diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-07-25 11:32:25 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-08-08 14:33:42 +0100 |
commit | 2a6f1f2f6e321abe6deb2ce89084ece4aa50b3de (patch) | |
tree | ad11f25a84b0237d8e148f6ed943130ae04d9bc7 /include | |
parent | 0c1cc36bbb3b29a43cf08572b1176e5ee8e37ce2 (diff) |
QUIC QRX: Don't process 1-RTT packets until handshake is complete
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/quic_record_rx.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/internal/quic_record_rx.h b/include/internal/quic_record_rx.h index 19545c3e3a..ed5cdefb2f 100644 --- a/include/internal/quic_record_rx.h +++ b/include/internal/quic_record_rx.h @@ -339,6 +339,17 @@ int ossl_qrx_set_late_validation_cb(OSSL_QRX *qrx, void ossl_qrx_inject_urxe(OSSL_QRX *qrx, QUIC_URXE *e); /* + * Decryption of 1-RTT packets must be explicitly enabled by calling this + * function. This is to comply with the requirement that we not process 1-RTT + * packets until the handshake is complete, even if we already have 1-RTT + * secrets. Even if a 1-RTT secret is provisioned for the QRX, incoming 1-RTT + * packets will be handled as though no key is available until this function is + * called. Calling this function will then requeue any such deferred packets for + * processing. + */ +void ossl_qrx_allow_1rtt_processing(OSSL_QRX *qrx); + +/* * Key Update (RX) * =============== * |