aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/quic/quic_local.h
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/quic/quic_local.h')
-rw-r--r--crypto/openssl/ssl/quic/quic_local.h342
1 files changed, 342 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/quic/quic_local.h b/crypto/openssl/ssl/quic/quic_local.h
new file mode 100644
index 000000000000..97029ae9c482
--- /dev/null
+++ b/crypto/openssl/ssl/quic/quic_local.h
@@ -0,0 +1,342 @@
+/*
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_QUIC_LOCAL_H
+# define OSSL_QUIC_LOCAL_H
+
+# include <openssl/ssl.h>
+# include "internal/quic_ssl.h" /* QUIC_CONNECTION */
+# include "internal/quic_txp.h"
+# include "internal/quic_statm.h"
+# include "internal/quic_demux.h"
+# include "internal/quic_record_rx.h"
+# include "internal/quic_tls.h"
+# include "internal/quic_fc.h"
+# include "internal/quic_stream.h"
+# include "internal/quic_channel.h"
+# include "internal/quic_reactor.h"
+# include "internal/quic_thread_assist.h"
+# include "../ssl_local.h"
+# include "quic_obj_local.h"
+
+# ifndef OPENSSL_NO_QUIC
+
+/*
+ * QUIC stream SSL object (QSSO) type. This implements the API personality layer
+ * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking
+ * state required by the libssl API personality.
+ */
+struct quic_xso_st {
+ /* QUIC_OBJ common header, including SSL object common header. */
+ QUIC_OBJ obj;
+
+ /* The connection this stream is associated with. Always non-NULL. */
+ QUIC_CONNECTION *conn;
+
+ /* The stream object. Always non-NULL for as long as the XSO exists. */
+ QUIC_STREAM *stream;
+
+ /* The application has retired a FIN (i.e. SSL_ERROR_ZERO_RETURN). */
+ unsigned int retired_fin : 1;
+
+ /*
+ * The application has requested a reset. Not set for reflexive
+ * STREAM_RESETs caused by peer STOP_SENDING.
+ */
+ unsigned int requested_reset : 1;
+
+ /*
+ * This state tracks SSL_write all-or-nothing (AON) write semantics
+ * emulation.
+ *
+ * Example chronology:
+ *
+ * t=0: aon_write_in_progress=0
+ * t=1: SSL_write(ssl, b1, l1) called;
+ * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
+ * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
+ * aon_buf_pos < l1 (depends on how much room was in sstream);
+ * t=2: SSL_write(ssl, b2, l2);
+ * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
+ * l2 must equal l1 (always validated)
+ * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
+ * if done, aon_write_in_progress=0
+ *
+ */
+ /* Is an AON write in progress? */
+ unsigned int aon_write_in_progress : 1;
+
+ /*
+ * The base buffer pointer the caller passed us for the initial AON write
+ * call. We use this for validation purposes unless
+ * ACCEPT_MOVING_WRITE_BUFFER is enabled.
+ *
+ * NOTE: We never dereference this, as the caller might pass a different
+ * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
+ * validation by pointer comparison only.
+ */
+ const unsigned char *aon_buf_base;
+ /* The total length of the AON buffer being sent, in bytes. */
+ size_t aon_buf_len;
+ /*
+ * The position in the AON buffer up to which we have successfully sent data
+ * so far.
+ */
+ size_t aon_buf_pos;
+
+ /* SSL_set_mode */
+ uint32_t ssl_mode;
+
+ /* SSL_set_options */
+ uint64_t ssl_options;
+
+ /*
+ * Last 'normal' error during an app-level I/O operation, used by
+ * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
+ * and SSL_ERROR_WANT_WRITE.
+ */
+ int last_error;
+};
+
+/*
+ * QUIC connection SSL object (QCSO) type. This implements the API personality
+ * layer for QCSO objects, wrapping the QUIC-native QUIC_CHANNEL object.
+ */
+struct quic_conn_st {
+ /*
+ * QUIC_OBJ is a common header for QUIC APL objects, allowing objects of
+ * these different types to be disambiguated at runtime and providing some
+ * common fields.
+ *
+ * Note: This must come first in the QUIC_CONNECTION structure.
+ */
+ QUIC_OBJ obj;
+
+ SSL *tls;
+
+ /* The QLSO this connection belongs to, if any. */
+ QUIC_LISTENER *listener;
+
+ /* The QDSO this connection belongs to, if any. */
+ QUIC_DOMAIN *domain;
+
+ /* The QUIC engine representing the QUIC event domain. */
+ QUIC_ENGINE *engine;
+
+ /* The QUIC port representing the QUIC listener and socket. */
+ QUIC_PORT *port;
+
+ /*
+ * The QUIC channel providing the core QUIC connection implementation. Note
+ * that this is not instantiated until we actually start trying to do the
+ * handshake. This is to allow us to gather information like whether we are
+ * going to be in client or server mode before committing to instantiating
+ * the channel, since we want to determine the channel arguments based on
+ * that.
+ *
+ * The channel remains available after connection termination until the SSL
+ * object is freed, thus (ch != NULL) iff (started == 1).
+ */
+ QUIC_CHANNEL *ch;
+
+ /*
+ * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but
+ * provide it to the channel.
+ */
+#if defined(OPENSSL_THREADS)
+ CRYPTO_MUTEX *mutex;
+#endif
+
+ /*
+ * If we have a default stream attached, this is the internal XSO
+ * object. If there is no default stream, this is NULL.
