MINOR: quic: Add new "QUIC over SSL" C module.

Move the code which directly call the functions of the OpenSSL API into quic_ssl.c new C file. Some code have been extracted from qc_conn_finalize() to implement only the QUIC TLS part (see quic_tls_finalize()) into quic_tls.c. qc_conn_finalize() has also been exported to be used from this new quic_ssl.c C module.
haproxytech · Jul 24, 2023 · 67e1c29 · 67e1c29
1 parent 1d33846
commit 67e1c29
Show file tree

Hide file tree

Showing 9 changed files with 817 additions and 709 deletions.
diff --git a/Makefile b/Makefile
@@ -608,7 +608,7 @@ OPTIONS_OBJS += src/quic_conn.o src/mux_quic.o src/h3.o src/xprt_quic.o    \
                 src/qpack-dec.o src/hq_interop.o src/quic_stream.o         \
                 src/h3_stats.o src/qmux_http.o src/cfgparse-quic.o         \
                 src/cbuf.o src/quic_cc.o src/quic_cc_nocc.o                \
-                src/quic_trace.o src/quic_cli.o
+                src/quic_trace.o src/quic_cli.o src/quic_ssl.o
 endif
 
 ifneq ($(USE_QUIC_OPENSSL_COMPAT),)

diff --git a/include/haproxy/quic_conn.h b/include/haproxy/quic_conn.h
@@ -50,11 +50,13 @@
 
 extern struct pool_head *pool_head_quic_connection_id;
 
+int qc_conn_finalize(struct quic_conn *qc, int server);
 int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
 struct quic_cstream *quic_cstream_new(struct quic_conn *qc);
 void quic_cstream_free(struct quic_cstream *cs);
 void quic_free_arngs(struct quic_conn *qc, struct quic_arngs *arngs);
 struct quic_cstream *quic_cstream_new(struct quic_conn *qc);
+struct task *quic_conn_app_io_cb(struct task *t, void *context, unsigned int state);
 
 /* Return the long packet type matching with <qv> version and <type> */
 static inline int quic_pkt_type(int type, uint32_t version)

diff --git a/include/haproxy/quic_ssl-t.h b/include/haproxy/quic_ssl-t.h
@@ -0,0 +1,19 @@
+/*
+ * include/haproxy/quic_ssl-t.h
+ * Definitions for QUIC over TLS/SSL api types, constants and flags.
+ *
+ * Copyright (C) 2023
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef _HAPROXY_QUIC_SSL_T_H
+#define _HAPROXY_QUIC_SSL_T_H
+
+extern struct pool_head *pool_head_quic_ssl_sock_ctx;
+
+#endif /* _HAPROXY_QUIC_SSL_T_H */
diff --git a/include/haproxy/quic_ssl.h b/include/haproxy/quic_ssl.h
@@ -0,0 +1,45 @@
+/*
+ * include/haproxy/quic_ssl.h
+ * This file contains QUIC over TLS/SSL api definitions.
+ *
+ * Copyright (C) 2023
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation, version 2.1
+ * exclusively.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+#ifndef _HAPROXY_QUIC_SSL_H
+#define _HAPROXY_QUIC_SSL_H
+
+#include <haproxy/listener-t.h>
+#include <haproxy/pool.h>
+#include <haproxy/quic_ssl-t.h>
+#include <haproxy/ssl_sock-t.h>
+
+int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
+int qc_alloc_ssl_sock_ctx(struct quic_conn *qc);
+int qc_ssl_provide_quic_data(struct quic_enc_level *el, struct ssl_sock_ctx *ctx,
+                             const unsigned char *data, size_t len,
+                             struct quic_rx_packet *pkt, struct quic_rx_crypto_frm *cf);
+
+static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
+{
+	if (!*ctx)
+		return;
+
+	SSL_free((*ctx)->ssl);
+	pool_free(pool_head_quic_ssl_sock_ctx, *ctx);
+	*ctx = NULL;
+}
+
+#endif /* _HAPROXY_QUIC_SSL_H */
diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
@@ -30,6 +30,8 @@
 #include <haproxy/quic_tls-t.h>
 #include <haproxy/trace.h>
 
+int quic_tls_finalize(struct quic_conn *qc, int server);
+void quic_tls_ctx_free(struct quic_tls_ctx **ctx);
 void quic_pktns_release(struct quic_conn *qc, struct quic_pktns **pktns);
 int qc_enc_level_alloc(struct quic_conn *qc, struct quic_pktns **pktns,
                        struct quic_enc_level **qel, enum ssl_encryption_level_t level);