QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21135)
openssl · Jul 16, 2023 · 5a1b1d2 · 5a1b1d2
1 parent dfe5e7f
commit 5a1b1d2
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
@@ -2041,7 +2041,19 @@ static int ch_tx(QUIC_CHANNEL *ch)
 
     case TX_PACKETISER_RES_NO_PKT:
         break; /* No packet was sent */
+
     default:
+        /*
+         * One case where TXP can fail is if we reach a TX PN of 2**62 - 1. As
+         * per RFC 9000 s. 12.3, if this happens we MUST close the connection
+         * without sending a CONNECTION_CLOSE frame. This is actually handled as
+         * an emergent consequence of our design, as the TX packetiser will
+         * never transmit another packet when the TX PN reaches the limit.
+         *
+         * Calling the below function terminates the connection; its attempt to
+         * schedule a CONNECTION_CLOSE frame will not actually cause a packet to
+         * be transmitted for this reason.
+         */
         ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
                                                "internal error");
         break; /* Internal failure (e.g.  allocation, assertion) */