/src/openssl/ssl/quic/quic_local.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef OSSL_QUIC_LOCAL_H |
11 | | # define OSSL_QUIC_LOCAL_H |
12 | | |
13 | | # include <openssl/ssl.h> |
14 | | # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ |
15 | | # include "internal/quic_txp.h" |
16 | | # include "internal/quic_statm.h" |
17 | | # include "internal/quic_demux.h" |
18 | | # include "internal/quic_record_rx.h" |
19 | | # include "internal/quic_tls.h" |
20 | | # include "internal/quic_fc.h" |
21 | | # include "internal/quic_stream.h" |
22 | | # include "internal/quic_channel.h" |
23 | | # include "internal/quic_reactor.h" |
24 | | # include "internal/quic_thread_assist.h" |
25 | | # include "../ssl_local.h" |
26 | | |
27 | | # ifndef OPENSSL_NO_QUIC |
28 | | |
29 | | /* |
30 | | * QUIC stream SSL object (QSSO) type. This implements the API personality layer |
31 | | * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking |
32 | | * state required by the libssl API personality. |
33 | | */ |
34 | | struct quic_xso_st { |
35 | | /* SSL object common header. */ |
36 | | struct ssl_st ssl; |
37 | | |
38 | | /* The connection this stream is associated with. Always non-NULL. */ |
39 | | QUIC_CONNECTION *conn; |
40 | | |
41 | | /* The stream object. Always non-NULL for as long as the XSO exists. */ |
42 | | QUIC_STREAM *stream; |
43 | | |
44 | | /* |
45 | | * Has this stream been logically configured into blocking mode? Only |
46 | | * meaningful if desires_blocking_set is 1. Ignored if blocking is not |
47 | | * currently possible given QUIC_CONNECTION configuration. |
48 | | */ |
49 | | unsigned int desires_blocking : 1; |
50 | | |
51 | | /* |
52 | | * Has SSL_set_blocking_mode been called on this stream? If not set, we |
53 | | * inherit from the QUIC_CONNECTION blocking state. |
54 | | */ |
55 | | unsigned int desires_blocking_set : 1; |
56 | | |
57 | | /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */ |
58 | | unsigned int retired_fin : 1; |
59 | | |
60 | | /* |
61 | | * The application has requested a reset. Not set for reflexive |
62 | | * STREAM_RESETs caused by peer STOP_SENDING. |
63 | | */ |
64 | | unsigned int requested_reset : 1; |
65 | | |
66 | | /* |
67 | | * This state tracks SSL_write all-or-nothing (AON) write semantics |
68 | | * emulation. |
69 | | * |
70 | | * Example chronology: |
71 | | * |
72 | | * t=0: aon_write_in_progress=0 |
73 | | * t=1: SSL_write(ssl, b1, l1) called; |
74 | | * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; |
75 | | * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; |
76 | | * aon_buf_pos < l1 (depends on how much room was in sstream); |
77 | | * t=2: SSL_write(ssl, b2, l2); |
78 | | * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) |
79 | | * l2 must equal l1 (always validated) |
80 | | * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) |
81 | | * if done, aon_write_in_progress=0 |
82 | | * |
83 | | */ |
84 | | /* Is an AON write in progress? */ |
85 | | unsigned int aon_write_in_progress : 1; |
86 | | |
87 | | /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ |
88 | | unsigned int event_handling_mode : 2; |
89 | | |
90 | | /* |
91 | | * The base buffer pointer the caller passed us for the initial AON write |
92 | | * call. We use this for validation purposes unless |
93 | | * ACCEPT_MOVING_WRITE_BUFFER is enabled. |
94 | | * |
95 | | * NOTE: We never dereference this, as the caller might pass a different |
96 | | * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for |
97 | | * validation by pointer comparison only. |
98 | | */ |
99 | | const unsigned char *aon_buf_base; |
100 | | /* The total length of the AON buffer being sent, in bytes. */ |
101 | | size_t aon_buf_len; |
102 | | /* |
103 | | * The position in the AON buffer up to which we have successfully sent data |
104 | | * so far. |
105 | | */ |
106 | | size_t aon_buf_pos; |
107 | | |
108 | | /* SSL_set_mode */ |
109 | | uint32_t ssl_mode; |
110 | | |
111 | | /* SSL_set_options */ |
112 | | uint64_t ssl_options; |
113 | | |
114 | | /* |
115 | | * Last 'normal' error during an app-level I/O operation, used by |
116 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
117 | | * and SSL_ERROR_WANT_WRITE. |
118 | | */ |
119 | | int last_error; |
120 | | }; |
121 | | |
122 | | struct quic_conn_st { |
123 | | /* |
124 | | * ssl_st is a common header for ordinary SSL objects, QUIC connection |
125 | | * objects and QUIC stream objects, allowing objects of these different |
126 | | * types to be disambiguated at runtime and providing some common fields. |
