMT_PRId64
  1820. " was closed cleanly, but before getting"
  1821. " all response header fields, treated as error",
  1822. stream->s.id);
  1823. *err = CURLE_HTTP3;
  1824. goto out;
  1825. }
  1826. *err = CURLE_OK;
  1827. nread = 0;
  1828. out:
  1829. return nread;
  1830. }
  1831. static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
  1832. char *buf, size_t len, CURLcode *err)
  1833. {
  1834. struct cf_osslq_ctx *ctx = cf->ctx;
  1835. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  1836. ssize_t nread = -1;
  1837. struct cf_call_data save;
  1838. CURLcode result;
  1839. (void)ctx;
  1840. CF_DATA_SAVE(save, cf, data);
  1841. DEBUGASSERT(cf->connected);
  1842. DEBUGASSERT(ctx);
  1843. DEBUGASSERT(ctx->tls.ossl.ssl);
  1844. DEBUGASSERT(ctx->h3.conn);
  1845. *err = CURLE_OK;
  1846. if(!stream) {
  1847. *err = CURLE_RECV_ERROR;
  1848. goto out;
  1849. }
  1850. if(!Curl_bufq_is_empty(&stream->recvbuf)) {
  1851. nread = Curl_bufq_read(&stream->recvbuf,
  1852. (unsigned char *)buf, len, err);
  1853. if(nread < 0) {
  1854. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
  1855. "-> %zd, %d", stream->s.id, len, nread, *err);
  1856. goto out;
  1857. }
  1858. }
  1859. result = cf_progress_ingress(cf, data);
  1860. if(result) {
  1861. *err = result;
  1862. nread = -1;
  1863. goto out;
  1864. }
  1865. /* recvbuf had nothing before, maybe after progressing ingress? */
  1866. if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) {
  1867. nread = Curl_bufq_read(&stream->recvbuf,
  1868. (unsigned char *)buf, len, err);
  1869. if(nread < 0) {
  1870. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) "
  1871. "-> %zd, %d", stream->s.id, len, nread, *err);
  1872. goto out;
  1873. }
  1874. }
  1875. if(nread > 0) {
  1876. h3_drain_stream(cf, data);
  1877. }
  1878. else {
  1879. if(stream->closed) {
  1880. nread = recv_closed_stream(cf, data, stream, err);
  1881. goto out;
  1882. }
  1883. *err = CURLE_AGAIN;
  1884. nread = -1;
  1885. }
  1886. out:
  1887. if(cf_progress_egress(cf, data)) {
  1888. *err = CURLE_SEND_ERROR;
  1889. nread = -1;
  1890. }
  1891. else {
  1892. CURLcode result2 = check_and_set_expiry(cf, data);
  1893. if(result2) {
  1894. *err = result2;
  1895. nread = -1;
  1896. }
  1897. }
  1898. CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(len=%zu) -> %zd, %d",
  1899. stream ? stream->s.id : -1, len, nread, *err);
  1900. CF_DATA_RESTORE(cf, save);
  1901. return nread;
  1902. }
  1903. /*
  1904. * Called from transfer.c:data_pending to know if we should keep looping
  1905. * to receive more data from the connection.
  1906. */
  1907. static bool cf_osslq_data_pending(struct Curl_cfilter *cf,
  1908. const struct Curl_easy *data)
  1909. {
  1910. struct cf_osslq_ctx *ctx = cf->ctx;
  1911. const struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  1912. (void)cf;
  1913. return stream && !Curl_bufq_is_empty(&stream->recvbuf);
  1914. }
  1915. static CURLcode cf_osslq_data_event(struct Curl_cfilter *cf,
  1916. struct Curl_easy *data,
  1917. int event, int arg1, void *arg2)
  1918. {
  1919. struct cf_osslq_ctx *ctx = cf->ctx;
  1920. CURLcode result = CURLE_OK;
  1921. struct cf_call_data save;
  1922. CF_DATA_SAVE(save, cf, data);
  1923. (void)arg1;
  1924. (void)arg2;
  1925. switch(event) {
  1926. case CF_CTRL_DATA_SETUP:
