1 /* 2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_QUIC_LOCAL_H 11 # define OSSL_QUIC_LOCAL_H 12 13 # include <openssl/ssl.h> 14 # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ 15 # include "internal/quic_txp.h" 16 # include "internal/quic_statm.h" 17 # include "internal/quic_demux.h" 18 # include "internal/quic_record_rx.h" 19 # include "internal/quic_tls.h" 20 # include "internal/quic_fc.h" 21 # include "internal/quic_stream.h" 22 # include "internal/quic_channel.h" 23 # include "internal/quic_reactor.h" 24 # include "internal/quic_thread_assist.h" 25 # include "../ssl_local.h" 26 27 # ifndef OPENSSL_NO_QUIC 28 29 /* 30 * QUIC stream SSL object (QSSO) type. This implements the API personality layer 31 * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking 32 * state required by the libssl API personality. 33 */ 34 struct quic_xso_st { 35 /* SSL object common header. */ 36 struct ssl_st ssl; 37 38 /* The connection this stream is associated with. Always non-NULL. */ 39 QUIC_CONNECTION *conn; 40 41 /* The stream object. Always non-NULL for as long as the XSO exists. */ 42 QUIC_STREAM *stream; 43 44 /* 45 * Has this stream been logically configured into blocking mode? Only 46 * meaningful if desires_blocking_set is 1. Ignored if blocking is not 47 * currently possible given QUIC_CONNECTION configuration. 48 */ 49 unsigned int desires_blocking : 1; 50 51 /* 52 * Has SSL_set_blocking_mode been called on this stream? If not set, we 53 * inherit from the QUIC_CONNECTION blocking state. 54 */ 55 unsigned int desires_blocking_set : 1; 56 57 /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */ 58 unsigned int retired_fin : 1; 59 60 /* 61 * The application has requested a reset. Not set for reflexive 62 * STREAM_RESETs caused by peer STOP_SENDING. 63 */ 64 unsigned int requested_reset : 1; 65 66 /* 67 * This state tracks SSL_write all-or-nothing (AON) write semantics 68 * emulation. 69 * 70 * Example chronology: 71 * 72 * t=0: aon_write_in_progress=0 73 * t=1: SSL_write(ssl, b1, l1) called; 74 * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; 75 * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; 76 * aon_buf_pos < l1 (depends on how much room was in sstream); 77 * t=2: SSL_write(ssl, b2, l2); 78 * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) 79 * l2 must equal l1 (always validated) 80 * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) 81 * if done, aon_write_in_progress=0 82 * 83 */ 84 /* Is an AON write in progress? */ 85 unsigned int aon_write_in_progress : 1; 86 87 /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ 88 unsigned int event_handling_mode : 2; 89 90 /* 91 * The base buffer pointer the caller passed us for the initial AON write 92 * call. We use this for validation purposes unless 93 * ACCEPT_MOVING_WRITE_BUFFER is enabled. 94 * 95 * NOTE: We never dereference this, as the caller might pass a different 96 * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for 97 * validation by pointer comparison only. 98 */ 99 const unsigned char *aon_buf_base; 100 /* The total length of the AON buffer being sent, in bytes. */ 101 size_t aon_buf_len; 102 /* 103 * The position in the AON buffer up to which we have successfully sent data 104 * so far. 105 */ 106 size_t aon_buf_pos; 107 108 /* SSL_set_mode */ 109 uint32_t ssl_mode; 110 111 /* SSL_set_options */ 112 uint64_t ssl_options; 113 114 /* 115 * Last 'normal' error during an app-level I/O operation, used by 116 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ 117 * and SSL_ERROR_WANT_WRITE. 118 */ 119 int last_error; 120 }; 121 122 struct quic_conn_st { 123 /* 124 * ssl_st is a common header for ordinary SSL objects, QUIC connection 125 * objects and QUIC stream objects, allowing objects of these different 126 * types to be disambiguated at runtime and providing some common fields. 