QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21135)
2023-06-06 16:25:11 +01:00 · 2023-06-06 16:25:11 +01:00 · 5a1b1d2be3
parent dfe5e7fa98
commit 5a1b1d2be3
1 changed files with 12 additions and 0 deletions
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@ -2041,7 +2041,19 @@ static int ch_tx(QUIC_CHANNEL *ch)

    case TX_PACKETISER_RES_NO_PKT:
        break; /* No packet was sent */
+
    default:
+        /*
+         * One case where TXP can fail is if we reach a TX PN of 2**62 - 1. As
+         * per RFC 9000 s. 12.3, if this happens we MUST close the connection
+         * without sending a CONNECTION_CLOSE frame. This is actually handled as
+         * an emergent consequence of our design, as the TX packetiser will
+         * never transmit another packet when the TX PN reaches the limit.
+         *
+         * Calling the below function terminates the connection; its attempt to
+         * schedule a CONNECTION_CLOSE frame will not actually cause a packet to
+         * be transmitted for this reason.
+         */
        ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
                                               "internal error");
        break; /* Internal failure (e.g.  allocation, assertion) */