]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_local.h
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright year updates
[thirdparty/openssl.git] / ssl / quic / quic_local.h
1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef OSSL_QUIC_LOCAL_H
11 # define OSSL_QUIC_LOCAL_H
12
13 # include <openssl/ssl.h>
14 # include "internal/quic_ssl.h" /* QUIC_CONNECTION */
15 # include "internal/quic_txp.h"
16 # include "internal/quic_statm.h"
17 # include "internal/quic_demux.h"
18 # include "internal/quic_record_rx.h"
19 # include "internal/quic_tls.h"
20 # include "internal/quic_fc.h"
21 # include "internal/quic_stream.h"
22 # include "internal/quic_channel.h"
23 # include "internal/quic_reactor.h"
24 # include "internal/quic_thread_assist.h"
25 # include "../ssl_local.h"
26
27 # ifndef OPENSSL_NO_QUIC
28
29 /*
30 * QUIC stream SSL object (QSSO) type. This implements the API personality layer
31 * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking
32 * state required by the libssl API personality.
33 */
34 struct quic_xso_st {
35 /* SSL object common header. */
36 struct ssl_st ssl;
37
38 /* The connection this stream is associated with. Always non-NULL. */
39 QUIC_CONNECTION *conn;
40
41 /* The stream object. Always non-NULL for as long as the XSO exists. */
42 QUIC_STREAM *stream;
43
44 /*
45 * Has this stream been logically configured into blocking mode? Only
46 * meaningful if desires_blocking_set is 1. Ignored if blocking is not
47 * currently possible given QUIC_CONNECTION configuration.
48 */
49 unsigned int desires_blocking : 1;
50
51 /*
52 * Has SSL_set_blocking_mode been called on this stream? If not set, we
53 * inherit from the QUIC_CONNECTION blocking state.
54 */
55 unsigned int desires_blocking_set : 1;
56
57 /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */
58 unsigned int retired_fin : 1;
59
60 /*
61 * The application has requested a reset. Not set for reflexive
62 * STREAM_RESETs caused by peer STOP_SENDING.
63 */
64 unsigned int requested_reset : 1;
65
66 /*
67 * This state tracks SSL_write all-or-nothing (AON) write semantics
68 * emulation.
69 *
70 * Example chronology:
71 *
72 * t=0: aon_write_in_progress=0
73 * t=1: SSL_write(ssl, b1, l1) called;
74 * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
75 * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
76 * aon_buf_pos < l1 (depends on how much room was in sstream);
77 * t=2: SSL_write(ssl, b2, l2);
78 * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
79 * l2 must equal l1 (always validated)
80 * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
81 * if done, aon_write_in_progress=0
82 *
83 */
84 /* Is an AON write in progress? */
85 unsigned int aon_write_in_progress : 1;
86
87 /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */
88 unsigned int event_handling_mode : 2;
89
90 /*
91 * The base buffer pointer the caller passed us for the initial AON write
92 * call. We use this for validation purposes unless
93 * ACCEPT_MOVING_WRITE_BUFFER is enabled.
94 *
95 * NOTE: We never dereference this, as the caller might pass a different
96 * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
97 * validation by pointer comparison only.
98 */
99 const unsigned char *aon_buf_base;
100 /* The total length of the AON buffer being sent, in bytes. */
101 size_t aon_buf_len;
102 /*
103 * The position in the AON buffer up to which we have successfully sent data
104 * so far.
105 */
106 size_t aon_buf_pos;
107
108 /* SSL_set_mode */
109 uint32_t ssl_mode;
110
111 /* SSL_set_options */
112 uint64_t ssl_options;
113
114 /*
115 * Last 'normal' error during an app-level I/O operation, used by
116 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
117 * and SSL_ERROR_WANT_WRITE.
118 */
119 int last_error;
120 };
121
122 struct quic_conn_st {
123 /*
124 * ssl_st is a common header for ordinary SSL objects, QUIC connection
125 * objects and QUIC stream objects, allowing objects of these different
126 * types to be disambiguated at runtime and providing some common fields.
127 *
128 * Note: This must come first in the QUIC_CONNECTION structure.
129 */
130 struct ssl_st ssl;
131
132 SSL *tls;
133
134 /* The QUIC engine representing the QUIC event domain. */
135 QUIC_ENGINE *engine;
136
137 /* The QUIC port representing the QUIC listener and socket. */
138 QUIC_PORT *port;
139
140 /*
141 * The QUIC channel providing the core QUIC connection implementation. Note
142 * that this is not instantiated until we actually start trying to do the
143 * handshake. This is to allow us to gather information like whether we are
144 * going to be in client or server mode before committing to instantiating
145 * the channel, since we want to determine the channel arguments based on
146 * that.
147 *
148 * The channel remains available after connection termination until the SSL
149 * object is freed, thus (ch != NULL) iff (started == 1).
150 */
151 QUIC_CHANNEL *ch;
152
153 /*
154 * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but
155 * provide it to the channel.
156 */
157 CRYPTO_MUTEX *mutex;
158
159 /*
160 * If we have a default stream attached, this is the internal XSO
161 * object. If there is no default stream, this is NULL.
162 */
163 QUIC_XSO *default_xso;
164
165 /* The network read and write BIOs. */
166 BIO *net_rbio, *net_wbio;
167
168 /* Initial peer L4 address. */
169 BIO_ADDR init_peer_addr;
170
171 # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST
172 /* Manages thread for QUIC thread assisted mode. */
173 QUIC_THREAD_ASSIST thread_assist;
174 # endif
175
176 /* If non-NULL, used instead of ossl_time_now(). Used for testing. */
177 OSSL_TIME (*override_now_cb)(void *arg);
178 void *override_now_cb_arg;
179
180 /* Number of XSOs allocated. Includes the default XSO, if any. */
181 size_t num_xso;
182
183 /* Have we started? */
184 unsigned int started : 1;
185
186 /*
187 * This is 1 if we were instantiated using a QUIC server method
188 * (for future use).
