From: Neil Horman Date: Tue, 3 Dec 2024 21:44:28 +0000 (-0500) Subject: Enhance port binding to allow connections without odcid X-Git-Tag: openssl-3.5.0-alpha1~296 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=207892d022d5c3b162031a22faf051bfa6b0997e;p=thirdparty%2Fopenssl.git Enhance port binding to allow connections without odcid If we opt not to do server address validation, we have no odcid and therefore never reserved a local cid We need to follow the initial code path to generate one Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26114) --- diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index 1a6254a3b20..073a4e8add4 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -604,9 +604,20 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer, if (ch == NULL) return; - if (!ossl_quic_bind_channel(ch, peer, scid, dcid, odcid)) { - ossl_quic_channel_free(ch); - return; + if (odcid->id_len != 0) { + if (!ossl_quic_bind_channel(ch, peer, scid, dcid, odcid)) { + ossl_quic_channel_free(ch); + return; + } + } else { + /* + * No odcid means we didn't do server validation, so we need to + * generate a cid via ossl_quic_channel_on_new_conn + */ + if (!ossl_quic_channel_on_new_conn(ch, peer, scid, dcid)) { + ossl_quic_channel_free(ch); + return; + } } ossl_list_incoming_ch_insert_tail(&port->incoming_channel_list, ch); @@ -1178,6 +1189,8 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg, if (hdr.type != QUIC_PKT_TYPE_INITIAL) goto undesirable; + odcid.id_len = 0; + /* * TODO(QUIC SERVER): there should be some logic similar to accounting half-open * states in TCP. If we reach certain threshold, then we want to