127 * 128 * Note: This must come first in the QUIC_CONNECTION structure. 129 */ 130 struct ssl_st ssl; 131 132 SSL *tls; 133 134 /* The QUIC engine representing the QUIC event domain. */ 135 QUIC_ENGINE *engine; 136 137 /* The QUIC port representing the QUIC listener and socket. */ 138 QUIC_PORT *port; 139 140 /* 141 * The QUIC channel providing the core QUIC connection implementation. Note 142 * that this is not instantiated until we actually start trying to do the 143 * handshake. This is to allow us to gather information like whether we are 144 * going to be in client or server mode before committing to instantiating 145 * the channel, since we want to determine the channel arguments based on 146 * that. 147 * 148 * The channel remains available after connection termination until the SSL 149 * object is freed, thus (ch != NULL) iff (started == 1). 150 */ 151 QUIC_CHANNEL *ch; 152 153 /* 154 * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but 155 * provide it to the channel. 156 */ 157 CRYPTO_MUTEX *mutex; 158 159 /* 160 * If we have a default stream attached, this is the internal XSO 161 * object. If there is no default stream, this is NULL. 162 */ 163 QUIC_XSO *default_xso; 164 165 /* The network read and write BIOs. */ 166 BIO *net_rbio, *net_wbio; 167 168 /* Initial peer L4 address. */ 169 BIO_ADDR init_peer_addr; 170 171 # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST 172 /* Manages thread for QUIC thread assisted mode. */ 173 QUIC_THREAD_ASSIST thread_assist; 174 # endif 175 176 /* If non-NULL, used instead of ossl_time_now(). Used for testing. */ 177 OSSL_TIME (*override_now_cb)(void *arg); 178 void *override_now_cb_arg; 179 180 /* Number of XSOs allocated. Includes the default XSO, if any. */ 181 size_t num_xso; 182 183 /* Have we started? */ 184 unsigned int started : 1; 185 186 /* 187 * This is 1 if we were instantiated using a QUIC server method 188 * (for future use). 189 */ 190 unsigned int as_server : 1; 191 192 /* 193 * Has the application called SSL_set_accept_state? We require this to be 194 * congruent with the value of as_server. 195 */ 196 unsigned int as_server_state : 1; 197 198 /* Are we using thread assisted mode? Never changes after init. */ 199 unsigned int is_thread_assisted : 1; 200 201 /* Do connection-level operations (e.g. handshakes) run in blocking mode? */ 202 unsigned int blocking : 1; 203 204 /* Does the application want blocking mode? */ 205 unsigned int desires_blocking : 1; 206 207 /* Have we created a default XSO yet? */ 208 unsigned int default_xso_created : 1; 209 210 /* 211 * Pre-TERMINATING shutdown phase in which we are flushing streams. 212 * Monotonically transitions to 1. 213 * New streams cannot be created in this state. 214 */ 215 unsigned int shutting_down : 1; 216 217 /* Have we probed the BIOs for addressing support? */ 218 unsigned int addressing_probe_done : 1; 219 220 /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ 221 unsigned int addressed_mode_w : 1; 222 unsigned int addressed_mode_r : 1; 223 224 /* Event handling mode. One of SSL_QUIC_VALUE_EVENT_HANDLING. */ 225 unsigned int event_handling_mode : 2; 226 227 /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ 228 uint32_t default_stream_mode; 229 230 /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ 231 uint32_t default_ssl_mode; 232 233 /* SSL_set_options. This is not used directly but inherited by new XSOs. */ 234 uint64_t default_ssl_options; 235 236 /* SSL_set_incoming_stream_policy. */ 237 int incoming_stream_policy; 238 uint64_t incoming_stream_aec; 239 240 /* 241 * Last 'normal' error during an app-level I/O operation, used by 242 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ 243 * and SSL_ERROR_WANT_WRITE. 