+ */
+ QUIC_XSO *default_xso;
+
+ /* Initial peer L4 address. */
+ BIO_ADDR init_peer_addr;
+
+# ifndef OPENSSL_NO_QUIC_THREAD_ASSIST
+ /* Manages thread for QUIC thread assisted mode. */
+ QUIC_THREAD_ASSIST thread_assist;
+# endif
+
+ /* Number of XSOs allocated. Includes the default XSO, if any. */
+ size_t num_xso;
+
+ /* Have we started? */
+ unsigned int started : 1;
+
+ /*
+ * This is 1 if we were instantiated using a QUIC server method
+ * (for future use).
+ */
+ unsigned int as_server : 1;
+
+ /*
+ * Has the application called SSL_set_accept_state? We require this to be
+ * congruent with the value of as_server.
+ */
+ unsigned int as_server_state : 1;
+
+ /* Are we using thread assisted mode? Never changes after init. */
+ unsigned int is_thread_assisted : 1;
+
+ /* Have we created a default XSO yet? */
+ unsigned int default_xso_created : 1;
+
+ /*
+ * Pre-TERMINATING shutdown phase in which we are flushing streams.
+ * Monotonically transitions to 1.
+ * New streams cannot be created in this state.
+ */
+ unsigned int shutting_down : 1;
+
+ /* Have we probed the BIOs for addressing support? */
+ unsigned int addressing_probe_done : 1;
+
+ /* Are we using addressed mode (BIO_sendmmsg with non-NULL peer)? */
+ unsigned int addressed_mode_w : 1;
+ unsigned int addressed_mode_r : 1;
+
+ /* Flag to indicate waiting on accept queue */
+ unsigned int pending : 1;
+
+ /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */
+ uint32_t default_stream_mode;
+
+ /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
+ uint32_t default_ssl_mode;
+
+ /* SSL_set_options. This is not used directly but inherited by new XSOs. */
+ uint64_t default_ssl_options;
+
+ /* SSL_set_incoming_stream_policy. */
+ int incoming_stream_policy;
+ uint64_t incoming_stream_aec;
+
+ /*
+ * Last 'normal' error during an app-level I/O operation, used by
+ * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
+ * and SSL_ERROR_WANT_WRITE.
+ */
+ int last_error;
+};
+
+/*
+ * QUIC listener SSL object (QLSO) type. This implements the API personality
+ * layer for QLSO objects, wrapping the QUIC-native QUIC_PORT object.
+ */
+struct quic_listener_st {
+ /* QUIC_OBJ common header, including SSL object common header. */
+ QUIC_OBJ obj;
+
+ /* The QDSO this connection belongs to, if any. */
+ QUIC_DOMAIN *domain;
+
+ /* The QUIC engine representing the QUIC event domain. */
+ QUIC_ENGINE *engine;
+
+ /* The QUIC port representing the QUIC listener and socket. */
+ QUIC_PORT *port;
+
+#if defined(OPENSSL_THREADS)
+ /*
+ * The mutex used to synchronise access to the QUIC_ENGINE. We own this but
+ * provide it to the engine.
+ */
+ CRYPTO_MUTEX *mutex;
+#endif
+
+ /* Have we started listening yet? */
+ unsigned int listening : 1;
+};
+
+/*
+ * QUIC domain SSL object (QDSO) type. This implements the API personality layer
+ * for QDSO objects, wrapping the QUIC-native QUIC_ENGINE object.
+ */
+struct quic_domain_st {
+ /* QUIC_OBJ common header, including SSL object common header. */
+ QUIC_OBJ obj;
+
+ /* The QUIC engine representing the QUIC event domain. */
+ QUIC_ENGINE *engine;
+
+#if defined(OPENSSL_THREADS)
+ /*
+ * The mutex used to synchronise access to the QUIC_ENGINE. We own this but
+ * provide it to the engine.
+ */
+ CRYPTO_MUTEX *mutex;
+#endif
+};
+
+/* Internal calls to the QUIC CSM which come from various places. */
+int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc);
+
+/*
+ * To be called when a protocol violation occurs. The connection is torn down
+ * with the given error code, which should be a OSSL_QUIC_ERR_* value. Reason
+ * string is optional and copied if provided. frame_type should be 0 if not
+ * applicable.
+ */
+void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
+ uint64_t error_code,
+ uint64_t frame_type,
+ const char *reason);
+
+void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
+ OSSL_QUIC_FRAME_CONN_CLOSE *f);
+
+# define OSSL_QUIC_ANY_VERSION 0xFFFFF
+# endif
+
+# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
+ q_connect, enc_data) \
+const SSL_METHOD *func_name(void) \
+ { \
+ static const SSL_METHOD func_name##_data= { \
+ version, \
+ 0, \
+ 0, \
+ ossl_quic_new, \
+ ossl_quic_free, \
+ ossl_quic_reset, \
+ ossl_quic_init, \
+ NULL /* clear */, \
+ ossl_quic_deinit, \
+ q_accept, \
+ q_connect, \
+ ossl_quic_read, \
+ ossl_quic_peek, \
+ ossl_quic_write, \
+ NULL /* shutdown */, \
+ NULL /* renegotiate */, \
+ ossl_quic_renegotiate_check, \
+ NULL /* read_bytes */, \
+ NULL /* write_bytes */, \
+ NULL /* dispatch_alert */, \
+ ossl_quic_ctrl, \
+ ossl_quic_ctx_ctrl, \
+ ossl_quic_get_cipher_by_char, \
+ NULL /* put_cipher_by_char */, \
+ ossl_quic_pending, \
+ ossl_quic_num_ciphers, \
+ ossl_quic_get_cipher, \
+ tls1_default_timeout, \
+ &enc_data, \
+ ssl_undefined_void_function, \
+ ossl_quic_callback_ctrl, \
+ ossl_quic_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 05:21:51 +0000