Path: blob/main/crypto/openssl/ssl/quic/quic_rx_depack.c
110669 views
/*1* Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#include "internal/packet_quic.h"10#include "internal/nelem.h"11#include "internal/quic_wire.h"12#include "internal/quic_record_rx.h"13#include "internal/quic_ackm.h"14#include "internal/quic_rx_depack.h"15#include "internal/quic_error.h"16#include "internal/quic_fc.h"17#include "internal/quic_channel.h"18#include "internal/sockets.h"1920#include "quic_local.h"21#include "quic_channel_local.h"22#include "../ssl_local.h"2324/*25* Helper functions to process different frame types.26*27* Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT28* pointer argument, the few that aren't ACK eliciting will not. This makes29* them a verifiable pattern against tables where this is specified.30*/31static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,32uint64_t stream_id,33uint64_t frame_type,34QUIC_STREAM **result);3536static int depack_do_frame_padding(PACKET *pkt)37{38/* We ignore this frame */39ossl_quic_wire_decode_padding(pkt);40return 1;41}4243static int depack_do_frame_ping(PACKET *pkt, QUIC_CHANNEL *ch,44uint32_t enc_level,45OSSL_ACKM_RX_PKT *ackm_data)46{47/* We ignore this frame, apart from eliciting an ACK */48if (!ossl_quic_wire_decode_frame_ping(pkt)) {49ossl_quic_channel_raise_protocol_error(ch,50OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,51OSSL_QUIC_FRAME_TYPE_PING,52"decode error");53return 0;54}5556ossl_quic_tx_packetiser_schedule_ack_eliciting(ch->txp, enc_level);57return 1;58}5960static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,61int packet_space, OSSL_TIME received,62uint64_t frame_type,63OSSL_QRX_PKT *qpacket)64{65OSSL_QUIC_FRAME_ACK ack;66OSSL_QUIC_ACK_RANGE *p;67uint64_t total_ranges = 0;68uint32_t ack_delay_exp = ch->rx_ack_delay_exp;6970if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)71/* In case sizeof(uint64_t) > sizeof(size_t) */72|| total_ranges > SIZE_MAX / sizeof(OSSL_QUIC_ACK_RANGE))73goto malformed;7475if (ch->num_ack_range_scratch < (size_t)total_ranges) {76if ((p = OPENSSL_realloc(ch->ack_range_scratch,77sizeof(OSSL_QUIC_ACK_RANGE)78* (size_t)total_ranges))79== NULL)80goto malformed;8182ch->ack_range_scratch = p;83ch->num_ack_range_scratch = (size_t)total_ranges;84}8586ack.ack_ranges = ch->ack_range_scratch;87ack.num_ack_ranges = (size_t)total_ranges;8889if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))90goto malformed;9192if (qpacket->hdr->type == QUIC_PKT_TYPE_1RTT93&& (qpacket->key_epoch < ossl_qrx_get_key_epoch(ch->qrx)94|| ch->rxku_expected)95&& ack.ack_ranges[0].end >= ch->txku_pn) {96/*97* RFC 9001 s. 6.2: An endpoint that receives an acknowledgment that is98* carried in a packet protected with old keys where any acknowledged99* packet was protected with newer keys MAY treat that as a connection100* error of type KEY_UPDATE_ERROR.101*102* Two cases to handle here:103*104* - We did spontaneous TXKU, the peer has responded in kind and we105* have detected RXKU; !ch->rxku_expected, but then it sent a packet106* with old keys acknowledging a packet in the new key epoch.107*108* This also covers the case where we got RXKU and triggered109* solicited TXKU, and then for some reason the peer sent an ACK of110* a PN in our new TX key epoch with old keys.111*112* - We did spontaneous TXKU; ch->txku_pn is the starting PN of our113* new TX key epoch; the peer has not initiated a solicited TXKU in114* response (so we have not detected RXKU); in this case the RX key115* epoch has not incremented and ch->rxku_expected is still 1.116*/117ossl_quic_channel_raise_protocol_error(ch,118OSSL_QUIC_ERR_KEY_UPDATE_ERROR,119frame_type,120"acked packet which initiated a "121"key update without a "122"corresponding key update");123return 0;124}125126if (!ossl_ackm_on_rx_ack_frame(ch->ackm, &ack,127packet_space, received))128goto malformed;129130++ch->diag_num_rx_ack;131return 1;132133malformed:134ossl_quic_channel_raise_protocol_error(ch,135OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,136frame_type,137"decode error");138return 0;139}140141static int depack_do_frame_reset_stream(PACKET *pkt,142QUIC_CHANNEL *ch,143OSSL_ACKM_RX_PKT *ackm_data)144{145OSSL_QUIC_FRAME_RESET_STREAM frame_data;146QUIC_STREAM *stream = NULL;147uint64_t fce;148149if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) {150ossl_quic_channel_raise_protocol_error(ch,151OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,152OSSL_QUIC_FRAME_TYPE_RESET_STREAM,153"decode error");154return 0;155}156157if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,158OSSL_QUIC_FRAME_TYPE_RESET_STREAM,159&stream))160return 0; /* error already raised for us */161162if (stream == NULL)163return 1; /* old deleted stream, not a protocol violation, ignore */164165if (!ossl_quic_stream_has_recv(stream)) {166ossl_quic_channel_raise_protocol_error(ch,167OSSL_QUIC_ERR_STREAM_STATE_ERROR,168OSSL_QUIC_FRAME_TYPE_RESET_STREAM,169"RESET_STREAM frame for "170"TX only stream");171return 0;172}173174/*175* The final size field of the RESET_STREAM frame must be used to determine176* how much flow control credit the aborted stream was considered to have177* consumed.178*179* We also need to ensure that if we already have a final size for the180* stream, the RESET_STREAM frame's Final Size field matches this; we SHOULD181* terminate the connection otherwise (RFC 9000 s. 4.5). The RXFC takes care182* of this for