244 */ 245 int last_error; 246 }; 247 248 /* Internal calls to the QUIC CSM which come from various places. */ 249 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); 250 251 /* 252 * To be called when a protocol violation occurs. The connection is torn down 253 * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason 254 * string is optional and copied if provided. frame_type should be 0 if not 255 * applicable. 256 */ 257 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, 258 uint64_t error_code, 259 uint64_t frame_type, 260 const char *reason); 261 262 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, 263 OSSL_QUIC_FRAME_CONN_CLOSE *f); 264 265 int ossl_quic_trace(int write_p, int version, int content_type, 266 const void *buf, size_t msglen, SSL *ssl, void *arg); 267 268 # define OSSL_QUIC_ANY_VERSION 0xFFFFF 269 # define IS_QUIC_METHOD(m) \ 270 ((m) == OSSL_QUIC_client_method() || \ 271 (m) == OSSL_QUIC_client_thread_method()) 272 # define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method) 273 274 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ 275 ((ssl) == NULL ? NULL \ 276 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ 277 ? (c QUIC_CONNECTION *)(ssl) \ 278 : NULL)) 279 280 # define QUIC_XSO_FROM_SSL_int(ssl, c) \ 281 ((ssl) == NULL \ 282 ? NULL \ 283 : (((ssl)->type == SSL_TYPE_QUIC_XSO \ 284 ? (c QUIC_XSO *)(ssl) \ 285 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ 286 ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \ 287 : NULL)))) 288 289 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \ 290 ((ssl) == NULL ? NULL \ 291 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ 292 ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ 293 : NULL)) 294 295 # define IS_QUIC(ssl) ((ssl) != NULL \ 296 && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ 297 || (ssl)->type == SSL_TYPE_QUIC_XSO)) 298 # else 299 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL 300 # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL 301 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL 302 # define IS_QUIC(ssl) 0 303 # define IS_QUIC_CTX(ctx) 0 304 # define IS_QUIC_METHOD(m) 0 305 # endif 306 307 # define QUIC_CONNECTION_FROM_SSL(ssl) \ 308 QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) 309 # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \ 310 QUIC_CONNECTION_FROM_SSL_int(ssl, const) 311 # define QUIC_XSO_FROM_SSL(ssl) \ 312 QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) 313 # define QUIC_XSO_FROM_CONST_SSL(ssl) \ 314 QUIC_XSO_FROM_SSL_int(ssl, const) 315 # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \ 316 SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST) 317 # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \ 318 SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const) 319 320 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ 321 q_connect, enc_data) \ 322 const SSL_METHOD *func_name(void) \ 323 { \ 324 static const SSL_METHOD func_name##_data= { \ 325 version, \ 326 0, \ 327 0, \ 328 ossl_quic_new, \ 329 ossl_quic_free, \ 330 ossl_quic_reset, \ 331 ossl_quic_init, \ 332 NULL /* clear */, \ 333 ossl_quic_deinit, \ 334 q_accept, \ 335 q_connect, \ 336 ossl_quic_read, \ 337 ossl_quic_peek, \ 338 ossl_quic_write, \ 339 NULL /* shutdown */, \ 340 NULL /* renegotiate */, \ 341 ossl_quic_renegotiate_check, \ 342 NULL /* read_bytes */, \ 343 NULL /* write_bytes */, \ 344 NULL /* dispatch_alert */, \ 345 ossl_quic_ctrl, \ 346 ossl_quic_ctx_ctrl, \ 347 ossl_quic_get_cipher_by_char, \ 348 NULL /* put_cipher_by_char */, \ 349 ossl_quic_pending, \ 350 ossl_quic_num_ciphers, \ 351 ossl_quic_get_cipher, \ 352 tls1_default_timeout, \ 353 &enc_data, \ 354 ssl_undefined_void_function, \ 355 ossl_quic_callback_ctrl, \ 356 ossl_quic_ctx_callback_ctrl, \ 357 }; \ 358 return &func_name##_data; \ 359 } 360 361 #endif 362
