Path: blob/main/crypto/openssl/ssl/quic/quic_txp.c
108106 views
/*1* Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#include "internal/quic_txp.h"10#include "internal/quic_fifd.h"11#include "internal/quic_stream_map.h"12#include "internal/quic_error.h"13#include "internal/common.h"14#include <openssl/err.h>1516#define MIN_CRYPTO_HDR_SIZE 31718#define MIN_FRAME_SIZE_HANDSHAKE_DONE 119#define MIN_FRAME_SIZE_MAX_DATA 220#define MIN_FRAME_SIZE_ACK 521#define MIN_FRAME_SIZE_CRYPTO (MIN_CRYPTO_HDR_SIZE + 1)22#define MIN_FRAME_SIZE_STREAM 3 /* minimum useful size (for non-FIN) */23#define MIN_FRAME_SIZE_MAX_STREAMS_BIDI 224#define MIN_FRAME_SIZE_MAX_STREAMS_UNI 22526/*27* Packet Archetypes28* =================29*/3031/* Generate normal packets containing most frame types, subject to EL. */32#define TX_PACKETISER_ARCHETYPE_NORMAL 03334/*35* A probe packet is different in that:36* - It bypasses CC, but *is* counted as in flight for purposes of CC;37* - It must be ACK-eliciting.38*/39#define TX_PACKETISER_ARCHETYPE_PROBE 14041/*42* An ACK-only packet is different in that:43* - It bypasses CC, and is considered a 'non-inflight' packet;44* - It may not contain anything other than an ACK frame, not even padding.45*/46#define TX_PACKETISER_ARCHETYPE_ACK_ONLY 24748#define TX_PACKETISER_ARCHETYPE_NUM 34950struct ossl_quic_tx_packetiser_st {51OSSL_QUIC_TX_PACKETISER_ARGS args;5253/*54* Opaque initial token blob provided by caller. TXP frees using the55* callback when it is no longer needed.56*/57const unsigned char *initial_token;58size_t initial_token_len;59ossl_quic_initial_token_free_fn *initial_token_free_cb;60void *initial_token_free_cb_arg;6162/* Subcomponents of the TXP that we own. */63QUIC_FIFD fifd; /* QUIC Frame-in-Flight Dispatcher */6465/* Internal state. */66uint64_t next_pn[QUIC_PN_SPACE_NUM]; /* Next PN to use in given PN space. */67OSSL_TIME last_tx_time; /* Last time a packet was generated, or 0. */6869size_t unvalidated_credit; /* Limit of data we can send until validated */7071/* Internal state - frame (re)generation flags. */72unsigned int want_handshake_done : 1;73unsigned int want_max_data : 1;74unsigned int want_max_streams_bidi : 1;75unsigned int want_max_streams_uni : 1;7677/* Internal state - frame (re)generation flags - per PN space. */78unsigned int want_ack : QUIC_PN_SPACE_NUM;79unsigned int force_ack_eliciting : QUIC_PN_SPACE_NUM;8081/*82* Internal state - connection close terminal state.83* Once this is set, it is not unset unlike other want_ flags - we keep84* sending it in every packet.85*/86unsigned int want_conn_close : 1;8788/* Has the handshake been completed? */89unsigned int handshake_complete : 1;9091OSSL_QUIC_FRAME_CONN_CLOSE conn_close_frame;9293/*94* Counts of the number of bytes received and sent while in the closing95* state.96*/97uint64_t closing_bytes_recv;98uint64_t closing_bytes_xmit;99100/* Internal state - packet assembly. */101struct txp_el {102unsigned char *scratch; /* scratch buffer for packet assembly */103size_t scratch_len; /* number of bytes allocated for scratch */104OSSL_QTX_IOVEC *iovec; /* scratch iovec array for use with QTX */105size_t alloc_iovec; /* size of iovec array */106} el[QUIC_ENC_LEVEL_NUM];107108/* Message callback related arguments */109ossl_msg_cb msg_callback;110void *msg_callback_arg;111SSL *msg_callback_ssl;112113/* Callbacks. */114void (*ack_tx_cb)(const OSSL_QUIC_FRAME_ACK *ack,115uint32_t pn_space,116void *arg);117void *ack_tx_cb_arg;118};119120/*121* The TX helper records state used while generating frames into packets. It122* enables serialization into the packet to be done "transactionally" where123* serialization of a frame can be rolled back if it fails midway (e.g. if it124* does not fit).125*/126struct tx_helper {127OSSL_QUIC_TX_PACKETISER *txp;128/*129* The Maximum Packet Payload Length in bytes. This is the amount of130* space we have to generate frames into.131*/132size_t max_ppl;133/*134* Number of bytes we have generated so far.135*/136size_t bytes_appended;137/*138* Number of scratch bytes in txp->scratch we have used so far. Some iovecs139* will reference this scratch buffer. When we need to use more of it (e.g.140* when we need to put frame headers somewhere), we append to the scratch141* buffer, resizing if necessary, and increase this accordingly.142*/143size_t scratch_bytes;144/*145* Bytes reserved in the MaxPPL budget. We keep this number of bytes spare146* until reserve_allowed is set to 1. Currently this is always at most 1, as147* a PING frame takes up one byte and this mechanism is only used to ensure148* we can encode a PING frame if we have been asked to ensure a packet is149* ACK-eliciting and we are unusure if we are going to add any other150* ACK-eliciting frames before we reach our MaxPPL budget.151*/152size_t reserve;153/*154* Number of iovecs we have currently appended. This is the number of155* entries valid in txp->iovec.156*/157size_t num_iovec;158/* The EL this TX helper is being used for. */159uint32_t enc_level;160/*161* Whether we are allowed to make use of the reserve bytes in our MaxPPL162* budget. This is used to ensure we have room to append a PING frame later163* if we need to. Once we know we will not need to append a PING frame, this164* is set to 1.165*/166unsigned int reserve_allowed : 1;167/*168* Set to 1 if we have appended a STREAM frame with an implicit length. If169* this happens we should never append another frame after that frame as it170* cannot be validly encoded. This is just a safety check.171*/172unsigned int done_implicit : 1;173struct {174/*175* The fields in this structure are valid if active is set, which means176* that a serialization transaction is currently in progress.177*/178unsigned char *data;179WPACKET wpkt;180unsigned int active : 1;181} txn;182};183184static void tx_helper_rollback(struct tx_helper *h);185static int txp_el_ensure_iovec(struct txp_el *el, size_t num);186187/* Initialises the TX helper. */188static int tx_helper_init(struct tx_helper *h, OSSL_QUIC_TX_PACKETISER *txp,189uint32_t enc_level, size_t max_ppl, size_t reserve)190{191if (reserve > max_ppl)192return 0;193194h->txp = txp;195h->enc_level = enc_level;196h->max_ppl = max_ppl;197h->reserve = reserve;198h->num_iovec = 0;199h->bytes_appended = 0;200h->scratch_bytes = 0;201h->reserve_allowed = 0;202h->done_implicit = 0;203h->txn.data = NULL;204h->txn.active = 0;205206if (max_ppl > h->txp->el[enc_level].scratch_len) {207unsigned char *scratch;208209scratch = OPENSSL_realloc(h->txp->el[enc_level].scratch, max_ppl);210if (scratch == NULL)211return 0;212213h->txp->el[enc_level].scratch = scratch;214h->txp->el[enc_level].scratch_len = max_ppl;215}216217return 1;218}219220static void tx_helper_cleanup(struct tx_helper *h)221{222if (h->txn.active)223tx_helper_rollback(h);224225h->txp = NULL;226}227228static void tx_helper_unrestrict(struct tx_helper *h)229{230h->reserve_allowed = 1;231}232233/*234* Append an extent of memory to the iovec list. The memory must remain235* allocated until we finish generating the packet and call the QTX.236*237* In general, the buffers passed to this function will be from one of two238* ranges:239*240* - Application data contained in stream buffers managed elsewhere241* in the QUIC stack; or242*243* - Control frame data appended into txp->scratch using tx_helper_begin and244* tx_helper_commit.245*246*/247static int tx_helper_append_iovec(struct tx_helper *h,248const unsigned char *buf,249size_t buf_len)250{251struct txp_el *el = &h->txp->el[h->enc_level];252253if (buf_len == 0)254return 1;255256if (!ossl_assert(!h->done_implicit))257return 0;258259if (!txp_el_ensure_iovec(el, h->num_iovec + 1))260return 0;261262el->iovec[h->num_iovec].buf = buf;263el->iovec[h->num_iovec].buf_len = buf_len;264265++h->num_iovec;266h->bytes_appended += buf_len;267return 1;268}269270/*271* How many more bytes of space do we have left in our plaintext packet payload?272*/273static size_t tx_helper_get_space_left(struct tx_helper *h)274{275return h->max_ppl276- (h->reserve_allowed ? 0 : h->reserve) - h->bytes_appended;277}278279/*280* Begin a control frame serialization transaction. This allows the281* serialization of the control frame to be backed out if it turns out it won't282* fit. Write the control frame to the returned WPACKET. Ensure you always283* call tx_helper_rollback or tx_helper_commit (or tx_helper_cleanup). Returns284* NULL on failure.285*/286static WPACKET *tx_helper_begin(struct tx_helper *h)287{288size_t space_left, len;289unsigned char *data;290struct txp_el *el = &h->txp->el[h->enc_level];291292if (!ossl_assert(!h->txn.active))293return NULL;294295if (!ossl_assert(!h->done_implicit))296return NULL;297298data = (unsigned char *)el->scratch + h->scratch_bytes;299len = el->scratch_len - h->scratch_bytes;300301space_left = tx_helper_get_space_left(h);302if (!ossl_assert(space_left <= len))303return NULL;304305if (!WPACKET_init_static_len(&h->txn.wpkt, data, len, 0))306return NULL;307308if (!WPACKET_set_max_size(&h->txn.wpkt, space_left)) {309WPACKET_cleanup(&h->txn.wpkt);310return NULL;311}312313h->txn.data = data;314h->txn.active = 1;315return &h->txn.wpkt;316}317318static void tx_helper_end(struct tx_helper *h, int success)319{320if (success)321WPACKET_finish(&h->txn.wpkt);322else323WPACKET_cleanup(&h->txn.wpkt);324325h->txn.active = 0;326h->txn.data = NULL;327}328329/* Abort a control frame serialization transaction. */330static void tx_helper_rollback(struct tx_helper *h)331{332if (!h->txn.active)333return;334335tx_helper_end(h, 0);336}337338/* Commit a control frame. */339static int tx_helper_commit(struct tx_helper *h)340{341size_t l = 0;342343if (!h->txn.active)344return 0;345346if (!WPACKET_get_total_written(&h->txn.wpkt, &l)) {347tx_helper_end(h, 0);348return 0;349}350351if (!tx_helper_append_iovec(h, h->txn.data, l)) {352tx_helper_end(h, 0);353return 0;354}355356if (h->txp->msg_callback != NULL && l > 0) {357uint64_t ftype;358int ctype = SSL3_RT_QUIC_FRAME_FULL;359PACKET pkt;360361if (!PACKET_buf_init(&pkt, h->txn.data, l)362|| !ossl_quic_wire_peek_frame_header(&pkt, &ftype, NULL)) {363tx_helper_end(h, 0);364return 0;365}366367if (ftype == OSSL_QUIC_FRAME_TYPE_PADDING)368ctype = SSL3_RT_QUIC_FRAME_PADDING;369else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(ftype)370|| ftype == OSSL_QUIC_FRAME_TYPE_CRYPTO)371ctype = SSL3_RT_QUIC_FRAME_HEADER;372373h->txp->msg_callback(1, OSSL_QUIC1_VERSION, ctype, h->txn.data, l,374h->txp->msg_callback_ssl,375h->txp->msg_callback_arg);376}377378h->scratch_bytes += l;379tx_helper_end(h, 1);380return 1;381}382383struct archetype_data {384unsigned int allow_ack : 1;385unsigned int allow_ping : 1;386unsigned int allow_crypto : 1;387unsigned int allow_handshake_done : 1;388unsigned int allow_path_challenge : 1;389unsigned int allow_path_response : 1;390unsigned int allow_new_conn_id : 1;391unsigned int allow_retire_conn_id : 1;392unsigned int allow_stream_rel : 1;393unsigned int allow_conn_fc : 1;394unsigned int allow_conn_close : 1;395unsigned int allow_cfq_other : 1;396unsigned int allow_new_token : 1;397unsigned int allow_force_ack_eliciting : 1;398unsigned int allow_padding : 1;399unsigned int require_ack_eliciting : 1;400unsigned int bypass_cc : 1;401};402403struct txp_pkt_geom {404size_t cmpl, cmppl, hwm, pkt_overhead;405uint32_t archetype;406struct archetype_data adata;407};408409struct txp_pkt {410struct tx_helper h;411int h_valid;412QUIC_TXPIM_PKT *tpkt;413QUIC_STREAM *stream_head;414QUIC_PKT_HDR phdr;415struct txp_pkt_geom geom;416int force_pad;417};418419static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space,420void *arg);421static void on_regen_notify(uint64_t frame_type, uint64_t stream_id,422QUIC_TXPIM_PKT *pkt, void *arg);423static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id,424QUIC_TXPIM_PKT *pkt, void *arg);425static void on_sstream_updated(uint64_t stream_id, void *arg);426static int sstream_is_pending(QUIC_SSTREAM *sstream);427static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp,428uint32_t enc_level,429uint32_t archetype,430uint64_t cc_limit,431uint32_t *conn_close_enc_level);432static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp);433static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp,434size_t pl,435uint32_t enc_level,436size_t hdr_len,437size_t *r);438static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp);439static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp,440struct txp_pkt *pkt,441int chosen_for_conn_close);442static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp,443uint32_t enc_level, uint32_t archetype,444size_t running_total);445static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp);446static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt,447OSSL_QUIC_TX_PACKETISER *txp);448static int txp_pkt_append_padding(struct txp_pkt *pkt,449OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes);450static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp, struct txp_pkt *pkt,451uint32_t archetype, int *txpim_pkt_reffed);452static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp,453uint64_t cc_limit);454455/**456* Sets the validated state of a QUIC TX packetiser.457*458* This function marks the provided QUIC TX packetiser as having its credit459* fully validated by setting its `unvalidated_credit` field to `SIZE_MAX`.460*461* @param txp A pointer to the OSSL_QUIC_TX_PACKETISER structure to update.462*/463void ossl_quic_tx_packetiser_set_validated(OSSL_QUIC_TX_PACKETISER *txp)464{465txp->unvalidated_credit = SIZE_MAX;466return;467}468469/**470* Adds unvalidated credit to a QUIC TX packetiser.471*472* This function increases the unvalidated credit of the provided QUIC TX473* packetiser. If the current unvalidated credit is not `SIZE_MAX`, the474* function adds three times the specified `credit` value, ensuring it does475* not exceed the maximum allowable value (`SIZE_MAX - 1`). If the addition476* would cause an overflow, the unvalidated credit is capped at477* `SIZE_MAX - 1`. If the current unvalidated credit is already `SIZE_MAX`,478* the function does nothing.479*480* @param txp A pointer to the OSSL_QUIC_TX_PACKETISER structure to update.481* @param credit The amount of credit to add, multiplied by 3.482*/483void ossl_quic_tx_packetiser_add_unvalidated_credit(OSSL_QUIC_TX_PACKETISER *txp,484size_t credit)485{486if (txp->unvalidated_credit != SIZE_MAX) {487if ((SIZE_MAX - txp->unvalidated_credit) > (credit * 3))488txp->unvalidated_credit += credit * 3;489else490txp->unvalidated_credit = SIZE_MAX - 1;491}492493return;494}495496/**497* Consumes unvalidated credit from a QUIC TX packetiser.498*499* This function decreases the unvalidated credit of the specified500* QUIC TX packetiser by the given `credit` value. If the unvalidated credit501* is set to `SIZE_MAX`, the function does nothing, as `SIZE_MAX` represents502* an unlimited credit state.503*504* @param txp A pointer to the OSSL_QUIC_TX_PACKETISER structure to update.505* @param credit The amount of credit to consume.506*/507void ossl_quic_tx_packetiser_consume_unvalidated_credit(OSSL_QUIC_TX_PACKETISER *txp,508size_t credit)509{510if (txp->unvalidated_credit != SIZE_MAX) {511if (txp->unvalidated_credit < credit)512txp->unvalidated_credit = 0;513else514txp->unvalidated_credit -= credit;515}516}517518/**519* Checks if the QUIC TX packetiser has sufficient unvalidated credit.520*521* This function determines whether the unvalidated credit of the specified522* QUIC TX packetiser exceeds the required credit value (`req_credit`).523* If the unvalidated credit is greater than `req_credit`, the function524* returns 1 (true); otherwise, it returns 0 (false).525*526* @param txp A pointer to the OSSL_QUIC_TX_PACKETISER structure to check.527* @param req_credit The required credit value to compare against.528*529* @return 1 if the unvalidated credit exceeds `req_credit`, 0 otherwise.530*/531int ossl_quic_tx_packetiser_check_unvalidated_credit(OSSL_QUIC_TX_PACKETISER *txp,532size_t req_credit)533{534return (txp->unvalidated_credit > req_credit);535}536537OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args)538{539OSSL_QUIC_TX_PACKETISER *txp;540541if (args == NULL542|| args->qtx == NULL543|| args->txpim == NULL544|| args->cfq == NULL545|| args->ackm == NULL546|| args->qsm == NULL547|| args->conn_txfc == NULL548|| args->conn_rxfc == NULL549|| args->max_streams_bidi_rxfc == NULL550|| args->max_streams_uni_rxfc == NULL551|| args->protocol_version == 0) {552ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);553return NULL;554}555556txp = OPENSSL_zalloc(sizeof(*txp));557if (txp == NULL)558return NULL;559560txp->args = *args;561txp->last_tx_time = ossl_time_zero();562563if (!ossl_quic_fifd_init(&txp->fifd,564txp->args.cfq, txp->args.ackm, txp->args.txpim,565get_sstream_by_id, txp,566on_regen_notify, txp,567on_confirm_notify, txp,568on_sstream_updated, txp,569args->get_qlog_cb,570args->get_qlog_cb_arg)) {571OPENSSL_free(txp);572return NULL;573}574575return txp;576}577578void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp)579{580uint32_t enc_level;581582if (txp == NULL)583return;584585ossl_quic_tx_packetiser_set_initial_token(txp, NULL, 0, NULL, NULL);586ossl_quic_fifd_cleanup(&txp->fifd);587OPENSSL_free(txp->conn_close_frame.reason);588589for (enc_level = QUIC_ENC_LEVEL_INITIAL;590enc_level < QUIC_ENC_LEVEL_NUM;591++enc_level) {592OPENSSL_free(txp->el[enc_level].iovec);593OPENSSL_free(txp->el[enc_level].scratch);594}595596OPENSSL_free(txp);597}598599/*600* Determine if an Initial packet token length is reasonable based on the601* current MDPL, returning 1 if it is OK.602*603* The real PMTU to the peer could differ from our (pessimistic) understanding604* of the PMTU, therefore it is possible we could receive an Initial token from605* a server in a Retry packet which is bigger than the MDPL. In this case it is606* impossible for us ever to make forward progress and we need to error out607* and fail the connection attempt.608*609* The specific boundary condition is complex: for example, after the size of610* the Initial token, there are the Initial packet header overheads and then611* encryption/AEAD tag overheads. After that, the minimum room for frame data in612* order to guarantee forward progress must be guaranteed. For example, a crypto613* stream needs to always be able to serialize at least one byte in a CRYPTO614* frame in order to make forward progress. Because the offset field of a CRYPTO615* frame uses a variable-length integer, the number of bytes needed to ensure616* this also varies.617*618* Rather than trying to get this boundary condition check actually right,619* require a reasonable amount of slack to avoid pathological behaviours. (After620* all, transmitting a CRYPTO stream one byte at a time is probably not621* desirable anyway.)622*623* We choose 160 bytes as the required margin, which is double the rough624* estimation of the minimum we would require to guarantee forward progress625* under worst case packet overheads.626*/627#define TXP_REQUIRED_TOKEN_MARGIN 160628629static int txp_check_token_len(size_t token_len, size_t mdpl)630{631if (token_len == 0)632return 1;633634if (token_len >= mdpl)635return 0;636637if (TXP_REQUIRED_TOKEN_MARGIN >= mdpl)638/* (should not be possible because MDPL must be at least 1200) */639return 0;640641if (token_len > mdpl - TXP_REQUIRED_TOKEN_MARGIN)642return 0;643644return 1;645}646647int ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp,648const unsigned char *token,649size_t token_len,650ossl_quic_initial_token_free_fn *free_cb,651void *free_cb_arg)652{653if (!txp_check_token_len(token_len, txp_get_mdpl(txp)))654return 0;655656if (txp->initial_token != NULL && txp->initial_token_free_cb != NULL)657txp->initial_token_free_cb(txp->initial_token, txp->initial_token_len,658txp->initial_token_free_cb_arg);659660txp->initial_token = token;661txp->initial_token_len = token_len;662txp->initial_token_free_cb = free_cb;663txp->initial_token_free_cb_arg = free_cb_arg;664return 1;665}666667int ossl_quic_tx_packetiser_set_protocol_version(OSSL_QUIC_TX_PACKETISER *txp,668uint32_t protocol_version)669{670txp->args.protocol_version = protocol_version;671return 1;672}673674int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp,675const QUIC_CONN_ID *dcid)676{677if (dcid == NULL) {678ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);679return 0;680}681682txp->args.cur_dcid = *dcid;683return 1;684}685686int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp,687const QUIC_CONN_ID *scid)688{689if (scid == NULL) {690ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);691return 0;692}693694txp->args.cur_scid = *scid;695return 1;696}697698/* Change the destination L4 address the TXP uses to send datagrams. */699int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp,700const BIO_ADDR *peer)701{702if (peer == NULL) {703BIO_ADDR_clear(&txp->args.peer);704return 1;705}706707return BIO_ADDR_copy(&txp->args.peer, peer);708}709710void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp,711void (*cb)(const OSSL_QUIC_FRAME_ACK *ack,712uint32_t pn_space,713void *arg),714void *cb_arg)715{716txp->ack_tx_cb = cb;717txp->ack_tx_cb_arg = cb_arg;718}719720void ossl_quic_tx_packetiser_set_qlog_cb(OSSL_QUIC_TX_PACKETISER *txp,721QLOG *(*get_qlog_cb)(void *arg),722void *get_qlog_cb_arg)723{724ossl_quic_fifd_set_qlog_cb(&txp->fifd, get_qlog_cb, get_qlog_cb_arg);725}726727int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp,728uint32_t enc_level)729{730if (enc_level >= QUIC_ENC_LEVEL_NUM) {731ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);732return 0;733}734735if (enc_level != QUIC_ENC_LEVEL_0RTT)736txp->args.crypto[ossl_quic_enc_level_to_pn_space(enc_level)] = NULL;737738return 1;739}740741void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp)742{743txp->handshake_complete = 1;744}745746void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp)747{748txp->want_handshake_done = 1;749}750751void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp,752uint32_t pn_space)753{754txp->force_ack_eliciting |= (1UL << pn_space);755}756757void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp,758uint32_t pn_space)759{760txp->want_ack |= (1UL << pn_space);761}762763#define TXP_ERR_INTERNAL 0 /* Internal (e.g. alloc) error */764#define TXP_ERR_SUCCESS 1 /* Success */765#define TXP_ERR_SPACE 2 /* Not enough room for another packet */766#define TXP_ERR_INPUT 3 /* Invalid/malformed input */767768/*769* Generates a datagram by polling the various ELs to determine if they want to770* generate any frames, and generating a datagram which coalesces packets for771* any ELs which do.772*/773int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp,774QUIC_TXP_STATUS *status)775{776/*777* Called to generate one or more datagrams, each containing one or more778* packets.779*780* There are some tricky things to note here:781*782* - The TXP is only concerned with generating encrypted packets;783* other packets use a different path.784*785* - Any datagram containing an Initial packet must have a payload length786* (DPL) of at least 1200 bytes. This padding need not necessarily be787* found in the Initial packet.788*789* - It is desirable to be able to coalesce an Initial packet790* with a Handshake packet. Since, before generating the Handshake791* packet, we do not know how long it will be, we cannot know the792* correct amount of padding to ensure a DPL of at least 1200 bytes.793* Thus this padding must added to the Handshake packet (or whatever794* packet is the last in the datagram).795*796* - However, at the time that we generate the Initial packet,797* we do not actually know for sure that we will be followed798* in the datagram by another packet. For example, suppose we have799* some queued data (e.g. crypto stream data for the HANDSHAKE EL)800* it looks like we will want to send on the HANDSHAKE EL.801* We could assume padding will be placed in the Handshake packet802* subsequently and avoid adding any padding to the Initial packet803* (which would leave no room for the Handshake packet in the804* datagram).805*806* However, this is not actually a safe assumption. Suppose that we807* are using a link with a MDPL of 1200 bytes, the minimum