  1927. break;
  1928. case CF_CTRL_DATA_PAUSE:
  1929. result = h3_data_pause(cf, data, (arg1 != 0));
  1930. break;
  1931. case CF_CTRL_DATA_DETACH:
  1932. h3_data_done(cf, data);
  1933. break;
  1934. case CF_CTRL_DATA_DONE:
  1935. h3_data_done(cf, data);
  1936. break;
  1937. case CF_CTRL_DATA_DONE_SEND: {
  1938. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  1939. if(stream && !stream->send_closed) {
  1940. stream->send_closed = TRUE;
  1941. stream->upload_left = Curl_bufq_len(&stream->sendbuf) -
  1942. stream->sendbuf_len_in_flight;
  1943. (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id);
  1944. }
  1945. break;
  1946. }
  1947. case CF_CTRL_DATA_IDLE: {
  1948. struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
  1949. CURL_TRC_CF(data, cf, "data idle");
  1950. if(stream && !stream->closed) {
  1951. result = check_and_set_expiry(cf, data);
  1952. }
  1953. break;
  1954. }
  1955. default:
  1956. break;
  1957. }
  1958. CF_DATA_RESTORE(cf, save);
  1959. return result;
  1960. }
  1961. static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf,
  1962. struct Curl_easy *data,
  1963. bool *input_pending)
  1964. {
  1965. struct cf_osslq_ctx *ctx = cf->ctx;
  1966. bool alive = FALSE;
  1967. struct cf_call_data save;
  1968. CF_DATA_SAVE(save, cf, data);
  1969. *input_pending = FALSE;
  1970. if(!ctx->tls.ossl.ssl)
  1971. goto out;
  1972. #ifdef SSL_VALUE_QUIC_IDLE_TIMEOUT
  1973. /* Added in OpenSSL v3.3.x */
  1974. {
  1975. timediff_t idletime;
  1976. uint64_t idle_ms = ctx->max_idle_ms;
  1977. if(!SSL_get_value_uint(ctx->tls.ossl.ssl,
  1978. SSL_VALUE_CLASS_FEATURE_NEGOTIATED,
  1979. SSL_VALUE_QUIC_IDLE_TIMEOUT, &idle_ms)) {
  1980. CURL_TRC_CF(data, cf, "error getting negotiated idle timeout, "
  1981. "assume connection is dead.");
  1982. goto out;
  1983. }
  1984. CURL_TRC_CF(data, cf, "negotiated idle timeout: %zums", (size_t)idle_ms);
  1985. idletime = Curl_timediff(Curl_now(), ctx->q.last_io);
  1986. if(idletime > 0 && (uint64_t)idletime > idle_ms)
  1987. goto out;
  1988. }
  1989. #endif
  1990. if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
  1991. goto out;
  1992. alive = TRUE;
  1993. if(*input_pending) {
  1994. CURLcode result;
  1995. /* This happens before we have sent off a request and the connection is
  1996. not in use by any other transfer, there should not be any data here,
  1997. only "protocol frames" */
  1998. *input_pending = FALSE;
  1999. result = cf_progress_ingress(cf, data);
  2000. CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result);
  2001. alive = result ? FALSE : TRUE;
  2002. }
  2003. out:
  2004. CF_DATA_RESTORE(cf, save);
  2005. return alive;
  2006. }
  2007. static void cf_osslq_adjust_pollset(struct Curl_cfilter *cf,
  2008. struct Curl_easy *data,
  2009. struct easy_pollset *ps)
  2010. {
  2011. struct cf_osslq_ctx *ctx = cf->ctx;
  2012. if(!ctx->tls.ossl.ssl) {
  2013. /* NOP */
  2014. }
  2015. else if(!cf->connected) {
  2016. /* during handshake, transfer has not started yet. we always
  2017. * add our socket for polling if SSL wants to send/recv */
  2018. Curl_pollset_set(data, ps, ctx->q.sockfd,
  2019. SSL_net_read_desired(ctx->tls.ossl.ssl),
  2020. SSL_net_write_desired(ctx->tls.ossl.ssl));
  2021. }
  2022. else {
  2023. /* once connected, we only modify the socket if it is present.
