QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state

In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create streams before we start connecting.
This requires we allocate a stream, including a stream ID, after
creating a QCSO but prior to connecting. However stream IDs are
dependent on whether the endpoint is in the client or server role,
therefore we must know whether we are going to be a client or server
before any pre-connection streams are created. Moreover, the originally
defined QUIC_client_method() and QUIC_server_method() functions heavily
implied the original plan was to have different SSL_METHODs for clients
and servers. Up until now we had been relying on
SSL_set_connect/accept_state() instead.

Solve these problems by basing client/server identity on whether
QUIC_server_method() is used (in future, when we support servers). This
ensures that once a QCSO is created its client/server identity are fixed
and cannot change, allowing pre-connection stream IDs, etc. to be
allocated.

Client/server uncertainty was the primary reason why QUIC_CHANNEL
creation was deferred until connection time up until now, so this
enables further refactoring to facilitate eager allocation of the
QUIC_CHANNEL at QCSO allocation time. This is important as allocating a
stream including its write buffers is hard without having the
QUIC_CHANNEL (which owns the QUIC_STREAM_MAP) in existence.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

2 files changed, 14 insertions, 5 deletions

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 106e4b3023..52fce3ea45 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -247,6 +247,9 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
     qc->is_thread_assisted
         = (ssl_base->method == OSSL_QUIC_client_thread_method());
 
+    qc->as_server       = 0; /* TODO(QUIC): server support */
+    qc->as_server_state = qc->as_server;
+
     /* Channel is not created yet. */
     qc->ssl_mode   = qc->ssl.ctx->mode;
     qc->last_error = SSL_ERROR_NONE;
@@ -803,7 +806,7 @@ void ossl_quic_set_connect_state(SSL *s)
     if (ctx.qc->started)
         return;
 
-    ctx.qc->as_server = 0;
+    ctx.qc->as_server_state = 0;
 }
 
 /* SSL_set_accept_state */
@@ -818,7 +821,7 @@ void ossl_quic_set_accept_state(SSL *s)
     if (ctx.qc->started)
         return;
 
-    ctx.qc->as_server = 1;
+    ctx.qc->as_server_state = 1;
 }
 
 /* SSL_do_handshake */
@@ -926,7 +929,7 @@ static int quic_do_handshake(QUIC_CONNECTION *qc)
         return -1; /* Non-protocol error */
     }
 
-    if (qc->as_server) {
+    if (qc->as_server != qc->as_server_state) {
         /* TODO(QUIC): Server mode not currently supported */
         QUIC_RAISE_NON_NORMAL_ERROR(qc, ERR_R_PASSED_INVALID_ARGUMENT, NULL);
         return -1; /* Non-protocol error */
diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index a1e84e6854..903e681008 100644
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -86,11 +86,17 @@ struct quic_conn_st {
     unsigned int                    can_poll_net_wbio       : 1;
 
     /*
-     * Has the application called SSL_set_accept_state? We do not support this
-     * but track it here so we can reject a subsequent handshake call.
+     * This is 1 if we were instantiated using a QUIC server method
+     * (for future use).
      */
     unsigned int                    as_server               : 1;
 
+    /*
+     * Has the application called SSL_set_accept_state? We require this to be
+     * congruent with the value of as_server.
+     */
+    unsigned int                    as_server_state         : 1;
+
     /* Are we using thread assisted mode? Never changes after init. */
     unsigned int                    is_thread_assisted      : 1;