allowed by808* QUIC. Suppose that the Initial packet consumes 1195 bytes in total.809* Since it is not possible to fit a Handshake packet in just 5 bytes,810* upon trying to add a Handshake packet after generating the Initial811* packet, we will discover we have no room to fit it! This is not a812* problem in itself as another datagram can be sent subsequently, but813* it is a problem because we were counting to use that packet to hold814* the essential padding. But if we have already finished encrypting815* the Initial packet, we cannot go and add padding to it anymore.816* This leaves us stuck.817*818* Because of this, we have to plan multiple packets simultaneously, such819* that we can start generating a Handshake (or 0-RTT or 1-RTT, or so on)820* packet while still having the option to go back and add padding to the821* Initial packet if it turns out to be needed.822*823* Trying to predict ahead of time (e.g. during Initial packet generation)824* whether we will successfully generate a subsequent packet is fraught with825* error as it relies on a large number of variables:826*827* - Do we have room to fit a packet header? (Consider that due to828* variable-length integer encoding this is highly variable and can even829* depend on payload length due to a variable-length Length field.)830*831* - Can we fit even a single one of the frames we want to put in this832* packet in the packet? (Each frame type has a bespoke encoding. While833* our encodings of some frame types are adaptive based on the available834* room - e.g. STREAM frames - ultimately all frame types have some835* absolute minimum number of bytes to be successfully encoded. For836* example, if after an Initial packet there is enough room to encode837* only one byte of frame data, it is quite likely we can't send any of838* the frames we wanted to send.) While this is not strictly a problem839* because we could just fill the packet with padding frames, this is a840* pointless packet and is wasteful.841*842* Thus we adopt a multi-phase architecture:843*844* 1. Archetype Selection: Determine desired packet archetype.845*846* 2. Packet Staging: Generation of packet information and packet payload847* data (frame data) into staging areas.848*849* 3. Packet Adjustment: Adjustment of staged packets, adding padding to850* the staged packets if needed.851*852* 4. Commit: The packets are sent to the QTX and recorded as having been853* sent to the FIFM.854*855*/856int res = 0, rc;857uint32_t archetype, enc_level;858uint32_t conn_close_enc_level = QUIC_ENC_LEVEL_NUM;859struct txp_pkt pkt[QUIC_ENC_LEVEL_NUM];860size_t pkts_done = 0;861uint64_t cc_limit = txp->args.cc_method->get_tx_allowance(txp->args.cc_data);862int need_padding = 0, txpim_pkt_reffed;863864memset(status, 0, sizeof(*status));865866for (enc_level = QUIC_ENC_LEVEL_INITIAL;867enc_level < QUIC_ENC_LEVEL_NUM;868++enc_level)869pkt[enc_level].h_valid = 0;870871/*872* Should not be needed, but a sanity check in case anyone else has been873* using the QTX.874*/875ossl_qtx_finish_dgram(txp->args.qtx);876877/* 1. Archetype Selection */878archetype = txp_determine_archetype(txp, cc_limit);879880/* 2. Packet Staging */881for (enc_level = QUIC_ENC_LEVEL_INITIAL;882enc_level < QUIC_ENC_LEVEL_NUM;883++enc_level) {884size_t running_total = (enc_level > QUIC_ENC_LEVEL_INITIAL)885? pkt[enc_level - 1].geom.hwm886: 0;887888pkt[enc_level].geom.hwm = running_total;889890if (!txp_should_try_staging(txp, enc_level, archetype, cc_limit,891&conn_close_enc_level))892continue;893894if (!txp_pkt_init(&pkt[enc_level], txp, enc_level, archetype,895running_total))896/*897* If this fails this is not a fatal error - it means the geometry898* planning determined there was not enough space for another899* packet. So just proceed with what we've already planned for.900*/901break;902903rc = txp_generate_for_el(txp, &pkt[enc_level],904conn_close_enc_level == enc_level);905if (rc != TXP_ERR_SUCCESS)906goto out;907908if (pkt[enc_level].force_pad)909/*910* txp_generate_for_el emitted a frame which forces packet padding.911*/912need_padding = 1;913914pkt[enc_level].geom.hwm = running_total915+ pkt[enc_level].h.bytes_appended916+ pkt[enc_level].geom.pkt_overhead;917}918919/* 3. Packet Adjustment */920if (pkt[QUIC_ENC_LEVEL_INITIAL].h_valid921&& pkt[QUIC_ENC_LEVEL_INITIAL].h.bytes_appended > 0)922/*923* We have an Initial packet in this datagram, so we need to make sure924* the total size of the datagram is adequate.925*/926need_padding = 1;927928if (need_padding) {929size_t total_dgram_size = 0;930const size_t min_dpl = QUIC_MIN_INITIAL_DGRAM_LEN;931uint32_t pad_el = QUIC_ENC_LEVEL_NUM;932933for (enc_level = QUIC_ENC_LEVEL_INITIAL;934enc_level < QUIC_ENC_LEVEL_NUM;935++enc_level)936if (pkt[enc_level].h_valid && pkt[enc_level].h.bytes_appended > 0) {937if (pad_el == QUIC_ENC_LEVEL_NUM938/*939* We might not be able to add padding, for example if we940* are using the ACK_ONLY archetype.941*/942&& pkt[enc_level].geom.adata.allow_padding943&& !pkt[enc_level].h.done_implicit)944pad_el = enc_level;945946txp_pkt_postgen_update_pkt_overhead(&pkt[enc_level], txp);947total_dgram_size += pkt[enc_level].geom.pkt_overhead948+ pkt[enc_level].h.bytes_appended;949}950951if (pad_el != QUIC_ENC_LEVEL_NUM && total_dgram_size < min_dpl) {952size_t deficit = min_dpl - total_dgram_size;953954if (!txp_pkt_append_padding(&pkt[pad_el], txp, deficit))955goto out;956957total_dgram_size += deficit;958959/*960* Padding frames make a packet ineligible for being a non-inflight961* packet.962*/963pkt[pad_el].tpkt->ackm_pkt.is_inflight = 1;964}965966/*967* If we have failed to make a datagram of adequate size, for example968* because we have a padding requirement but are using the ACK_ONLY969* archetype (because we are CC limited), which precludes us from970* sending padding, give up on generating the datagram - there is971* nothing we can do.972*/973if (total_dgram_size < min_dpl) {974res = 1;975goto out;976}977}978979/* 4. Commit */980for (enc_level = QUIC_ENC_LEVEL_INITIAL;981enc_level < QUIC_ENC_LEVEL_NUM;982++enc_level) {983984if (!pkt[enc_level].h_valid)985/* Did not attempt to generate a packet for this EL. */986continue;987988if (pkt[enc_level].h.bytes_appended == 0)989/* Nothing was generated for this EL, so skip. */990continue;991992if (!ossl_quic_tx_packetiser_check_unvalidated_credit(txp,993pkt[enc_level].h.bytes_appended)) {994res = TXP_ERR_SPACE;995goto out;996}997ossl_quic_tx_packetiser_consume_unvalidated_credit(txp, pkt[enc_level].h.bytes_appended);998999rc = txp_pkt_commit(txp, &pkt[enc_level], archetype,1000&txpim_pkt_reffed);1001if (rc) {1002status->sent_ack_eliciting1003= status->sent_ack_eliciting1004|| pkt[enc_level].tpkt->ackm_pkt.is_ack_eliciting;10051006if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE)1007status->sent_handshake1008= (pkt[enc_level].h_valid1009&& pkt[enc_level].h.bytes_appended > 0);1010}10111012if (txpim_pkt_reffed)1013pkt[enc_level].tpkt = NULL; /* don't free */10141015if (!rc)1016goto out;10171018++pkts_done;1019}10201021/* Flush & Cleanup */1022res = 1;1023out:1024ossl_qtx_finish_dgram(txp->args.qtx);10251026for (enc_level = QUIC_ENC_LEVEL_INITIAL;1027enc_level < QUIC_ENC_LEVEL_NUM;1028++enc_level)1029txp_pkt_cleanup(&pkt[enc_level], txp);10301031status->sent_pkt = pkts_done;10321033return res;1034}10351036static const struct archetype_data archetypes[QUIC_ENC_LEVEL_NUM][TX_PACKETISER_ARCHETYPE_NUM] = {1037/* EL 0(INITIAL) */1038{1039/* EL 0(INITIAL) - Archetype 0(NORMAL) */1040{1041/*allow_ack =*/1,1042/*allow_ping =*/1,1043/*allow_crypto =*/1,1044/*allow_handshake_done =*/0,1045/*allow_path_challenge =*/0,1046/*allow_path_response =*/0,1047/*allow_new_conn_id =*/0,1048/*allow_retire_conn_id =*/0,1049/*allow_stream_rel =*/0,1050/*allow_conn_fc =*/0,1051/*allow_conn_close =*/1,1052/*allow_cfq_other =*/0,1053/*allow_new_token =*/0,1054/*allow_force_ack_eliciting =*/1,1055/*allow_padding =*/1,1056/*require_ack_eliciting =*/0,1057/*bypass_cc =*/0,1058},1059/* EL 0(INITIAL) - Archetype 1(PROBE) */1060{1061/*allow_ack =*/1,1062/*allow_ping =*/1,1063/*allow_crypto =*/1,1064/*allow_handshake_done =*/0,1065/*allow_path_challenge =*/0,1066/*allow_path_response =*/0,1067/*allow_new_conn_id =*/0,1068/*allow_retire_conn_id =*/0,1069/*allow_stream_rel =*/0,1070/*allow_conn_fc =*/0,1071/*allow_conn_close =*/1,1072/*allow_cfq_other =*/0,1073/*allow_new_token =*/0,1074/*allow_force_ack_eliciting =*/1,1075/*allow_padding =*/1,1076/*require_ack_eliciting =*/1,1077/*bypass_cc =*/1,1078},1079/* EL 0(INITIAL) - Archetype 2(ACK_ONLY) */1080{1081/*allow_ack =*/1,1082/*allow_ping =*/0,1083/*allow_crypto =*/0,1084/*allow_handshake_done =*/0,1085/*allow_path_challenge =*/0,1086/*allow_path_response =*/0,1087/*allow_new_conn_id =*/0,1088/*allow_retire_conn_id =*/0,1089/*allow_stream_rel =*/0,1090/*allow_conn_fc =*/0,1091/*allow_conn_close =*/0,1092/*allow_cfq_other =*/0,1093/*allow_new_token =*/0,1094/*allow_force_ack_eliciting =*/1,1095/*allow_padding =*/0,1096/*require_ack_eliciting =*/0,1097/*bypass_cc =*/1,1098},1099},1100/* EL 1(0RTT) */1101{1102/* EL 1(0RTT) - Archetype 0(NORMAL) */1103{1104/*allow_ack =*/0,1105/*allow_ping =*/1,1106/*allow_crypto =*/0,1107/*allow_handshake_done =*/0,1108/*allow_path_challenge =*/0,1109/*allow_path_response =*/0,1110/*allow_new_conn_id =*/1,1111/*allow_retire_conn_id =*/1,1112/*allow_stream_rel =*/1,1113/*allow_conn_fc =*/1,1114/*allow_conn_close =*/1,1115/*allow_cfq_other =*/0,1116/*allow_new_token =*/0,1117/*allow_force_ack_eliciting =*/0,1118/*allow_padding =*/1,1119/*require_ack_eliciting =*/0,1120/*bypass_cc =*/0,1121},1122/* EL 1(0RTT) - Archetype 1(PROBE) */1123{1124/*allow_ack =*/0,1125/*allow_ping =*/1,1126/*allow_crypto =*/0,1127/*allow_handshake_done =*/0,1128/*allow_path_challenge =*/0,1129/*allow_path_response =*/0,1130/*allow_new_conn_id =*/1,1131/*allow_retire_conn_id =*/1,1132/*allow_stream_rel =*/1,1133/*allow_conn_fc =*/1,1134/*allow_conn_close =*/1,1135/*allow_cfq_other =*/0,1136/*allow_new_token =*/0,1137/*allow_force_ack_eliciting =*/0,1138/*allow_padding =*/1,1139/*require_ack_eliciting =*/1,1140/*bypass_cc =*/1,1141},1142/* EL 1(0RTT) - Archetype 2(ACK_ONLY) */1143{1144/*allow_ack =*/0,1145/*allow_ping =*/0,1146/*allow_crypto =*/0,1147/*allow_handshake_done =*/0,1148/*allow_path_challenge =*/0,1149/*allow_path_response =*/0,1150/*allow_new_conn_id =*/0,1151/*allow_retire_conn_id =*/0,1152/*allow_stream_rel =*/0,1153/*allow_conn_fc =*/0,1154/*allow_conn_close =*/0,1155/*allow_cfq_other =*/0,1156/*allow_new_token =*/0,1157/*allow_force_ack_eliciting =*/0,1158/*allow_padding =*/0,1159/*require_ack_eliciting =*/0,1160/*bypass_cc =*/1,1161},1162},1163/* EL (HANDSHAKE) */1164{1165/* EL 2(HANDSHAKE) - Archetype 0(NORMAL) */1166{1167/*allow_ack =*/1,1168/*allow_ping =*/1,1169/*allow_crypto =*/1,1170/*allow_handshake_done =*/0,1171/*allow_path_challenge =*/0,1172/*allow_path_response =*/0,1173/*allow_new_conn_id =*/0,1174/*allow_retire_conn_id =*/0,1175/*allow_stream_rel =*/0,1176/*allow_conn_fc =*/0,1177/*allow_conn_close =*/1,1178/*allow_cfq_other =*/0,1179/*allow_new_token =*/0,1180/*allow_force_ack_eliciting =*/1,1181/*allow_padding =*/1,1182/*require_ack_eliciting =*/0,1183/*bypass_cc =*/0,1184},1185/* EL 2(HANDSHAKE) - Archetype 1(PROBE) */1186{1187/*allow_ack =*/1,1188/*allow_ping =*/1,1189/*allow_crypto =*/1,1190/*allow_handshake_done =*/0,1191/*allow_path_challenge =*/0,1192/*allow_path_response =*/0,1193/*allow_new_conn_id =*/0,1194/*allow_retire_conn_id =*/0,1195/*allow_stream_rel =*/0,1196/*allow_conn_fc =*/0,1197/*allow_conn_close =*/1,1198/*allow_cfq_other =*/0,1199/*allow_new_token =*/0,1200/*allow_force_ack_eliciting =*/1,1201/*allow_padding =*/1,1202/*require_ack_eliciting =*/1,1203/*bypass_cc =*/1,1204},1205/* EL 2(HANDSHAKE) - Archetype 2(ACK_ONLY) */1206{1207/*allow_ack =*/1,1208/*allow_ping =*/0,1209/*allow_crypto =*/0,1210/*allow_handshake_done =*/0,1211/*allow_path_challenge =*/0,1212/*allow_path_response =*/0,1213/*allow_new_conn_id =*/0,1214/*allow_retire_conn_id =*/0,1215/*allow_stream_rel =*/0,1216/*allow_conn_fc =*/0,1217/*allow_conn_close =*/0,1218/*allow_cfq_other =*/0,1219/*allow_new_token =*/0,1220/*allow_force_ack_eliciting =*/1,1221/*allow_padding =*/0,1222/*require_ack_eliciting =*/0,1223/*bypass_cc =*/1,1224},1225},1226/* EL 3(1RTT) */1227{1228/* EL 3(1RTT) - Archetype 0(NORMAL) */1229{1230/*allow_ack =*/1,1231/*allow_ping =*/1,1232/*allow_crypto =*/1,1233/*allow_handshake_done =*/1,1234/*allow_path_challenge =*/0,1235/*allow_path_response =*/1,1236/*allow_new_conn_id =*/1,1237/*allow_retire_conn_id =*/1,1238/*allow_stream_rel =*/1,1239/*allow_conn_fc =*/1,1240/*allow_conn_close =*/1,1241/*allow_cfq_other =*/1,1242/*allow_new_token =*/1,1243/*allow_force_ack_eliciting =*/1,1244/*allow_padding =*/1,1245/*require_ack_eliciting =*/0,1246/*bypass_cc =*/0,1247},1248/* EL 3(1RTT) - Archetype 1(PROBE) */1249{1250/*allow_ack =*/1,1251/*allow_ping =*/1,1252/*allow_crypto =*/1,1253/*allow_handshake_done =*/1,1254/*allow_path_challenge =*/0,1255/*allow_path_response =*/1,1256/*allow_new_conn_id =*/1,1257/*allow_retire_conn_id =*/1,1258/*allow_stream_rel =*/1,1259/*allow_conn_fc =*/1,1260/*allow_conn_close =*/1,1261/*allow_cfq_other =*/1,1262/*allow_new_token =*/1,1263/*allow_force_ack_eliciting =*/1,1264/*allow_padding =*/1,1265/*require_ack_eliciting =*/1,1266/*bypass_cc =*/1,1267},1268/* EL 3(1RTT) - Archetype 2(ACK_ONLY) */1269{1270/*allow_ack =*/1,1271/*allow_ping =*/0,1272/*allow_crypto =*/0,1273/*allow_handshake_done =*/0,1274/*allow_path_challenge =*/0,1275/*allow_path_response =*/0,1276/*allow_new_conn_id =*/0,1277/*allow_retire_conn_id =*/0,1278/*allow_stream_rel =*/0,1279/*allow_conn_fc =*/0,1280/*allow_conn_close =*/0,1281/*allow_cfq_other =*/0,1282/*allow_new_token =*/0,1283/*allow_force_ack_eliciting =*/1,1284/*allow_padding =*/0,1285/*require_ack_eliciting =*/0,1286/*bypass_cc =*/1,1287} }1288};12891290static int txp_get_archetype_data(uint32_t enc_level,1291uint32_t archetype,1292struct archetype_data *a)1293{1294if (enc_level >= QUIC_ENC_LEVEL_NUM1295|| archetype >= TX_PACKETISER_ARCHETYPE_NUM)1296return 0;12971298/* No need to avoid copying this as it should not exceed one int in size. */1299*a = archetypes[enc_level][archetype];1300return 1;1301}13021303static int txp_determine_geometry(OSSL_QUIC_TX_PACKETISER *txp,1304uint32_t archetype,1305uint32_t enc_level,1306size_t running_total,1307QUIC_PKT_HDR *phdr,1308struct txp_pkt_geom *geom)1309{1310size_t mdpl, cmpl, hdr_len;13111312/* Get information about packet archetype. */1313if (!txp_get_archetype_data(enc_level, archetype, &geom->adata))1314return 0;13151316/* Assemble packet header. */1317phdr->type = ossl_quic_enc_level_to_pkt_type(enc_level);1318phdr->spin_bit = 0;1319phdr->pn_len = txp_determine_pn_len(txp);1320phdr->partial = 0;1321phdr->fixed = 1;1322phdr->reserved = 0;1323phdr->version = txp->args.protocol_version;1324phdr->dst_conn_id = txp->args.cur_dcid;1325phdr->src_conn_id = txp->args.cur_scid;13261327/*1328* We need to know the length of the payload to get an accurate header1329* length for non-1RTT packets, because the Length field found in1330* Initial/Handshake/0-RTT packets uses a variable-length encoding. However,1331* we don't have a good idea of the length of our payload, because the1332* length of the payload depends on the room in the datagram after fitting1333* the header, which depends on the size of the header.1334*1335* In general, it does not matter if a packet is slightly shorter (because1336* e.g. we predicted use of a 2-byte length field, but ended up only needing1337* a 1-byte length field). However this does matter for Initial packets1338* which must be at least 1200 bytes, which is also the assumed default MTU;1339* therefore in many cases Initial packets will be padded to 1200 bytes,1340* which means if we overestimated the header size, we will be short by a1341* few bytes and the server will ignore the packet for being too short. In1342* this case, however, such packets always *will* be padded to meet 12001343* bytes, which requires a 2-byte length field, so we don't actually need to1344* worry about this. Thus we estimate the header length assuming a 2-byte1345* length field here, which should in practice work well in all cases.1346*/1347phdr->len = OSSL_QUIC_VLINT_2B_MAX - phdr->pn_len;13481349if (enc_level == QUIC_ENC_LEVEL_INITIAL) {1350phdr->token = txp->initial_token;1351phdr->token_len = txp->initial_token_len;1352} else {1353phdr->token = NULL;1354phdr->token_len = 0;1355}13561357hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(phdr->dst_conn_id.id_len,1358phdr);1359if (hdr_len == 0)1360return 0;13611362/* MDPL: Maximum datagram payload length. */1363mdpl = txp_get_mdpl(txp);13641365/*1366* CMPL: Maximum encoded packet size we can put into this datagram given any1367* previous packets coalesced into it.1368*/1369if (running_total > mdpl)1370/* Should not be possible, but if it happens: */1371cmpl = 0;1372else1373cmpl = mdpl - running_total;13741375/* CMPPL: Maximum amount we can put into the current packet payload */1376if (!txp_determine_ppl_from_pl(txp, cmpl, enc_level, hdr_len, &geom->cmppl))1377return 0;13781379geom->cmpl = cmpl;1380geom->pkt_overhead = cmpl - geom->cmppl;1381geom->archetype = archetype;1382return 1;1383}13841385static uint32_t txp_determine_archetype(OSSL_QUIC_TX_PACKETISER *txp,1386uint64_t cc_limit)1387{1388OSSL_ACKM_PROBE_INFO *probe_info1389= ossl_ackm_get0_probe_request(txp->args.ackm);1390uint32_t pn_space;13911392/*1393* If ACKM has requested probe generation (e.g. due to PTO), we generate a1394* Probe-archetype packet. Actually, we determine archetype on a1395* per-datagram basis, so if any EL wants a probe, do a pass in which1396* we try and generate a probe (if needed) for all ELs.1397*/1398if (probe_info->anti_deadlock_initial > 01399|| probe_info->anti_deadlock_handshake > 0)1400return TX_PACKETISER_ARCHETYPE_PROBE;14011402for (pn_space = QUIC_PN_SPACE_INITIAL;1403pn_space < QUIC_PN_SPACE_NUM;1404++pn_space)1405if (probe_info->pto[pn_space] > 0)1406return TX_PACKETISER_ARCHETYPE_PROBE;14071408/*1409* If we are out of CC budget, we cannot send a normal packet,1410* but we can do an ACK-only packet (potentially, if we1411* want to send an ACK).1412*/1413if (cc_limit == 0)1414return TX_PACKETISER_ARCHETYPE_ACK_ONLY;14151416/* All other packets. */1417return TX_PACKETISER_ARCHETYPE_NORMAL;1418}14191420static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp,1421uint32_t enc_level,1422uint32_t archetype,1423uint64_t cc_limit,1424uint32_t *conn_close_enc_level)1425{1426struct archetype_data a;1427uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);1428QUIC_CFQ_ITEM *cfq_item;14291430if (!ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level))1431return 0;14321433if (!txp_get_archetype_data(enc_level, archetype, &a))1434return 0;14351436if (!a.bypass_cc && cc_limit == 0)1437/* CC not allowing us to send. */1438return 0;14391440/*1441* We can produce CONNECTION_CLOSE frames on any EL in principle, which1442* means we need to choose which EL we would prefer to use. After a1443* connection is fully established we have only one provisioned EL and this1444* is a non-issue. Where multiple ELs are provisioned, it is possible the1445* peer does not have the keys for the EL yet, which suggests in general it1446* is preferable to use the lowest EL which is still provisioned.1447*1448* However (RFC 9000 s. 10.2.3 & 12.5) we are also required to not send1449* application CONNECTION_CLOSE frames in non-1-RTT ELs, so as to not1450* potentially leak application data on a connection which has yet to be1451* authenticated. Thus when we have an application CONNECTION_CLOSE frame1452* queued and need to send it on a non-1-RTT EL, we have to convert it1453* into a transport CONNECTION_CLOSE frame which contains no application1454* data. Since this loses information, it suggests we should use the 1-RTT1455* EL to avoid this if possible, even if a lower EL is also available.1456*1457* At the same time, just because we have the 1-RTT EL provisioned locally1458* does not necessarily mean the peer does, for example if a handshake1459* CRYPTO frame has been lost. It is fairly important that CONNECTION_CLOSE1460* is signalled in a way we know our peer can decrypt, as we stop processing1461* connection retransmission logic for real after connection close and1462* simply 'blindly' retransmit the same CONNECTION_CLOSE frame.1463*1464* This is not a major concern for clients, since if a client has a 1-RTT EL1465* provisioned the server is guaranteed to also have a 1-RTT EL provisioned.1466*1467* TODO(QUIC FUTURE): Revisit this when when have reached a decision on how1468* best to implement this1469*/1470if (*conn_close_enc_level > enc_level1471&& *conn_close_enc_level != QUIC_ENC_LEVEL_1RTT)1472*conn_close_enc_level = enc_level;14731474/* Do we need to send a PTO probe? */1475if (a.allow_force_ack_eliciting) {1476OSSL_ACKM_PROBE_INFO *probe_info1477= ossl_ackm_get0_probe_request(txp->args.ackm);14781479if ((enc_level == QUIC_ENC_LEVEL_INITIAL1480&& probe_info->anti_deadlock_initial > 0)1481|| (enc_level == QUIC_ENC_LEVEL_HANDSHAKE1482&& probe_info->anti_deadlock_handshake > 0)1483|| probe_info->pto[pn_space] > 0)1484return 1;1485}14861487/* Does the crypto stream for this EL want to produce anything? */1488if (a.allow_crypto && sstream_is_pending(txp->args.crypto[pn_space]))1489return 1;14901491/* Does the ACKM for this PN space want to produce anything? */1492if (a.allow_ack && (ossl_ackm_is_ack_desired(txp->args.ackm, pn_space) || (txp->want_ack & (1UL << pn_space)) != 0))1493return 1;14941495/* Do we need to force emission of an ACK-eliciting packet? */1496if (a.allow_force_ack_eliciting1497&& (txp->force_ack_eliciting & (1UL << pn_space)) != 0)1498return 1;14991500/* Does the connection-level RXFC want to produce a frame? */1501if (a.allow_conn_fc && (txp->want_max_data || ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0)))1502return 1;15031504/* Do we want to produce a MAX_STREAMS frame? */1505if (a.allow_conn_fc1506&& (txp->want_max_streams_bidi1507|| ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc,15080)1509|| txp->want_max_streams_uni1510|| ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc,15110)))1512return 1;15131514/* Do we want to produce a HANDSHAKE_DONE frame? */1515if (a.allow_handshake_done && txp->want_handshake_done)1516return 1;15171518/* Do we want to produce a CONNECTION_CLOSE frame? */1519if (a.allow_conn_close && txp->want_conn_close && *conn_close_enc_level == enc_level)1520/*1521* This is a bit of a special case since CONNECTION_CLOSE can appear in1522* most packet types, and when we decide we want to send it this status1523* isn't tied to a specific EL. So if we want to send it, we send it1524* only on the lowest non-dropped EL.1525*/1526return 1;15271528/* Does the CFQ have any frames queued for this PN space? */1529if (enc_level != QUIC_ENC_LEVEL_0RTT)1530for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space);1531cfq_item != NULL;1532cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) {1533uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item);15341535switch (frame_type) {1536case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:1537if (a.allow_new_conn_id)1538return 1;1539break;1540case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:1541if (a.allow_retire_conn_id)1542return 1;1543break;1544case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:1545if (a.allow_new_token)1546return 1;1547break;1548case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:1549if (a.allow_path_response)1550return 1;1551break;1552default:1553if (a.allow_cfq_other)1554return 1;1555break;1556}1557}15581559if (a.allow_stream_rel && txp->handshake_complete) {1560QUIC_STREAM_ITER it;15611562/* If there are any active streams, 0/1-RTT wants to produce a packet.1563* Whether a stream is on the active list is required to be precise1564* (i.e., a stream is never on the active list if we cannot produce a1565* frame for it), and all stream-related frames are governed by1566* a.allow_stream_rel (i.e., if we can send one type of stream-related1567* frame, we can send any of them), so we don't need