Check all frames for stateless reset conditions

In writing the quic stateless reset test we found that the quic rx code wasn't checking for stateless reest conditions, as the SRT frames were getting discarded due to failed lcdim lookups. Move the SRT check above the lcdim lookup in the rx path to ensure we handle SRT properly in the client. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23384)
2025-01-18 13:44:20 +08:00 · 2024-01-24 13:23:28 -05:00 · 2024-01-24 13:23:28 -05:00 · d2e7855f5b
commit d2e7855f5b
parent 69055b2cec
1 changed files with 3 additions and 3 deletions
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@ -499,6 +499,9 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
    if (!ossl_quic_port_is_running(port))
        goto undesirable;

+    if (port_try_handle_stateless_reset(port, e))
+        goto undesirable;
+
    if (dcid != NULL
        && ossl_quic_lcidm_lookup(port->lcidm, dcid, NULL,
                                  (void **)&ch)) {
@ -507,9 +510,6 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
        return;
    }

-    if (port_try_handle_stateless_reset(port, e))
-        goto undesirable;
-
    /*
     * If we have an incoming packet which doesn't match any existing connection
     * we assume this is an attempt to make a new connection. Currently we