If our server channel creates its own qrx, set its initial secret

author Neil Horman <nhorman@openssl.org>

Sat, 8 Mar 2025 02:52:03 +0000 (21:52 -0500)

committer Neil Horman <nhorman@openssl.org>

Sat, 8 Mar 2025 02:56:34 +0000 (21:56 -0500)
author Neil Horman <nhorman@openssl.org>
Sat, 8 Mar 2025 02:52:03 +0000 (21:52 -0500)
committer Neil Horman <nhorman@openssl.org>
Sat, 8 Mar 2025 02:56:34 +0000 (21:56 -0500)
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c

index 64ebf1c4d657f09fe8184900bc553c032cc9e2f7..c333994405ed26bad84308d212a5a1144bd38cc3 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -741,6 +741,21 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
      if (ch == NULL)
          return;
  
+    /*
+     * If we didn't provide a qrx here that means we need to set our initial
+     * secret here, since we just created a qrx
+     * Normally its not needed, as the initial secret gets added when we send
+     * our first server hello, but if we get a huge client hello, crossing
+     * multiple datagrams, we don't have a chance to do that, and datagrams
+     * after the first won't get decoded properly, for lack of secrets
+     */
+    if (qrx == NULL)
+        if (!ossl_quic_provide_initial_secret(ch->port->engine->libctx,
+                                              ch->port->engine->propq,
+                                              dcid, /* is_server */ 1,
+                                              ch->qrx, NULL))
+            return;
+
      if (odcid->id_len != 0) {
          /*
           * If we have an odcid, then we went through server address validation
author	Neil Horman <nhorman@openssl.org>
	Sat, 8 Mar 2025 02:52:03 +0000 (21:52 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Sat, 8 Mar 2025 02:56:34 +0000 (21:56 -0500)