us.183*/184if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,185frame_data.final_size, /*is_fin=*/1)) {186ossl_quic_channel_raise_protocol_error(ch,187OSSL_QUIC_ERR_INTERNAL_ERROR,188OSSL_QUIC_FRAME_TYPE_RESET_STREAM,189"internal error (flow control)");190return 0;191}192193/* Has a flow control error occurred? */194fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);195if (fce != OSSL_QUIC_ERR_NO_ERROR) {196ossl_quic_channel_raise_protocol_error(ch,197fce,198OSSL_QUIC_FRAME_TYPE_RESET_STREAM,199"flow control violation");200return 0;201}202203/*204* Depending on the receive part state this is handled either as a reset205* transition or a no-op (e.g. if a reset has already been received before,206* or the application already retired a FIN). Best effort - there are no207* protocol error conditions we need to check for here.208*/209ossl_quic_stream_map_notify_reset_recv_part(&ch->qsm, stream,210frame_data.app_error_code,211frame_data.final_size);212213ossl_quic_stream_map_update_state(&ch->qsm, stream);214return 1;215}216217static int depack_do_frame_stop_sending(PACKET *pkt,218QUIC_CHANNEL *ch,219OSSL_ACKM_RX_PKT *ackm_data)220{221OSSL_QUIC_FRAME_STOP_SENDING frame_data;222QUIC_STREAM *stream = NULL;223224if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) {225ossl_quic_channel_raise_protocol_error(ch,226OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,227OSSL_QUIC_FRAME_TYPE_STOP_SENDING,228"decode error");229return 0;230}231232if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,233OSSL_QUIC_FRAME_TYPE_STOP_SENDING,234&stream))235return 0; /* error already raised for us */236237if (stream == NULL)238return 1; /* old deleted stream, not a protocol violation, ignore */239240if (!ossl_quic_stream_has_send(stream)) {241ossl_quic_channel_raise_protocol_error(ch,242OSSL_QUIC_ERR_STREAM_STATE_ERROR,243OSSL_QUIC_FRAME_TYPE_STOP_SENDING,244"STOP_SENDING frame for "245"RX only stream");246return 0;247}248249stream->peer_stop_sending = 1;250stream->peer_stop_sending_aec = frame_data.app_error_code;251252/*253* RFC 9000 s. 3.5: Receiving a STOP_SENDING frame means we must respond in254* turn with a RESET_STREAM frame for the same part of the stream. The other255* part is unaffected.256*/257ossl_quic_stream_map_reset_stream_send_part(&ch->qsm, stream,258frame_data.app_error_code);259return 1;260}261262static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,263OSSL_QRX_PKT *parent_pkt,264OSSL_ACKM_RX_PKT *ackm_data,265uint64_t *datalen)266{267OSSL_QUIC_FRAME_CRYPTO f;268QUIC_RSTREAM *rstream;269QUIC_RXFC *rxfc;270271*datalen = 0;272273if (!ossl_quic_wire_decode_frame_crypto(pkt, 0, &f)) {274ossl_quic_channel_raise_protocol_error(ch,275OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,276OSSL_QUIC_FRAME_TYPE_CRYPTO,277"decode error");278return 0;279}280281if (f.len == 0)282return 1; /* nothing to do */283284rstream = ch->crypto_recv[ackm_data->pkt_space];285if (!ossl_assert(rstream != NULL))286/*287* This should not happen; we should only have a NULL stream here if288* the EL has been discarded, and if the EL has been discarded we289* shouldn't be here.290*/291return 0;292293rxfc = &ch->crypto_rxfc[ackm_data->pkt_space];294295if (!ossl_quic_rxfc_on_rx_stream_frame(rxfc, f.offset + f.len,296/*is_fin=*/0)) {297ossl_quic_channel_raise_protocol_error(ch,298OSSL_QUIC_ERR_INTERNAL_ERROR,299OSSL_QUIC_FRAME_TYPE_CRYPTO,300"internal error (crypto RXFC)");301return 0;302}303304if (ossl_quic_rxfc_get_error(rxfc, 0) != OSSL_QUIC_ERR_NO_ERROR) {305ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,306OSSL_QUIC_FRAME_TYPE_CRYPTO,307"exceeded maximum crypto buffer");308return 0;309}310311if (!ossl_quic_rstream_queue_data(rstream, parent_pkt,312f.offset, f.data, f.len, 0)) {313ossl_quic_channel_raise_protocol_error(ch,314OSSL_QUIC_ERR_INTERNAL_ERROR,315OSSL_QUIC_FRAME_TYPE_CRYPTO,316"internal error (rstream queue)");317return 0;318}319320ch->did_crypto_frame = 1;321*datalen = f.len;322323return 1;324}325326static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch,327OSSL_ACKM_RX_PKT *ackm_data)328{329const uint8_t *token;330size_t token_len;331332if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) {333ossl_quic_channel_raise_protocol_error(ch,334OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,335OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,336"decode error");337return 0;338}339340if (token_len == 0) {341/*342* RFC 9000 s. 19.7: "A client MUST treat receipt of a NEW_TOKEN frame343* with an empty Token field as a connection error of type344* FRAME_ENCODING_ERROR."345*/346ossl_quic_channel_raise_protocol_error(ch,347OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,348OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,349"zero-length NEW_TOKEN");350return 0;351}352353/* store the new token in our token cache */354if (!ossl_quic_set_peer_token(ossl_quic_port_get_channel_ctx(ch->port),355&ch->cur_peer_addr, token, token_len))356return 0;357358return 1;359}360361/*362* Returns 1 if no protocol violation has occurred. In this case *result will be363* non-NULL unless this is an old deleted stream and we should ignore the frame364* causing this function to be called. Returns 0 on protocol violation.365*/366static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,367uint64_t stream_id,368uint64_t frame_type,369QUIC_STREAM **result)370{371QUIC_STREAM *stream;372uint64_t peer_role, stream_ordinal;373uint64_t *p_next_ordinal_local, *p_next_ordinal_remote;374QUIC_RXFC *max_streams_fc;375int is_uni, is_remote_init;376377stream = ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id);378if (stream != NULL) {379*result = stream;380return 1;381}382383/*384* If we do not yet have a stream with the given ID, there are three385* possibilities:386*387* (a) The stream ID is for a remotely-created stream and the peer388* is creating a stream.389*390* (b) The stream ID is for a locally-created stream which has391* previously been deleted.392*393* (c) The stream ID is for a locally-created stream which does394* not exist yet. This is a protocol violation and we must395* terminate the connection in this case.396*397* We distinguish between (b) and (c) using the stream ID allocator398* variable. Since stream ordinals are allocated monotonically, we399* simply determine if the stream ordinal is in the future.400*/401peer_role = ch->is_server402? QUIC_STREAM_INITIATOR_CLIENT403: QUIC_STREAM_INITIATOR_SERVER;404405is_remote_init = ((stream_id & QUIC_STREAM_INITIATOR_MASK) == peer_role);406is_uni = ((stream_id & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_UNI);407408stream_ordinal = stream_id >> 2;409410if (is_remote_init) {411/*412* Peer-created stream which does not yet exist. Create it. QUIC stream413* ordinals within a given stream type MUST be used in sequence and414* receiving a STREAM frame for ordinal n must implicitly create streams415* with ordinals [0, n) within that stream type even if no explicit416* STREAM frames are received for those ordinals.417*/418p_next_ordinal_remote = is_uni419? &ch->next_remote_stream_ordinal_uni420: &ch->next_remote_stream_ordinal_bidi;421422/* Check this isn't violating stream count flow control. */423max_streams_fc = is_uni424? &ch->max_streams_uni_rxfc425: &ch->max_streams_bidi_rxfc;426427if (!ossl_quic_rxfc_on_rx_stream_frame(max_streams_fc,428stream_ordinal + 1,429/*is_fin=*/0)) {430ossl_quic_channel_raise_protocol_error(ch,431OSSL_QUIC_ERR_INTERNAL_ERROR,432frame_type,433"internal error (stream count RXFC)");434return 0;435}436437if (ossl_quic_rxfc_get_error(max_streams_fc, 0) != OSSL_QUIC_ERR_NO_ERROR) {438ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,439frame_type,440"exceeded maximum allowed streams");441return 0;442}443444/*445* Create the named stream and any streams coming before it yet to be446* created.447*/448while (*p_next_ordinal_remote <= stream_ordinal) {449uint64_t cur_stream_id = (*p_next_ordinal_remote << 2) | (stream_id & (QUIC_STREAM_DIR_MASK | QUIC_STREAM_INITIATOR_MASK));450451stream = ossl_quic_channel_new_stream_remote(ch, cur_stream_id);452if (stream == NULL) {453ossl_quic_channel_raise_protocol_error(ch,454OSSL_QUIC_ERR_INTERNAL_ERROR,455frame_type,456"internal error (stream allocation)");457return 0;458}459460++*p_next_ordinal_remote;461}462463*result = stream;464} else {465/* Locally-created stream which does not yet exist. */466p_next_ordinal_local = is_uni467? &ch->next_local_stream_ordinal_uni468: &ch->next_local_stream_ordinal_bidi;469470if (stream_ordinal >= *p_next_ordinal_local) {471/*472* We never created this stream yet, this is a protocol473* violation.474*/475ossl_quic_channel_raise_protocol_error(ch,476OSSL_QUIC_ERR_STREAM_STATE_ERROR,477frame_type,478"STREAM frame for nonexistent "479"stream");480return 0;481}482483/*484* Otherwise this is for an old locally-initiated stream which we485* have subsequently deleted. Ignore the data; it may simply be a486* retransmission. We already take care of notifying the peer of the487* termination of the stream during the stream deletion lifecycle.488*/489*result = NULL;490}491492return 1;493}494495static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,496OSSL_QRX_PKT *parent_pkt,497OSSL_ACKM_RX_PKT *ackm_data,498uint64_t frame_type,499uint64_t *datalen)500{501OSSL_QUIC_FRAME_STREAM frame_data;502QUIC_STREAM *stream;503uint64_t fce;504size_t rs_avail;505int rs_fin = 0;506507*datalen = 0;508509if (!ossl_quic_wire_decode_frame_stream(pkt, 0, &frame_data)) {510ossl_quic_channel_raise_protocol_error(ch,511OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,512frame_type,513"decode error");514return 0;515}516517if (!depack_do_implicit_stream_create(ch, frame_data.stream_id,518frame_type, &stream))519return 0; /* protocol error raised by above call */520521if (stream == NULL)522/*523* Data for old stream which is not a protocol violation but should be524* ignored, so stop here.525*/526return 1;527528if (!ossl_quic_stream_has_recv(stream)) {529ossl_quic_channel_raise_protocol_error(ch,530OSSL_QUIC_ERR_STREAM_STATE_ERROR,531frame_type,532"STREAM frame for TX only "533"stream");534return 0;535}536537/* Notify stream flow controller. */538if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,539frame_data.offset + frame_data.len,540frame_data.is_fin)) {541ossl_quic_channel_raise_protocol_error(ch,542OSSL_QUIC_ERR_INTERNAL_ERROR,543frame_type,544"internal error (flow control)");545return 0;546}547548/* Has a flow control error occurred? */549fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);550if (fce != OSSL_QUIC_ERR_NO_ERROR) {551ossl_quic_channel_raise_protocol_error(ch,552fce,553frame_type,554"flow control violation");555return 0;556}557558switch (stream->recv_state) {559case QUIC_RSTREAM_STATE_RECV:560case QUIC_RSTREAM_STATE_SIZE_KNOWN:561/*562* It only makes sense to process incoming STREAM frames in these563* states.564*/565break;566567case QUIC_RSTREAM_STATE_DATA_RECVD:568case QUIC_RSTREAM_STATE_DATA_READ:569case QUIC_RSTREAM_STATE_RESET_RECVD:570case QUIC_RSTREAM_STATE_RESET_READ:571default:572/*573* We