Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
typedef struct quic_txp_status_st {
int sent_ack_eliciting; /* Was an ACK-eliciting packet sent? */
+ int sent_handshake; /* Was a Handshake packet sent? */
} QUIC_TXP_STATUS;
int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp,
ch->have_sent_ack_eliciting_since_rx = 1;
}
+ if (!ch->is_server && status.sent_handshake)
+ /*
+ * RFC 9001 s. 4.9.1: A client MUST discard Initial keys when it
+ * first sends a Handshake packet.
+ */
+ ch_discard_el(ch, QUIC_ENC_LEVEL_INITIAL);
+
if (ch->rxku_pending_confirm_done)
ch->rxku_pending_confirm = 0;
++pkts_done;
}
+ status->sent_handshake
+ = (pkt[QUIC_ENC_LEVEL_HANDSHAKE].h_valid
+ && pkt[QUIC_ENC_LEVEL_HANDSHAKE].h.bytes_appended > 0);
+
/* Flush & Cleanup */
res = TX_PACKETISER_RES_NO_PKT;
out: