1 /* 2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_QUIC_LOCAL_H 11 # define OSSL_QUIC_LOCAL_H 12 13 # include <openssl/ssl.h> 14 # include "internal/quic_ssl.h" /* QUIC_CONNECTION */ 15 # include "internal/quic_txp.h" 16 # include "internal/quic_statm.h" 17 # include "internal/quic_demux.h" 18 # include "internal/quic_record_rx.h" 19 # include "internal/quic_tls.h" 20 # include "internal/quic_fc.h" 21 # include "internal/quic_stream.h" 22 # include "internal/quic_channel.h" 23 # include "internal/quic_reactor.h" 24 # include "internal/quic_thread_assist.h" 25 # include "../ssl_local.h" 26 # include "quic_obj_local.h" 27 28 # ifndef OPENSSL_NO_QUIC 29 30 /* 31 * QUIC stream SSL object (QSSO) type. This implements the API personality layer 32 * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking 33 * state required by the libssl API personality. 34 */ 35 struct quic_xso_st { 36 /* QUIC_OBJ common header, including SSL object common header. */ 37 QUIC_OBJ obj; 38 39 /* The connection this stream is associated with. Always non-NULL. */ 40 QUIC_CONNECTION *conn; 41 42 /* The stream object. Always non-NULL for as long as the XSO exists. */ 43 QUIC_STREAM *stream; 44 45 /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */ 46 unsigned int retired_fin : 1; 47 48 /* 49 * The application has requested a reset. Not set for reflexive 50 * STREAM_RESETs caused by peer STOP_SENDING. 51 */ 52 unsigned int requested_reset : 1; 53 54 /* 55 * This state tracks SSL_write all-or-nothing (AON) write semantics 56 * emulation. 57 * 58 * Example chronology: 59 * 60 * t=0: aon_write_in_progress=0 61 * t=1: SSL_write(ssl, b1, l1) called; 62 * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE; 63 * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1; 64 * aon_buf_pos < l1 (depends on how much room was in sstream); 65 * t=2: SSL_write(ssl, b2, l2); 66 * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER) 67 * l2 must equal l1 (always validated) 68 * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len) 69 * if done, aon_write_in_progress=0 70 * 71 */ 72 /* Is an AON write in progress? */ 73 unsigned int aon_write_in_progress : 1; 74 75 /* 76 * The base buffer pointer the caller passed us for the initial AON write 77 * call. We use this for validation purposes unless 78 * ACCEPT_MOVING_WRITE_BUFFER is enabled. 79 * 80 * NOTE: We never dereference this, as the caller might pass a different 81 * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for 82 * validation by pointer comparison only. 83 */ 84 const unsigned char *aon_buf_base; 85 /* The total length of the AON buffer being sent, in bytes. */ 86 size_t aon_buf_len; 87 /* 88 * The position in the AON buffer up to which we have successfully sent data 89 * so far. 90 */ 91 size_t aon_buf_pos; 92 93 /* SSL_set_mode */ 94 uint32_t ssl_mode; 95 96 /* SSL_set_options */ 97 uint64_t ssl_options; 98 99 /* 100 * Last 'normal' error during an app-level I/O operation, used by 101 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ 102 * and SSL_ERROR_WANT_WRITE. 103 */ 104 int last_error; 105 }; 106 107 /* 108 * QUIC connection SSL object (QCSO) type. This implements the API personality 109 * layer for QCSO objects, wrapping the QUIC-native QUIC_CHANNEL object. 110 */ 111 struct quic_conn_st { 112 /* 113 * QUIC_OBJ is a common header for QUIC APL objects, allowing objects of 114 * these different types to be disambiguated at runtime and providing some 115 * common fields. 116 * 117 * Note: This must come first in the QUIC_CONNECTION structure. 118 */ 119 QUIC_OBJ obj; 120 121 SSL *tls; 122 123 /* The QLSO this connection belongs to, if any. */ 124 QUIC_LISTENER *listener; 125 126 /* The QDSO this connection belongs to, if any. */ 127 QUIC_DOMAIN *domain; 128 129 /* The QUIC engine representing the QUIC event domain. */ 130 QUIC_ENGINE *engine; 131 132 /* The QUIC port representing the QUIC listener and socket. */ 133 QUIC_PORT *port; 134 135 /* 136 * The QUIC channel providing the core QUIC connection implementation. Note 137 * that this is not instantiated until we actually start trying to do the 138 * handshake. This is to allow us to gather information like whether we are 139 * going to be in client or server mode before committing to instantiating 140 * the channel, since we want to determine the channel arguments based on 141 * that. 142 * 143 * The channel remains available after connection termination until the SSL 144 * object is freed, thus (ch != NULL) iff (started == 1). 145 */ 146 QUIC_CHANNEL *ch; 147 148 /* 149 * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but 150 * provide it to the channel. 151 */ 152 #if defined(OPENSSL_THREADS) 153 CRYPTO_MUTEX *mutex; 154 #endif 155 156 /* 157 * If we have a default stream attached, this is the internal XSO 158 * object. If there is no default stream, this is NULL. 159 */ 160 QUIC_XSO *default_xso; 161 162 /* Initial peer L4 address. */ 163 BIO_ADDR init_peer_addr; 164 165 # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST 166 /* Manages thread for QUIC thread assisted mode. */ 167 QUIC_THREAD_ASSIST thread_assist; 168 # endif 169 170 /* Number of XSOs allocated. Includes the default XSO, if any. */ 171 size_t num_xso; 172 173 /* Have we started? */ 174 unsigned int started : 1; 175 176 /* 177 * This is 1 if we were instantiated using a QUIC server method 178 * (for future use). 