have no use for STREAM frames once the receive part reaches any of574* these states, so just ignore.575*/576return 1;577}578579/* If we are in RECV, auto-transition to SIZE_KNOWN on FIN. */580if (frame_data.is_fin581&& !ossl_quic_stream_recv_get_final_size(stream, NULL)) {582583/* State was already checked above, so can't fail. */584ossl_quic_stream_map_notify_size_known_recv_part(&ch->qsm, stream,585frame_data.offset586+ frame_data.len);587}588589/*590* If we requested STOP_SENDING do not bother buffering the data. Note that591* this must happen after RXFC checks above as even if we sent STOP_SENDING592* we must still enforce correct flow control (RFC 9000 s. 3.5).593*/594if (stream->stop_sending)595return 1; /* not an error - packet reordering, etc. */596597/*598* The receive stream buffer may or may not choose to consume the data599* without copying by reffing the OSSL_QRX_PKT. In this case600* ossl_qrx_pkt_release() will be eventually called when the data is no601* longer needed.602*603* It is OK for the peer to send us a zero-length non-FIN STREAM frame,604* which is a no-op, aside from the fact that it ensures the stream exists.605* In this case we have nothing to report to the receive buffer.606*/607if ((frame_data.len > 0 || frame_data.is_fin)608&& !ossl_quic_rstream_queue_data(stream->rstream, parent_pkt,609frame_data.offset,610frame_data.data,611frame_data.len,612frame_data.is_fin)) {613ossl_quic_channel_raise_protocol_error(ch,614OSSL_QUIC_ERR_INTERNAL_ERROR,615frame_type,616"internal error (rstream queue)");617return 0;618}619620/*621* rs_fin will be 1 only if we can read all data up to and including the FIN622* without any gaps before it; this implies we have received all data. Avoid623* calling ossl_quic_rstream_available() where it is not necessary as it is624* more expensive.625*/626if (stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN627&& !ossl_quic_rstream_available(stream->rstream, &rs_avail, &rs_fin)) {628ossl_quic_channel_raise_protocol_error(ch,629OSSL_QUIC_ERR_INTERNAL_ERROR,630frame_type,631"internal error (rstream available)");632return 0;633}634635if (rs_fin)636ossl_quic_stream_map_notify_totally_received(&ch->qsm, stream);637638*datalen = frame_data.len;639640return 1;641}642643static void update_streams(QUIC_STREAM *s, void *arg)644{645QUIC_CHANNEL *ch = arg;646647ossl_quic_stream_map_update_state(&ch->qsm, s);648}649650static void update_streams_bidi(QUIC_STREAM *s, void *arg)651{652QUIC_CHANNEL *ch = arg;653654if (!ossl_quic_stream_is_bidi(s))655return;656657ossl_quic_stream_map_update_state(&ch->qsm, s);658}659660static void update_streams_uni(QUIC_STREAM *s, void *arg)661{662QUIC_CHANNEL *ch = arg;663664if (ossl_quic_stream_is_bidi(s))665return;666667ossl_quic_stream_map_update_state(&ch->qsm, s);668}669670static int depack_do_frame_max_data(PACKET *pkt, QUIC_CHANNEL *ch,671OSSL_ACKM_RX_PKT *ackm_data)672{673uint64_t max_data = 0;674675if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) {676ossl_quic_channel_raise_protocol_error(ch,677OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,678OSSL_QUIC_FRAME_TYPE_MAX_DATA,679"decode error");680return 0;681}682683ossl_quic_txfc_bump_cwm(&ch->conn_txfc, max_data);684ossl_quic_stream_map_visit(&ch->qsm, update_streams, ch);685return 1;686}687688static int depack_do_frame_max_stream_data(PACKET *pkt,689QUIC_CHANNEL *ch,690OSSL_ACKM_RX_PKT *ackm_data)691{692uint64_t stream_id = 0;693uint64_t max_stream_data = 0;694QUIC_STREAM *stream;695696if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,697&max_stream_data)) {698ossl_quic_channel_raise_protocol_error(ch,699OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,700OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,701"decode error");702return 0;703}704705if (!depack_do_implicit_stream_create(ch, stream_id,706OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,707&stream))708return 0; /* error already raised for us */709710if (stream == NULL)711return 1; /* old deleted stream, not a protocol violation, ignore */712713if (!ossl_quic_stream_has_send(stream)) {714ossl_quic_channel_raise_protocol_error(ch,715OSSL_QUIC_ERR_STREAM_STATE_ERROR,716OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,717"MAX_STREAM_DATA for TX only "718"stream");719return 0;720}721722ossl_quic_txfc_bump_cwm(&stream->txfc, max_stream_data);723ossl_quic_stream_map_update_state(&ch->qsm, stream);724return 1;725}726727static int depack_do_frame_max_streams(PACKET *pkt,728QUIC_CHANNEL *ch,729OSSL_ACKM_RX_PKT *ackm_data,730uint64_t frame_type)731{732uint64_t max_streams = 0;733734if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) {735ossl_quic_channel_raise_protocol_error(ch,736OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,737frame_type,738"decode error");739return 0;740}741742if (max_streams > (((uint64_t)1) << 60)) {743ossl_quic_channel_raise_protocol_error(ch,744OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,745frame_type,746"invalid max streams value");747return 0;748}749750switch (frame_type) {751case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:752if (max_streams > ch->max_local_streams_bidi)753ch->max_local_streams_bidi = max_streams;754755/* Some streams may now be able to send. */756ossl_quic_stream_map_visit(&ch->qsm, update_streams_bidi, ch);757break;758case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:759if (max_streams > ch->max_local_streams_uni)760ch->max_local_streams_uni = max_streams;761762/* Some