2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OSSL_QUIC_LOCAL_H
11 # define OSSL_QUIC_LOCAL_H
13 # include <openssl/ssl.h>
14 # include "internal/quic_ssl.h" /* QUIC_CONNECTION */
15 # include "internal/quic_txp.h"
16 # include "internal/quic_statm.h"
17 # include "internal/quic_demux.h"
18 # include "internal/quic_record_rx.h"
19 # include "internal/quic_tls.h"
20 # include "internal/quic_fc.h"
21 # include "internal/quic_stream.h"
22 # include "internal/quic_channel.h"
23 # include "internal/quic_reactor.h"
24 # include "internal/quic_thread_assist.h"
25 # include "../ssl_local.h"
27 # ifndef OPENSSL_NO_QUIC
30 * QUIC stream SSL object (QSSO) type. This implements the API personality layer
31 * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking
32 * state required by the libssl API personality.
35 /* SSL object common header. */
38 /* The connection this stream is associated with. Always non-NULL. */
39 QUIC_CONNECTION
*conn
;
41 /* The stream object. Always non-NULL for as long as the XSO exists. */
45 * Has this stream been logically configured into blocking mode? Only
46 * meaningful if desires_blocking_set is 1. Ignored if blocking is not
47 * currently possible given QUIC_CONNECTION configuration.
49 unsigned int desires_blocking
: 1;
52 * Has SSL_set_blocking_mode been called on this stream? If not set, we
53 * inherit from the QUIC_CONNECTION blocking state.
55 unsigned int desires_blocking_set
: 1;
58 * This state tracks SSL_write all-or-nothing (AON) write semantics
63 * t=0: aon_write_in_progress=0
64 * t=1: SSL_write(ssl, b1, l1) called;
65 * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
66 * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
67 * aon_buf_pos < l1 (depends on how much room was in sstream);
68 * t=2: SSL_write(ssl, b2, l2);
69 * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
70 * l2 must equal l1 (always validated)
71 * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
72 * if done, aon_write_in_progess=0
75 /* Is an AON write in progress? */
76 unsigned int aon_write_in_progress
: 1;
78 * The base buffer pointer the caller passed us for the initial AON write
79 * call. We use this for validation purposes unless
80 * ACCEPT_MOVING_WRITE_BUFFER is enabled.
82 * NOTE: We never dereference this, as the caller might pass a different
83 * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
84 * validation by pointer comparison only.
86 const unsigned char *aon_buf_base
;
87 /* The total length of the AON buffer being sent, in bytes. */
90 * The position in the AON buffer up to which we have successfully sent data
102 * Last 'normal' error during an app-level I/O operation, used by
103 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
104 * and SSL_ERROR_WANT_WRITE.
109 struct quic_conn_st
{
111 * ssl_st is a common header for ordinary SSL objects, QUIC connection
112 * objects and QUIC stream objects, allowing objects of these different
113 * types to be disambiguated at runtime and providing some common fields.
115 * Note: This must come first in the QUIC_CONNECTION structure.
122 * The QUIC channel providing the core QUIC connection implementation. Note
123 * that this is not instantiated until we actually start trying to do the
124 * handshake. This is to allow us to gather information like whether we are
125 * going to be in client or server mode before committing to instantiating
126 * the channel, since we want to determine the channel arguments based on
129 * The channel remains available after connection termination until the SSL
130 * object is freed, thus (ch != NULL) iff (started == 1).
135 * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but
136 * provide it to the channel.
141 * If we have a default stream attached, this is the internal XSO
142 * object. If there is no default stream, this is NULL.
144 QUIC_XSO
*default_xso
;
146 /* The network read and write BIOs. */
147 BIO
*net_rbio
, *net_wbio
;
149 /* Initial peer L4 address. */
150 BIO_ADDR init_peer_addr
;
152 # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST
153 /* Manages thread for QUIC thread assisted mode. */
154 QUIC_THREAD_ASSIST thread_assist
;
157 /* If non-NULL, used instead of ossl_time_now(). Used for testing. */
158 OSSL_TIME (*override_now_cb
)(void *arg
);
159 void *override_now_cb_arg
;
161 /* Number of XSOs allocated. Includes the default XSO, if any. */
164 /* Have we started? */
165 unsigned int started
: 1;
168 * This is 1 if we were instantiated using a QUIC server method
171 unsigned int as_server
: 1;
174 * Has the application called SSL_set_accept_state? We require this to be
175 * congruent with the value of as_server.
