QUIC RX: Do not handle auto-discard of Initial EL inside the QRX

While the QUIC RFCs state that the Initial EL should be auto-discarded
when successfully processing a packet at a higher EL, doing this inside
the QRX was not a good idea as this should be handled by the CSM.
We remove this functionality and adapt tests accordingly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

diff --git a/ssl/quic/quic_record_rx.c b/ssl/quic/quic_record_rx.c
index 69a58483a458bb348a53b43c95ef8b59435ba1d7..1de3758af64bdea15577d9a3962a61934a3cd2a8 100644 (file)
--- a/ssl/quic/quic_record_rx.c
+++ b/ssl/quic/quic_record_rx.c
@@ -859,13 +859,6 @@ static int qrx_process_pkt(OSSL_QRX *qrx, QUIC_URXE *urxe,
                               rxe->hdr.key_phase))
         goto malformed;
 
-    /*
-     * We automatically discard INITIAL keys when successfully decrypting a
-     * HANDSHAKE packet.
-     */
-    if (enc_level == QUIC_ENC_LEVEL_HANDSHAKE)
-        ossl_qrl_enc_level_set_discard(&qrx->el_set, QUIC_ENC_LEVEL_INITIAL);
-
     /*
      * At this point, we have successfully authenticated the AEAD tag and no
      * longer need to worry about exposing the Key Phase bit in timing channels.

diff --git a/test/quic_record_test.c b/test/quic_record_test.c
index 5aab728a02b654988fa0e2bd631436d980c0eba5..f02abb25b8af3aaca2096d435f98e3732b824412 100644 (file)
--- a/test/quic_record_test.c
+++ b/test/quic_record_test.c
@@ -616,12 +616,10 @@ static const struct rx_test_op rx_script_5[] = {
     RX_OP_CHECK_PKT_FRAMES_OK_N(5c)
     RX_OP_CHECK_NO_PKT()
 
-    /* Try injecting the packet again */
+    /* Discard Initial EL and try injecting the packet again */
+    RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_INITIAL)
     RX_OP_INJECT_N(5)
-    /*
-     * Initial packet is not output due to receiving a Handshake packet causing
-     * auto-discard of Initial keys
-     */
+    /* Initial packet is not output because we have discarded Initial keys */
     RX_OP_CHECK_PKT_FRAMES_OK_N(5b)
     RX_OP_CHECK_PKT_FRAMES_OK_N(5c)
     RX_OP_CHECK_NO_PKT()
@@ -656,6 +654,7 @@ static const struct rx_test_op rx_script_5[] = {
     RX_OP_CHECK_PKT_FRAMES_OK_N(5c)
     RX_OP_CHECK_NO_PKT()
 
+    RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_INITIAL)
     RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_HANDSHAKE)
     RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_1RTT)
     RX_OP_INJECT_N(5)
@@ -979,12 +978,10 @@ static const struct rx_test_op rx_script_6[] = {
     RX_OP_CHECK_PKT_FRAMES_OK_N(6c)
     RX_OP_CHECK_NO_PKT()
 
-    /* Try injecting the packet again */
+    /* Discard Initial EL and try injecting the packet again */
+    RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_INITIAL)
     RX_OP_INJECT_N(6)
-    /*
-     * Initial packet is not output due to receiving a Handshake packet causing
-     * auto-discard of Initial keys
-     */
+    /* Initial packet is not output because we have discarded Initial keys */
     RX_OP_CHECK_PKT_FRAMES_OK_N(6b)
     RX_OP_CHECK_PKT_FRAMES_OK_N(6c)
     RX_OP_CHECK_NO_PKT()
@@ -1337,12 +1334,10 @@ static const struct rx_test_op rx_script_7[] = {
     RX_OP_CHECK_PKT_FRAMES_OK_N(7c)
     RX_OP_CHECK_NO_PKT()
 
-    /* Try injecting the packet again */
+    /* Discard Initial EL and try injecting the packet again */
+    RX_OP_DISCARD_EL(QUIC_ENC_LEVEL_INITIAL)
     RX_OP_INJECT_N(7)
-    /*
-     * Initial packet is not output due to receiving a Handshake packet causing
-     * auto-discard of Initial keys
-     */
+    /* Initial packet is not output because we have discarded Initial keys */
     RX_OP_CHECK_PKT_FRAMES_OK_N(7b)
     RX_OP_CHECK_PKT_FRAMES_OK_N(7c)
     RX_OP_CHECK_NO_PKT()