/src/openssl32/ssl/quic/quic_local.h
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef OSSL_QUIC_LOCAL_H |
11 | | # define OSSL_QUIC_LOCAL_H |
12 | | |
13 | | # include <openssl/ssl.h> |
14 | | # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ |
15 | | # include "internal/quic_txp.h" |
16 | | # include "internal/quic_statm.h" |
17 | | # include "internal/quic_demux.h" |
18 | | # include "internal/quic_record_rx.h" |
19 | | # include "internal/quic_tls.h" |
20 | | # include "internal/quic_fc.h" |
21 | | # include "internal/quic_stream.h" |
22 | | # include "internal/quic_channel.h" |
23 | | # include "internal/quic_reactor.h" |
24 | | # include "internal/quic_thread_assist.h" |
25 | | # include "../ssl_local.h" |
26 | | |
27 | | # ifndef OPENSSL_NO_QUIC |
28 | | |
29 | | /* |
30 | | * QUIC stream SSL object (QSSO) type. This implements the API personality layer |
31 | | * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking |
32 | | * state required by the libssl API personality. |
33 | | */ |
34 | | struct quic_xso_st { |
35 | | /* SSL object common header. */ |
36 | | struct ssl_st ssl; |
37 | | |
38 | | /* The connection this stream is associated with. Always non-NULL. */ |
39 | | QUIC_CONNECTION *conn; |
40 | | |
41 | | /* The stream object. Always non-NULL for as long as the XSO exists. */ |
42 | | QUIC_STREAM *stream; |
43 | | |
44 | | /* |
45 | | * Has this stream been logically configured into blocking mode? Only |
46 | | * meaningful if desires_blocking_set is 1. Ignored if blocking is not |
47 | | * currently possible given QUIC_CONNECTION configuration. |
48 | | */ |
49 | | unsigned int desires_blocking : 1; |
50 | | |
51 | | /* |
52 | | * Has SSL_set_blocking_mode been called on this stream? If not set, we |
53 | | * inherit from the QUIC_CONNECTION blocking state. |
54 | | */ |
55 | | unsigned int desires_blocking_set : 1; |
56 | | |
57 | | /* |
58 | | * This state tracks SSL_write all-or-nothing (AON) write semantics |
59 | | * emulation. |
60 | | * |
61 | | * Example chronology: |
62 | | * |
63 | | * t=0: aon_write_in_progress=0 |
64 | | * t=1: SSL_write(ssl, b1, l1) called; |
65 | | * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; |
66 | | * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; |
67 | | * aon_buf_pos < l1 (depends on how much room was in sstream); |
68 | | * t=2: SSL_write(ssl, b2, l2); |
69 | | * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) |
70 | | * l2 must equal l1 (always validated) |
71 | | * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) |
72 | | * if done, aon_write_in_progress=0 |
73 | | * |
74 | | */ |
75 | | /* Is an AON write in progress? */ |
76 | | unsigned int aon_write_in_progress : 1; |
77 | | /* |
78 | | * The base buffer pointer the caller passed us for the initial AON write |
79 | | * call. We use this for validation purposes unless |
80 | | * ACCEPT_MOVING_WRITE_BUFFER is enabled. |
81 | | * |
82 | | * NOTE: We never dereference this, as the caller might pass a different |
83 | | * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for |
84 | | * validation by pointer comparison only. |
85 | | */ |
86 | | const unsigned char *aon_buf_base; |
87 | | /* The total length of the AON buffer being sent, in bytes. */ |
88 | | size_t aon_buf_len; |
89 | | /* |
90 | | * The position in the AON buffer up to which we have successfully sent data |
91 | | * so far. |
92 | | */ |
93 | | size_t aon_buf_pos; |
94 | | |
95 | | /* SSL_set_mode */ |
96 | | uint32_t ssl_mode; |
97 | | |
98 | | /* SSL_set_options */ |
99 | | uint64_t ssl_options; |
100 | | |
101 | | /* |
102 | | * Last 'normal' error during an app-level I/O operation, used by |
103 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
104 | | * and SSL_ERROR_WANT_WRITE. |
105 | | */ |
106 | | int last_error; |
107 | | }; |
108 | | |
109 | | struct quic_conn_st { |
110 | | /* |
