/*
- * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# ifndef OPENSSL_NO_QUIC
+/*
+ * QUIC stream SSL object (QSSO) type. This implements the API personality layer
+ * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking
+ * state required by the libssl API personality.
+ */
+struct quic_xso_st {
+ /* SSL object common header. */
+ struct ssl_st ssl;
+
+ /* The connection this stream is associated with. Always non-NULL. */
+ QUIC_CONNECTION *conn;
+
+ /* The stream object. Always non-NULL for as long as the XSO exists. */
+ QUIC_STREAM *stream;
+
+ /*
+ * Has this stream been logically configured into blocking mode? Only
+ * meaningful if desires_blocking_set is 1. Ignored if blocking is not
+ * currently possible given QUIC_CONNECTION configuration.
+ */
+ unsigned int desires_blocking : 1;
+
+ /*
+ * Has SSL_set_blocking_mode been called on this stream? If not set, we
+ * inherit from the QUIC_CONNECTION blocking state.
+ */
+ unsigned int desires_blocking_set : 1;
+
+ /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */
+ unsigned int retired_fin : 1;
+
+ /*
+ * The application has requested a reset. Not set for reflexive
+ * STREAM_RESETs caused by peer STOP_SENDING.
+ */
+ unsigned int requested_reset : 1;
+
+ /*
+ * This state tracks SSL_write all-or-nothing (AON) write semantics
+ * emulation.
+ *
+ * Example chronology:
+ *
+ * t=0: aon_write_in_progress=0
+ * t=1: SSL_write(ssl, b1, l1) called;
+ * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
+ * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
+ * aon_buf_pos < l1 (depends on how much room was in sstream);
+ * t=2: SSL_write(ssl, b2, l2);
+ * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
+ * l2 must equal l1 (always validated)
+ * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
+ * if done, aon_write_in_progress=0
+ *
+ */
+ /* Is an AON write in progress? */
+ unsigned int aon_write_in_progress : 1;
+
+ /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */
+ unsigned int event_handling_mode : 2;
+
+ /*
+ * The base buffer pointer the caller passed us for the initial AON write
+ * call. We use this for validation purposes unless
+ * ACCEPT_MOVING_WRITE_BUFFER is enabled.
+ *
+ * NOTE: We never dereference this, as the caller might pass a different
+ * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
+ * validation by pointer comparison only.
+ */
+ const unsigned char *aon_buf_base;
+ /* The total length of the AON buffer being sent, in bytes. */
+ size_t aon_buf_len;
+ /*
+ * The position in the AON buffer up to which we have successfully sent data
+ * so far.
+ */
+ size_t aon_buf_pos;
+
+ /* SSL_set_mode */
+ uint32_t ssl_mode;
+
+ /* SSL_set_options */
+ uint64_t ssl_options;
+
+ /*
+ * Last 'normal' error during an app-level I/O operation, used by
+ * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
+ * and SSL_ERROR_WANT_WRITE.
+ */
+ int last_error;
+};
+
struct quic_conn_st {
/*
* ssl_st is a common header for ordinary SSL objects, QUIC connection
SSL *tls;
+ /* The QUIC engine representing the QUIC event domain. */
+ QUIC_ENGINE *engine;
+
+ /* The QUIC port representing the QUIC listener and socket. */
+ QUIC_PORT *port;
+
/*
* The QUIC channel providing the core QUIC connection implementation. Note
* that this is not instantiated until we actually start trying to do the
*/
CRYPTO_MUTEX *mutex;
- /* Our single bidirectional application data stream. */
- QUIC_STREAM *stream0;
+ /*
+ * If we have a default stream attached, this is the internal XSO
+ * object. If there is no default stream, this is NULL.
+ */
+ QUIC_XSO *default_xso;
/* The network read and write BIOs. */
BIO *net_rbio, *net_wbio;
OSSL_TIME (*override_now_cb)(void *arg);
void *override_now_cb_arg;
+ /* Number of XSOs allocated. Includes the default XSO, if any. */
+ size_t num_xso;
+
/* Have we started? */
unsigned int started : 1;
- /* Are we in blocking mode? */
- unsigned int blocking : 1;
-
- /* Can the read and write network BIOs support blocking? */
- unsigned int can_poll_net_rbio : 1;
- unsigned int can_poll_net_wbio : 1;
-
/*
- * Has the application called SSL_set_accept_state? We do not support this
- * but track it here so we can reject a subsequent handshake call.
+ * This is 1 if we were instantiated using a QUIC server method
+ * (for future use).
*/
unsigned int as_server : 1;
+ /*
+ * Has the application called SSL_set_accept_state? We require this to be
+ * congruent with the value of as_server.
+ */
+ unsigned int as_server_state : 1;
+
/* Are we using thread assisted mode? Never changes after init. */
unsigned int is_thread_assisted : 1;
+ /* Do connection-level operations (e.g. handshakes) run in blocking mode? */
+ unsigned int blocking : 1;
+
+ /* Does the application want blocking mode? */
+ unsigned int desires_blocking : 1;
+
+ /* Have we created a default XSO yet? */
+ unsigned int default_xso_created : 1;
+
/*
- * This state tracks SSL_write all-or-nothing (AON) write semantics
- * emulation.
