Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7941:df29219988bc quic
Discard short packets which could not be decrypted.
So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 Jun 2020 11:57:00 +0300 |
parents | 3b5fbf1bcdee |
children | 97adb87f149b |
comparison
equal
deleted
inserted
replaced
7940:3de1b7399650 | 7941:df29219988bc |
---|---|
1828 pkt->level = ssl_encryption_application; | 1828 pkt->level = ssl_encryption_application; |
1829 pkt->plaintext = buf; | 1829 pkt->plaintext = buf; |
1830 | 1830 |
1831 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1831 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1832 | 1832 |
1833 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1833 rc = ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn); |
1834 | |
1835 if (rc != NGX_OK) { | |
1834 qc->error = pkt->error; | 1836 qc->error = pkt->error; |
1835 return NGX_ERROR; | 1837 return rc; |
1836 } | 1838 } |
1837 | 1839 |
1838 /* switch keys on Key Phase change */ | 1840 /* switch keys on Key Phase change */ |
1839 | 1841 |
1840 if (pkt->key_update) { | 1842 if (pkt->key_update) { |