]>
Commit | Line | Data |
---|---|---|
99e1cc7b | 1 | /* |
b6461792 | 2 | * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. |
99e1cc7b TM |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #ifndef OSSL_QUIC_LOCAL_H | |
11 | # define OSSL_QUIC_LOCAL_H | |
12 | ||
13 | # include <openssl/ssl.h> | |
d5ab48a1 | 14 | # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ |
22d53c88 HL |
15 | # include "internal/quic_txp.h" |
16 | # include "internal/quic_statm.h" | |
17 | # include "internal/quic_demux.h" | |
18 | # include "internal/quic_record_rx.h" | |
2723d705 | 19 | # include "internal/quic_tls.h" |
a17c713a TM |
20 | # include "internal/quic_fc.h" |
21 | # include "internal/quic_stream.h" | |
22d53c88 HL |
22 | # include "internal/quic_channel.h" |
23 | # include "internal/quic_reactor.h" | |
f2f7c4f1 | 24 | # include "internal/quic_thread_assist.h" |
99e1cc7b TM |
25 | # include "../ssl_local.h" |
26 | ||
22d53c88 | 27 | # ifndef OPENSSL_NO_QUIC |
a17c713a | 28 | |
cb5c208b | 29 | /* |
571aff4b | 30 | * QUIC stream SSL object (QSSO) type. This implements the API personality layer |
cb5c208b HL |
31 | * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking |
32 | * state required by the libssl API personality. | |
33 | */ | |
34 | struct quic_xso_st { | |
35 | /* SSL object common header. */ | |
36 | struct ssl_st ssl; | |
37 | ||
38 | /* The connection this stream is associated with. Always non-NULL. */ | |
39 | QUIC_CONNECTION *conn; | |
40 | ||
41 | /* The stream object. Always non-NULL for as long as the XSO exists. */ | |
42 | QUIC_STREAM *stream; | |
43 | ||
51e671e2 HL |
44 | /* |
45 | * Has this stream been logically configured into blocking mode? Only | |
46 | * meaningful if desires_blocking_set is 1. Ignored if blocking is not | |
47 | * currently possible given QUIC_CONNECTION configuration. | |
48 | */ | |
49 | unsigned int desires_blocking : 1; | |
50 | ||
51 | /* | |
52 | * Has SSL_set_blocking_mode been called on this stream? If not set, we | |
53 | * inherit from the QUIC_CONNECTION blocking state. | |
54 | */ | |
55 | unsigned int desires_blocking_set : 1; | |
cb5c208b | 56 | |
6ba77d67 HL |
57 | /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */ |
58 | unsigned int retired_fin : 1; | |
59 | ||
60 | /* | |
61 | * The application has requested a reset. Not set for reflexive | |
62 | * STREAM_RESETs caused by peer STOP_SENDING. | |
63 | */ | |
64 | unsigned int requested_reset : 1; | |
65 | ||
cb5c208b HL |
66 | /* |
67 | * This state tracks SSL_write all-or-nothing (AON) write semantics | |
68 | * emulation. | |
69 | * | |
70 | * Example chronology: | |
71 | * | |
72 | * t=0: aon_write_in_progress=0 | |
73 | * t=1: SSL_write(ssl, b1, l1) called; | |
74 | * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; | |
75 | * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; | |
76 | * aon_buf_pos < l1 (depends on how much room was in sstream); | |
77 | * t=2: SSL_write(ssl, b2, l2); | |
78 | * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) | |
79 | * l2 must equal l1 (always validated) | |
80 | * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) | |
10fe5e29 | 81 | * if done, aon_write_in_progress=0 |
cb5c208b HL |
82 | * |
83 | */ | |
84 | /* Is an AON write in progress? */ | |
85 | unsigned int aon_write_in_progress : 1; | |
965f68f3 HL |
86 | |
87 | /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ | |
88 | unsigned int event_handling_mode : 2; | |
89 | ||
cb5c208b HL |
90 | /* |
91 | * The base buffer pointer the caller passed us for the initial AON write | |
92 | * call. We use this for validation purposes unless | |
93 | * ACCEPT_MOVING_WRITE_BUFFER is enabled. | |
94 | * | |