- *
- * Example chronology:
- *
- * t=0: aon_write_in_progress=0
- * t=1: SSL_write(ssl, b1, l1) called;
- * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
- * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
- * aon_buf_pos < l1 (depends on how much room was in sstream);
- * t=2: SSL_write(ssl, b2, l2);
- * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
- * l2 must equal l1 (always validated)
- * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
- * if done, aon_write_in_progess=0
- *
- */
- /* Is an AON write in progress? */
- unsigned int aon_write_in_progress : 1;
- /*
- * The base buffer pointer the caller passed us for the initial AON write
- * call. We use this for validation purposes unless
- * ACCEPT_MOVING_WRITE_BUFFER is enabled.
- *
- * NOTE: We never dereference this, as the caller might pass a different
- * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
- * validation by pointer comparison only.
- */
- const unsigned char *aon_buf_base;
- /* The total length of the AON buffer being sent, in bytes. */
- size_t aon_buf_len;
- /*
- * The position in the AON buffer up to which we have successfully sent data
- * so far.
+ * Pre-TERMINATING shutdown phase in which we are flushing streams.
+ * Monotonically transitions to 1.
+ * New streams cannot be created in this state.
*/
- size_t aon_buf_pos;
+ unsigned int shutting_down : 1;
- /* SSL_set_mode */
- uint32_t ssl_mode;
+ /* Have we probed the BIOs for addressing support? */
+ unsigned int addressing_probe_done : 1;
+
+ /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */
+ unsigned int addressed_mode_w : 1;
+ unsigned int addressed_mode_r : 1;
+
+ /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */
+ unsigned int event_handling_mode : 2;
+
+ /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */
+ uint32_t default_stream_mode;
+
+ /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
+ uint32_t default_ssl_mode;
+
+ /* SSL_set_options. This is not used directly but inherited by new XSOs. */
+ uint64_t default_ssl_options;
+
+ /* SSL_set_incoming_stream_policy. */
+ int incoming_stream_policy;
+ uint64_t incoming_stream_aec;
/*
* Last 'normal' error during an app-level I/O operation, used by
/*
* To be called when a protocol violation occurs. The connection is torn down
- * with the given error code, which should be a QUIC_ERR_* value. Reason string
- * is optional and copied if provided. frame_type should be 0 if not applicable.
+ * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason
+ * string is optional and copied if provided. frame_type should be 0 if not
+ * applicable.
*/
void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
uint64_t error_code,
void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
OSSL_QUIC_FRAME_CONN_CLOSE *f);
+int ossl_quic_trace(int write_p, int version, int content_type,
+ const void *buf, size_t msglen, SSL *ssl, void *arg);
+
# define OSSL_QUIC_ANY_VERSION 0xFFFFF
+# define IS_QUIC_METHOD(m) \
+ ((m) == OSSL_QUIC_client_method() || \
+ (m) == OSSL_QUIC_client_thread_method())
+# define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method)
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
? (c QUIC_CONNECTION *)(ssl) \
: NULL))
-# define QUIC_STREAM_FROM_SSL_int(ssl, c) \
- ((ssl) == NULL ? NULL \
- : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
- || (ssl)->type == SSL_TYPE_QUIC_STREAM \
- ? (c QUIC_STREAM *)(ssl) \
- : NULL))
+# define QUIC_XSO_FROM_SSL_int(ssl, c) \
+ ((ssl) == NULL \
+ ? NULL \
+ : (((ssl)->type == SSL_TYPE_QUIC_XSO \
+ ? (c QUIC_XSO *)(ssl) \
+ : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
+ ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \
+ : NULL))))
# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
: NULL))
+
+# define IS_QUIC(ssl) ((ssl) != NULL \
+ && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
+ || (ssl)->type == SSL_TYPE_QUIC_XSO))
# else
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL
-# define QUIC_STREAM_FROM_SSL_int(ssl, c) NULL
+# define QUIC_XSO_FROM_SSL_int(ssl, c) NULL
# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
+# define IS_QUIC(ssl) 0
+# define IS_QUIC_CTX(ctx) 0
+# define IS_QUIC_METHOD(m) 0
# endif
# define QUIC_CONNECTION_FROM_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, const)
-# define QUIC_STREAM_FROM_SSL(ssl) \
- QUIC_STREAM_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
-# define QUIC_STREAM_FROM_CONST_SSL(ssl) \
- QUIC_STREAM_FROM_SSL_int(ssl, const)
+# define QUIC_XSO_FROM_SSL(ssl) \
+ QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
+# define QUIC_XSO_FROM_CONST_SSL(ssl) \
+ QUIC_XSO_FROM_SSL_int(ssl, const)
# define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
ossl_quic_free, \
ossl_quic_reset, \
ossl_quic_init, \
- ossl_quic_clear, \
+ NULL /* clear */, \
ossl_quic_deinit, \
q_accept, \
q_connect, \
NULL /* dispatch_alert */, \
ossl_quic_ctrl, \
ossl_quic_ctx_ctrl, \
- NULL /* get_cipher_by_char */, \
+ ossl_quic_get_cipher_by_char, \
NULL /* put_cipher_by_char */, \
ossl_quic_pending, \
ossl_quic_num_ciphers, \
projects / thirdparty / openssl.git / blobdiff