From: Hugo Landau Date: Tue, 25 Jul 2023 10:32:24 +0000 (+0100) Subject: QUIC CHANNEL, TXP: Discard INITIAL EL correctly X-Git-Tag: openssl-3.2.0-alpha1~284 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3eb0f9a7027c635b7c162f936ecb76d95146c62e;p=thirdparty%2Fopenssl.git QUIC CHANNEL, TXP: Discard INITIAL EL correctly Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/21547) --- diff --git a/include/internal/quic_txp.h b/include/internal/quic_txp.h index d5ca1c4361a..5ea464ddd87 100644 --- a/include/internal/quic_txp.h +++ b/include/internal/quic_txp.h @@ -94,6 +94,7 @@ void ossl_quic_tx_packetiser_record_received_closing_bytes( typedef struct quic_txp_status_st { int sent_ack_eliciting; /* Was an ACK-eliciting packet sent? */ + int sent_handshake; /* Was a Handshake packet sent? */ } QUIC_TXP_STATUS; int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index f46b20f5c6c..fa9866bdde2 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -2200,6 +2200,13 @@ static int ch_tx(QUIC_CHANNEL *ch) ch->have_sent_ack_eliciting_since_rx = 1; } + if (!ch->is_server && status.sent_handshake) + /* + * RFC 9001 s. 4.9.1: A client MUST discard Initial keys when it + * first sends a Handshake packet. + */ + ch_discard_el(ch, QUIC_ENC_LEVEL_INITIAL); + if (ch->rxku_pending_confirm_done) ch->rxku_pending_confirm = 0; diff --git a/ssl/quic/quic_txp.c b/ssl/quic/quic_txp.c index 7c52ced09a5..a8584658993 100644 --- a/ssl/quic/quic_txp.c +++ b/ssl/quic/quic_txp.c @@ -823,6 +823,10 @@ int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, ++pkts_done; } + status->sent_handshake + = (pkt[QUIC_ENC_LEVEL_HANDSHAKE].h_valid + && pkt[QUIC_ENC_LEVEL_HANDSHAKE].h.bytes_appended > 0); + /* Flush & Cleanup */ res = TX_PACKETISER_RES_NO_PKT; out: