Path: blob/main/crypto/openssl/ssl/quic/quic_local.h
48262 views
/*1* Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#ifndef OSSL_QUIC_LOCAL_H10# define OSSL_QUIC_LOCAL_H1112# include <openssl/ssl.h>13# include "internal/quic_ssl.h" /* QUIC_CONNECTION */14# include "internal/quic_txp.h"15# include "internal/quic_statm.h"16# include "internal/quic_demux.h"17# include "internal/quic_record_rx.h"18# include "internal/quic_tls.h"19# include "internal/quic_fc.h"20# include "internal/quic_stream.h"21# include "internal/quic_channel.h"22# include "internal/quic_reactor.h"23# include "internal/quic_thread_assist.h"24# include "../ssl_local.h"25# include "quic_obj_local.h"2627# ifndef OPENSSL_NO_QUIC2829/*30* QUIC stream SSL object (QSSO) type. This implements the API personality layer31* for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking32* state required by the libssl API personality.33*/34struct quic_xso_st {35/* QUIC_OBJ common header, including SSL object common header. */36QUIC_OBJ obj;3738/* The connection this stream is associated with. Always non-NULL. */39QUIC_CONNECTION *conn;4041/* The stream object. Always non-NULL for as long as the XSO exists. */42QUIC_STREAM *stream;4344/* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */45unsigned int retired_fin : 1;4647/*48* The application has requested a reset. Not set for reflexive49* STREAM_RESETs caused by peer STOP_SENDING.50*/51unsigned int requested_reset : 1;5253/*54* This state tracks SSL_write all-or-nothing (AON) write semantics55* emulation.56*57* Example chronology:58*59* t=0: aon_write_in_progress=060* t=1: SSL_write(ssl, b1, l1) called;61* too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;62* aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;63* aon_buf_pos < l1 (depends on how much room was in sstream);64* t=2: SSL_write(ssl, b2, l2);65* b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)66* l2 must equal l1 (always validated)67* append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)68* if done, aon_write_in_progress=069*70*/71/* Is an AON write in progress? */72unsigned int aon_write_in_progress : 1;7374/*75* The base buffer pointer the caller passed us for the initial AON write76* call. We use this for validation purposes unless77* ACCEPT_MOVING_WRITE_BUFFER is enabled.78*79* NOTE: We never dereference this, as the caller might pass a different80* (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for81* validation by pointer comparison only.82*/83const unsigned char *aon_buf_base;84/* The total length of the AON buffer being sent, in bytes. */85size_t aon_buf_len;86/*87* The position in the AON buffer up to which we have successfully sent data88* so far.89*/90size_t aon_buf_pos;9192/* SSL_set_mode */93uint32_t ssl_mode;9495/* SSL_set_options */96uint64_t ssl_options;9798/*99* Last 'normal' error during an app-level I/O operation, used by100* SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ101* and SSL_ERROR_WANT_WRITE.102*/103int last_error;104};105106/*107* QUIC connection SSL object (QCSO) type. This implements the API personality108* layer for QCSO objects, wrapping the QUIC-native QUIC_CHANNEL object.109*/110struct quic_conn_st {111/*112* QUIC_OBJ is a common header for QUIC APL objects, allowing objects of113* these different types to be disambiguated at runtime and providing some114* common fields.115*116* Note: This must come first in the QUIC_CONNECTION structure.117*/118QUIC_OBJ obj;119120SSL *tls;121122/* The QLSO this connection belongs to, if any. */123QUIC_LISTENER *listener;124125/* The QDSO this connection belongs to, if any. */126QUIC_DOMAIN *domain;127128/* The QUIC engine representing the QUIC event domain. */129QUIC_ENGINE *engine;130131/* The QUIC port representing the QUIC listener and socket. */132QUIC_PORT *port;133134/*135* The QUIC channel providing the core QUIC connection implementation. Note136* that this is not instantiated until we actually start trying to do the137* handshake. This is to allow us to gather information like whether we are138* going to be in client or server mode before committing to instantiating139* the channel, since we want to determine the channel arguments based on140* that.141*142* The channel remains available after connection termination until the SSL143* object is freed, thus (ch != NULL) iff (started == 1).144*/145QUIC_CHANNEL *ch;146147/*148* The mutex used to synchronise access to the QUIC_CHANNEL. We own this but149* provide it to the channel.150*/151#if defined(OPENSSL_THREADS)152CRYPTO_MUTEX *mutex;153#endif154155/*156* If we have a default stream attached, this is the internal XSO157* object. If there is no default stream, this is NULL.158*/159QUIC_XSO *default_xso;160161/* Initial peer L4 address. */162BIO_ADDR init_peer_addr;163164# ifndef OPENSSL_NO_QUIC_THREAD_ASSIST165/* Manages