From: Norbert Pocs Date: Mon, 28 Jul 2025 13:45:09 +0000 (+0200) Subject: quic_channel: Handle HRR and the second transport params extension X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=5cedd0e22d98b3539f19b104a19dc2bbf84e22fd;p=thirdparty%2Fopenssl.git quic_channel: Handle HRR and the second transport params extension When HRR happens a second client hello is sent and it consist of a transport params extension. This must be processed and not cause failure. Fixes: https://github.com/openssl/project/issues/1296 Signed-off-by: Norbert Pocs Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28189) --- diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 83253910c4..652c653b91 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -1331,8 +1331,20 @@ static int ch_on_transport_params(const unsigned char *params, ossl_unused uint64_t rx_max_idle_timeout = 0; ossl_unused const void *stateless_reset_token_p = NULL; QUIC_PREFERRED_ADDR pfa; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ch->tls); - if (ch->got_remote_transport_params) { + /* + * When HRR happens the client sends the transport params in the new client + * hello again. Reset the transport params here and load them again. + */ + if (ch->is_server && sc->hello_retry_request != SSL_HRR_NONE + && ch->got_remote_transport_params) { + ch->max_local_streams_bidi = 0; + ch->max_local_streams_uni = 0; + ch->got_local_transport_params = 0; + OPENSSL_free(ch->local_transport_params); + ch->local_transport_params = NULL; + } else if (ch->got_remote_transport_params) { reason = "multiple transport parameter extensions"; goto malformed; }