streams may now be able to send. */763ossl_quic_stream_map_visit(&ch->qsm, update_streams_uni, ch);764break;765default:766ossl_quic_channel_raise_protocol_error(ch,767OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,768frame_type,769"decode error");770return 0;771}772773return 1;774}775776static int depack_do_frame_data_blocked(PACKET *pkt,777QUIC_CHANNEL *ch,778OSSL_ACKM_RX_PKT *ackm_data)779{780uint64_t max_data = 0;781782if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) {783ossl_quic_channel_raise_protocol_error(ch,784OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,785OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED,786"decode error");787return 0;788}789790/* No-op - informative/debugging frame. */791return 1;792}793794static int depack_do_frame_stream_data_blocked(PACKET *pkt,795QUIC_CHANNEL *ch,796OSSL_ACKM_RX_PKT *ackm_data)797{798uint64_t stream_id = 0;799uint64_t max_data = 0;800QUIC_STREAM *stream;801802if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,803&max_data)) {804ossl_quic_channel_raise_protocol_error(ch,805OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,806OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,807"decode error");808return 0;809}810811/*812* This is an informative/debugging frame, so we don't have to do anything,813* but it does trigger stream creation.814*/815if (!depack_do_implicit_stream_create(ch, stream_id,816OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,817&stream))818return 0; /* error already raised for us */819820if (stream == NULL)821return 1; /* old deleted stream, not a protocol violation, ignore */822823if (!ossl_quic_stream_has_recv(stream)) {824/*825* RFC 9000 s. 19.14: "An endpoint that receives a STREAM_DATA_BLOCKED826* frame for a send-only stream MUST terminate the connection with error827* STREAM_STATE_ERROR."828*/829ossl_quic_channel_raise_protocol_error(ch,830OSSL_QUIC_ERR_STREAM_STATE_ERROR,831OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,832"STREAM_DATA_BLOCKED frame for "833"TX only stream");834return 0;835}836837/* No-op - informative/debugging frame. */838return 1;839}840841static int depack_do_frame_streams_blocked(PACKET *pkt,842QUIC_CHANNEL *ch,843OSSL_ACKM_RX_PKT *ackm_data,844uint64_t frame_type)845{846uint64_t max_data = 0;847848if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) {849ossl_quic_channel_raise_protocol_error(ch,850OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,851frame_type,852"decode error");853return 0;854}855856if (max_data > (((uint64_t)1) << 60)) {857/*858* RFC 9000 s. 19.14: "This value cannot exceed 2**60, as it is not859* possible to encode stream IDs larger than 2**62 - 1. Receipt of a860* frame that encodes a larger stream ID MUST be treated as a connection861* error of type STREAM_LIMIT_ERROR or FRAME_ENCODING_ERROR."862*/863ossl_quic_channel_raise_protocol_error(ch,864OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,865frame_type,866"invalid stream count limit");867return 0;868}869870/* No-op - informative/debugging frame. */871return 1;872}873874static int depack_do_frame_new_conn_id(PACKET *pkt,875QUIC_CHANNEL *ch,876OSSL_ACKM_RX_PKT *ackm_data)877{878OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;879880if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) {881ossl_quic_channel_raise_protocol_error(ch,882OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,883OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,884"decode error");885return 0;886}887888ossl_quic_channel_on_new_conn_id(ch, &frame_data);889890return 1;891}892893static int depack_do_frame_retire_conn_id(PACKET *pkt,894QUIC_CHANNEL *ch,895OSSL_ACKM_RX_PKT *ackm_data)896{897uint64_t seq_num;898899if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) {900ossl_quic_channel_raise_protocol_error(ch,901OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,902OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,903"decode error");904return 0;905}906907/*908* RFC 9000 s. 19.16: "An endpoint cannot send this frame if it was provided909* with a zero-length connection ID by its peer. An endpoint that provides a910* zero-length connection ID MUST treat receipt of a RETIRE_CONNECTION_ID911* frame as a connection error of type PROTOCOL_VIOLATION."912*913* Since we always use a zero-length SCID as a client, there is no case914* where it is valid for a server to send this. Our server support is915* currently non-conformant and for internal testing use; simply handle it916* as a no-op in this case.917*918* TODO(QUIC FUTURE): Revise and implement correctly for server support.919*/920if (!ch->is_server) {921ossl_quic_channel_raise_protocol_error(ch,922OSSL_QUIC_ERR_PROTOCOL_VIOLATION,923OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,924"conn has zero-length CID");925return 0;926}927928return 1;929}930931static void free_path_response(unsigned char *buf, size_t buf_len, void *arg)932{933OPENSSL_free(buf);934}935936static int depack_do_frame_path_challenge(PACKET *pkt,937QUIC_CHANNEL *ch,938OSSL_ACKM_RX_PKT *ackm_data)939{940uint64_t frame_data = 0;941unsigned char *encoded = NULL;942size_t encoded_len;943WPACKET wpkt;944945if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) {946ossl_quic_channel_raise_protocol_error(ch,947OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,948OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,949"decode error");950return 0;951}952953/*954* RFC 9000 s. 8.2.2: On receiving a PATH_CHALLENGE frame, an endpoint