thread for QUIC thread assisted mode. */166QUIC_THREAD_ASSIST thread_assist;167# endif168169/* Number of XSOs allocated. Includes the default XSO, if any. */170size_t num_xso;171172/* Have we started? */173unsigned int started : 1;174175/*176* This is 1 if we were instantiated using a QUIC server method177* (for future use).178*/179unsigned int as_server : 1;180181/*182* Has the application called SSL_set_accept_state? We require this to be183* congruent with the value of as_server.184*/185unsigned int as_server_state : 1;186187/* Are we using thread assisted mode? Never changes after init. */188unsigned int is_thread_assisted : 1;189190/* Have we created a default XSO yet? */191unsigned int default_xso_created : 1;192193/*194* Pre-TERMINATING shutdown phase in which we are flushing streams.195* Monotonically transitions to 1.196* New streams cannot be created in this state.197*/198unsigned int shutting_down : 1;199200/* Have we probed the BIOs for addressing support? */201unsigned int addressing_probe_done : 1;202203/* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */204unsigned int addressed_mode_w : 1;205unsigned int addressed_mode_r : 1;206207/* Flag to indicate waiting on accept queue */208unsigned int pending : 1;209210/* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */211uint32_t default_stream_mode;212213/* SSL_set_mode. This is not used directly but inherited by new XSOs. */214uint32_t default_ssl_mode;215216/* SSL_set_options. This is not used directly but inherited by new XSOs. */217uint64_t default_ssl_options;218219/* SSL_set_incoming_stream_policy. */220int incoming_stream_policy;221uint64_t incoming_stream_aec;222223/*224* Last 'normal' error during an app-level I/O operation, used by225* SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ226* and SSL_ERROR_WANT_WRITE.227*/228int last_error;229};230231/*232* QUIC listener SSL object (QLSO) type. This implements the API personality233* layer for QLSO objects, wrapping the QUIC-native QUIC_PORT object.234*/235struct quic_listener_st {236/* QUIC_OBJ common header, including SSL object common header. */237QUIC_OBJ obj;238239/* The QDSO this connection belongs to, if any. */240QUIC_DOMAIN *domain;241242/* The QUIC engine representing the QUIC event domain. */243QUIC_ENGINE *engine;244245/* The QUIC port representing the QUIC listener and socket. */246QUIC_PORT *port;247248#if defined(OPENSSL_THREADS)249/*250* The mutex used to synchronise access to the QUIC_ENGINE. We own this but251* provide it to the engine.252*/253CRYPTO_MUTEX *mutex;254#endif255256/* Have we started listening yet? */257unsigned int listening : 1;258};259260/*261* QUIC domain SSL object (QDSO) type. This implements the API personality layer262* for QDSO objects, wrapping the QUIC-native QUIC_ENGINE object.263*/264struct quic_domain_st {265/* QUIC_OBJ common header, including SSL object common header. */266QUIC_OBJ obj;267268/* The QUIC engine representing the QUIC event domain. */269QUIC_ENGINE *engine;270271#if defined(OPENSSL_THREADS)272/*273* The mutex used to synchronise access to the QUIC_ENGINE. We own this but274* provide it to the engine.275*/276CRYPTO_MUTEX *mutex;277#endif278};279280/* Internal calls to the QUIC CSM which come from various places. */281int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc);282283/*284* To be called when a protocol violation occurs. The connection is torn down285* with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason286* string is optional and copied if provided. frame_type should be 0 if not287* applicable.288*/289void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,290uint64_t error_code,291uint64_t frame_type,292const char *reason);293294void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,295OSSL_QUIC_FRAME_CONN_CLOSE *f);296297# define OSSL_QUIC_ANY_VERSION 0xFFFFF298# endif299300# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \301q_connect, enc_data) \302const SSL_METHOD *func_name(void) \303{ \304static const SSL_METHOD func_name##_data= { \305version, \3060, \3070, \308ossl_quic_new, \309ossl_quic_free, \310ossl_quic_reset, \311ossl_quic_init, \312NULL /* clear */, \313ossl_quic_deinit, \314q_accept, \315q_connect, \316ossl_quic_read, \317ossl_quic_peek, \318ossl_quic_write, \319NULL /* shutdown */, \320NULL /* renegotiate */, \321ossl_quic_renegotiate_check, \322NULL /* read_bytes */, \323NULL /* write_bytes */, \324NULL /* dispatch_alert */, \325ossl_quic_ctrl, \326ossl_quic_ctx_ctrl, \327ossl_quic_get_cipher_by_char, \328NULL /* put_cipher_by_char */, \329ossl_quic_pending, \330ossl_quic_num_ciphers, \331ossl_quic_get_cipher, \332tls1_default_timeout, \333&enc_data, \334ssl_undefined_void_function, \335ossl_quic_callback_ctrl, \336ossl_quic_ctx_callback_ctrl, \337}; \338return &func_name##_data; \339}340341#endif342343344