Ignore retry packets that arrive too late

RFC 9000 s 17.2.5.2 says > After the client has received and processed an Initial or Retry packet > from the server, it MUST discard any subsequent Retry packets that it > receives. We were checking for multiple Retry packets, but not if we had already processed an Initial packet. Fixes the assertion failure noted in https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22411)
2025-02-23 14:42:15 +08:00 · 2023-10-17 16:26:13 +01:00 · 2023-10-17 16:26:13 +01:00 · 56e303259e
commit 56e303259e
parent fa9e6ad468
1 changed files with 8 additions and 0 deletions
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@ -2220,6 +2220,14 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
             */
            return;

+        /*
+         * RFC 9000 s 17.2.5.2: After the client has received and processed an
+         * Initial or Retry packet from the server, it MUST discard any
+         * subsequent Retry packets that it receives.
+         */
+        if (ch->have_received_enc_pkt)
+            return;
+
        if (ch->qrx_pkt->hdr->len <= QUIC_RETRY_INTEGRITY_TAG_LEN)
            /* Packets with zero-length Retry Tokens are invalid. */
            return;