MUST955* respond by echoing the data contained in the PATH_CHALLENGE frame in a956* PATH_RESPONSE frame.957*958* TODO(QUIC FUTURE): We should try to avoid allocation here in the future.959*/960encoded_len = sizeof(uint64_t) + 1;961if ((encoded = OPENSSL_malloc(encoded_len)) == NULL)962goto err;963964if (!WPACKET_init_static_len(&wpkt, encoded, encoded_len, 0))965goto err;966967if (!ossl_quic_wire_encode_frame_path_response(&wpkt, frame_data)) {968WPACKET_cleanup(&wpkt);969goto err;970}971972WPACKET_finish(&wpkt);973974if (!ossl_quic_cfq_add_frame(ch->cfq, 0, QUIC_PN_SPACE_APP,975OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,976QUIC_CFQ_ITEM_FLAG_UNRELIABLE,977encoded, encoded_len,978free_path_response, NULL))979goto err;980981return 1;982983err:984OPENSSL_free(encoded);985ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_INTERNAL_ERROR,986OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,987"internal error");988return 0;989}990991static int depack_do_frame_path_response(PACKET *pkt,992QUIC_CHANNEL *ch,993OSSL_ACKM_RX_PKT *ackm_data)994{995uint64_t frame_data = 0;996997if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) {998ossl_quic_channel_raise_protocol_error(ch,999OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,1000OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,1001"decode error");1002return 0;1003}10041005/* TODO(QUIC MULTIPATH): ADD CODE to send |frame_data| to the ch manager */10061007return 1;1008}10091010static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CHANNEL *ch,1011uint64_t frame_type)1012{1013OSSL_QUIC_FRAME_CONN_CLOSE frame_data;10141015if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data)) {1016ossl_quic_channel_raise_protocol_error(ch,1017OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,1018frame_type,1019"decode error");1020return 0;1021}10221023ossl_quic_channel_on_remote_conn_close(ch, &frame_data);1024return 1;1025}10261027static int depack_do_frame_handshake_done(PACKET *pkt,1028QUIC_CHANNEL *ch,1029OSSL_ACKM_RX_PKT *ackm_data)1030{1031if (!ossl_quic_wire_decode_frame_handshake_done(pkt)) {1032/* This can fail only with an internal error. */1033ossl_quic_channel_raise_protocol_error(ch,1034OSSL_QUIC_ERR_INTERNAL_ERROR,1035OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE,1036"internal error (decode frame handshake done)");1037return 0;1038}10391040ossl_quic_channel_on_handshake_confirmed(ch);1041return 1;1042}10431044/* Main frame processor */10451046static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,1047OSSL_QRX_PKT *parent_pkt, uint32_t enc_level,1048OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)1049{1050uint32_t pkt_type = parent_pkt->hdr->type;1051uint32_t packet_space = ossl_quic_enc_level_to_pn_space(enc_level);10521053if (PACKET_remaining(pkt) == 0) {1054/*1055* RFC 9000 s. 12.4: An endpoint MUST treat receipt of a packet1056* containing no frames as a connection error of type1057* PROTOCOL_VIOLATION.1058*/1059ossl_quic_channel_raise_protocol_error(ch,1060OSSL_QUIC_ERR_PROTOCOL_VIOLATION,10610,1062"empty packet payload");1063return 0;1064}10651066while (PACKET_remaining(pkt) > 0) {1067int was_minimal;1068uint64_t frame_type;1069const unsigned char *sof = NULL;1070uint64_t datalen = 0;10711072if (ch->msg_callback != NULL)1073sof = PACKET_data(pkt);10741075if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type, &was_minimal)) {1076ossl_quic_channel_raise_protocol_error(ch,1077OSSL_QUIC_ERR_PROTOCOL_VIOLATION,10780,1079"malformed frame header");1080return 0;1081}10821083if (!was_minimal) {1084ossl_quic_channel_raise_protocol_error(ch,1085OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1086frame_type,1087"non-minimal frame type encoding");1088return 0;1089}10901091/*1092* There are only a few frame types which are not ACK-eliciting. Handle1093* these centrally to make error handling cases more resilient, as we1094* should tell the ACKM about an ACK-eliciting frame even if it was not1095* successfully handled.1096*/1097switch (frame_type) {1098case OSSL_QUIC_FRAME_TYPE_PADDING:1099case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:1100case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:1101case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:1102case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:1103break;1104default:1105ackm_data->is_ack_eliciting = 1;1106break;1107}11081109switch (frame_type) {1110case OSSL_QUIC_FRAME_TYPE_PING:1111/* Allowed in all packet types */1112if (!depack_do_frame_ping(pkt, ch, enc_level, ackm_data))1113return 0;1114break;1115case OSSL_QUIC_FRAME_TYPE_PADDING:1116/* Allowed in all packet types */1117if (!depack_do_frame_padding(pkt))1118return 0;1119break;11201121case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:1122case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:1123/* ACK frames are valid everywhere except in 0RTT packets */1124if (pkt_type == QUIC_PKT_TYPE_0RTT) {1125ossl_quic_channel_raise_protocol_error(ch,1126OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1127frame_type,1128"ACK not valid in 0-RTT");1129return 0;1130}1131if (!depack_do_frame_ack(pkt, ch, packet_space, received,1132frame_type, parent_pkt))1133return 0;1134break;11351136case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:1137/* RESET_STREAM frames are valid in 0RTT and 1RTT packets */1138if (pkt_type != QUIC_PKT_TYPE_0RTT1139&& pkt_type != QUIC_PKT_TYPE_1RTT) {1140ossl_quic_channel_raise_protocol_error(ch,1141OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1142frame_type,1143"RESET_STREAM