From: Hugo Landau <hlandau@openssl.org>
Date: Thu, 11 Jan 2024 09:17:43 +0000 (+0000)
Subject: QUIC APL: Add skeleton listener API
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=616534d3720926b32ce6ffa775fd5179829851b0;p=thirdparty%2Fopenssl.git

QUIC APL: Add skeleton listener API

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23334)
---

diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h
index 5d1b739725b..4b8eb83d6f1 100644
--- a/include/internal/quic_ssl.h
+++ b/include/internal/quic_ssl.h
@@ -19,6 +19,7 @@
 # ifndef OPENSSL_NO_QUIC
 
 __owur SSL *ossl_quic_new(SSL_CTX *ctx);
+__owur SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags);
 __owur int ossl_quic_init(SSL *s);
 void ossl_quic_deinit(SSL *s);
 void ossl_quic_free(SSL *s);
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 4bab2ac767f..575c5b53fc2 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -2292,6 +2292,8 @@ __owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
 __owur SSL *SSL_get0_connection(SSL *s);
 __owur int SSL_is_connection(SSL *s);
 
+__owur SSL *SSL_new_listener(SSL_CTX *ctx, uint64_t flags);
+
 #define SSL_STREAM_TYPE_NONE        0
 #define SSL_STREAM_TYPE_READ        (1U << 0)
 #define SSL_STREAM_TYPE_WRITE       (1U << 1)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index a4060435286..f0e18bc7500 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -3939,6 +3939,59 @@ int ossl_quic_get_key_update_type(const SSL *s)
     return SSL_KEY_UPDATE_NONE;
 }
 
+/*
+ * QUIC Front-End I/O API: Listeners
+ * =================================
+ */
+
+SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags)
+{
+    QUIC_LISTENER *ql = NULL;
+    QUIC_ENGINE_ARGS engine_args = {0};
+    QUIC_PORT_ARGS port_args = {0};
+
+#if defined(OPENSSL_THREADS)
+    if ((ql->mutex = ossl_crypto_mutex_new()) == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
+        goto err;
+    }
+#endif
+
+    if ((ql = OPENSSL_zalloc(sizeof(*ql))) == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
+        goto err;
+    }
+
+    engine_args.libctx  = ctx->libctx;
+    engine_args.propq   = ctx->propq;
+    engine_args.mutex   = ql->mutex;
+    if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
+        goto err;
+    }
+
+    port_args.channel_ctx = ctx;
+    ql->port = ossl_quic_engine_create_port(ql->engine, &port_args);
+    if (ql->port == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
+        goto err;
+    }
+
+    /* Initialise the QUIC_LISTENER'S object header. */
+    if (!ossl_quic_obj_init(&ql->obj, ctx, SSL_TYPE_QUIC_LISTENER, NULL,
+                            ql->engine, ql->port))
+        goto err;
+
+    return &ql->obj.ssl;
+
+err:
+    if (ql != NULL)
+        ossl_quic_engine_free(ql->engine);
+
+    OPENSSL_free(ql);
+    return NULL;
+}
+
 /*
  * QUIC Front-End I/O API: SSL_CTX Management
  * ==========================================
diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index 0fcaf8a1424..1bf34f35dc0 100644
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -257,6 +257,18 @@ struct quic_conn_st {
 struct quic_listener_st {
     /* QUIC_OBJ common header, including SSL object common header. */
     QUIC_OBJ                        obj;
+
+    /* The QUIC engine representing the QUIC event domain. */
+    QUIC_ENGINE                     *engine;
+
+    /* The QUIC port representing the QUIC listener and socket. */
+    QUIC_PORT                       *port;
+
+    /*
+     * The mutex used to synchronise access to the QUIC_ENGINE. We own this but
+     * provide it to the engine.
+     */
+    CRYPTO_MUTEX                    *mutex;
 };
 
 /* Internal calls to the QUIC CSM which come from various places. */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eeeaac1a9c4..60ea517235f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -7717,6 +7717,18 @@ int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
     return 0;
 }
 
+SSL *SSL_new_listener(SSL_CTX *ctx, uint64_t flags)
+{
+#ifndef OPENSSL_NO_QUIC
+    if (!IS_QUIC_CTX(ctx))
+        return NULL;
+
+    return ossl_quic_new_listener(ctx, flags);
+#else
+    return NULL;
+#endif
+}
+
 int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
 {
     unsigned char *data = NULL;