179 */ 180 unsigned int as_server : 1; 181 182 /* 183 * Has the application called SSL_set_accept_state? We require this to be 184 * congruent with the value of as_server. 185 */ 186 unsigned int as_server_state : 1; 187 188 /* Are we using thread assisted mode? Never changes after init. */ 189 unsigned int is_thread_assisted : 1; 190 191 /* Have we created a default XSO yet? */ 192 unsigned int default_xso_created : 1; 193 194 /* 195 * Pre-TERMINATING shutdown phase in which we are flushing streams. 196 * Monotonically transitions to 1. 197 * New streams cannot be created in this state. 198 */ 199 unsigned int shutting_down : 1; 200 201 /* Have we probed the BIOs for addressing support? */ 202 unsigned int addressing_probe_done : 1; 203 204 /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */ 205 unsigned int addressed_mode_w : 1; 206 unsigned int addressed_mode_r : 1; 207 208 /* Flag to indicate waiting on accept queue */ 209 unsigned int pending : 1; 210 211 /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */ 212 uint32_t default_stream_mode; 213 214 /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ 215 uint32_t default_ssl_mode; 216 217 /* SSL_set_options. This is not used directly but inherited by new XSOs. */ 218 uint64_t default_ssl_options; 219 220 /* SSL_set_incoming_stream_policy. */ 221 int incoming_stream_policy; 222 uint64_t incoming_stream_aec; 223 224 /* 225 * Last 'normal' error during an app-level I/O operation, used by 226 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ 227 * and SSL_ERROR_WANT_WRITE. 228 */ 229 int last_error; 230 }; 231 232 /* 233 * QUIC listener SSL object (QLSO) type. This implements the API personality 234 * layer for QLSO objects, wrapping the QUIC-native QUIC_PORT object. 235 */ 236 struct quic_listener_st { 237 /* QUIC_OBJ common header, including SSL object common header. */ 238 QUIC_OBJ obj; 239 240 /* The QDSO this connection belongs to, if any. */ 241 QUIC_DOMAIN *domain; 242 243 /* The QUIC engine representing the QUIC event domain. */ 244 QUIC_ENGINE *engine; 245 246 /* The QUIC port representing the QUIC listener and socket. */ 247 QUIC_PORT *port; 248 249 #if defined(OPENSSL_THREADS) 250 /* 251 * The mutex used to synchronise access to the QUIC_ENGINE. We own this but 252 * provide it to the engine. 253 */ 254 CRYPTO_MUTEX *mutex; 255 #endif 256 257 /* Have we started listening yet? */ 258 unsigned int listening : 1; 259 }; 260 261 /* 262 * QUIC domain SSL object (QDSO) type. This implements the API personality layer 263 * for QDSO objects, wrapping the QUIC-native QUIC_ENGINE object. 264 */ 265 struct quic_domain_st { 266 /* QUIC_OBJ common header, including SSL object common header. */ 267 QUIC_OBJ obj; 268 269 /* The QUIC engine representing the QUIC event domain. */ 270 QUIC_ENGINE *engine; 271 272 #if defined(OPENSSL_THREADS) 273 /* 274 * The mutex used to synchronise access to the QUIC_ENGINE. We own this but 275 * provide it to the engine. 276 */ 277 CRYPTO_MUTEX *mutex; 278 #endif 279 }; 280 281 /* Internal calls to the QUIC CSM which come from various places. */ 282 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc); 283 284 /* 285 * To be called when a protocol violation occurs. The connection is torn down 286 * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason 287 * string is optional and copied if provided. frame_type should be 0 if not 288 * applicable. 289 */ 290 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc, 291 uint64_t error_code, 292 uint64_t frame_type, 293 const char *reason); 294 295 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, 296 OSSL_QUIC_FRAME_CONN_CLOSE *f); 297 298 # define OSSL_QUIC_ANY_VERSION 0xFFFFF 299 # endif 300 301 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ 302 q_connect, enc_data) \ 303 const SSL_METHOD *func_name(void) \ 304 { \ 305 static const SSL_METHOD func_name##_data= { \ 306 version, \ 307 0, \ 308 0, \ 309 ossl_quic_new, \ 310 ossl_quic_free, \ 311 ossl_quic_reset, \ 312 ossl_quic_init, \ 313 NULL /* clear */, \ 314 ossl_quic_deinit, \ 315 q_accept, \ 316 q_connect, \ 317 ossl_quic_read, \ 318 ossl_quic_peek, \ 319 ossl_quic_write, \ 320 NULL /* shutdown */, \ 321 NULL /* renegotiate */, \ 322 ossl_quic_renegotiate_check, \ 323 NULL /* read_bytes */, \ 324 NULL /* write_bytes */, \ 325 NULL /* dispatch_alert */, \ 326 ossl_quic_ctrl, \ 327 ossl_quic_ctx_ctrl, \ 328 ossl_quic_get_cipher_by_char, \ 329 NULL /* put_cipher_by_char */, \ 330 ossl_quic_pending, \ 331 ossl_quic_num_ciphers, \ 332 ossl_quic_get_cipher, \ 333 tls1_default_timeout, \ 334 &enc_data, \ 335 ssl_undefined_void_function, \ 336 ossl_quic_callback_ctrl, \ 337 ossl_quic_ctx_callback_ctrl, \ 338 }; \ 339 return &func_name##_data; \ 340 } 341 342 #endif 343