  2024. * this avoids adding it for paused transfers. */
  2025. bool want_recv, want_send;
  2026. Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send);
  2027. if(want_recv || want_send) {
  2028. Curl_pollset_set(data, ps, ctx->q.sockfd,
  2029. SSL_net_read_desired(ctx->tls.ossl.ssl),
  2030. SSL_net_write_desired(ctx->tls.ossl.ssl));
  2031. }
  2032. else if(ctx->need_recv || ctx->need_send) {
  2033. Curl_pollset_set(data, ps, ctx->q.sockfd,
  2034. ctx->need_recv, ctx->need_send);
  2035. }
  2036. }
  2037. }
  2038. static CURLcode cf_osslq_query(struct Curl_cfilter *cf,
  2039. struct Curl_easy *data,
  2040. int query, int *pres1, void *pres2)
  2041. {
  2042. struct cf_osslq_ctx *ctx = cf->ctx;
  2043. switch(query) {
  2044. case CF_QUERY_MAX_CONCURRENT: {
  2045. #ifdef SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL
  2046. /* Added in OpenSSL v3.3.x */
  2047. uint64_t v;
  2048. if(!SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC,
  2049. SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, &v)) {
  2050. CURL_TRC_CF(data, cf, "error getting available local bidi streams");
  2051. return CURLE_HTTP3;
  2052. }
  2053. /* we report avail + in_use */
  2054. v += CONN_INUSE(cf->conn);
  2055. *pres1 = (v > INT_MAX) ? INT_MAX : (int)v;
  2056. #else
  2057. *pres1 = 100;
  2058. #endif
  2059. CURL_TRC_CF(data, cf, "query max_conncurrent -> %d", *pres1);
  2060. return CURLE_OK;
  2061. }
  2062. case CF_QUERY_CONNECT_REPLY_MS:
  2063. if(ctx->got_first_byte) {
  2064. timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
  2065. *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX;
  2066. }
  2067. else
  2068. *pres1 = -1;
  2069. return CURLE_OK;
  2070. case CF_QUERY_TIMER_CONNECT: {
  2071. struct curltime *when = pres2;
  2072. if(ctx->got_first_byte)
  2073. *when = ctx->first_byte_at;
  2074. return CURLE_OK;
  2075. }
  2076. case CF_QUERY_TIMER_APPCONNECT: {
  2077. struct curltime *when = pres2;
  2078. if(cf->connected)
  2079. *when = ctx->handshake_at;
  2080. return CURLE_OK;
  2081. }
  2082. default:
  2083. break;
  2084. }
  2085. return cf->next ?
  2086. cf->next->cft->query(cf->next, data, query, pres1, pres2) :
  2087. CURLE_UNKNOWN_OPTION;
  2088. }
  2089. struct Curl_cftype Curl_cft_http3 = {
  2090. "HTTP/3",
  2091. CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
  2092. 0,
  2093. cf_osslq_destroy,
  2094. cf_osslq_connect,
  2095. cf_osslq_close,
  2096. cf_osslq_shutdown,
  2097. Curl_cf_def_get_host,
  2098. cf_osslq_adjust_pollset,
  2099. cf_osslq_data_pending,
  2100. cf_osslq_send,
  2101. cf_osslq_recv,
  2102. cf_osslq_data_event,
  2103. cf_osslq_conn_is_alive,
  2104. Curl_cf_def_conn_keep_alive,
  2105. cf_osslq_query,
  2106. };
  2107. CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf,
  2108. struct Curl_easy *data,
  2109. struct connectdata *conn,
  2110. const struct Curl_addrinfo *ai)
  2111. {
  2112. struct cf_osslq_ctx *ctx = NULL;
  2113. struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
  2114. CURLcode result;
  2115. (void)data;
  2116. ctx = calloc(1, sizeof(*ctx));
  2117. if(!ctx) {
  2118. result = CURLE_OUT_OF_MEMORY;
  2119. goto out;
  2120. }
  2121. cf_osslq_ctx_init(ctx);
  2122. result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
  2123. if(result)
  2124. goto out;
  2125. result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
  2126. if(result)
  2127. goto out;
  2128. cf->conn = conn;
  2129. udp_cf->conn = cf->conn;
  2130. udp_cf->sockindex = cf->sockindex;
  2131. cf->next = udp_cf;
  2132. out:
  2133. *pcf = (!result) ? cf : NULL;
  2134. if(result) {
  2135. if(udp_cf)
  2136. Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE);
  2137. Curl_safefree(cf);
  2138. cf_osslq_ctx_free(ctx);
  2139. }
  2140. return result;
  2141. }
  2142. bool Curl_conn_is_osslq(const struct Curl_easy *data,
  2143. const struct connectdata *conn,
  2144. int sockindex)
  2145. {
  2146. struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL;
  2147. (void)data;
  2148. for(; cf; cf = cf->next) {
  2149. if(cf->cft == &Curl_cft_http3)
  2150. return TRUE;
  2151. if(cf->cft->flags & CF_TYPE_IP_CONNECT)
  2152. return FALSE;
  2153. }
  2154. return FALSE;
  2155. }
  2156. /*
  2157. * Store ngtcp2 version info in this buffer.
  2158. */
  2159. void Curl_osslq_ver(char *p, size_t len)
  2160. {
  2161. const nghttp3_info *ht3 = nghttp3_version(0);
  2162. (void)msnprintf(p, len, "nghttp3/%s", ht3->version_str);
  2163. }
  2164. #endif /* USE_OPENSSL_QUIC && USE_NGHTTP3 */