QUIC CHANNEL, TXP: Discard INITIAL EL correctly

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21547)
author: Hugo Landau <hlandau@openssl.org> 2023-07-25 12:32:24 +0200
committer: Matt Caswell <matt@openssl.org> 2023-08-08 15:33:42 +0200
commit: 3eb0f9a7027c635b7c162f936ecb76d95146c62e (patch)
tree: 13975100134360b1494d773779575b52135f7edc /ssl/quic/quic_channel.c
parent: QUIC: Update no-TPARAM test for correct error code (diff)
download: openssl-3eb0f9a7027c635b7c162f936ecb76d95146c62e.tar.xz
openssl-3eb0f9a7027c635b7c162f936ecb76d95146c62e.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index f46b20f5c6..fa9866bdde 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2200,6 +2200,13 @@ static int ch_tx(QUIC_CHANNEL *ch)
             ch->have_sent_ack_eliciting_since_rx = 1;
         }
 
+        if (!ch->is_server && status.sent_handshake)
+            /*
+             * RFC 9001 s. 4.9.1: A client MUST discard Initial keys when it
+             * first sends a Handshake packet.
+             */
+            ch_discard_el(ch, QUIC_ENC_LEVEL_INITIAL);
+
         if (ch->rxku_pending_confirm_done)
             ch->rxku_pending_confirm = 0;
author	Hugo Landau <hlandau@openssl.org>	2023-07-25 12:32:24 +0200
committer	Matt Caswell <matt@openssl.org>	2023-08-08 15:33:42 +0200
commit	3eb0f9a7027c635b7c162f936ecb76d95146c62e (patch)
tree	13975100134360b1494d773779575b52135f7edc /ssl/quic/quic_channel.c
parent	QUIC: Update no-TPARAM test for correct error code (diff)
download	openssl-3eb0f9a7027c635b7c162f936ecb76d95146c62e.tar.xz openssl-3eb0f9a7027c635b7c162f936ecb76d95146c62e.zip