From 2d80e459017d7744e6a5438422ed36fe1d448adb Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Thu, 9 Nov 2023 10:27:13 +0000 Subject: [PATCH] QUIC PORT: Make QUIC_PORT responsible for creation of all channels Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22674) --- include/internal/quic_channel.h | 2 ++ include/internal/quic_port.h | 14 +++++++++ ssl/quic/quic_impl.c | 7 +---- ssl/quic/quic_port.c | 55 +++++++++++++++++++++++++++++++++ ssl/quic/quic_tserver.c | 7 +---- 5 files changed, 73 insertions(+), 12 deletions(-) diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h index 9a434fbb7f..59caf58b30 100644 --- a/include/internal/quic_channel.h +++ b/include/internal/quic_channel.h @@ -164,6 +164,8 @@ typedef struct quic_terminate_cause_st { /* * Create a new QUIC channel using the given arguments. The argument structure * does not need to remain allocated. Returns NULL on failure. + * + * Only QUIC_PORT should use this function. */ QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args); diff --git a/include/internal/quic_port.h b/include/internal/quic_port.h index cb277c1971..08740f5afa 100644 --- a/include/internal/quic_port.h +++ b/include/internal/quic_port.h @@ -65,6 +65,20 @@ QUIC_PORT *ossl_quic_port_new(const QUIC_PORT_ARGS *args); void ossl_quic_port_free(QUIC_PORT *port); +/* + * Operations + * ========== + */ + +/* Create an outgoing channel using this port. */ +QUIC_CHANNEL *ossl_quic_port_create_outgoing(QUIC_PORT *port, SSL *tls); + +/* + * Create an incoming channel using this port. XXX for temporary TSERVER use + * only - will be removed. + */ +QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls); + /* * Queries and Accessors * ===================== diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 45666190cf..d1138f89f5 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -1490,7 +1490,6 @@ QUIC_NEEDS_LOCK static int create_channel(QUIC_CONNECTION *qc) { QUIC_PORT_ARGS port_args = {0}; - QUIC_CHANNEL_ARGS ch_args = {0}; port_args.libctx = qc->ssl.ctx->libctx; port_args.propq = qc->ssl.ctx->propq; @@ -1505,11 +1504,7 @@ static int create_channel(QUIC_CONNECTION *qc) return 0; } - ch_args.port = qc->port; - ch_args.is_server = qc->as_server; - ch_args.tls = qc->tls; - - qc->ch = ossl_quic_channel_new(&ch_args); + qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); if (qc->ch == NULL) { QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); ossl_quic_port_free(qc->port); diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index 661b6c6cb8..66e0d3b0d5 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -214,6 +214,61 @@ int ossl_quic_port_set_net_wbio(QUIC_PORT *port, BIO *net_wbio) return 1; } +/* + * QUIC Port: Channel Lifecycle + * ============================ + */ + +static SSL *port_new_handshake_layer(QUIC_PORT *port) +{ + SSL *tls = NULL; + SSL_CONNECTION *tls_conn = NULL; + + tls = ossl_ssl_connection_new_int(port->channel_ctx, TLS_method()); + if (tls == NULL || (tls_conn = SSL_CONNECTION_FROM_SSL(tls)) == NULL) + return NULL; + + /* Override the user_ssl of the inner connection. */ + tls_conn->s3.flags |= TLS1_FLAGS_QUIC; + + /* Restrict options derived from the SSL_CTX. */ + tls_conn->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN; + tls_conn->pha_enabled = 0; + return tls; +} + +static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, int is_server) +{ + QUIC_CHANNEL_ARGS args = {0}; + QUIC_CHANNEL *ch; + + args.port = port; + args.is_server = is_server; + args.tls = (tls != NULL ? tls : port_new_handshake_layer(port)); + if (args.tls == NULL) + return NULL; + + ch = ossl_quic_channel_new(&args); + if (ch == NULL) { + if (tls == NULL) + SSL_free(args.tls); + + return NULL; + } + + return ch; +} + +QUIC_CHANNEL *ossl_quic_port_create_outgoing(QUIC_PORT *port, SSL *tls) +{ + return port_make_channel(port, tls, /*is_server=*/0); +} + +QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls) +{ + return port_make_channel(port, tls, /*is_server=*/1); +} + /* * QUIC Port: Ticker-Mutator * ========================= diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c index 7882cca700..7246963253 100644 --- a/ssl/quic/quic_tserver.c +++ b/ssl/quic/quic_tserver.c @@ -79,7 +79,6 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args, { QUIC_TSERVER *srv = NULL; QUIC_PORT_ARGS port_args = {0}; - QUIC_CHANNEL_ARGS ch_args = {0}; QUIC_CONNECTION *qc = NULL; if (args->net_rbio == NULL || args->net_wbio == NULL) @@ -127,11 +126,7 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args, if ((srv->port = ossl_quic_port_new(&port_args)) == NULL) goto err; - ch_args.port = srv->port; - ch_args.tls = srv->tls; - ch_args.is_server = 1; - - if ((srv->ch = ossl_quic_channel_new(&ch_args)) == NULL) + if ((srv->ch = ossl_quic_port_create_incoming(srv->port, srv->tls)) == NULL) goto err; if (!ossl_quic_channel_set_net_rbio(srv->ch, srv->args.net_rbio)