QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit

author Hugo Landau <hlandau@openssl.org>

Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)

committer Pauli <pauli@openssl.org>

Sun, 16 Jul 2023 22:17:57 +0000 (08:17 +1000)
author Hugo Landau <hlandau@openssl.org>
Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)
committer Pauli <pauli@openssl.org>
Sun, 16 Jul 2023 22:17:57 +0000 (08:17 +1000)
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c

index 4179b7e0862c0b87e1803f0052892cef6867acda..d430637a57203a573f258d6e8da5a7eb22e9ee9c 100644 (file)
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2041,7 +2041,19 @@ static int ch_tx(QUIC_CHANNEL *ch)
  
      case TX_PACKETISER_RES_NO_PKT:
          break; /* No packet was sent */
+
      default:
+        /*
+         * One case where TXP can fail is if we reach a TX PN of 2**62 - 1. As
+         * per RFC 9000 s. 12.3, if this happens we MUST close the connection
+         * without sending a CONNECTION_CLOSE frame. This is actually handled as
+         * an emergent consequence of our design, as the TX packetiser will
+         * never transmit another packet when the TX PN reaches the limit.
+         *
+         * Calling the below function terminates the connection; its attempt to
+         * schedule a CONNECTION_CLOSE frame will not actually cause a packet to
+         * be transmitted for this reason.
+         */
          ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
                                                 "internal error");
          break; /* Internal failure (e.g.  allocation, assertion) */
author	Hugo Landau <hlandau@openssl.org>
	Tue, 6 Jun 2023 15:25:11 +0000 (16:25 +0100)
committer	Pauli <pauli@openssl.org>
	Sun, 16 Jul 2023 22:17:57 +0000 (08:17 +1000)