111 | | * ssl_st is a common header for ordinary SSL objects, QUIC connection |
112 | | * objects and QUIC stream objects, allowing objects of these different |
113 | | * types to be disambiguated at runtime and providing some common fields. |
114 | | * |
115 | | * Note: This must come first in the QUIC_CONNECTION structure. |
116 | | */ |
117 | | struct ssl_st ssl; |
118 | | |
119 | | SSL *tls; |
120 | | |
121 | | /* |
122 | | * The QUIC channel providing the core QUIC connection implementation. Note |
123 | | * that this is not instantiated until we actually start trying to do the |
124 | | * handshake. This is to allow us to gather information like whether we are |
125 | | * going to be in client or server mode before committing to instantiating |
126 | | * the channel, since we want to determine the channel arguments based on |
127 | | * that. |
128 | | * |
129 | | * The channel remains available after connection termination until the SSL |
130 | | * object is freed, thus (ch != NULL) iff (started == 1). |
131 | | */ |
132 | | QUIC_CHANNEL *ch; |
133 | | |
134 | | /* |
135 | | * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but |
136 | | * provide it to the channel. |
137 | | */ |
138 | | CRYPTO_MUTEX *mutex; |
139 | | |
140 | | /* |
141 | | * If we have a default stream attached, this is the internal XSO |
142 | | * object. If there is no default stream, this is NULL. |
143 | | */ |
144 | | QUIC_XSO *default_xso; |
145 | | |
146 | | /* The network read and write BIOs. */ |
147 | | BIO *net_rbio, *net_wbio; |
148 | | |
149 | | /* Initial peer L4 address. */ |
150 | | BIO_ADDR init_peer_addr; |
151 | | |
152 | | # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST |
153 | | /* Manages thread for QUIC thread assisted mode. */ |
154 | | QUIC_THREAD_ASSIST thread_assist; |
155 | | # endif |
156 | | |
157 | | /* If non-NULL, used instead of ossl_time_now(). Used for testing. */ |
158 | | OSSL_TIME (*override_now_cb)(void *arg); |
159 | | void *override_now_cb_arg; |
160 | | |
161 | | /* Number of XSOs allocated. Includes the default XSO, if any. */ |
162 | | size_t num_xso; |
163 | | |
164 | | /* Have we started? */ |
165 | | unsigned int started : 1; |
166 | | |
167 | | /* |
168 | | * This is 1 if we were instantiated using a QUIC server method |
169 | | * (for future use). |
170 | | */ |
171 | | unsigned int as_server : 1; |
172 | | |
173 | | /* |
174 | | * Has the application called SSL_set_accept_state? We require this to be |
175 | | * congruent with the value of as_server. |
176 | | */ |
177 | | unsigned int as_server_state : 1; |
178 | | |
179 | | /* Are we using thread assisted mode? Never changes after init. */ |
180 | | unsigned int is_thread_assisted : 1; |
181 | | |
182 | | /* Do connection-level operations (e.g. handshakes) run in blocking mode? */ |
183 | | unsigned int blocking : 1; |
184 | | |
185 | | /* Does the application want blocking mode? */ |
186 | | unsigned int desires_blocking : 1; |
187 | | |
188 | | /* Have we created a default XSO yet? */ |
189 | | unsigned int default_xso_created : 1; |
190 | | |
191 | | /* |
192 | | * Pre-TERMINATING shutdown phase in which we are flushing streams. |
193 | | * Monotonically transitions to 1. |
194 | | * New streams cannot be created in this state. |
195 | | */ |
196 | | unsigned int shutting_down : 1; |
197 | | |
198 | | /* Have we probed the BIOs for addressing support? */ |
199 | | unsigned int addressing_probe_done : 1; |
200 | | |
201 | | /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ |
202 | | unsigned int addressed_mode_w : 1; |
203 | | unsigned int addressed_mode_r : 1; |
204 | | |
205 | | /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ |
206 | | uint32_t default_stream_mode; |
207 | | |
208 | | /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ |
209 | | uint32_t default_ssl_mode; |
210 | | |
211 | | /* SSL_set_options. This is not used directly but inherited by new XSOs. */ |
