diff options
| author | Hugo Landau <hlandau@openssl.org> | 2023-04-18 19:30:54 +0100 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-05-12 14:47:10 +0100 |
| commit | dfb9ae14a44251553d4f4046ff1eb41608b3cca4 (patch) | |
| tree | 768dbb7b73f1af7787e32ed6e612f4babdfae387 /ssl/quic/quic_impl.c | |
| parent | 6d495cc4de9efac980df0a70be5981fd94831d33 (diff) | |
QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state
In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create streams before we start connecting.
This requires we allocate a stream, including a stream ID, after
creating a QCSO but prior to connecting. However stream IDs are
dependent on whether the endpoint is in the client or server role,
therefore we must know whether we are going to be a client or server
before any pre-connection streams are created. Moreover, the originally
defined QUIC_client_method() and QUIC_server_method() functions heavily
implied the original plan was to have different SSL_METHODs for clients
and servers. Up until now we had been relying on
SSL_set_connect/accept_state() instead.
Solve these problems by basing client/server identity on whether
QUIC_server_method() is used (in future, when we support servers). This
ensures that once a QCSO is created its client/server identity are fixed
and cannot change, allowing pre-connection stream IDs, etc. to be
allocated.
Client/server uncertainty was the primary reason why QUIC_CHANNEL
creation was deferred until connection time up until now, so this
enables further refactoring to facilitate eager allocation of the
QUIC_CHANNEL at QCSO allocation time. This is important as allocating a
stream including its write buffers is hard without having the
QUIC_CHANNEL (which owns the QUIC_STREAM_MAP) in existence.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Diffstat (limited to 'ssl/quic/quic_impl.c')
| -rw-r--r-- | ssl/quic/quic_impl.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 106e4b3023..52fce3ea45 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -247,6 +247,9 @@ SSL *ossl_quic_new(SSL_CTX *ctx) qc->is_thread_assisted = (ssl_base->method == OSSL_QUIC_client_thread_method()); + qc->as_server = 0; /* TODO(QUIC): server support */ + qc->as_server_state = qc->as_server; + /* Channel is not created yet. */ qc->ssl_mode = qc->ssl.ctx->mode; qc->last_error = SSL_ERROR_NONE; @@ -803,7 +806,7 @@ void ossl_quic_set_connect_state(SSL *s) if (ctx.qc->started) return; - ctx.qc->as_server = 0; + ctx.qc->as_server_state = 0; } /* SSL_set_accept_state */ @@ -818,7 +821,7 @@ void ossl_quic_set_accept_state(SSL *s) if (ctx.qc->started) return; - ctx.qc->as_server = 1; + ctx.qc->as_server_state = 1; } /* SSL_do_handshake */ @@ -926,7 +929,7 @@ static int quic_do_handshake(QUIC_CONNECTION *qc) return -1; /* Non-protocol error */ } - if (qc->as_server) { + if (qc->as_server != qc->as_server_state) { /* TODO(QUIC): Server mode not currently supported */ QUIC_RAISE_NON_NORMAL_ERROR(qc, ERR_R_PASSED_INVALID_ARGUMENT, NULL); return -1; /* Non-protocol error */ |