/src/openssl/ssl/quic/quic_local.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef OSSL_QUIC_LOCAL_H |
11 | | # define OSSL_QUIC_LOCAL_H |
12 | | |
13 | | # include <openssl/ssl.h> |
14 | | # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ |
15 | | # include "internal/quic_txp.h" |
16 | | # include "internal/quic_statm.h" |
17 | | # include "internal/quic_demux.h" |
18 | | # include "internal/quic_record_rx.h" |
19 | | # include "internal/quic_tls.h" |
20 | | # include "internal/quic_fc.h" |
21 | | # include "internal/quic_stream.h" |
22 | | # include "internal/quic_channel.h" |
23 | | # include "internal/quic_reactor.h" |
24 | | # include "internal/quic_thread_assist.h" |
25 | | # include "../ssl_local.h" |
26 | | # include "quic_obj_local.h" |
27 | | |
28 | | # ifndef OPENSSL_NO_QUIC |
29 | | |
30 | | /* |
31 | | * QUIC stream SSL object (QSSO) type. This implements the API personality layer |
32 | | * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking |
33 | | * state required by the libssl API personality. |
34 | | */ |
35 | | struct quic_xso_st { |
36 | | /* QUIC_OBJ common header, including SSL object common header. */ |
37 | | QUIC_OBJ obj; |
38 | | |
39 | | /* The connection this stream is associated with. Always non-NULL. */ |
40 | | QUIC_CONNECTION *conn; |
41 | | |
42 | | /* The stream object. Always non-NULL for as long as the XSO exists. */ |
43 | | QUIC_STREAM *stream; |
44 | | |
45 | | /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */ |
46 | | unsigned int retired_fin : 1; |
47 | | |
48 | | /* |
49 | | * The application has requested a reset. Not set for reflexive |
50 | | * STREAM_RESETs caused by peer STOP_SENDING. |
51 | | */ |
52 | | unsigned int requested_reset : 1; |
53 | | |
54 | | /* |
55 | | * This state tracks SSL_write all-or-nothing (AON) write semantics |
56 | | * emulation. |
57 | | * |
58 | | * Example chronology: |
59 | | * |
60 | | * t=0: aon_write_in_progress=0 |
61 | | * t=1: SSL_write(ssl, b1, l1) called; |
62 | | * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; |
63 | | * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; |
64 | | * aon_buf_pos < l1 (depends on how much room was in sstream); |
65 | | * t=2: SSL_write(ssl, b2, l2); |
66 | | * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) |
67 | | * l2 must equal l1 (always validated) |
68 | | * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) |
69 | | * if done, aon_write_in_progress=0 |
70 | | * |
71 | | */ |
72 | | /* Is an AON write in progress? */ |
73 | | unsigned int aon_write_in_progress : 1; |
74 | | |
75 | | /* |
76 | | * The base buffer pointer the caller passed us for the initial AON write |
77 | | * call. We use this for validation purposes unless |
78 | | * ACCEPT_MOVING_WRITE_BUFFER is enabled. |
79 | | * |
80 | | * NOTE: We never dereference this, as the caller might pass a different |
81 | | * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for |
82 | | * validation by pointer comparison only. |
83 | | */ |
84 | | const unsigned char *aon_buf_base; |
85 | | /* The total length of the AON buffer being sent, in bytes. */ |
86 | | size_t aon_buf_len; |
87 | | /* |
88 | | * The position in the AON buffer up to which we have successfully sent data |
89 | | * so far. |
90 | | */ |
91 | | size_t aon_buf_pos; |
92 | | |
93 | | /* SSL_set_mode */ |
94 | | uint32_t ssl_mode; |
95 | | |
96 | | /* SSL_set_options */ |
97 | | uint64_t ssl_options; |
98 | | |
99 | | /* |
100 | | * Last 'normal' error during an app-level I/O operation, used by |
101 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
102 | | * and SSL_ERROR_WANT_WRITE. |
103 | | */ |
104 | | int last_error; |
105 | | }; |
106 | | |
107 | | /* |
108 | | * QUIC connection SSL object (QCSO) type. This implements the API personality |
109 | | * layer for QCSO objects, wrapping the QUIC-native QUIC_CHANNEL object. |
110 | | */ |
111 | | struct quic_conn_st { |
112 | | /* |
113 | | * QUIC_OBJ is a common header for QUIC APL objects, allowing objects of |
114 | | * these different types to be disambiguated at runtime and providing some |
115 | | * common fields. |
