Check all frames for stateless reset conditions

In writing the quic stateless reset test we found that the quic rx code wasn't checking for stateless reest conditions, as the SRT frames were getting discarded due to failed lcdim lookups. Move the SRT check above the lcdim lookup in the rx path to ensure we handle SRT properly in the client. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23384)
openssl · Jan 31, 2024 · d2e7855 · d2e7855
1 parent 69055b2
commit d2e7855
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
@@ -499,6 +499,9 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (!ossl_quic_port_is_running(port))
         goto undesirable;
 
+    if (port_try_handle_stateless_reset(port, e))
+        goto undesirable;
+
     if (dcid != NULL
         && ossl_quic_lcidm_lookup(port->lcidm, dcid, NULL,
                                   (void **)&ch)) {
@@ -507,9 +510,6 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
         return;
     }
 
-    if (port_try_handle_stateless_reset(port, e))
-        goto undesirable;
-
     /*
      * If we have an incoming packet which doesn't match any existing connection
      * we assume this is an attempt to make a new connection. Currently we