not valid in "1144"INITIAL/HANDSHAKE");1145return 0;1146}1147if (!depack_do_frame_reset_stream(pkt, ch, ackm_data))1148return 0;1149break;1150case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:1151/* STOP_SENDING frames are valid in 0RTT and 1RTT packets */1152if (pkt_type != QUIC_PKT_TYPE_0RTT1153&& pkt_type != QUIC_PKT_TYPE_1RTT) {1154ossl_quic_channel_raise_protocol_error(ch,1155OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1156frame_type,1157"STOP_SENDING not valid in "1158"INITIAL/HANDSHAKE");1159return 0;1160}1161if (!depack_do_frame_stop_sending(pkt, ch, ackm_data))1162return 0;1163break;1164case OSSL_QUIC_FRAME_TYPE_CRYPTO:1165/* CRYPTO frames are valid everywhere except in 0RTT packets */1166if (pkt_type == QUIC_PKT_TYPE_0RTT) {1167ossl_quic_channel_raise_protocol_error(ch,1168OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1169frame_type,1170"CRYPTO frame not valid in 0-RTT");1171return 0;1172}1173if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data, &datalen))1174return 0;1175break;1176case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:1177/* NEW_TOKEN frames are valid in 1RTT packets */1178if (pkt_type != QUIC_PKT_TYPE_1RTT) {1179ossl_quic_channel_raise_protocol_error(ch,1180OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1181frame_type,1182"NEW_TOKEN valid only in 1-RTT");1183return 0;1184}11851186/*1187* RFC 9000 s. 19.7: "A server MUST treat receipt of a NEW_TOKEN1188* frame as a connection error of type PROTOCOL_VIOLATION."1189*/1190if (ch->is_server) {1191ossl_quic_channel_raise_protocol_error(ch,1192OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1193frame_type,1194"NEW_TOKEN can only be sent by a server");1195return 0;1196}11971198if (!depack_do_frame_new_token(pkt, ch, ackm_data))1199return 0;1200break;12011202case OSSL_QUIC_FRAME_TYPE_STREAM:1203case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:1204case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:1205case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:1206case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:1207case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:1208case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:1209case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:1210/* STREAM frames are valid in 0RTT and 1RTT packets */1211if (pkt_type != QUIC_PKT_TYPE_0RTT1212&& pkt_type != QUIC_PKT_TYPE_1RTT) {1213ossl_quic_channel_raise_protocol_error(ch,1214OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1215frame_type,1216"STREAM valid only in 0/1-RTT");1217return 0;1218}1219if (!depack_do_frame_stream(pkt, ch, parent_pkt, ackm_data,1220frame_type, &datalen))1221return 0;1222break;12231224case OSSL_QUIC_FRAME_TYPE_MAX_DATA:1225/* MAX_DATA frames are valid in 0RTT and 1RTT packets */1226if (pkt_type != QUIC_PKT_TYPE_0RTT1227&& pkt_type != QUIC_PKT_TYPE_1RTT) {1228ossl_quic_channel_raise_protocol_error(ch,1229OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1230frame_type,1231"MAX_DATA valid only in 0/1-RTT");1232return 0;1233}1234if (!depack_do_frame_max_data(pkt, ch, ackm_data))1235return 0;1236break;1237case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:1238/* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */1239if (pkt_type != QUIC_PKT_TYPE_0RTT1240&& pkt_type != QUIC_PKT_TYPE_1RTT) {1241ossl_quic_channel_raise_protocol_error(ch,1242OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1243frame_type,1244"MAX_STREAM_DATA valid only in 0/1-RTT");1245return 0;1246}1247if (!depack_do_frame_max_stream_data(pkt, ch, ackm_data))1248return 0;1249break;12501251case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:1252case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:1253/* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */1254if (pkt_type != QUIC_PKT_TYPE_0RTT1255&& pkt_type != QUIC_PKT_TYPE_1RTT) {1256ossl_quic_channel_raise_protocol_error(ch,1257OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1258frame_type,1259"MAX_STREAMS valid only in 0/1-RTT");1260return 0;1261}1262if (!depack_do_frame_max_streams(pkt, ch, ackm_data,1263frame_type))1264return 0;1265break;12661267case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:1268/* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */1269if (pkt_type != QUIC_PKT_TYPE_0RTT1270&& pkt_type != QUIC_PKT_TYPE_1RTT) {1271ossl_quic_channel_raise_protocol_error(ch,1272OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1273frame_type,1274"DATA_BLOCKED valid only in 0/1-RTT");1275return 0;1276}1277if (!depack_do_frame_data_blocked(pkt, ch, ackm_data))1278return 0;1279break;1280case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:1281/* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */1282if (pkt_type != QUIC_PKT_TYPE_0RTT1283&& pkt_type != QUIC_PKT_TYPE_1RTT) {1284ossl_quic_channel_raise_protocol_error(ch,1285OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1286frame_type,1287"STREAM_DATA_BLOCKED valid only in 0/1-RTT");1288return 0;1289}1290if (!depack_do_frame_stream_data_blocked(pkt, ch, ackm_data))1291return 0;1292break;12931294case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:1295case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:1296/* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */1297if (pkt_type != QUIC_PKT_TYPE_0RTT1298&& pkt_type != QUIC_PKT_TYPE_1RTT) {1299ossl_quic_channel_raise_protocol_error(ch,1300OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1301frame_type,1302"STREAMS valid only in 0/1-RTT");1303return 0;1304}1305if (!depack_do_frame_streams_blocked(pkt, ch, ackm_data,1306frame_type))1307return 0;1308break;13091310case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:1311/* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */1312if (pkt_type != QUIC_PKT_TYPE_0RTT1313&& pkt_type != QUIC_PKT_TYPE_1RTT) {1314ossl_quic_channel_raise_protocol_error(ch,1315OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1316frame_type,1317"NEW_CONN_ID valid only in 0/1-RTT");1318}1319if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))1320return 0;1321break;1322case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:1323/* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */1324if (pkt_type != QUIC_PKT_TYPE_0RTT1325&& pkt_type != QUIC_PKT_TYPE_1RTT) {1326ossl_quic_channel_raise_protocol_error(ch,1327OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1328frame_type,1329"RETIRE_CONN_ID valid only in 0/1-RTT");1330return 0;1331}1332if (!depack_do_frame_retire_conn_id(pkt, ch, ackm_data))1333return 0;1334break;1335case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:1336/* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */1337if (pkt_type != QUIC_PKT_TYPE_0RTT1338&& pkt_type != QUIC_PKT_TYPE_1RTT) {1339ossl_quic_channel_raise_protocol_error(ch,1340OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1341frame_type,1342"PATH_CHALLENGE valid only in 0/1-RTT");1343return 0;1344}1345if (!depack_do_frame_path_challenge(pkt, ch, ackm_data))1346return 0;13471348break;1349case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:1350/* PATH_RESPONSE frames are valid in 1RTT packets */1351if (pkt_type != QUIC_PKT_TYPE_1RTT) {1352ossl_quic_channel_raise_protocol_error(ch,1353OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1354frame_type,1355"PATH_CHALLENGE valid only in 1-RTT");1356return 0;1357}1358if (!depack_do_frame_path_response(pkt, ch, ackm_data))1359return 0;1360break;13611362case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:1363/* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */1364if (pkt_type != QUIC_PKT_TYPE_0RTT1365&& pkt_type != QUIC_PKT_TYPE_1RTT) {1366ossl_quic_channel_raise_protocol_error(ch,1367OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1368frame_type,1369"CONN_CLOSE (APP) valid only in 0/1-RTT");1370return 0;1371}1372/* FALLTHRU */1373case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:1374/* CONN_CLOSE_TRANSPORT frames are valid in all packets */1375if (!depack_do_frame_conn_close(pkt, ch, frame_type))1376return 0;1377break;13781379case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:1380/* HANDSHAKE_DONE frames are valid in 1RTT packets */1381if (pkt_type != QUIC_PKT_TYPE_1RTT) {1382ossl_quic_channel_raise_protocol_error(ch,1383OSSL_QUIC_ERR_PROTOCOL_VIOLATION,1384frame_type,1385"HANDSHAKE_DONE valid only in 1-RTT");1386return 0;1387}1388if (!depack_do_frame_handshake_done(pkt, ch, ackm_data))1389return 0;1390break;13911392default:1393/* Unknown frame type */1394ossl_quic_channel_raise_protocol_error(ch,1395OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,1396frame_type,1397"Unknown frame type received");1398return 0;1399}14001401if (ch->msg_callback != NULL) {1402int ctype = SSL3_RT_QUIC_FRAME_FULL;14031404size_t framelen = PACKET_data(pkt) - sof;14051406if (frame_type == OSSL_QUIC_FRAME_TYPE_PADDING) {1407ctype = SSL3_RT_QUIC_FRAME_PADDING;1408} else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(frame_type)1409|| frame_type == OSSL_QUIC_FRAME_TYPE_CRYPTO) {1410ctype = SSL3_RT_QUIC_FRAME_HEADER;1411framelen -= (size_t)datalen;1412}14131414ch->msg_callback(0, OSSL_QUIC1_VERSION, ctype, sof, framelen,1415ch->msg_callback_ssl, ch->msg_callback_arg);1416}1417}14181419return 1;1420}14211422QUIC_NEEDS_LOCK1423int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)1424{1425PACKET pkt;1426OSSL_ACKM_RX_PKT ackm_data;1427uint32_t enc_level;1428size_t dgram_len = qpacket->datagram_len;14291430if (ch == NULL)1431return 0;14321433ch->did_crypto_frame = 0;14341435/* Initialize |ackm_data| (and reinitialize |ok|)*/1436memset(&ackm_data, 0, sizeof(ackm_data));1437/*1438* ASSUMPTION: All packets that aren't special case have a1439* packet number.1440*/1441ackm_data.pkt_num = qpacket->pn;1442ackm_data.time = qpacket->time;1443enc_level = ossl_quic_pkt_type_to_enc_level(qpacket->hdr->type);1444if (enc_level >= QUIC_ENC_LEVEL_NUM)1445/*1446* Retry and Version Negotiation packets should not be passed to this1447* function.1448*/1449return 0;14501451ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level);14521453/*1454* RFC 9000 s. 8.11455* We can consider the connection to be validated, if we receive a packet1456* from the client protected via handshake keys, meaning that the1457* amplification limit no longer applies (i.e. we can set it as validated.1458* Otherwise, add the size of this packet to the unvalidated credit for1459* the connection.1460*/1461if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE)1462ossl_quic_tx_packetiser_set_validated(ch->txp);1463else1464ossl_quic_tx_packetiser_add_unvalidated_credit(ch->txp, dgram_len);14651466/* Now that special cases are out of the way, parse frames */1467if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)1468|| !depack_process_frames(ch, &pkt, qpacket,1469enc_level,1470qpacket->time,1471&ackm_data))1472return 0;14731474ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);14751476return 1;1477}147814791480