to inspect1568* individual streams on the active list, just confirm that the active1569* list is non-empty.1570*/1571ossl_quic_stream_iter_init(&it, txp->args.qsm, 0);1572if (it.stream != NULL)1573return 1;1574}15751576return 0;1577}15781579static int sstream_is_pending(QUIC_SSTREAM *sstream)1580{1581OSSL_QUIC_FRAME_STREAM hdr;1582OSSL_QTX_IOVEC iov[2];1583size_t num_iov = OSSL_NELEM(iov);15841585return ossl_quic_sstream_get_stream_frame(sstream, 0, &hdr, iov, &num_iov);1586}15871588/* Determine how many bytes we should use for the encoded PN. */1589static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp)1590{1591return 4; /* TODO(QUIC FUTURE) */1592}15931594/* Determine plaintext packet payload length from payload length. */1595static int txp_determine_ppl_from_pl(OSSL_QUIC_TX_PACKETISER *txp,1596size_t pl,1597uint32_t enc_level,1598size_t hdr_len,1599size_t *r)1600{1601if (pl < hdr_len)1602return 0;16031604pl -= hdr_len;16051606if (!ossl_qtx_calculate_plaintext_payload_len(txp->args.qtx, enc_level,1607pl, &pl))1608return 0;16091610*r = pl;1611return 1;1612}16131614static size_t txp_get_mdpl(OSSL_QUIC_TX_PACKETISER *txp)1615{1616return ossl_qtx_get_mdpl(txp->args.qtx);1617}16181619static QUIC_SSTREAM *get_sstream_by_id(uint64_t stream_id, uint32_t pn_space,1620void *arg)1621{1622OSSL_QUIC_TX_PACKETISER *txp = arg;1623QUIC_STREAM *s;16241625if (stream_id == UINT64_MAX)1626return txp->args.crypto[pn_space];16271628s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);1629if (s == NULL)1630return NULL;16311632return s->sstream;1633}16341635static void on_regen_notify(uint64_t frame_type, uint64_t stream_id,1636QUIC_TXPIM_PKT *pkt, void *arg)1637{1638OSSL_QUIC_TX_PACKETISER *txp = arg;16391640switch (frame_type) {1641case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:1642txp->want_handshake_done = 1;1643break;1644case OSSL_QUIC_FRAME_TYPE_MAX_DATA:1645txp->want_max_data = 1;1646break;1647case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:1648txp->want_max_streams_bidi = 1;1649break;1650case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:1651txp->want_max_streams_uni = 1;1652break;1653case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:1654txp->want_ack |= (1UL << pkt->ackm_pkt.pkt_space);1655break;1656case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA: {1657QUIC_STREAM *s1658= ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);16591660if (s == NULL)1661return;16621663s->want_max_stream_data = 1;1664ossl_quic_stream_map_update_state(txp->args.qsm, s);1665} break;1666case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: {1667QUIC_STREAM *s1668= ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);16691670if (s == NULL)1671return;16721673ossl_quic_stream_map_schedule_stop_sending(txp->args.qsm, s);1674} break;1675case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: {1676QUIC_STREAM *s1677= ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);16781679if (s == NULL)1680return;16811682s->want_reset_stream = 1;1683ossl_quic_stream_map_update_state(txp->args.qsm, s);1684} break;1685default:1686assert(0);1687break;1688}1689}16901691static int txp_need_ping(OSSL_QUIC_TX_PACKETISER *txp,1692uint32_t pn_space,1693const struct archetype_data *adata)1694{1695return adata->allow_ping1696&& (adata->require_ack_eliciting1697|| (txp->force_ack_eliciting & (1UL << pn_space)) != 0);1698}16991700static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp,1701uint32_t enc_level, uint32_t archetype,1702size_t running_total)1703{1704uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);17051706if (!txp_determine_geometry(txp, archetype, enc_level,1707running_total, &pkt->phdr, &pkt->geom))1708return 0;17091710/*1711* Initialise TX helper. If we must be ACK eliciting, reserve 1 byte for1712* PING.1713*/1714if (!tx_helper_init(&pkt->h, txp, enc_level,1715pkt->geom.cmppl,1716txp_need_ping(txp, pn_space, &pkt->geom.adata) ? 1 : 0))1717return 0;17181719pkt->h_valid = 1;1720pkt->tpkt = NULL;1721pkt->stream_head = NULL;1722pkt->force_pad = 0;1723return 1;1724}17251726static void txp_pkt_cleanup(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp)1727{1728if (!pkt->h_valid)1729return;17301731tx_helper_cleanup(&pkt->h);1732pkt->h_valid = 0;17331734if (pkt->tpkt != NULL) {1735ossl_quic_txpim_pkt_release(txp->args.txpim, pkt->tpkt);1736pkt->tpkt = NULL;1737}1738}17391740static int txp_pkt_postgen_update_pkt_overhead(struct txp_pkt *pkt,1741OSSL_QUIC_TX_PACKETISER *txp)1742{1743/*1744* After we have staged and generated our packets, but before we commit1745* them, it is possible for the estimated packet overhead (packet header +1746* AEAD tag size) to shrink slightly because we generated a short packet1747* whose which can be represented in fewer bytes as a variable-length1748* integer than we were (pessimistically) budgeting for. We need to account1749* for this to ensure that we get our padding calculation exactly right.1750*1751* Update pkt_overhead to be accurate now that we know how much data is1752* going in a packet.1753*/1754size_t hdr_len, ciphertext_len;17551756if (pkt->h.enc_level == QUIC_ENC_LEVEL_INITIAL)1757/*1758* Don't update overheads for the INITIAL EL - we have not finished1759* appending padding to it and would potentially miscalculate the1760* correct padding if we now update the pkt_overhead field to switch to1761* e.g. a 1-byte length field in the packet header. Since we are padding1762* to QUIC_MIN_INITIAL_DGRAM_LEN which requires a 2-byte length field,1763* this is guaranteed to be moot anyway. See comment in1764* txp_determine_geometry for more information.1765*/1766return 1;17671768if (!ossl_qtx_calculate_ciphertext_payload_len(txp->args.qtx, pkt->h.enc_level,1769pkt->h.bytes_appended,1770&ciphertext_len))1771return 0;17721773pkt->phdr.len = ciphertext_len;17741775hdr_len = ossl_quic_wire_get_encoded_pkt_hdr_len(pkt->phdr.dst_conn_id.id_len,1776&pkt->phdr);17771778pkt->geom.pkt_overhead = hdr_len + ciphertext_len - pkt->h.bytes_appended;1779return 1;1780}17811782static void on_confirm_notify(uint64_t frame_type, uint64_t stream_id,1783QUIC_TXPIM_PKT *pkt, void *arg)1784{1785OSSL_QUIC_TX_PACKETISER *txp = arg;17861787switch (frame_type) {1788case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: {1789QUIC_STREAM *s1790= ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);17911792if (s == NULL)1793return;17941795s->acked_stop_sending = 1;1796ossl_quic_stream_map_update_state(txp->args.qsm, s);1797} break;1798case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: {1799QUIC_STREAM *s1800= ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);18011802if (s == NULL)1803return;18041805/*1806* We must already be in RESET_SENT or RESET_RECVD if we are1807* here, so we don't need to check state here.1808*/1809ossl_quic_stream_map_notify_reset_stream_acked(txp->args.qsm, s);1810ossl_quic_stream_map_update_state(txp->args.qsm, s);1811} break;1812default:1813assert(0);1814break;1815}1816}18171818static int txp_pkt_append_padding(struct txp_pkt *pkt,1819OSSL_QUIC_TX_PACKETISER *txp, size_t num_bytes)1820{1821WPACKET *wpkt;18221823if (num_bytes == 0)1824return 1;18251826if (!ossl_assert(pkt->h_valid))1827return 0;18281829if (!ossl_assert(pkt->tpkt != NULL))1830return 0;18311832wpkt = tx_helper_begin(&pkt->h);1833if (wpkt == NULL)1834return 0;18351836if (!ossl_quic_wire_encode_padding(wpkt, num_bytes)) {1837tx_helper_rollback(&pkt->h);1838return 0;1839}18401841if (!tx_helper_commit(&pkt->h))1842return 0;18431844pkt->tpkt->ackm_pkt.num_bytes += num_bytes;1845/* Cannot be non-inflight if we have a PADDING frame */1846pkt->tpkt->ackm_pkt.is_inflight = 1;1847return 1;1848}18491850static void on_sstream_updated(uint64_t stream_id, void *arg)1851{1852OSSL_QUIC_TX_PACKETISER *txp = arg;1853QUIC_STREAM *s;18541855s = ossl_quic_stream_map_get_by_id(txp->args.qsm, stream_id);1856if (s == NULL)1857return;18581859ossl_quic_stream_map_update_state(txp->args.qsm, s);1860}18611862/*1863* Returns 1 if we can send that many bytes in closing state, 0 otherwise.1864* Also maintains the bytes sent state if it returns a success.1865*/1866static int try_commit_conn_close(OSSL_QUIC_TX_PACKETISER *txp, size_t n)1867{1868int res;18691870/* We can always send the first connection close frame */1871if (txp->closing_bytes_recv == 0)1872return 1;18731874/*1875* RFC 9000 s. 10.2.1 Closing Connection State:1876* To avoid being used for an amplification attack, such1877* endpoints MUST limit the cumulative size of packets it sends1878* to three times the cumulative size of the packets that are1879* received and attributed to the connection.1880* and:1881* An endpoint in the closing state MUST either discard packets1882* received from an unvalidated address or limit the cumulative1883* size of packets it sends to an unvalidated address to three1884* times the size of packets it receives from that address.1885*/1886res = txp->closing_bytes_xmit + n <= txp->closing_bytes_recv * 3;18871888/*1889* Attribute the bytes to the connection, if we are allowed to send them1890* and this isn't the first closing frame.1891*/1892if (res && txp->closing_bytes_recv != 0)1893txp->closing_bytes_xmit += n;1894return res;1895}18961897void ossl_quic_tx_packetiser_record_received_closing_bytes(1898OSSL_QUIC_TX_PACKETISER *txp, size_t n)1899{1900txp->closing_bytes_recv += n;1901}19021903static int txp_generate_pre_token(OSSL_QUIC_TX_PACKETISER *txp,1904struct txp_pkt *pkt,1905int chosen_for_conn_close,1906int *can_be_non_inflight)1907{1908const uint32_t enc_level = pkt->h.enc_level;1909const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);1910const struct archetype_data *a = &pkt->geom.adata;1911QUIC_TXPIM_PKT *tpkt = pkt->tpkt;1912struct tx_helper *h = &pkt->h;1913const OSSL_QUIC_FRAME_ACK *ack;1914OSSL_QUIC_FRAME_ACK ack2;19151916tpkt->ackm_pkt.largest_acked = QUIC_PN_INVALID;19171918/* ACK Frames (Regenerate) */1919if (a->allow_ack1920&& tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_ACK1921&& (((txp->want_ack & (1UL << pn_space)) != 0)1922|| ossl_ackm_is_ack_desired(txp->args.ackm, pn_space))1923&& (ack = ossl_ackm_get_ack_frame(txp->args.ackm, pn_space)) != NULL) {1924WPACKET *wpkt = tx_helper_begin(h);19251926if (wpkt == NULL)1927return 0;19281929/* We do not currently support ECN */1930ack2 = *ack;1931ack2.ecn_present = 0;19321933if (ossl_quic_wire_encode_frame_ack(wpkt,1934txp->args.ack_delay_exponent,1935&ack2)) {1936if (!tx_helper_commit(h))1937return 0;19381939tpkt->had_ack_frame = 1;19401941if (ack->num_ack_ranges > 0)1942tpkt->ackm_pkt.largest_acked = ack->ack_ranges[0].end;19431944if (txp->ack_tx_cb != NULL)1945txp->ack_tx_cb(&ack2, pn_space, txp->ack_tx_cb_arg);1946} else {1947tx_helper_rollback(h);1948}1949}19501951/* CONNECTION_CLOSE Frames (Regenerate) */1952if (a->allow_conn_close && txp->want_conn_close && chosen_for_conn_close) {1953WPACKET *wpkt = tx_helper_begin(h);1954OSSL_QUIC_FRAME_CONN_CLOSE f, *pf = &txp->conn_close_frame;1955size_t l;19561957if (wpkt == NULL)1958return 0;19591960/*1961* Application CONNECTION_CLOSE frames may only be sent in the1962* Application PN space, as otherwise they may be sent before a1963* connection is authenticated and leak application data. Therefore, if1964* we need to send a CONNECTION_CLOSE frame in another PN space and were1965* given an application CONNECTION_CLOSE frame, convert it into a1966* transport CONNECTION_CLOSE frame, removing any sensitive application1967* data.1968*1969* RFC 9000 s. 10.2.3: "A CONNECTION_CLOSE of type 0x1d MUST be replaced1970* by a CONNECTION_CLOSE of type 0x1c when sending the frame in Initial1971* or Handshake packets. Otherwise, information about the application1972* state might be revealed. Endpoints MUST clear the value of the Reason1973* Phrase field and SHOULD use the APPLICATION_ERROR code when1974* converting to a CONNECTION_CLOSE of type 0x1c."1975*/1976if (pn_space != QUIC_PN_SPACE_APP && pf->is_app) {1977pf = &f;1978pf->is_app = 0;1979pf->frame_type = 0;1980pf->error_code = OSSL_QUIC_ERR_APPLICATION_ERROR;1981pf->reason = NULL;1982pf->reason_len = 0;1983}19841985if (ossl_quic_wire_encode_frame_conn_close(wpkt, pf)1986&& WPACKET_get_total_written(wpkt, &l)1987&& try_commit_conn_close(txp, l)) {1988if (!tx_helper_commit(h))1989return 0;19901991tpkt->had_conn_close = 1;1992*can_be_non_inflight = 0;1993} else {1994tx_helper_rollback(h);1995}1996}19971998return 1;1999}20002001static int try_len(size_t space_left, size_t orig_len,2002size_t base_hdr_len, size_t lenbytes,2003uint64_t maxn, size_t *hdr_len, size_t *payload_len)2004{2005size_t n;2006size_t maxn_ = maxn > SIZE_MAX ? SIZE_MAX : (size_t)maxn;20072008*hdr_len = base_hdr_len + lenbytes;20092010if (orig_len == 0 && space_left >= *hdr_len) {2011*payload_len = 0;2012return 1;2013}20142015n = orig_len;2016if (n > maxn_)2017n = maxn_;2018if (n + *hdr_len > space_left)2019n = (space_left >= *hdr_len) ? space_left - *hdr_len : 0;20202021*payload_len = n;2022return n > 0;2023}20242025static int determine_len(size_t space_left, size_t orig_len,2026size_t base_hdr_len,2027uint64_t *hlen, uint64_t *len)2028{2029int ok = 0;2030size_t chosen_payload_len = 0;2031size_t chosen_hdr_len = 0;2032size_t payload_len[4], hdr_len[4];2033int i, valid[4] = { 0 };20342035valid[0] = try_len(space_left, orig_len, base_hdr_len,20361, OSSL_QUIC_VLINT_1B_MAX,2037&hdr_len[0], &payload_len[0]);2038valid[1] = try_len(space_left, orig_len, base_hdr_len,20392, OSSL_QUIC_VLINT_2B_MAX,2040&hdr_len[1], &payload_len[1]);2041valid[2] = try_len(space_left, orig_len, base_hdr_len,20424, OSSL_QUIC_VLINT_4B_MAX,2043&hdr_len[2], &payload_len[2]);2044valid[3] = try_len(space_left, orig_len, base_hdr_len,20458, OSSL_QUIC_VLINT_8B_MAX,2046&hdr_len[3], &payload_len[3]);20472048for (i = OSSL_NELEM(valid) - 1; i >= 0; --i)2049if (valid[i] && payload_len[i] >= chosen_payload_len) {2050chosen_payload_len = payload_len[i];2051chosen_hdr_len = hdr_len[i];2052ok = 1;2053}20542055*hlen = chosen_hdr_len;2056*len = chosen_payload_len;2057return ok;2058}20592060/*2061* Given a CRYPTO frame header with accurate chdr->len and a budget2062* (space_left), try to find the optimal value of chdr->len to fill as much of2063* the budget as possible. This is slightly hairy because larger values of2064* chdr->len cause larger encoded sizes of the length field of the frame, which2065* in turn mean less space available for payload data. We check all possible2066* encodings and choose the optimal encoding.2067*/2068static int determine_crypto_len(struct tx_helper *h,2069OSSL_QUIC_FRAME_CRYPTO *chdr,2070size_t space_left,2071uint64_t *hlen,2072uint64_t *len)2073{2074size_t orig_len;2075size_t base_hdr_len; /* CRYPTO header length without length field */20762077if (chdr->len > SIZE_MAX)2078return 0;20792080orig_len = (size_t)chdr->len;20812082chdr->len = 0;2083base_hdr_len = ossl_quic_wire_get_encoded_frame_len_crypto_hdr(chdr);2084chdr->len = orig_len;2085if (base_hdr_len == 0)2086return 0;20872088--base_hdr_len;20892090return determine_len(space_left, orig_len, base_hdr_len, hlen, len);2091}20922093static int determine_stream_len(struct tx_helper *h,2094OSSL_QUIC_FRAME_STREAM *shdr,2095size_t space_left,2096uint64_t *hlen,2097uint64_t *len)2098{2099size_t orig_len;2100size_t base_hdr_len; /* STREAM header length without length field */21012102if (shdr->len > SIZE_MAX)2103return 0;21042105orig_len = (size_t)shdr->len;21062107shdr->len = 0;2108base_hdr_len = ossl_quic_wire_get_encoded_frame_len_stream_hdr(shdr);2109shdr->len = orig_len;2110if (base_hdr_len == 0)2111return 0;21122113if (shdr->has_explicit_len)2114--base_hdr_len;21152116return determine_len(space_left, orig_len, base_hdr_len, hlen, len);2117}21182119static int txp_generate_crypto_frames(OSSL_QUIC_TX_PACKETISER *txp,2120struct txp_pkt *pkt,2121int *have_ack_eliciting)2122{2123const uint32_t enc_level = pkt->h.enc_level;2124const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);2125QUIC_TXPIM_PKT *tpkt = pkt->tpkt;2126struct tx_helper *h = &pkt->h;2127size_t num_stream_iovec;2128OSSL_QUIC_FRAME_STREAM shdr = { 0 };2129OSSL_QUIC_FRAME_CRYPTO chdr = { 0 };2130OSSL_QTX_IOVEC iov[2];2131uint64_t hdr_bytes;2132WPACKET *wpkt;2133QUIC_TXPIM_CHUNK chunk = { 0 };2134size_t i, space_left;21352136for (i = 0;; ++i) {2137space_left = tx_helper_get_space_left(h);21382139if (space_left < MIN_FRAME_SIZE_CRYPTO)2140return 1; /* no point trying */21412142/* Do we have any CRYPTO data waiting? */2143num_stream_iovec = OSSL_NELEM(iov);2144if (!ossl_quic_sstream_get_stream_frame(txp->args.crypto[pn_space],2145i, &shdr, iov,2146&num_stream_iovec))2147return 1; /* nothing to do */21482149/* Convert STREAM frame header to CRYPTO frame header */2150chdr.offset = shdr.offset;2151chdr.len = shdr.len;21522153if (chdr.len == 0)2154return 1; /* nothing to do */21552156/* Find best fit (header length, payload length) combination. */2157if (!determine_crypto_len(h, &chdr, space_left, &hdr_bytes,2158&chdr.len))2159return 1; /* can't fit anything */21602161/*2162* Truncate IOVs to match our chosen length.2163*2164* The length cannot be more than SIZE_MAX because this length comes2165* from our send stream buffer.2166*/2167ossl_quic_sstream_adjust_iov((size_t)chdr.len, iov, num_stream_iovec);21682169/*2170* Ensure we have enough iovecs allocated (1 for the header, up to 2 for2171* the stream data.)2172*/2173if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))2174return 0; /* alloc error */21752176/* Encode the header. */2177wpkt = tx_helper_begin(h);2178if (wpkt == NULL)2179return 0; /* alloc error */21802181if (!ossl_quic_wire_encode_frame_crypto_hdr(wpkt, &chdr)) {2182tx_helper_rollback(h);2183return 1; /* can't fit */2184}21852186if (!tx_helper_commit(h))2187return 0; /* alloc error */21882189/* Add payload iovecs to the helper (infallible). */2190for (i = 0; i < num_stream_iovec; ++i)2191tx_helper_append_iovec(h, iov[i].buf, iov[i].buf_len);21922193*have_ack_eliciting = 1;2194tx_helper_unrestrict(h); /* no longer need PING */21952196/* Log chunk to TXPIM. */2197chunk.stream_id = UINT64_MAX; /* crypto stream */2198chunk.start = chdr.offset;2199chunk.end = chdr.offset + chdr.len - 1;2200chunk.has_fin = 0; /* Crypto stream never ends */2201if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))2202return 0; /* alloc error */2203}2204}22052206struct chunk_info {2207OSSL_QUIC_FRAME_STREAM shdr;2208uint64_t orig_len;2209OSSL_QTX_IOVEC iov[2];2210size_t num_stream_iovec;2211int valid;2212};22132214static int txp_plan_stream_chunk(OSSL_QUIC_TX_PACKETISER *txp,2215struct tx_helper *h,2216QUIC_SSTREAM *sstream,2217QUIC_TXFC *stream_txfc,2218size_t skip,2219struct chunk_info *chunk,2220uint64_t consumed)2221{2222uint64_t fc_credit, fc_swm, fc_limit;22232224chunk->num_stream_iovec = OSSL_NELEM(chunk->iov);2225chunk->valid = ossl_quic_sstream_get_stream_frame(sstream, skip,2226&chunk->shdr,2227chunk->iov,2228&chunk->num_stream_iovec);2229if (!chunk->valid)2230return 1;22312232if (!ossl_assert(chunk->shdr.len > 0 || chunk->shdr.is_fin))2233/* Should only have 0-length chunk if FIN */2234return 0;22352236chunk->orig_len = chunk->shdr.len;22372238/* Clamp according to connection and stream-level TXFC. */2239fc_credit = ossl_quic_txfc_get_credit(stream_txfc, consumed);2240fc_swm = ossl_quic_txfc_get_swm(stream_txfc);2241fc_limit = fc_swm + fc_credit;22422243if (chunk->shdr.len > 0 && chunk->shdr.offset + chunk->shdr.len > fc_limit) {2244chunk->shdr.len = (fc_limit <= chunk->shdr.offset)2245? 02246: fc_limit - chunk->shdr.offset;2247chunk->shdr.is_fin = 0;2248}22492250if (chunk->shdr.len == 0 && !chunk->shdr.is_fin) {2251/*2252* Nothing to do due to TXFC. Since SSTREAM returns chunks in ascending2253* order of offset we don't need to check any later chunks, so stop2254* iterating here.2255*/2256chunk->valid = 0;2257return 1;2258}22592260return 1;2261}22622263/*2264* Returns 0 on fatal error (e.g. allocation failure), 1 on success.2265* *packet_full is set to 1 if there is no longer enough room for another STREAM2266* frame.2267*/2268static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp,2269struct txp_pkt *pkt,2270uint64_t id,2271QUIC_SSTREAM *sstream,2272QUIC_TXFC *stream_txfc,2273QUIC_STREAM *next_stream,2274int *have_ack_eliciting,2275int *packet_full,2276uint64_t *new_credit_consumed,2277uint64_t conn_consumed)2278{2279int rc = 0;2280struct chunk_info chunks[2] = { 0 };2281const uint32_t enc_level = pkt->h.enc_level;2282QUIC_TXPIM_PKT *tpkt = pkt->tpkt;2283struct tx_helper *h = &pkt->h;2284OSSL_QUIC_FRAME_STREAM *shdr;2285WPACKET *wpkt;2286QUIC_TXPIM_CHUNK chunk;2287size_t i, j, space_left;2288int can_fill_payload, use_explicit_len;2289int could_have_following_chunk;2290uint64_t orig_len;2291uint64_t hdr_len_implicit, payload_len_implicit;2292uint64_t hdr_len_explicit, payload_len_explicit;2293uint64_t fc_swm, fc_new_hwm;22942295fc_swm = ossl_quic_txfc_get_swm(stream_txfc);2296fc_new_hwm = fc_swm;22972298/*2299* Load the first two chunks if any offered by the send stream. We retrieve2300* the next chunk in advance so we can determine if we need to send any more2301* chunks from the same stream after this one, which is needed when2302* determining when we can use an implicit length in a STREAM frame.2303*/2304for (i = 0; i < 2; ++i) {2305if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i, &chunks[i],2306conn_consumed))2307goto err;23082309if (i == 0 && !chunks[i].valid) {2310/* No chunks, nothing to do. */2311rc = 1;2312goto err;2313}2314chunks[i].shdr.stream_id = id;2315}23162317for (i = 0;; ++i) {2318space_left = tx_helper_get_space_left(h);23192320if (!chunks[i % 2].valid) {2321/* Out of chunks; we're done. */2322rc = 1;2323goto err;2324}23252326if (space_left < MIN_FRAME_SIZE_STREAM) {2327*packet_full = 1;2328rc = 1;2329goto err;2330}23312332if (!ossl_assert(!h->done_implicit))2333/*2334* Logic below should have ensured we didn't append an2335* implicit-length unless we filled the packet or didn't have2336* another stream to handle, so this should not be possible.2337*/2338goto err;23392340shdr = &chunks[i % 2].shdr;2341orig_len = chunks[i % 2].orig_len;2342if (i > 0)2343/* Load next chunk for lookahead. */2344if (!txp_plan_stream_chunk(txp, h, sstream, stream_txfc, i + 1,2345&chunks[(i + 1) % 2], conn_consumed))2346goto err;23472348/*2349* Find best fit (header length, payload length) combination for if we2350* use an implicit length.2351*/2352shdr->has_explicit_len = 0;2353hdr_len_implicit = payload_len_implicit = 0;2354if (!determine_stream_len(h, shdr, space_left,2355&hdr_len_implicit, &payload_len_implicit)) {2356*packet_full = 1;2357rc = 1;2358goto err; /* can't fit anything */2359}23602361/*2362* If there is a next stream, we don't use the implicit length so we can2363* add more STREAM frames after this one, unless there is enough data2364* for this STREAM frame to fill the packet.2365*/2366can_fill_payload = (hdr_len_implicit + payload_len_implicit2367>= space_left);23682369/*2370* Is there is a stream after this one, or another chunk pending2371* transmission in this stream?2372*/2373could_have_following_chunk2374= (next_stream != NULL || chunks[(i + 1) % 2].valid);23752376/* Choose between explicit or implicit length representations. */2377use_explicit_len = !