RFC 9000 s 17.2.5.2 says
> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.
We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.
Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-
1765618884
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)
*/
return;
+ /*
+ * RFC 9000 s 17.2.5.2: After the client has received and processed an
+ * Initial or Retry packet from the server, it MUST discard any
+ * subsequent Retry packets that it receives.
+ */
+ if (ch->have_received_enc_pkt)
+ return;
+
if (ch->qrx_pkt->hdr->len <= QUIC_RETRY_INTEGRITY_TAG_LEN)
/* Packets with zero-length Retry Tokens are invalid. */
return;