116 | | * |
117 | | * Note: This must come first in the QUIC_CONNECTION structure. |
118 | | */ |
119 | | QUIC_OBJ obj; |
120 | | |
121 | | SSL *tls; |
122 | | |
123 | | /* The QLSO this connection belongs to, if any. */ |
124 | | QUIC_LISTENER *listener; |
125 | | |
126 | | /* The QDSO this connection belongs to, if any. */ |
127 | | QUIC_DOMAIN *domain; |
128 | | |
129 | | /* The QUIC engine representing the QUIC event domain. */ |
130 | | QUIC_ENGINE *engine; |
131 | | |
132 | | /* The QUIC port representing the QUIC listener and socket. */ |
133 | | QUIC_PORT *port; |
134 | | |
135 | | /* |
136 | | * The QUIC channel providing the core QUIC connection implementation. Note |
137 | | * that this is not instantiated until we actually start trying to do the |
138 | | * handshake. This is to allow us to gather information like whether we are |
139 | | * going to be in client or server mode before committing to instantiating |
140 | | * the channel, since we want to determine the channel arguments based on |
141 | | * that. |
142 | | * |
143 | | * The channel remains available after connection termination until the SSL |
144 | | * object is freed, thus (ch != NULL) iff (started == 1). |
145 | | */ |
146 | | QUIC_CHANNEL *ch; |
147 | | |
148 | | /* |
149 | | * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but |
150 | | * provide it to the channel. |
151 | | */ |
152 | | #if defined(OPENSSL_THREADS) |
153 | | CRYPTO_MUTEX *mutex; |
154 | | #endif |
155 | | |
156 | | /* |
157 | | * If we have a default stream attached, this is the internal XSO |
158 | | * object. If there is no default stream, this is NULL. |
159 | | */ |
160 | | QUIC_XSO *default_xso; |
161 | | |
162 | | /* Initial peer L4 address. */ |
163 | | BIO_ADDR init_peer_addr; |
164 | | |
165 | | # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST |
166 | | /* Manages thread for QUIC thread assisted mode. */ |
167 | | QUIC_THREAD_ASSIST thread_assist; |
168 | | # endif |
169 | | |
170 | | /* Number of XSOs allocated. Includes the default XSO, if any. */ |
171 | | size_t num_xso; |
172 | | |
173 | | /* Have we started? */ |
174 | | unsigned int started : 1; |
175 | | |
176 | | /* |
177 | | * This is 1 if we were instantiated using a QUIC server method |
178 | | * (for future use). |
179 | | */ |
180 | | unsigned int as_server : 1; |
181 | | |
182 | | /* |
183 | | * Has the application called SSL_set_accept_state? We require this to be |
184 | | * congruent with the value of as_server. |
185 | | */ |
186 | | unsigned int as_server_state : 1; |
187 | | |
188 | | /* Are we using thread assisted mode? Never changes after init. */ |
189 | | unsigned int is_thread_assisted : 1; |
190 | | |
191 | | /* Have we created a default XSO yet? */ |
192 | | unsigned int default_xso_created : 1; |
193 | | |
194 | | /* |
195 | | * Pre-TERMINATING shutdown phase in which we are flushing streams. |
196 | | * Monotonically transitions to 1. |
197 | | * New streams cannot be created in this state. |
198 | | */ |
199 | | unsigned int shutting_down : 1; |
200 | | |
201 | | /* Have we probed the BIOs for addressing support? */ |
202 | | unsigned int addressing_probe_done : 1; |
203 | | |
204 | | /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ |
205 | | unsigned int addressed_mode_w : 1; |
206 | | unsigned int addressed_mode_r : 1; |
207 | | |
208 | | /* Flag to indicate waiting on accept queue */ |
209 | | unsigned int pending : 1; |
210 | | |
211 | | /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ |
212 | | uint32_t default_stream_mode; |
213 | | |
214 | | /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ |
215 | | uint32_t default_ssl_mode; |
216 | | |
217 | | /* SSL_set_options. This is not used directly but inherited by new XSOs. */ |
218 | | uint64_t default_ssl_options; |
219 | | |
220 | | /* SSL_set_incoming_stream_policy. */ |
221 | | int incoming_stream_policy; |
222 | | uint64_t incoming_stream_aec; |
223 | | |
224 | | /* |
225 | | * Last 'normal' error during an app-level I/O operation, used by |
226 | | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ |
227 | | * and SSL_ERROR_WANT_WRITE. |