((can_fill_payload || !could_have_following_chunk)2378&& !pkt->force_pad);23792380if (use_explicit_len) {2381/*2382* Find best fit (header length, payload length) combination for if2383* we use an explicit length.2384*/2385shdr->has_explicit_len = 1;2386hdr_len_explicit = payload_len_explicit = 0;2387if (!determine_stream_len(h, shdr, space_left,2388&hdr_len_explicit, &payload_len_explicit)) {2389*packet_full = 1;2390rc = 1;2391goto err; /* can't fit anything */2392}23932394shdr->len = payload_len_explicit;2395} else {2396*packet_full = 1;2397shdr->has_explicit_len = 0;2398shdr->len = payload_len_implicit;2399}24002401/* If this is a FIN, don't keep filling the packet with more FINs. */2402if (shdr->is_fin)2403chunks[(i + 1) % 2].valid = 0;24042405/*2406* We are now committed to our length (shdr->len can't change).2407* If we truncated the chunk, clear the FIN bit.2408*/2409if (shdr->len < orig_len)2410shdr->is_fin = 0;24112412/* Truncate IOVs to match our chosen length. */2413ossl_quic_sstream_adjust_iov((size_t)shdr->len, chunks[i % 2].iov,2414chunks[i % 2].num_stream_iovec);24152416/*2417* Ensure we have enough iovecs allocated (1 for the header, up to 2 for2418* the stream data.)2419*/2420if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))2421goto err; /* alloc error */24222423/* Encode the header. */2424wpkt = tx_helper_begin(h);2425if (wpkt == NULL)2426goto err; /* alloc error */24272428if (!ossl_assert(ossl_quic_wire_encode_frame_stream_hdr(wpkt, shdr))) {2429/* (Should not be possible.) */2430tx_helper_rollback(h);2431*packet_full = 1;2432rc = 1;2433goto err; /* can't fit */2434}24352436if (!tx_helper_commit(h))2437goto err; /* alloc error */24382439/* Add payload iovecs to the helper (infallible). */2440for (j = 0; j < chunks[i % 2].num_stream_iovec; ++j)2441tx_helper_append_iovec(h, chunks[i % 2].iov[j].buf,2442chunks[i % 2].iov[j].buf_len);24432444*have_ack_eliciting = 1;2445tx_helper_unrestrict(h); /* no longer need PING */2446if (!shdr->has_explicit_len)2447h->done_implicit = 1;24482449/* Log new TXFC credit which was consumed. */2450if (shdr->len > 0 && shdr->offset + shdr->len > fc_new_hwm)2451fc_new_hwm = shdr->offset + shdr->len;24522453/* Log chunk to TXPIM. */2454chunk.stream_id = shdr->stream_id;2455chunk.start = shdr->offset;2456chunk.end = shdr->offset + shdr->len - 1;2457chunk.has_fin = shdr->is_fin;2458chunk.has_stop_sending = 0;2459chunk.has_reset_stream = 0;2460if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))2461goto err; /* alloc error */24622463if (shdr->len < orig_len) {2464/*2465* If we did not serialize all of this chunk we definitely do not2466* want to try the next chunk2467*/2468rc = 1;2469goto err;2470}2471}24722473err:2474*new_credit_consumed = fc_new_hwm - fc_swm;2475return rc;2476}24772478static void txp_enlink_tmp(QUIC_STREAM **tmp_head, QUIC_STREAM *stream)2479{2480stream->txp_next = *tmp_head;2481*tmp_head = stream;2482}24832484static int txp_generate_stream_related(OSSL_QUIC_TX_PACKETISER *txp,2485struct txp_pkt *pkt,2486int *have_ack_eliciting,2487QUIC_STREAM **tmp_head)2488{2489QUIC_STREAM_ITER it;2490WPACKET *wpkt;2491uint64_t cwm;2492QUIC_STREAM *stream, *snext;2493struct tx_helper *h = &pkt->h;2494uint64_t conn_consumed = 0;24952496for (ossl_quic_stream_iter_init(&it, txp->args.qsm, 1);2497it.stream != NULL;) {24982499stream = it.stream;2500ossl_quic_stream_iter_next(&it);2501snext = it.stream;25022503stream->txp_sent_fc = 0;2504stream->txp_sent_stop_sending = 0;2505stream->txp_sent_reset_stream = 0;2506stream->txp_blocked = 0;2507stream->txp_txfc_new_credit_consumed = 0;25082509/* Stream Abort Frames (STOP_SENDING, RESET_STREAM) */2510if (stream->want_stop_sending) {2511OSSL_QUIC_FRAME_STOP_SENDING f;25122513wpkt = tx_helper_begin(h);2514if (wpkt == NULL)2515return 0; /* alloc error */25162517f.stream_id = stream->id;2518f.app_error_code = stream->stop_sending_aec;2519if (!ossl_quic_wire_encode_frame_stop_sending(wpkt, &f)) {2520tx_helper_rollback(h); /* can't fit */2521txp_enlink_tmp(tmp_head, stream);2522break;2523}25242525if (!tx_helper_commit(h))2526return 0; /* alloc error */25272528*have_ack_eliciting = 1;2529tx_helper_unrestrict(h); /* no longer need PING */2530stream->txp_sent_stop_sending = 1;2531}25322533if (stream->want_reset_stream) {2534OSSL_QUIC_FRAME_RESET_STREAM f;25352536if (!ossl_assert(stream->send_state == QUIC_SSTREAM_STATE_RESET_SENT))2537return 0;25382539wpkt = tx_helper_begin(h);2540if (wpkt == NULL)2541return 0; /* alloc error */25422543f.stream_id = stream->id;2544f.app_error_code = stream->reset_stream_aec;2545if (!ossl_quic_stream_send_get_final_size(stream, &f.final_size))2546return 0; /* should not be possible */25472548if (!ossl_quic_wire_encode_frame_reset_stream(wpkt, &f)) {2549tx_helper_rollback(h); /* can't fit */2550txp_enlink_tmp(tmp_head, stream);2551break;2552}25532554if (!tx_helper_commit(h))2555return 0; /* alloc error */25562557*have_ack_eliciting = 1;2558tx_helper_unrestrict(h); /* no longer need PING */2559stream->txp_sent_reset_stream = 1;25602561/*2562* The final size of the stream as indicated by RESET_STREAM is used2563* to ensure a consistent view of flow control state by both2564* parties; if we happen to send a RESET_STREAM that consumes more2565* flow control credit, make sure we account for that.2566*/2567if (!ossl_assert(f.final_size <= ossl_quic_txfc_get_swm(&stream->txfc)))2568return 0;25692570stream->txp_txfc_new_credit_consumed2571= f.final_size - ossl_quic_txfc_get_swm(&stream->txfc);2572}25732574/*2575* Stream Flow Control Frames (MAX_STREAM_DATA)2576*2577* RFC 9000 s. 13.3: "An endpoint SHOULD stop sending MAX_STREAM_DATA2578* frames when the receiving part of the stream enters a "Size Known" or2579* "Reset Recvd" state." -- In practice, RECV is the only state2580* in which it makes sense to generate more MAX_STREAM_DATA frames.2581*/2582if (stream->recv_state == QUIC_RSTREAM_STATE_RECV2583&& (stream->want_max_stream_data2584|| ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 0))) {25852586wpkt = tx_helper_begin(h);2587if (wpkt == NULL)2588return 0; /* alloc error */25892590cwm = ossl_quic_rxfc_get_cwm(&stream->rxfc);25912592if (!ossl_quic_wire_encode_frame_max_stream_data(wpkt, stream->id,2593cwm)) {2594tx_helper_rollback(h); /* can't fit */2595txp_enlink_tmp(tmp_head, stream);2596break;2597}25982599if (!tx_helper_commit(h))2600return 0; /* alloc error */26012602*have_ack_eliciting = 1;2603tx_helper_unrestrict(h); /* no longer need PING */2604stream->txp_sent_fc = 1;2605}26062607/*2608* Stream Data Frames (STREAM)2609*2610* RFC 9000 s. 3.3: A sender MUST NOT send a STREAM [...] frame for a2611* stream in the "Reset Sent" state [or any terminal state]. We don't2612* send any more STREAM frames if we are sending, have sent, or are2613* planning to send, RESET_STREAM. The other terminal state is Data2614* Recvd, but txp_generate_stream_frames() is guaranteed to generate2615* nothing in this case.2616*/2617if (ossl_quic_stream_has_send_buffer(stream)2618&& !ossl_quic_stream_send_is_reset(stream)) {2619int packet_full = 0;26202621if (!ossl_assert(!stream->want_reset_stream))2622return 0;26232624if (!txp_generate_stream_frames(txp, pkt,2625stream->id, stream->sstream,2626&stream->txfc,2627snext,2628have_ack_eliciting,2629&packet_full,2630&stream->txp_txfc_new_credit_consumed,2631conn_consumed)) {2632/* Fatal error (allocation, etc.) */2633txp_enlink_tmp(tmp_head, stream);2634return 0;2635}2636conn_consumed += stream->txp_txfc_new_credit_consumed;26372638if (packet_full) {2639txp_enlink_tmp(tmp_head, stream);2640break;2641}2642}26432644txp_enlink_tmp(tmp_head, stream);2645}26462647return 1;2648}26492650static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp,2651struct txp_pkt *pkt,2652int chosen_for_conn_close)2653{2654int rc = TXP_ERR_SUCCESS;2655const uint32_t enc_level = pkt->h.enc_level;2656const uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);2657int have_ack_eliciting = 0, done_pre_token = 0;2658const struct archetype_data a = pkt->geom.adata;2659/*2660* Cleared if we encode any non-ACK-eliciting frame type which rules out the2661* packet being a non-inflight frame. This means any non-ACK ACK-eliciting2662* frame, even PADDING frames. ACK eliciting frames always cause a packet to2663* become ineligible for non-inflight treatment so it is not necessary to2664* clear this in cases where have_ack_eliciting is set, as it is ignored in2665* that case.2666*/2667int can_be_non_inflight = 1;2668QUIC_CFQ_ITEM *cfq_item;2669QUIC_TXPIM_PKT *tpkt = NULL;2670struct tx_helper *h = &pkt->h;26712672/* Maximum PN reached? */2673if (!ossl_quic_pn_valid(txp->next_pn[pn_space]))2674goto fatal_err;26752676if (!ossl_assert(pkt->tpkt == NULL))2677goto fatal_err;26782679if ((pkt->tpkt = tpkt = ossl_quic_txpim_pkt_alloc(txp->args.txpim)) == NULL)2680goto fatal_err;26812682/*2683* Frame Serialization2684* ===================2685*2686* We now serialize frames into the packet in descending order of priority.2687*/26882689/* HANDSHAKE_DONE (Regenerate) */2690if (a.allow_handshake_done && txp->want_handshake_done2691&& tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_HANDSHAKE_DONE) {2692WPACKET *wpkt = tx_helper_begin(h);26932694if (wpkt == NULL)2695goto fatal_err;26962697if (ossl_quic_wire_encode_frame_handshake_done(wpkt)) {2698tpkt->had_handshake_done_frame = 1;2699have_ack_eliciting = 1;27002701if (!tx_helper_commit(h))2702goto fatal_err;27032704tx_helper_unrestrict(h); /* no longer need PING */2705} else {2706tx_helper_rollback(h);2707}2708}27092710/* MAX_DATA (Regenerate) */2711if (a.allow_conn_fc2712&& (txp->want_max_data2713|| ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 0))2714&& tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_DATA) {2715WPACKET *wpkt = tx_helper_begin(h);2716uint64_t cwm = ossl_quic_rxfc_get_cwm(txp->args.conn_rxfc);27172718if (wpkt == NULL)2719goto fatal_err;27202721if (ossl_quic_wire_encode_frame_max_data(wpkt, cwm)) {2722tpkt->had_max_data_frame = 1;2723have_ack_eliciting = 1;27242725if (!tx_helper_commit(h))2726goto fatal_err;27272728tx_helper_unrestrict(h); /* no longer need PING */2729} else {2730tx_helper_rollback(h);2731}2732}27332734/* MAX_STREAMS_BIDI (Regenerate) */2735if (a.allow_conn_fc2736&& (txp->want_max_streams_bidi2737|| ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 0))2738&& tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_BIDI) {2739WPACKET *wpkt = tx_helper_begin(h);2740uint64_t max_streams2741= ossl_quic_rxfc_get_cwm(txp->args.max_streams_bidi_rxfc);27422743if (wpkt == NULL)2744goto fatal_err;27452746if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/0,2747max_streams)) {2748tpkt->had_max_streams_bidi_frame = 1;2749have_ack_eliciting = 1;27502751if (!tx_helper_commit(h))2752goto fatal_err;27532754tx_helper_unrestrict(h); /* no longer need PING */2755} else {2756tx_helper_rollback(h);2757}2758}27592760/* MAX_STREAMS_UNI (Regenerate) */2761if (a.allow_conn_fc2762&& (txp->want_max_streams_uni2763|| ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 0))2764&& tx_helper_get_space_left(h) >= MIN_FRAME_SIZE_MAX_STREAMS_UNI) {2765WPACKET *wpkt = tx_helper_begin(h);2766uint64_t max_streams2767= ossl_quic_rxfc_get_cwm(txp->args.max_streams_uni_rxfc);27682769if (wpkt == NULL)2770goto fatal_err;27712772if (ossl_quic_wire_encode_frame_max_streams(wpkt, /*is_uni=*/1,2773max_streams)) {2774tpkt->had_max_streams_uni_frame = 1;2775have_ack_eliciting = 1;27762777if (!tx_helper_commit(h))2778goto fatal_err;27792780tx_helper_unrestrict(h); /* no longer need PING */2781} else {2782tx_helper_rollback(h);2783}2784}27852786/* GCR Frames */2787for (cfq_item = ossl_quic_cfq_get_priority_head(txp->args.cfq, pn_space);2788cfq_item != NULL;2789cfq_item = ossl_quic_cfq_item_get_priority_next(cfq_item, pn_space)) {2790uint64_t frame_type = ossl_quic_cfq_item_get_frame_type(cfq_item);2791const unsigned char *encoded = ossl_quic_cfq_item_get_encoded(cfq_item);2792size_t encoded_len = ossl_quic_cfq_item_get_encoded_len(cfq_item);27932794switch (frame_type) {2795case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:2796if (!a.allow_new_conn_id)2797continue;2798break;2799case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:2800if (!a.allow_retire_conn_id)2801continue;2802break;2803case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:2804if (!a.allow_new_token)2805continue;28062807/*2808* NEW_TOKEN frames are handled via GCR, but some2809* Regenerate-strategy frames should come before them (namely2810* ACK, CONNECTION_CLOSE, PATH_CHALLENGE and PATH_RESPONSE). If2811* we find a NEW_TOKEN frame, do these now. If there are no2812* NEW_TOKEN frames in the GCR queue we will handle these below.2813*/2814if (!done_pre_token)2815if (txp_generate_pre_token(txp, pkt,2816chosen_for_conn_close,2817&can_be_non_inflight))2818done_pre_token = 1;28192820break;2821case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:2822if (!a.allow_path_response)2823continue;28242825/*2826* RFC 9000 s. 8.2.2: An endpoint MUST expand datagrams that2827* contain a PATH_RESPONSE frame to at least the smallest2828* allowed maximum datagram size of 1200 