QUIC PORT: Make QUIC_PORT responsible for creation of all channels

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

5 files changed, 73 insertions, 12 deletions

diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h
index 9a434fbb7f..59caf58b30 100644
--- a/include/internal/quic_channel.h
+++ b/include/internal/quic_channel.h
@@ -164,6 +164,8 @@ typedef struct quic_terminate_cause_st {
 /*
  * Create a new QUIC channel using the given arguments. The argument structure
  * does not need to remain allocated. Returns NULL on failure.
+ *
+ * Only QUIC_PORT should use this function.
  */
 QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args);
 
diff --git a/include/internal/quic_port.h b/include/internal/quic_port.h
index cb277c1971..08740f5afa 100644
--- a/include/internal/quic_port.h
+++ b/include/internal/quic_port.h
@@ -66,6 +66,20 @@ QUIC_PORT *ossl_quic_port_new(const QUIC_PORT_ARGS *args);
 void ossl_quic_port_free(QUIC_PORT *port);
 
 /*
+ * Operations
+ * ==========
+ */
+
+/* Create an outgoing channel using this port. */
+QUIC_CHANNEL *ossl_quic_port_create_outgoing(QUIC_PORT *port, SSL *tls);
+
+/*
+ * Create an incoming channel using this port. XXX for temporary TSERVER use
+ * only - will be removed.
+ */
+QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls);
+
+/*
  * Queries and Accessors
  * =====================
  */
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 45666190cf..d1138f89f5 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1490,7 +1490,6 @@ QUIC_NEEDS_LOCK
 static int create_channel(QUIC_CONNECTION *qc)
 {
     QUIC_PORT_ARGS port_args = {0};
-    QUIC_CHANNEL_ARGS ch_args = {0};
 
     port_args.libctx        = qc->ssl.ctx->libctx;
     port_args.propq         = qc->ssl.ctx->propq;
@@ -1505,11 +1504,7 @@ static int create_channel(QUIC_CONNECTION *qc)
         return 0;
     }
 
-    ch_args.port       = qc->port;
-    ch_args.is_server  = qc->as_server;
-    ch_args.tls        = qc->tls;
-
-    qc->ch = ossl_quic_channel_new(&ch_args);
+    qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
     if (qc->ch == NULL) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
         ossl_quic_port_free(qc->port);
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 661b6c6cb8..66e0d3b0d5 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -215,6 +215,61 @@ int ossl_quic_port_set_net_wbio(QUIC_PORT *port, BIO *net_wbio)
 }
 
 /*
+ * QUIC Port: Channel Lifecycle
+ * ============================
+ */
+
+static SSL *port_new_handshake_layer(QUIC_PORT *port)
+{
+    SSL *tls = NULL;
+    SSL_CONNECTION *tls_conn = NULL;
+
+    tls = ossl_ssl_connection_new_int(port->channel_ctx, TLS_method());
+    if (tls == NULL || (tls_conn = SSL_CONNECTION_FROM_SSL(tls)) == NULL)
+        return NULL;
+
+    /* Override the user_ssl of the inner connection. */
+    tls_conn->s3.flags      |= TLS1_FLAGS_QUIC;
+
+    /* Restrict options derived from the SSL_CTX. */
+    tls_conn->options       &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
+    tls_conn->pha_enabled   = 0;
+    return tls;
+}
+
+static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, int is_server)
+{
+    QUIC_CHANNEL_ARGS args = {0};
+    QUIC_CHANNEL *ch;
+
+    args.port       = port;
+    args.is_server  = is_server;
+    args.tls        = (tls != NULL ? tls : port_new_handshake_layer(port));
+    if (args.tls == NULL)
+        return NULL;
+
+    ch = ossl_quic_channel_new(&args);
+    if (ch == NULL) {
+        if (tls == NULL)
+            SSL_free(args.tls);
+
+        return NULL;
+    }
+
+    return ch;
+}
+
+QUIC_CHANNEL *ossl_quic_port_create_outgoing(QUIC_PORT *port, SSL *tls)
+{
+    return port_make_channel(port, tls, /*is_server=*/0);
+}
+
+QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls)
+{
+    return port_make_channel(port, tls, /*is_server=*/1);
+}
+
+/*
  * QUIC Port: Ticker-Mutator
  * =========================
  */
diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
index 7882cca700..7246963253 100644
--- a/ssl/quic/quic_tserver.c
+++ b/ssl/quic/quic_tserver.c
@@ -79,7 +79,6 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
 {
     QUIC_TSERVER *srv = NULL;
     QUIC_PORT_ARGS port_args = {0};
-    QUIC_CHANNEL_ARGS ch_args = {0};
     QUIC_CONNECTION *qc = NULL;
 
     if (args->net_rbio == NULL || args->net_wbio == NULL)
@@ -127,11 +126,7 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
     if ((srv->port = ossl_quic_port_new(&port_args)) == NULL)
         goto err;
 
-    ch_args.port        = srv->port;
-    ch_args.tls         = srv->tls;
-    ch_args.is_server   = 1;
-
-    if ((srv->ch = ossl_quic_channel_new(&ch_args)) == NULL)
+    if ((srv->ch = ossl_quic_port_create_incoming(srv->port, srv->tls)) == NULL)
         goto err;
 
     if (!ossl_quic_channel_set_net_rbio(srv->ch, srv->args.net_rbio)