95 | * NOTE: We never dereference this, as the caller might pass a different | |
96 | * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for | |
97 | * validation by pointer comparison only. | |
98 | */ | |
99 | const unsigned char *aon_buf_base; | |
100 | /* The total length of the AON buffer being sent, in bytes. */ | |
101 | size_t aon_buf_len; | |
102 | /* | |
103 | * The position in the AON buffer up to which we have successfully sent data | |
104 | * so far. | |
105 | */ | |
106 | size_t aon_buf_pos; | |
107 | ||
108 | /* SSL_set_mode */ | |
109 | uint32_t ssl_mode; | |
faa3a180 | 110 | |
db2f98c4 HL |
111 | /* SSL_set_options */ |
112 | uint64_t ssl_options; | |
113 | ||
faa3a180 HL |
114 | /* |
115 | * Last 'normal' error during an app-level I/O operation, used by | |
116 | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ | |
117 | * and SSL_ERROR_WANT_WRITE. | |
118 | */ | |
119 | int last_error; | |
cb5c208b HL |
120 | }; |
121 | ||
a17c713a | 122 | struct quic_conn_st { |
22d53c88 HL |
123 | /* |
124 | * ssl_st is a common header for ordinary SSL objects, QUIC connection | |
125 | * objects and QUIC stream objects, allowing objects of these different | |
126 | * types to be disambiguated at runtime and providing some common fields. | |
127 | * | |
128 | * Note: This must come first in the QUIC_CONNECTION structure. | |
129 | */ | |
130 | struct ssl_st ssl; | |
131 | ||
132 | SSL *tls; | |
133 | ||
22739cc3 HL |
134 | /* The QUIC engine representing the QUIC event domain. */ |
135 | QUIC_ENGINE *engine; | |
136 | ||
f7671012 HL |
137 | /* The QUIC port representing the QUIC listener and socket. */ |
138 | QUIC_PORT *port; | |
139 | ||
22d53c88 HL |
140 | /* |
141 | * The QUIC channel providing the core QUIC connection implementation. Note | |
142 | * that this is not instantiated until we actually start trying to do the | |
143 | * handshake. This is to allow us to gather information like whether we are | |
144 | * going to be in client or server mode before committing to instantiating | |
145 | * the channel, since we want to determine the channel arguments based on | |
146 | * that. | |
147 | * | |
148 | * The channel remains available after connection termination until the SSL | |
149 | * object is freed, thus (ch != NULL) iff (started == 1). | |
150 | */ | |
151 | QUIC_CHANNEL *ch; | |
152 | ||
4847599b HL |
153 | /* |
154 | * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but | |
155 | * provide it to the channel. | |
156 | */ | |
c4208a6a | 157 | CRYPTO_MUTEX *mutex; |
4847599b | 158 | |
cb5c208b HL |
159 | /* |
160 | * If we have a default stream attached, this is the internal XSO | |
161 | * object. If there is no default stream, this is NULL. | |
162 | */ | |
163 | QUIC_XSO *default_xso; | |
22d53c88 HL |
164 | |
165 | /* The network read and write BIOs. */ | |
166 | BIO *net_rbio, *net_wbio; | |
167 | ||
168 | /* Initial peer L4 address. */ | |
169 | BIO_ADDR init_peer_addr; | |
170 | ||
9cf091a3 | 171 | # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST |
f2f7c4f1 HL |
172 | /* Manages thread for QUIC thread assisted mode. */ |
173 | QUIC_THREAD_ASSIST thread_assist; | |
9cf091a3 | 174 | # endif |
f2f7c4f1 | 175 | |
b212d554 HL |
176 | /* If non-NULL, used instead of ossl_time_now(). Used for testing. */ |
177 | OSSL_TIME (*override_now_cb)(void *arg); | |
178 | void *override_now_cb_arg; | |
179 | ||
2dbc39de HL |
180 | /* Number of XSOs allocated. Includes the default XSO, if any. */ |
181 | size_t num_xso; | |
182 | ||
22d53c88 HL |
183 | /* Have we started? */ |
184 | unsigned int started : 1; | |
185 | ||
22d53c88 | 186 | /* |
dfb9ae14 HL |
187 | * This is 1 if we were instantiated using a QUIC server method |