bytes.2829*/2830pkt->force_pad = 1;2831break;2832default:2833if (!a.allow_cfq_other)2834continue;2835break;2836}28372838/*2839* If the frame is too big, don't try to schedule any more GCR frames in2840* this packet rather than sending subsequent ones out of order.2841*/2842if (encoded_len > tx_helper_get_space_left(h))2843break;28442845if (!tx_helper_append_iovec(h, encoded, encoded_len))2846goto fatal_err;28472848ossl_quic_txpim_pkt_add_cfq_item(tpkt, cfq_item);28492850if (ossl_quic_frame_type_is_ack_eliciting(frame_type)) {2851have_ack_eliciting = 1;2852tx_helper_unrestrict(h); /* no longer need PING */2853}2854}28552856/*2857* If we didn't generate ACK, CONNECTION_CLOSE, PATH_CHALLENGE or2858* PATH_RESPONSE (as desired) before, do so now.2859*/2860if (!done_pre_token)2861if (txp_generate_pre_token(txp, pkt,2862chosen_for_conn_close,2863&can_be_non_inflight))2864done_pre_token = 1;28652866/* CRYPTO Frames */2867if (a.allow_crypto)2868if (!txp_generate_crypto_frames(txp, pkt, &have_ack_eliciting))2869goto fatal_err;28702871/* Stream-specific frames */2872if (a.allow_stream_rel && txp->handshake_complete)2873if (!txp_generate_stream_related(txp, pkt,2874&have_ack_eliciting,2875&pkt->stream_head))2876goto fatal_err;28772878/* PING */2879tx_helper_unrestrict(h);28802881if (!have_ack_eliciting && txp_need_ping(txp, pn_space, &a)) {2882WPACKET *wpkt;28832884assert(h->reserve > 0);2885wpkt = tx_helper_begin(h);2886if (wpkt == NULL)2887goto fatal_err;28882889if (!ossl_quic_wire_encode_frame_ping(wpkt)2890|| !tx_helper_commit(h))2891/*2892* We treat a request to be ACK-eliciting as a requirement, so this2893* is an error.2894*/2895goto fatal_err;28962897have_ack_eliciting = 1;2898}28992900/* PADDING is added by ossl_quic_tx_packetiser_generate(). */29012902/*2903* ACKM Data2904* =========2905*/2906if (have_ack_eliciting)2907can_be_non_inflight = 0;29082909/* ACKM Data */2910tpkt->ackm_pkt.num_bytes = h->bytes_appended + pkt->geom.pkt_overhead;2911tpkt->ackm_pkt.pkt_num = txp->next_pn[pn_space];2912/* largest_acked is set in txp_generate_pre_token */2913tpkt->ackm_pkt.pkt_space = pn_space;2914tpkt->ackm_pkt.is_inflight = !can_be_non_inflight;2915tpkt->ackm_pkt.is_ack_eliciting = have_ack_eliciting;2916tpkt->ackm_pkt.is_pto_probe = 0;2917tpkt->ackm_pkt.is_mtu_probe = 0;2918tpkt->ackm_pkt.time = txp->args.now(txp->args.now_arg);2919tpkt->pkt_type = pkt->phdr.type;29202921/* Done. */2922return rc;29232924fatal_err:2925/*2926* Handler for fatal errors, i.e. errors causing us to abort the entire2927* packet rather than just one frame. Examples of such errors include2928* allocation errors.2929*/2930if (tpkt != NULL) {2931ossl_quic_txpim_pkt_release(txp->args.txpim, tpkt);2932pkt->tpkt = NULL;2933}2934return TXP_ERR_INTERNAL;2935}29362937/*2938* Commits and queues a packet for transmission. There is no backing out after2939* this.2940*2941* This:2942*2943* - Sends the packet to the QTX for encryption and transmission;2944*2945* - Records the packet as having been transmitted in FIFM. ACKM is informed,2946* etc. and the TXPIM record is filed.2947*2948* - Informs various subsystems of frames that were sent and clears frame2949* wanted flags so that we do not generate the same frames again.2950*2951* Assumptions:2952*2953* - pkt is a txp_pkt for the correct EL;2954*2955* - pkt->tpkt is valid;2956*2957* - pkt->tpkt->ackm_pkt has been fully filled in;2958*2959* - Stream chunk records have been appended to pkt->tpkt for STREAM and2960* CRYPTO frames, but not for RESET_STREAM or STOP_SENDING frames;2961*2962* - The chosen stream list for the packet can be fully walked from2963* pkt->stream_head using stream->txp_next;2964*2965* - pkt->has_ack_eliciting is set correctly.2966*2967*/2968static int txp_pkt_commit(OSSL_QUIC_TX_PACKETISER *txp,2969struct txp_pkt *pkt,2970uint32_t archetype,2971int *txpim_pkt_reffed)2972{2973int rc = 1;2974uint32_t enc_level = pkt->h.enc_level;2975uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);2976QUIC_TXPIM_PKT *tpkt = pkt->tpkt;2977QUIC_STREAM *stream;2978OSSL_QTX_PKT txpkt;2979struct archetype_data a;29802981*txpim_pkt_reffed = 0;29822983/* Cannot send a packet with an empty payload. */2984if (pkt->h.bytes_appended == 0)2985return 0;29862987if (!txp_get_archetype_data(enc_level, archetype, &a))2988return 0;29892990/* Packet Information for QTX */2991txpkt.hdr = &pkt->phdr;2992txpkt.iovec = txp->el[enc_level].iovec;2993txpkt.num_iovec = pkt->h.num_iovec;2994txpkt.local = NULL;2995txpkt.peer = BIO_ADDR_family(&txp->args.peer) == AF_UNSPEC2996? NULL2997: &txp->args.peer;2998txpkt.pn = txp->next_pn[pn_space];2999txpkt.flags = OSSL_QTX_PKT_FLAG_COALESCE; /* always try to coalesce */30003001/* Generate TXPIM chunks representing STOP_SENDING and RESET_STREAM frames. */3002for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next)3003if (stream->txp_sent_stop_sending || stream->txp_sent_reset_stream) {3004/* Log STOP_SENDING/RESET_STREAM chunk to TXPIM. */3005QUIC_TXPIM_CHUNK chunk;30063007chunk.stream_id = stream->id;3008chunk.start = UINT64_MAX;3009chunk.end = 0;3010chunk.has_fin = 0;3011chunk.has_stop_sending = stream->txp_sent_stop_sending;3012chunk.has_reset_stream = stream->txp_sent_reset_stream;3013if (!ossl_quic_txpim_pkt_append_chunk(tpkt, &chunk))3014return 0; /* alloc error */3015}30163017/* Dispatch to FIFD. */3018if (!ossl_quic_fifd_pkt_commit(&txp->fifd, tpkt))3019return 0;30203021/*3022* Transmission and Post-Packet Generation Bookkeeping3023* ===================================================3024*3025* No backing out anymore - at this point the ACKM has recorded the packet3026* as having been sent, so we need to increment our next PN counter, or3027* the ACKM will complain when we try to record a duplicate packet with3028* the same PN later. At this point actually sending the packet may still3029* fail. In this unlikely event it will simply be handled as though it3030* were a lost packet.3031*/3032++txp->next_pn[pn_space];3033*txpim_pkt_reffed = 1;30343035/* Send the packet. */3036if (!ossl_qtx_write_pkt(txp->args.qtx, &txpkt))3037return 0;30383039/*3040* Record FC and stream abort frames as sent; deactivate streams which no3041* longer have anything to do.3042*/3043for (stream = pkt->stream_head; stream != NULL; stream = stream->txp_next) {3044if (stream->txp_sent_fc) {3045stream->want_max_stream_data = 0;3046ossl_quic_rxfc_has_cwm_changed(&stream->rxfc, 1);3047}30483049if (stream->txp_sent_stop_sending)3050stream->want_stop_sending = 0;30513052if (stream->txp_sent_reset_stream)3053stream->want_reset_stream = 0;30543055if (stream->txp_txfc_new_credit_consumed > 0) {3056if (!ossl_assert(ossl_quic_txfc_consume_credit(&stream->txfc,3057stream->txp_txfc_new_credit_consumed)))3058/*3059* Should not be possible, but we should continue with our3060* bookkeeping as we have already committed the packet to the3061* FIFD. Just change the value we return.3062*/3063rc = 0;30643065stream->txp_txfc_new_credit_consumed = 0;3066}30673068/*3069* If we no longer need to generate any flow control (MAX_STREAM_DATA),3070* STOP_SENDING or RESET_STREAM frames, nor any STREAM frames (because3071* the stream is drained of data or TXFC-blocked), we can mark the3072* stream as inactive.3073*/3074ossl_quic_stream_map_update_state(txp->args.qsm, stream);30753076if (ossl_quic_stream_has_send_buffer(stream)3077&& !ossl_quic_sstream_has_pending(stream->sstream)3078&& ossl_quic_sstream_get_final_size(stream->sstream, NULL))3079/*3080* Transition to DATA_SENT if stream has a final size and we have3081* sent all data.3082*/3083ossl_quic_stream_map_notify_all_data_sent(txp->args.qsm, stream);3084}30853086/* We have now sent the packet, so update state accordingly. */3087if (tpkt->ackm_pkt.is_ack_eliciting)3088txp->force_ack_eliciting &= ~(1UL << pn_space);30893090if (tpkt->had_handshake_done_frame)3091txp->want_handshake_done = 0;30923093if (tpkt->had_max_data_frame) {3094txp->want_max_data = 0;3095ossl_quic_rxfc_has_cwm_changed(txp->args.conn_rxfc, 1);3096}30973098if (tpkt->had_max_streams_bidi_frame) {3099txp->want_max_streams_bidi = 0;3100ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_bidi_rxfc, 1);3101}31023103if (tpkt->had_max_streams_uni_frame) {3104txp->want_max_streams_uni = 0;3105ossl_quic_rxfc_has_cwm_changed(txp->args.max_streams_uni_rxfc, 1);3106}31073108if (tpkt->had_ack_frame)3109txp->want_ack &= ~(1UL << pn_space);31103111if (tpkt->had_conn_close)3112txp->want_conn_close = 0;31133114/*3115* Decrement probe request counts if we have sent a packet that meets3116* the requirement of a probe, namely being ACK-eliciting.3117*/3118if (tpkt->ackm_pkt.is_ack_eliciting) {3119OSSL_ACKM_PROBE_INFO *probe_info3120= ossl_ackm_get0_probe_request(txp->args.ackm);31213122if (enc_level == QUIC_ENC_LEVEL_INITIAL3123&& probe_info->anti_deadlock_initial > 0)3124--probe_info->anti_deadlock_initial;31253126if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE3127&& probe_info->anti_deadlock_handshake > 0)3128--probe_info->anti_deadlock_handshake;31293130if (a.allow_force_ack_eliciting /* (i.e., not for 0-RTT) */3131&& probe_info->pto[pn_space] > 0)3132--probe_info->pto[pn_space];3133}31343135return rc;3136}31373138/* Ensure the iovec array is at least num elements long. */3139static int txp_el_ensure_iovec(struct txp_el *el, size_t num)3140{3141OSSL_QTX_IOVEC *iovec;31423143if (el->alloc_iovec >= num)3144return 1;31453146num = el->alloc_iovec != 0 ? el->alloc_iovec * 2 : 8;31473148iovec = OPENSSL_realloc(el->iovec, sizeof(OSSL_QTX_IOVEC) * num);3149if (iovec == NULL)3150return 0;31513152el->iovec = iovec;3153el->alloc_iovec = num;3154return 1;3155}31563157int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp,3158const OSSL_QUIC_FRAME_CONN_CLOSE *f)3159{3160char *reason = NULL;3161size_t reason_len = f->reason_len;3162size_t max_reason_len = txp_get_mdpl(txp) / 2;31633164if (txp->want_conn_close)3165return 0;31663167/*3168* Arbitrarily limit the length of the reason length string to half of the3169* MDPL.3170*/3171if (reason_len > max_reason_len)3172reason_len = max_reason_len;31733174if (reason_len > 0) {3175reason = OPENSSL_memdup(f->reason, reason_len);3176if (reason == NULL)3177return 0;3178}31793180txp->conn_close_frame = *f;3181txp->conn_close_frame.reason = reason;3182txp->conn_close_frame.reason_len = reason_len;3183txp->want_conn_close = 1;3184return 1;3185}31863187void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp,3188ossl_msg_cb msg_callback,3189SSL *msg_callback_ssl)3190{3191txp->msg_callback = msg_callback;3192txp->msg_callback_ssl = msg_callback_ssl;3193}31943195void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp,3196void *msg_callback_arg)3197{3198txp->msg_callback_arg = msg_callback_arg;3199}32003201QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp,3202uint32_t pn_space)3203{3204if (pn_space >= QUIC_PN_SPACE_NUM)3205return UINT64_MAX;32063207return txp->next_pn[pn_space];3208}32093210OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp)3211{3212/*3213* TXP-specific deadline computations which rely on TXP innards. This is in3214* turn relied on by the QUIC_CHANNEL code to determine the channel event3215* handling deadline.3216*/3217OSSL_TIME deadline = ossl_time_infinite();3218uint32_t enc_level, pn_space;32193220/*3221* ACK generation is not CC-gated - packets containing only ACKs are allowed3222* to bypass CC. We want to generate ACK frames even if we are currently3223* restricted by CC so the peer knows we have received data. The generate3224* call will take care of selecting the correct packet archetype.3225*/3226for (enc_level = QUIC_ENC_LEVEL_INITIAL;3227enc_level < QUIC_ENC_LEVEL_NUM;3228++enc_level)3229if (ossl_qtx_is_enc_level_provisioned(txp->args.qtx, enc_level)) {3230pn_space = ossl_quic_enc_level_to_pn_space(enc_level);3231deadline = ossl_time_min(deadline,3232ossl_ackm_get_ack_deadline(txp->args.ackm, pn_space));3233}32343235/* When will CC let us send more? */3236if (txp->args.cc_method->get_tx_allowance(txp->args.cc_data) == 0)3237deadline = ossl_time_min(deadline,3238txp->args.cc_method->get_wakeup_deadline(txp->args.cc_data));32393240return deadline;3241}324232433244