quic: process stateless resets

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)

3 files changed, 33 insertions, 8 deletions

diff --git a/include/internal/quic_demux.h b/include/internal/quic_demux.h
index d439fa67be..81077425fe 100644
--- a/include/internal/quic_demux.h
+++ b/include/internal/quic_demux.h
@@ -179,6 +179,14 @@ typedef struct quic_demux_st QUIC_DEMUX;
 typedef void (ossl_quic_demux_cb_fn)(QUIC_URXE *e, void *arg);
 
 /*
+ * Called when a datagram is received.
+ * Returns 1 if the datagram ends with a stateless reset token and
+ * 0 if not.
+ */
+typedef int (ossl_quic_stateless_reset_cb_fn)(const unsigned char *data,
+                                              size_t data_len, void *arg);
+
+/*
  * Creates a new demuxer. The given BIO is used to receive datagrams from the
  * network using BIO_recvmmsg. short_conn_id_len is the length of destination
  * connection IDs used in RX'd packets; it must have the same value for all
@@ -271,6 +279,18 @@ void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux,
                                          void *cb_arg);
 
 /*
+ * Sets a callback for stateless reset processing.
+ *
+ * If set, this callback is called for datagrams for which we cannot identify
+ * a CID.  This function should return 1 if there is a stateless reset token
+ * present and 0 if not.  If there is a token present, the connection should
+ * also be reset.
+ */
+void ossl_quic_demux_set_stateless_reset_handler(
+        QUIC_DEMUX *demux,
+        ossl_quic_stateless_reset_cb_fn *cb, void *cb_arg);
+
+/*
  * Releases a URXE back to the demuxer. No reference must be made to the URXE or
  * its buffer after calling this function. The URXE must not be in any queue;
  * that is, its prev and next pointers must be NULL.
@@ -315,6 +335,7 @@ void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux,
 #define QUIC_DEMUX_PUMP_RES_OK              1
 #define QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL  (-1)
 #define QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL  (-2)
+#define QUIC_DEMUX_PUMP_RES_STATELESS_RESET (-3)
 
 int ossl_quic_demux_pump(QUIC_DEMUX *demux);
 
diff --git a/include/internal/quic_types.h b/include/internal/quic_types.h
index bc7c51c49a..f3509da2fb 100644
--- a/include/internal/quic_types.h
+++ b/include/internal/quic_types.h
@@ -100,6 +100,10 @@ static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a,
 
 #  define QUIC_STATELESS_RESET_TOKEN_LEN    16
 
+typedef struct {
+    unsigned char token[QUIC_STATELESS_RESET_TOKEN_LEN];
+} QUIC_STATELESS_RESET_TOKEN;
+
 /*
  * An encoded preferred_addr transport parameter cannot be shorter or longer
  * than these lengths in bytes.
diff --git a/include/internal/quic_wire.h b/include/internal/quic_wire.h
index f9f80fbc44..35fc298ea1 100644
--- a/include/internal/quic_wire.h
+++ b/include/internal/quic_wire.h
@@ -208,10 +208,10 @@ typedef struct ossl_quic_frame_stop_sending_st {
 
 /* QUIC Frame: NEW_CONNECTION_ID */
 typedef struct ossl_quic_frame_new_conn_id_st {
-    uint64_t              seq_num;
-    uint64_t              retire_prior_to;
-    QUIC_CONN_ID          conn_id;
-    unsigned char         stateless_reset_token[QUIC_STATELESS_RESET_TOKEN_LEN];
+    uint64_t                    seq_num;
+    uint64_t                    retire_prior_to;
+    QUIC_CONN_ID                conn_id;
+    QUIC_STATELESS_RESET_TOKEN  stateless_reset;
 } OSSL_QUIC_FRAME_NEW_CONN_ID;
 
 /* QUIC Frame: CONNECTION_CLOSE */
@@ -770,10 +770,10 @@ int ossl_quic_wire_decode_transport_param_cid(PACKET *pkt,
  * Decodes a QUIC transport parameter TLV containing a preferred_address.
  */
 typedef struct quic_preferred_addr_st {
-    uint16_t      ipv4_port, ipv6_port;
-    unsigned char ipv4[4], ipv6[16];
-    unsigned char stateless_reset_token[QUIC_STATELESS_RESET_TOKEN_LEN];
-    QUIC_CONN_ID  cid;
+    uint16_t                    ipv4_port, ipv6_port;
+    unsigned char               ipv4[4], ipv6[16];
+    QUIC_STATELESS_RESET_TOKEN  stateless_reset;
+    QUIC_CONN_ID                cid;
 } QUIC_PREFERRED_ADDR;
 
 int ossl_quic_wire_decode_transport_param_preferred_addr(PACKET *pkt,