212 | | uint64_t default_ssl_options; |
213 | | |
214 | | /* SSL_set_incoming_stream_policy. */ |
215 | | int incoming_stream_policy; |
216 | | uint64_t incoming_stream_aec; |
217 | | |
218 | | /* |
219 | | * Last 'normal' error during an app-level I/O operation, used by |
220 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
221 | | * and SSL_ERROR_WANT_WRITE. |
222 | | */ |
223 | | int last_error; |
224 | | }; |
225 | | |
226 | | /* Internal calls to the QUIC CSM which come from various places. */ |
227 | | int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); |
228 | | |
229 | | /* |
230 | | * To be called when a protocol violation occurs. The connection is torn down |
231 | | * with the given error code, which should be a QUIC_ERR_* value. Reason string |
232 | | * is optional and copied if provided. frame_type should be 0 if not applicable. |
233 | | */ |
234 | | void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, |
235 | | uint64_t error_code, |
236 | | uint64_t frame_type, |
237 | | const char *reason); |
238 | | |
239 | | void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, |
240 | | OSSL_QUIC_FRAME_CONN_CLOSE *f); |
241 | | |
242 | | int ossl_quic_trace(int write_p, int version, int content_type, |
243 | | const void *buf, size_t msglen, SSL *ssl, void *arg); |
244 | | |
245 | | # define OSSL_QUIC_ANY_VERSION 0xFFFFF |
246 | | # define IS_QUIC_METHOD(m) \ |
247 | 71.4k | ((m) == OSSL_QUIC_client_method() || \ |
248 | 71.4k | (m) == OSSL_QUIC_client_thread_method()) |
249 | 71.4k | # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method) |
250 | | |
251 | | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ |
252 | | ((ssl) == NULL ? NULL \ |
253 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
254 | | ? (c QUIC_CONNECTION *)(ssl) \ |
255 | | : NULL)) |
256 | | |
257 | | # define QUIC_XSO_FROM_SSL_int(ssl, c) \ |
258 | | ((ssl) == NULL \ |
259 | | ? NULL \ |
260 | | : (((ssl)->type == SSL_TYPE_QUIC_XSO \ |
261 | | ? (c QUIC_XSO *)(ssl) \ |
262 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
263 | | ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \ |
264 | | : NULL)))) |
265 | | |
266 | | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \ |
267 | | ((ssl) == NULL ? NULL \ |
268 | | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
269 | | ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ |
270 | | : NULL)) |
271 | | |
272 | 158M | # define IS_QUIC(ssl) ((ssl) != NULL \ |
273 | 158M | && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ |
274 | 158M | || (ssl)->type == SSL_TYPE_QUIC_XSO)) |
275 | | # else |
276 | | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL |
277 | | # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL |
278 | | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL |
279 | | # define IS_QUIC(ssl) 0 |
280 | | # define IS_QUIC_CTX(ctx) 0 |
281 | | # define IS_QUIC_METHOD(m) 0 |
282 | | # endif |
283 | | |
284 | | # define QUIC_CONNECTION_FROM_SSL(ssl) \ |
285 | | QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
286 | | # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \ |
287 | | QUIC_CONNECTION_FROM_SSL_int(ssl, const) |
288 | | # define QUIC_XSO_FROM_SSL(ssl) \ |
289 | | QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
290 | | # define QUIC_XSO_FROM_CONST_SSL(ssl) \ |
291 | | QUIC_XSO_FROM_SSL_int(ssl, const) |
292 | | # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \ |
293 | | SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST) |
294 | | # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \ |
295 | | SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const) |
296 | | |
297 | | # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ |
298 | | q_connect, enc_data) \ |
299 | | const SSL_METHOD *func_name(void) \ |
300 | 389k | { \ |
301 | 389k | static const SSL_METHOD func_name##_data= { \ |
302 | 389k | version, \ |
303 | 389k | 0, \ |
