Enhance port binding to allow connections without odcid

If we opt not to do server address validation, we have no odcid
and therefore never reserved a local cid

We need to follow the initial code path to generate one

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26114)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 1a6254a3b201a5ac2be6fef9993234b4c771e95c..073a4e8add4553ad9a12e5f09abcf80763338b0e 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -604,9 +604,20 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
     if (ch == NULL)
         return;
 
-    if (!ossl_quic_bind_channel(ch, peer, scid, dcid, odcid)) {
-        ossl_quic_channel_free(ch);
-        return;
+    if (odcid->id_len != 0) {
+        if (!ossl_quic_bind_channel(ch, peer, scid, dcid, odcid)) {
+            ossl_quic_channel_free(ch);
+            return;
+        }
+    } else {
+        /*
+         * No odcid means we didn't do server validation, so we need to
+         * generate a cid via ossl_quic_channel_on_new_conn
+         */
+        if (!ossl_quic_channel_on_new_conn(ch, peer, scid, dcid)) {
+            ossl_quic_channel_free(ch);
+            return;
+        }
     }
 
     ossl_list_incoming_ch_insert_tail(&port->incoming_channel_list, ch);
@@ -1178,6 +1189,8 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (hdr.type != QUIC_PKT_TYPE_INITIAL)
         goto undesirable;
 
+    odcid.id_len = 0;
+
     /*
      * TODO(QUIC SERVER): there should be some logic similar to accounting half-open
      * states in TCP. If we reach certain threshold, then we want to