228 | | */ |
229 | | int last_error; |
230 | | }; |
231 | | |
232 | | /* |
233 | | * QUIC listener SSL object (QLSO) type. This implements the API personality |
234 | | * layer for QLSO objects, wrapping the QUIC-native QUIC_PORT object. |
235 | | */ |
236 | | struct quic_listener_st { |
237 | | /* QUIC_OBJ common header, including SSL object common header. */ |
238 | | QUIC_OBJ obj; |
239 | | |
240 | | /* The QDSO this connection belongs to, if any. */ |
241 | | QUIC_DOMAIN *domain; |
242 | | |
243 | | /* The QUIC engine representing the QUIC event domain. */ |
244 | | QUIC_ENGINE *engine; |
245 | | |
246 | | /* The QUIC port representing the QUIC listener and socket. */ |
247 | | QUIC_PORT *port; |
248 | | |
249 | | #if defined(OPENSSL_THREADS) |
250 | | /* |
251 | | * The mutex used to synchronise access to the QUIC_ENGINE. We own this but |
252 | | * provide it to the engine. |
253 | | */ |
254 | | CRYPTO_MUTEX *mutex; |
255 | | #endif |
256 | | |
257 | | /* Have we started listening yet? */ |
258 | | unsigned int listening : 1; |
259 | | }; |
260 | | |
261 | | /* |
262 | | * QUIC domain SSL object (QDSO) type. This implements the API personality layer |
263 | | * for QDSO objects, wrapping the QUIC-native QUIC_ENGINE object. |
264 | | */ |
265 | | struct quic_domain_st { |
266 | | /* QUIC_OBJ common header, including SSL object common header. */ |
267 | | QUIC_OBJ obj; |
268 | | |
269 | | /* The QUIC engine representing the QUIC event domain. */ |
270 | | QUIC_ENGINE *engine; |
271 | | |
272 | | #if defined(OPENSSL_THREADS) |
273 | | /* |
274 | | * The mutex used to synchronise access to the QUIC_ENGINE. We own this but |
275 | | * provide it to the engine. |
276 | | */ |
277 | | CRYPTO_MUTEX *mutex; |
278 | | #endif |
279 | | }; |
280 | | |
281 | | /* Internal calls to the QUIC CSM which come from various places. */ |
282 | | int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); |
283 | | |
284 | | /* |
285 | | * To be called when a protocol violation occurs. The connection is torn down |
286 | | * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason |
287 | | * string is optional and copied if provided. frame_type should be 0 if not |
288 | | * applicable. |
289 | | */ |
290 | | void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, |
291 | | uint64_t error_code, |
292 | | uint64_t frame_type, |
293 | | const char *reason); |
294 | | |
295 | | void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, |
296 | | OSSL_QUIC_FRAME_CONN_CLOSE *f); |
297 | | |
298 | | # define OSSL_QUIC_ANY_VERSION 0xFFFFF |
299 | | # endif |
300 | | |
301 | | # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ |
302 | | q_connect, enc_data) \ |
303 | | const SSL_METHOD *func_name(void) \ |
304 | 0 | { \ |
305 | 0 | static const SSL_METHOD func_name##_data= { \ |
306 | 0 | version, \ |
307 | 0 | 0, \ |
308 | 0 | 0, \ |
309 | 0 | ossl_quic_new, \ |
310 | 0 | ossl_quic_free, \ |
311 | 0 | ossl_quic_reset, \ |
312 | 0 | ossl_quic_init, \ |
313 | 0 | NULL /* clear */, \ |
314 | 0 | ossl_quic_deinit, \ |
315 | 0 | q_accept, \ |
316 | 0 | q_connect, \ |
317 | 0 | ossl_quic_read, \ |
318 | 0 | ossl_quic_peek, \ |
319 | 0 | ossl_quic_write, \ |
320 | 0 | NULL /* shutdown */, \ |
321 | 0 | NULL /* renegotiate */, \ |
322 | 0 | ossl_quic_renegotiate_check, \ |
323 | 0 | NULL /* read_bytes */, \ |
324 | 0 | NULL /* write_bytes */, \ |
325 | 0 | NULL /* dispatch_alert */, \ |
326 | 0 | ossl_quic_ctrl, \ |
327 | 0 | ossl_quic_ctx_ctrl, \ |
328 | 0 | ossl_quic_get_cipher_by_char, \ |
329 | 0 | NULL /* put_cipher_by_char */, \ |
330 | 0 | ossl_quic_pending, \ |
331 | 0 | ossl_quic_num_ciphers, \ |
332 | 0 | ossl_quic_get_cipher, \ |
333 | 0 | tls1_default_timeout, \ |
334 | 0 | &enc_data, \ |
335 | 0 | ssl_undefined_void_function, \ |
336 | 0 | ossl_quic_callback_ctrl, \ |
337 | 0 | ossl_quic_ctx_callback_ctrl, \ |
338 | 0 | }; \ |
339 | 0 | return &func_name##_data; \ |
340 | 0 | } Unexecuted instantiation: OSSL_QUIC_client_method Unexecuted instantiation: OSSL_QUIC_client_thread_method Unexecuted instantiation: OSSL_QUIC_server_method |
341 | | |
342 | | #endif |