304 | 389k | 0, \ |
305 | 389k | ossl_quic_new, \ |
306 | 389k | ossl_quic_free, \ |
307 | 389k | ossl_quic_reset, \ |
308 | 389k | ossl_quic_init, \ |
309 | 389k | NULL /* clear */, \ |
310 | 389k | ossl_quic_deinit, \ |
311 | 389k | q_accept, \ |
312 | 389k | q_connect, \ |
313 | 389k | ossl_quic_read, \ |
314 | 389k | ossl_quic_peek, \ |
315 | 389k | ossl_quic_write, \ |
316 | 389k | NULL /* shutdown */, \ |
317 | 389k | NULL /* renegotiate */, \ |
318 | 389k | ossl_quic_renegotiate_check, \ |
319 | 389k | NULL /* read_bytes */, \ |
320 | 389k | NULL /* write_bytes */, \ |
321 | 389k | NULL /* dispatch_alert */, \ |
322 | 389k | ossl_quic_ctrl, \ |
323 | 389k | ossl_quic_ctx_ctrl, \ |
324 | 389k | ossl_quic_get_cipher_by_char, \ |
325 | 389k | NULL /* put_cipher_by_char */, \ |
326 | 389k | ossl_quic_pending, \ |
327 | 389k | ossl_quic_num_ciphers, \ |
328 | 389k | ossl_quic_get_cipher, \ |
329 | 389k | tls1_default_timeout, \ |
330 | 389k | &enc_data, \ |
331 | 389k | ssl_undefined_void_function, \ |
332 | 389k | ossl_quic_callback_ctrl, \ |
333 | 389k | ossl_quic_ctx_callback_ctrl, \ |
334 | 389k | }; \ |
335 | 389k | return &func_name##_data; \ |
336 | 389k | } Line | Count | Source | 300 | 248k | { \ | 301 | 248k | static const SSL_METHOD func_name##_data= { \ | 302 | 248k | version, \ | 303 | 248k | 0, \ | 304 | 248k | 0, \ | 305 | 248k | ossl_quic_new, \ | 306 | 248k | ossl_quic_free, \ | 307 | 248k | ossl_quic_reset, \ | 308 | 248k | ossl_quic_init, \ | 309 | 248k | NULL /* clear */, \ | 310 | 248k | ossl_quic_deinit, \ | 311 | 248k | q_accept, \ | 312 | 248k | q_connect, \ | 313 | 248k | ossl_quic_read, \ | 314 | 248k | ossl_quic_peek, \ | 315 | 248k | ossl_quic_write, \ | 316 | 248k | NULL /* shutdown */, \ | 317 | 248k | NULL /* renegotiate */, \ | 318 | 248k | ossl_quic_renegotiate_check, \ | 319 | 248k | NULL /* read_bytes */, \ | 320 | 248k | NULL /* write_bytes */, \ | 321 | 248k | NULL /* dispatch_alert */, \ | 322 | 248k | ossl_quic_ctrl, \ | 323 | 248k | ossl_quic_ctx_ctrl, \ | 324 | 248k | ossl_quic_get_cipher_by_char, \ | 325 | 248k | NULL /* put_cipher_by_char */, \ | 326 | 248k | ossl_quic_pending, \ | 327 | 248k | ossl_quic_num_ciphers, \ | 328 | 248k | ossl_quic_get_cipher, \ | 329 | 248k | tls1_default_timeout, \ | 330 | 248k | &enc_data, \ | 331 | 248k | ssl_undefined_void_function, \ | 332 | 248k | ossl_quic_callback_ctrl, \ | 333 | 248k | ossl_quic_ctx_callback_ctrl, \ | 334 | 248k | }; \ | 335 | 248k | return &func_name##_data; \ | 336 | 248k | } |
OSSL_QUIC_client_thread_method Line | Count | Source | 300 | 140k | { \ | 301 | 140k | static const SSL_METHOD func_name##_data= { \ | 302 | 140k | version, \ | 303 | 140k | 0, \ | 304 | 140k | 0, \ | 305 | 140k | ossl_quic_new, \ | 306 | 140k | ossl_quic_free, \ | 307 | 140k | ossl_quic_reset, \ | 308 | 140k | ossl_quic_init, \ | 309 | 140k | NULL /* clear */, \ | 310 | 140k | ossl_quic_deinit, \ | 311 | 140k | q_accept, \ | 312 | 140k | q_connect, \ | 313 | 140k | ossl_quic_read, \ | 314 | 140k | ossl_quic_peek, \ | 315 | 140k | ossl_quic_write, \ | 316 | 140k | NULL /* shutdown */, \ | 317 | 140k | NULL /* renegotiate */, \ | 318 | 140k | ossl_quic_renegotiate_check, \ | 319 | 140k | NULL /* read_bytes */, \ | 320 | 140k | NULL /* write_bytes */, \ | 321 | 140k | NULL /* dispatch_alert */, \ | 322 | 140k | ossl_quic_ctrl, \ | 323 | 140k | ossl_quic_ctx_ctrl, \ | 324 | 140k | ossl_quic_get_cipher_by_char, \ | 325 | 140k | NULL /* put_cipher_by_char */, \ | 326 | 140k | ossl_quic_pending, \ | 327 | 140k | ossl_quic_num_ciphers, \ | 328 | 140k | ossl_quic_get_cipher, \ | 329 | 140k | tls1_default_timeout, \ | 330 | 140k | &enc_data, \ | 331 | 140k | ssl_undefined_void_function, \ | 332 | 140k | ossl_quic_callback_ctrl, \ | 333 | 140k | ossl_quic_ctx_callback_ctrl, \ | 334 | 140k | }; \ | 335 | 140k | return &func_name##_data; \ | 336 | 140k | } |
|
337 | | |
338 | | #endif |