From: Neil Horman <nhorman@openssl.org>
Date: Fri, 11 Apr 2025 19:09:54 +0000 (-0400)
Subject: Update port_make_channel to behave for accept_ex/accept_connection
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d3021afdfd792c2d0c1dbf8c9e61d0040c3d695;p=thirdparty%2Fopenssl.git

Update port_make_channel to behave for accept_ex/accept_connection

Based on the value of the using_peeloff flag, we need to choose if we're
going to create a user_ssl when creating a new channel

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27397)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index c141fa70527..122264b09c8 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4698,13 +4698,13 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     if (!ql_listen(ctx.ql))
         goto out;
 
-    if (ossl_quic_get_using_peeloff(ctx.ql->port) == 1) {
+    if (ossl_quic_port_get_using_peeloff(ctx.ql->port) == 1) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
                                     "This listener is using SSL_accept_ex");
         goto out; 
     }
     
-    ossl_quic_set_using_peeloff(ctx.ql->port, -1);
+    ossl_quic_port_set_using_peeloff(ctx.ql->port, -1);
 
     /* Wait for an incoming connection if needed. */
     new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 8264699f872..8043fde4ff1 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -533,28 +533,34 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
     if (ch == NULL)
         return NULL;
 
-    /*
-     * Fixup the channel tls connection here before we init the channel
-     */
-    ch->tls = (tls != NULL) ? tls : port_new_handshake_layer(port, ch);
-
-    if (ch->tls == NULL) {
-        OPENSSL_free(ch);
-        return NULL;
-    }
-
+    if (tls != NULL) {
+        ch->tls = tls;
+    } else {
+        if (ossl_quic_port_get_using_peeloff(port) <= 0) {
+            ossl_quic_port_set_using_peeloff(port, -1);
+            /*
+             * We're using the normal SSL_accept_connection_path
+             */
+            ch->tls = port_new_handshake_layer(port, ch);
 #ifndef OPENSSL_NO_QLOG
-    /*
-     * If we're using qlog, make sure the tls get further configured properly
-     */
-    ch->use_qlog = 1;
-    if (ch->tls->ctx->qlog_title != NULL) {
-        if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
-            OPENSSL_free(ch);
-            return NULL;
+            /*
+             * If we're using qlog, make sure the tls get further configured properly
+             */
+            ch->use_qlog = 1;
+            if (ch->tls->ctx->qlog_title != NULL) {
+                if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
+                    OPENSSL_free(ch);
+                    return NULL;
+                }
+            }
+#endif
+        } else {
+            /*
+             * We're deferring user ssl creation until SSL_accept_ex is called
+             */
+            ch->tls = NULL;
         }
     }
-#endif
 
     /*
      * And finally init the channel struct