127 | | * |
128 | | * Note: This must come first in the QUIC_CONNECTION structure. |
129 | | */ |
130 | | struct ssl_st ssl; |
131 | | |
132 | | SSL *tls; |
133 | | |
134 | | /* The QUIC engine representing the QUIC event domain. */ |
135 | | QUIC_ENGINE *engine; |
136 | | |
137 | | /* The QUIC port representing the QUIC listener and socket. */ |
138 | | QUIC_PORT *port; |
139 | | |
140 | | /* |
141 | | * The QUIC channel providing the core QUIC connection implementation. Note |
142 | | * that this is not instantiated until we actually start trying to do the |
143 | | * handshake. This is to allow us to gather information like whether we are |
144 | | * going to be in client or server mode before committing to instantiating |
145 | | * the channel, since we want to determine the channel arguments based on |
146 | | * that. |
147 | | * |
148 | | * The channel remains available after connection termination until the SSL |
149 | | * object is freed, thus (ch != NULL) iff (started == 1). |
150 | | */ |
151 | | QUIC_CHANNEL *ch; |
152 | | |
153 | | /* |
154 | | * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but |
155 | | * provide it to the channel. |
156 | | */ |
157 | | CRYPTO_MUTEX *mutex; |
158 | | |
159 | | /* |
160 | | * If we have a default stream attached, this is the internal XSO |
161 | | * object. If there is no default stream, this is NULL. |
162 | | */ |
163 | | QUIC_XSO *default_xso; |
164 | | |
165 | | /* The network read and write BIOs. */ |
166 | | BIO *net_rbio, *net_wbio; |
167 | | |
168 | | /* Initial peer L4 address. */ |
169 | | BIO_ADDR init_peer_addr; |
170 | | |
171 | | # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST |
172 | | /* Manages thread for QUIC thread assisted mode. */ |
173 | | QUIC_THREAD_ASSIST thread_assist; |
174 | | # endif |
175 | | |
176 | | /* If non-NULL, used instead of ossl_time_now(). Used for testing. */ |
177 | | OSSL_TIME (*override_now_cb)(void *arg); |
178 | | void *override_now_cb_arg; |
179 | | |
180 | | /* Number of XSOs allocated. Includes the default XSO, if any. */ |
181 | | size_t num_xso; |
182 | | |
183 | | /* Have we started? */ |
184 | | unsigned int started : 1; |
185 | | |
186 | | /* |
187 | | * This is 1 if we were instantiated using a QUIC server method |
188 | | * (for future use). |
189 | | */ |
190 | | unsigned int as_server : 1; |
191 | | |
192 | | /* |
193 | | * Has the application called SSL_set_accept_state? We require this to be |
194 | | * congruent with the value of as_server. |
195 | | */ |
196 | | unsigned int as_server_state : 1; |
197 | | |
198 | | /* Are we using thread assisted mode? Never changes after init. */ |
199 | | unsigned int is_thread_assisted : 1; |
200 | | |
201 | | /* Do connection-level operations (e.g. handshakes) run in blocking mode? */ |
202 | | unsigned int blocking : 1; |
203 | | |
204 | | /* Does the application want blocking mode? */ |
205 | | unsigned int desires_blocking : 1; |
206 | | |
207 | | /* Have we created a default XSO yet? */ |
208 | | unsigned int default_xso_created : 1; |
209 | | |
210 | | /* |
211 | | * Pre-TERMINATING shutdown phase in which we are flushing streams. |
212 | | * Monotonically transitions to 1. |
213 | | * New streams cannot be created in this state. |
214 | | */ |
215 | | unsigned int shutting_down : 1; |
216 | | |
217 | | /* Have we probed the BIOs for addressing support? */ |
218 | | unsigned int addressing_probe_done : 1; |
219 | | |
220 | | /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ |
221 | | unsigned int addressed_mode_w : 1; |
222 | | unsigned int addressed_mode_r : 1; |
223 | | |
224 | | /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ |
225 | | unsigned int event_handling_mode : 2; |
226 | | |
227 | | /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ |
228 | | uint32_t default_stream_mode; |
229 | | |
230 | | /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ |
231 | | uint32_t default_ssl_mode; |
232 | | |
233 | | /* SSL_set_options. This is not used directly but inherited by new XSOs. */ |
234 | | uint64_t default_ssl_options; |
235 | | |
236 | | /* SSL_set_incoming_stream_policy. */ |
237 | | int incoming_stream_policy; |
238 | | uint64_t incoming_stream_aec; |
239 | | |
240 | | /* |
241 | | * Last 'normal' error during an app-level I/O operation, used by |
242 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
243 | | * and SSL_ERROR_WANT_WRITE. |
244 | | */ |
245 | | int last_error; |
246 | | }; |
247 | | |
248 | | /* Internal calls to the QUIC CSM which come from various places. */ |