189 */
190 unsigned int as_server : 1;
191
192 /*
193 * Has the application called SSL_set_accept_state? We require this to be
194 * congruent with the value of as_server.
195 */
196 unsigned int as_server_state : 1;
197
198 /* Are we using thread assisted mode? Never changes after init. */
199 unsigned int is_thread_assisted : 1;
200
201 /* Do connection-level operations (e.g. handshakes) run in blocking mode? */
202 unsigned int blocking : 1;
203
204 /* Does the application want blocking mode? */
205 unsigned int desires_blocking : 1;
206
207 /* Have we created a default XSO yet? */
208 unsigned int default_xso_created : 1;
209
210 /*
211 * Pre-TERMINATING shutdown phase in which we are flushing streams.
212 * Monotonically transitions to 1.
213 * New streams cannot be created in this state.
214 */
215 unsigned int shutting_down : 1;
216
217 /* Have we probed the BIOs for addressing support? */
218 unsigned int addressing_probe_done : 1;
219
220 /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */
221 unsigned int addressed_mode_w : 1;
222 unsigned int addressed_mode_r : 1;
223
224 /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */
225 unsigned int event_handling_mode : 2;
226
227 /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */
228 uint32_t default_stream_mode;
229
230 /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
231 uint32_t default_ssl_mode;
232
233 /* SSL_set_options. This is not used directly but inherited by new XSOs. */
234 uint64_t default_ssl_options;
235
236 /* SSL_set_incoming_stream_policy. */
237 int incoming_stream_policy;
238 uint64_t incoming_stream_aec;
239
240 /*
241 * Last 'normal' error during an app-level I/O operation, used by
242 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
243 * and SSL_ERROR_WANT_WRITE.
244 */
245 int last_error;
246 };
247
248 /* Internal calls to the QUIC CSM which come from various places. */
249 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc);
250
251 /*
252 * To be called when a protocol violation occurs. The connection is torn down
253 * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason
254 * string is optional and copied if provided. frame_type should be 0 if not
255 * applicable.
256 */
257 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
258 uint64_t error_code,
259 uint64_t frame_type,
260 const char *reason);
261
262 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
263 OSSL_QUIC_FRAME_CONN_CLOSE *f);
264
265 int ossl_quic_trace(int write_p, int version, int content_type,
266 const void *buf, size_t msglen, SSL *ssl, void *arg);
267
268 # define OSSL_QUIC_ANY_VERSION 0xFFFFF
269 # define IS_QUIC_METHOD(m) \
270 ((m) == OSSL_QUIC_client_method() || \
271 (m) == OSSL_QUIC_client_thread_method())
272 # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method)
273
274 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
275 ((ssl) == NULL ? NULL \
276 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
277 ? (c QUIC_CONNECTION *)(ssl) \
278 : NULL))
279
280 # define QUIC_XSO_FROM_SSL_int(ssl, c) \
281 ((ssl) == NULL \
282 ? NULL \
283 : (((ssl)->type == SSL_TYPE_QUIC_XSO \
284 ? (c QUIC_XSO *)(ssl) \
285 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
286 ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \
287 : NULL))))
288
289 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
290 ((ssl) == NULL ? NULL \
291 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
292 ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
293 : NULL))
294
295 # define IS_QUIC(ssl) ((ssl) != NULL \
296 && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
297 || (ssl)->type == SSL_TYPE_QUIC_XSO))
298 # else
299 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL
300 # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL
301 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
302 # define IS_QUIC(ssl) 0
303 # define IS_QUIC_CTX(ctx) 0
304 # define IS_QUIC_METHOD(m) 0
305 # endif
306
307 # define QUIC_CONNECTION_FROM_SSL(ssl) \
308 QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
309 # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
310 QUIC_CONNECTION_FROM_SSL_int(ssl, const)
311 # define QUIC_XSO_FROM_SSL(ssl) \
312 QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
313 # define QUIC_XSO_FROM_CONST_SSL(ssl) \
314 QUIC_XSO_FROM_SSL_int(ssl, const)
315 # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
316 SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
317 # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
318 SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
319
320 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
321 q_connect, enc_data) \
322 const SSL_METHOD *func_name(void) \
323 { \
324 static const SSL_METHOD func_name##_data= { \
325 version, \
326 0, \
327 0, \
328 ossl_quic_new, \
329 ossl_quic_free, \
330 ossl_quic_reset, \
331 ossl_quic_init, \
332 NULL /* clear */, \
333 ossl_quic_deinit, \
334 q_accept, \
335 q_connect, \
336 ossl_quic_read, \
337 ossl_quic_peek, \
338 ossl_quic_write, \
339 NULL /* shutdown */, \
340 NULL /* renegotiate */, \
341 ossl_quic_renegotiate_check, \
342 NULL /* read_bytes */, \
343 NULL /* write_bytes */, \
344 NULL /* dispatch_alert */, \
345 ossl_quic_ctrl, \
346 ossl_quic_ctx_ctrl, \
347 ossl_quic_get_cipher_by_char, \
348 NULL /* put_cipher_by_char */, \
349 ossl_quic_pending, \
350 ossl_quic_num_ciphers, \
351 ossl_quic_get_cipher, \
352 tls1_default_timeout, \
353 &enc_data, \
354 ssl_undefined_void_function, \
355 ossl_quic_callback_ctrl, \
356 ossl_quic_ctx_callback_ctrl, \
357 }; \
358 return &func_name##_data; \
359 }
360
361 #endif
A mirror of the official openssl repository