Validate 0-RTT frames based on packet type, not handshake progress

Ralith · djc · commit 7723cbc03f2a · 2023-12-08T23:29:39.000+01:00
0-RTT packets might be received after we derive 1-RTT keys, e.g. if we
received a complete ClientHello. That shouldn't cause us to relax
0-RTT frame type restrictions.
diff --git a/quinn-proto/src/connection/mod.rs b/quinn-proto/src/connection/mod.rs
@@ -2499,7 +2499,6 @@ impl Connection {
         packet: Packet,
     ) -> Result<(), TransportError> {
         let payload = packet.payload.freeze();
-        let is_0rtt = self.spaces[SpaceId::Data].crypto.is_none();
         let mut is_probing_packet = true;
         let mut close = None;
         let payload_len = payload.len();
@@ -2530,7 +2529,7 @@ impl Connection {
             }
 
             let _guard = span.as_ref().map(|x| x.enter());
-            if is_0rtt {
+            if packet.header.is_0rtt() {
                 match frame {
                     Frame::Crypto(_) | Frame::Close(Close::Application(_)) => {
                         return Err(TransportError::PROTOCOL_VIOLATION(
