From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 6 Jun 2023 15:25:11 +0000 (+0100)
Subject: QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1
X-Git-Tag: openssl-3.2.0-alpha1~442
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=212616ed098bcf1190b6f687b234393b33168ba9;p=thirdparty%2Fopenssl.git

QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
---

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 9321ff29edd..90be59b6688 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2298,6 +2298,13 @@ static int ch_retry(QUIC_CHANNEL *ch,
 {
     void *buf;
 
+    /*
+     * RFC 9000 s. 17.2.5.1: "A client MUST discard a Retry packet that contains
+     * a SCID field that is identical to the DCID field of its initial packet."
+     */
+    if (ossl_quic_conn_id_eq(&ch->init_dcid, retry_scid))
+        return 0;
+
     /* We change to using the SCID in the Retry packet as the DCID. */
     if (!ossl_quic_tx_packetiser_set_cur_dcid(ch->txp, retry_scid))
         return 0;