From: Matt Caswell <matt@openssl.org>
Date: Tue, 17 Oct 2023 15:26:13 +0000 (+0100)
Subject: Ignore retry packets that arrive too late
X-Git-Tag: openssl-3.2.0-beta1~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=56e303259ed48884c914fe24b354e9cc7b7532c3;p=thirdparty%2Fopenssl.git

Ignore retry packets that arrive too late

RFC 9000 s 17.2.5.2 says

> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.

We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.

Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)
---

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 3da0caa4ea6..a6ed14664ea 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2220,6 +2220,14 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
              */
             return;
 
+        /*
+         * RFC 9000 s 17.2.5.2: After the client has received and processed an
+         * Initial or Retry packet from the server, it MUST discard any
+         * subsequent Retry packets that it receives.
+         */
+        if (ch->have_received_enc_pkt)
+            return;
+
         if (ch->qrx_pkt->hdr->len <= QUIC_RETRY_INTEGRITY_TAG_LEN)
             /* Packets with zero-length Retry Tokens are invalid. */
             return;