249 | | int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); |
250 | | |
251 | | /* |
252 | | * To be called when a protocol violation occurs. The connection is torn down |
253 | | * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason |
254 | | * string is optional and copied if provided. frame_type should be 0 if not |
255 | | * applicable. |
256 | | */ |
257 | | void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, |
258 | | uint64_t error_code, |
259 | | uint64_t frame_type, |
260 | | const char *reason); |
261 | | |
262 | | void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, |
263 | | OSSL_QUIC_FRAME_CONN_CLOSE *f); |
264 | | |
265 | | int ossl_quic_trace(int write_p, int version, int content_type, |
266 | | const void *buf, size_t msglen, SSL *ssl, void *arg); |
267 | | |
268 | | # define OSSL_QUIC_ANY_VERSION 0xFFFFF |
269 | | # define IS_QUIC_METHOD(m) \ |
270 | 0 | ((m) == OSSL_QUIC_client_method() || \ |
271 | 0 | (m) == OSSL_QUIC_client_thread_method()) |
272 | 0 | # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method) |
273 | | |
274 | | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ |
275 | | ((ssl) == NULL ? NULL \ |
276 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
277 | | ? (c QUIC_CONNECTION *)(ssl) \ |
278 | | : NULL)) |
279 | | |
280 | | # define QUIC_XSO_FROM_SSL_int(ssl, c) \ |
281 | | ((ssl) == NULL \ |
282 | | ? NULL \ |
283 | | : (((ssl)->type == SSL_TYPE_QUIC_XSO \ |
284 | | ? (c QUIC_XSO *)(ssl) \ |
285 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
286 | | ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \ |
287 | | : NULL)))) |
288 | | |
289 | | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \ |
290 | | ((ssl) == NULL ? NULL \ |
291 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
292 | | ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ |
293 | | : NULL)) |
294 | | |
295 | 0 | # define IS_QUIC(ssl) ((ssl) != NULL \ |
296 | 0 | && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
297 | 0 | || (ssl)->type == SSL_TYPE_QUIC_XSO)) |
298 | | # else |
299 | | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL |
300 | | # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL |
301 | | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL |
302 | | # define IS_QUIC(ssl) 0 |
303 | | # define IS_QUIC_CTX(ctx) 0 |
304 | | # define IS_QUIC_METHOD(m) 0 |
305 | | # endif |
306 | | |
307 | | # define QUIC_CONNECTION_FROM_SSL(ssl) \ |
308 | | QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
309 | | # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \ |
310 | | QUIC_CONNECTION_FROM_SSL_int(ssl, const) |
311 | | # define QUIC_XSO_FROM_SSL(ssl) \ |
312 | | QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
313 | | # define QUIC_XSO_FROM_CONST_SSL(ssl) \ |
314 | | QUIC_XSO_FROM_SSL_int(ssl, const) |
315 | | # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \ |
316 | | SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
317 | | # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \ |
318 | | SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const) |
319 | | |
320 | | # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ |
321 | | q_connect, enc_data) \ |
322 | | const SSL_METHOD *func_name(void) \ |
323 | 0 | { \ |
324 | 0 | static const SSL_METHOD func_name##_data= { \ |
325 | 0 | version, \ |
326 | 0 | 0, \ |
327 | 0 | 0, \ |
328 | 0 | ossl_quic_new, \ |
329 | 0 | ossl_quic_free, \ |
330 | 0 | ossl_quic_reset, \ |
331 | 0 | ossl_quic_init, \ |
332 | 0 | NULL /* clear */, \ |
333 | 0 | ossl_quic_deinit, \ |
334 | 0 | q_accept, \ |
335 | 0 | q_connect, \ |
336 | 0 | ossl_quic_read, \ |
337 | 0 | ossl_quic_peek, \ |
338 | 0 | ossl_quic_write, \ |
339 | 0 | NULL /* shutdown */, \ |
340 | 0 | NULL /* renegotiate */, \ |
341 | 0 | ossl_quic_renegotiate_check, \ |
342 | 0 | NULL /* read_bytes */, \ |
343 | 0 | NULL /* write_bytes */, \ |
344 | 0 | NULL /* dispatch_alert */, \ |
345 | 0 | ossl_quic_ctrl, \ |
346 | 0 | ossl_quic_ctx_ctrl, \ |
347 | 0 | ossl_quic_get_cipher_by_char, \ |
348 | 0 | NULL /* put_cipher_by_char */, \ |
349 | 0 | ossl_quic_pending, \ |
350 | 0 | ossl_quic_num_ciphers, \ |
351 | 0 | ossl_quic_get_cipher, \ |
352 | 0 | tls1_default_timeout, \ |
353 | 0 | &enc_data, \ |
354 | 0 | ssl_undefined_void_function, \ |
355 | 0 | ossl_quic_callback_ctrl, \ |
356 | 0 | ossl_quic_ctx_callback_ctrl, \ |
357 | 0 | }; \ |
358 | 0 | return &func_name##_data; \ |
359 | 0 | } Unexecuted instantiation: OSSL_QUIC_client_method Unexecuted instantiation: OSSL_QUIC_client_thread_method |
360 | | |
361 | | #endif |