188 | * (for future use). | |
22d53c88 HL |
189 | */ |
190 | unsigned int as_server : 1; | |
191 | ||
dfb9ae14 HL |
192 | /* |
193 | * Has the application called SSL_set_accept_state? We require this to be | |
194 | * congruent with the value of as_server. | |
195 | */ | |
196 | unsigned int as_server_state : 1; | |
197 | ||
f2f7c4f1 HL |
198 | /* Are we using thread assisted mode? Never changes after init. */ |
199 | unsigned int is_thread_assisted : 1; | |
200 | ||
cb5c208b HL |
201 | /* Do connection-level operations (e.g. handshakes) run in blocking mode? */ |
202 | unsigned int blocking : 1; | |
22d53c88 | 203 | |
51e671e2 HL |
204 | /* Does the application want blocking mode? */ |
205 | unsigned int desires_blocking : 1; | |
cb5c208b | 206 | |
21c80696 HL |
207 | /* Have we created a default XSO yet? */ |
208 | unsigned int default_xso_created : 1; | |
209 | ||
8a2e9aba HL |
210 | /* |
211 | * Pre-TERMINATING shutdown phase in which we are flushing streams. | |
212 | * Monotonically transitions to 1. | |
213 | * New streams cannot be created in this state. | |
214 | */ | |
215 | unsigned int shutting_down : 1; | |
216 | ||
62665fc2 HL |
217 | /* Have we probed the BIOs for addressing support? */ |
218 | unsigned int addressing_probe_done : 1; | |
219 | ||
220 | /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ | |
3760747f HL |
221 | unsigned int addressed_mode_w : 1; |
222 | unsigned int addressed_mode_r : 1; | |
62665fc2 | 223 | |
965f68f3 HL |
224 | /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ |
225 | unsigned int event_handling_mode : 2; | |
226 | ||
8b7be3aa HL |
227 | /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ |
228 | uint32_t default_stream_mode; | |
229 | ||
cb5c208b HL |
230 | /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ |
231 | uint32_t default_ssl_mode; | |
22d53c88 | 232 | |
db2f98c4 HL |
233 | /* SSL_set_options. This is not used directly but inherited by new XSOs. */ |
234 | uint64_t default_ssl_options; | |
235 | ||
83df44ae HL |
236 | /* SSL_set_incoming_stream_policy. */ |
237 | int incoming_stream_policy; | |
238 | uint64_t incoming_stream_aec; | |
8a90df34 | 239 | |
22d53c88 HL |
240 | /* |
241 | * Last 'normal' error during an app-level I/O operation, used by | |
242 | * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ | |
243 | * and SSL_ERROR_WANT_WRITE. | |
244 | */ | |
245 | int last_error; | |
d5ab48a1 | 246 | }; |
38b051a1 | 247 | |
22d53c88 HL |
248 | /* Internal calls to the QUIC CSM which come from various places. */ |
249 | int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); | |
250 | ||
251 | /* | |
252 | * To be called when a protocol violation occurs. The connection is torn down | |
4b4b9c9e HL |
253 | * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason |
254 | * string is optional and copied if provided. frame_type should be 0 if not | |
255 | * applicable. | |
22d53c88 HL |
256 | */ |
257 | void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, | |
258 | uint64_t error_code, | |
259 | uint64_t frame_type, | |
260 | const char *reason); | |
261 | ||
262 | void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, | |
263 | OSSL_QUIC_FRAME_CONN_CLOSE *f); | |
264 | ||
45aac107 MC |
265 | int ossl_quic_trace(int write_p, int version, int content_type, |
266 | const void *buf, size_t msglen, SSL *ssl, void *arg); | |
267 | ||
d6e7ebba HL |
268 | # define OSSL_QUIC_ANY_VERSION 0xFFFFF |
269 | # define IS_QUIC_METHOD(m) \ | |
270 | ((m) == OSSL_QUIC_client_method() || \ | |
271 | (m) == OSSL_QUIC_client_thread_method()) | |
09d56d20 | 272 | # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method) |
