QUIC RX: Refactor key update callback to provide PN

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)

include/internal/quic_record_rx.h

@@ -495,9 +495,11 @@ uint64_t ossl_qrx_get_key_epoch(OSSL_QRX *qrx);
  * Sets an optional callback which will be called when the key epoch changes.
  *
  * The callback is optional and can be unset by passing NULL for cb.
- * cb_arg is an opaque value passed to cb.
+ * cb_arg is an opaque value passed to cb. pn is the PN of the packet.
+ * Since key update is only supported for 1-RTT packets, the PN is always
+ * in the Application Data PN space.
 */
-typedef void (ossl_qrx_key_update_cb)(void *arg);
+typedef void (ossl_qrx_key_update_cb)(QUIC_PN pn, void *arg);
 
 int ossl_qrx_set_key_update_cb(OSSL_QRX *qrx,
                                ossl_qrx_key_update_cb *cb, void *cb_arg);

ssl/quic/quic_record_rx.c

@@ -678,13 +678,14 @@ static ossl_inline void ignore_res(int x)
     /* No-op. */
 }
 
-static void qrx_key_update_initiated(OSSL_QRX *qrx)
+static void qrx_key_update_initiated(OSSL_QRX *qrx, QUIC_PN pn)
 {
     if (!ossl_qrl_enc_level_set_key_update(&qrx->el_set, QUIC_ENC_LEVEL_1RTT))
+        /* Returns 0 if already in RXKU, so we don't call callback again. */
         return;
 
     if (qrx->key_update_cb != NULL)
-        qrx->key_update_cb(qrx->key_update_cb_arg);
+        qrx->key_update_cb(pn, qrx->key_update_cb_arg);
 }
 
 /* Process a single packet in a datagram. */
@@ -893,7 +894,7 @@ static int qrx_process_pkt(OSSL_QRX *qrx, QUIC_URXE *urxe,
      */
     if (rxe->hdr.type == QUIC_PKT_TYPE_1RTT
         && rxe->hdr.key_phase != (el->key_epoch & 1))
-        qrx_key_update_initiated(qrx);
+        qrx_key_update_initiated(qrx, rxe->pn);
 
     /*
      * We have now successfully decrypted the packet payload. If there are