177 unsigned int as_server_state
: 1;
179 /* Are we using thread assisted mode? Never changes after init. */
180 unsigned int is_thread_assisted
: 1;
182 /* Do connection-level operations (e.g. handshakes) run in blocking mode? */
183 unsigned int blocking
: 1;
185 /* Does the application want blocking mode? */
186 unsigned int desires_blocking
: 1;
188 /* Have we created a default XSO yet? */
189 unsigned int default_xso_created
: 1;
192 * Pre-TERMINATING shutdown phase in which we are flushing streams.
193 * Monotonically transitions to 1.
194 * New streams cannot be created in this state.
196 unsigned int shutting_down
: 1;
198 /* Have we probed the BIOs for addressing support? */
199 unsigned int addressing_probe_done
: 1;
201 /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */
202 unsigned int addressed_mode_w
: 1;
203 unsigned int addressed_mode_r
: 1;
205 /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */
206 uint32_t default_stream_mode
;
208 /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
209 uint32_t default_ssl_mode
;
211 /* SSL_set_options. This is not used directly but inherited by new XSOs. */
212 uint64_t default_ssl_options
;
214 /* SSL_set_incoming_stream_policy. */
215 int incoming_stream_policy
;
216 uint64_t incoming_stream_aec
;
219 * Last 'normal' error during an app-level I/O operation, used by
220 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
221 * and SSL_ERROR_WANT_WRITE.
226 /* Internal calls to the QUIC CSM which come from various places. */
227 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION
*qc
);
230 * To be called when a protocol violation occurs. The connection is torn down
231 * with the given error code, which should be a QUIC_ERR_* value. Reason string
232 * is optional and copied if provided. frame_type should be 0 if not applicable.
234 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION
*qc
,
239 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION
*qc
,
240 OSSL_QUIC_FRAME_CONN_CLOSE
*f
);
242 int ossl_quic_trace(int write_p
, int version
, int content_type
,
243 const void *buf
, size_t msglen
, SSL
*ssl
, void *arg
);
245 # define OSSL_QUIC_ANY_VERSION 0xFFFFF
246 # define IS_QUIC_METHOD(m) \
247 ((m) == OSSL_QUIC_client_method() || \
248 (m) == OSSL_QUIC_client_thread_method())
249 # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method)
251 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
252 ((ssl) == NULL ? NULL \
253 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
254 ? (c QUIC_CONNECTION *)(ssl) \
257 # define QUIC_XSO_FROM_SSL_int(ssl, c) \
260 : (((ssl)->type == SSL_TYPE_QUIC_XSO \
261 ? (c QUIC_XSO *)(ssl) \
262 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
263 ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \
266 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
267 ((ssl) == NULL ? NULL \
268 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
269 ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
272 # define IS_QUIC(ssl) ((ssl) != NULL \
273 && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
274 || (ssl)->type == SSL_TYPE_QUIC_XSO))
276 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL
277 # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL
278 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
279 # define IS_QUIC(ssl) 0
280 # define IS_QUIC_CTX(ctx) 0
281 # define IS_QUIC_METHOD(m) 0
284 # define QUIC_CONNECTION_FROM_SSL(ssl) \
285 QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
286 # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
287 QUIC_CONNECTION_FROM_SSL_int(ssl, const)
288 # define QUIC_XSO_FROM_SSL(ssl) \
289 QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
290 # define QUIC_XSO_FROM_CONST_SSL(ssl) \
291 QUIC_XSO_FROM_SSL_int(ssl, const)
292 # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
293 SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
294 # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
295 SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
297 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
298 q_connect, enc_data) \
299 const SSL_METHOD *func_name(void) \
301 static const SSL_METHOD func_name##_data= { \
316 NULL /* shutdown */, \
317 NULL /* renegotiate */, \
318 ossl_quic_renegotiate_check, \
319 NULL /* read_bytes */, \
320 NULL /* write_bytes */, \
321 NULL /* dispatch_alert */, \
323 ossl_quic_ctx_ctrl, \
324 ossl_quic_get_cipher_by_char, \
325 NULL /* put_cipher_by_char */, \
327 ossl_quic_num_ciphers, \
328 ossl_quic_get_cipher, \
329 tls1_default_timeout, \
331 ssl_undefined_void_function, \
332 ossl_quic_callback_ctrl, \
333 ossl_quic_ctx_callback_ctrl, \
335 return &func_name##_data; \