22d53c88 HL |
273 | |
274 | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ | |
275 | ((ssl) == NULL ? NULL \ | |
276 | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ | |
277 | ? (c QUIC_CONNECTION *)(ssl) \ | |
278 | : NULL)) | |
279 | ||
cb5c208b HL |
280 | # define QUIC_XSO_FROM_SSL_int(ssl, c) \ |
281 | ((ssl) == NULL \ | |
282 | ? NULL \ | |
283 | : (((ssl)->type == SSL_TYPE_QUIC_XSO \ | |
284 | ? (c QUIC_XSO *)(ssl) \ | |
285 | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ | |
286 | ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \ | |
287 | : NULL)))) | |
22d53c88 HL |
288 | |
289 | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \ | |
290 | ((ssl) == NULL ? NULL \ | |
291 | : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ | |
292 | ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ | |
293 | : NULL)) | |
3e5a47d4 HL |
294 | |
295 | # define IS_QUIC(ssl) ((ssl) != NULL \ | |
296 | && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ | |
297 | || (ssl)->type == SSL_TYPE_QUIC_XSO)) | |
22d53c88 HL |
298 | # else |
299 | # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL | |
f8636c7e | 300 | # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL |
22d53c88 | 301 | # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL |
3e5a47d4 | 302 | # define IS_QUIC(ssl) 0 |
d6e7ebba HL |
303 | # define IS_QUIC_CTX(ctx) 0 |
304 | # define IS_QUIC_METHOD(m) 0 | |
22d53c88 | 305 | # endif |
38b051a1 TM |
306 | |
307 | # define QUIC_CONNECTION_FROM_SSL(ssl) \ | |
308 | QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) | |
309 | # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \ | |
310 | QUIC_CONNECTION_FROM_SSL_int(ssl, const) | |
f8636c7e HL |
311 | # define QUIC_XSO_FROM_SSL(ssl) \ |
312 | QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) | |
313 | # define QUIC_XSO_FROM_CONST_SSL(ssl) \ | |
314 | QUIC_XSO_FROM_SSL_int(ssl, const) | |
38b051a1 TM |
315 | # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \ |
316 | SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST) | |
317 | # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \ | |
318 | SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const) | |
319 | ||
08e49012 TM |
320 | # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ |
321 | q_connect, enc_data) \ | |
99e1cc7b TM |
322 | const SSL_METHOD *func_name(void) \ |
323 | { \ | |
324 | static const SSL_METHOD func_name##_data= { \ | |
325 | version, \ | |
326 | 0, \ | |
327 | 0, \ | |
328 | ossl_quic_new, \ | |
99e1cc7b | 329 | ossl_quic_free, \ |
38b051a1 TM |
330 | ossl_quic_reset, \ |
331 | ossl_quic_init, \ | |
44cb36d0 | 332 | NULL /* clear */, \ |
38b051a1 | 333 | ossl_quic_deinit, \ |
08e49012 TM |
334 | q_accept, \ |
335 | q_connect, \ | |
99e1cc7b TM |
336 | ossl_quic_read, \ |
337 | ossl_quic_peek, \ | |
338 | ossl_quic_write, \ | |
e8043229 | 339 | NULL /* shutdown */, \ |
99e1cc7b | 340 | NULL /* renegotiate */, \ |
e44795bd | 341 | ossl_quic_renegotiate_check, \ |
99e1cc7b TM |
342 | NULL /* read_bytes */, \ |
343 | NULL /* write_bytes */, \ | |
344 | NULL /* dispatch_alert */, \ | |
345 | ossl_quic_ctrl, \ | |
346 | ossl_quic_ctx_ctrl, \ | |
547ea588 | 347 | ossl_quic_get_cipher_by_char, \ |
99e1cc7b TM |
348 | NULL /* put_cipher_by_char */, \ |
349 | ossl_quic_pending, \ | |
e44795bd TM |
350 | ossl_quic_num_ciphers, \ |
351 | ossl_quic_get_cipher, \ | |
22d53c88 | 352 | tls1_default_timeout, \ |
99e1cc7b TM |
353 | &enc_data, \ |
354 | ssl_undefined_void_function, \ | |
355 | ossl_quic_callback_ctrl, \ | |
356 | ossl_quic_ctx_callback_ctrl, \ | |
357 | }; \ | |
358 | return &func_name##_data; \ | |
359 | } | |
360 | ||
99e1cc7b | 361 | #endif |