diff src/event/quic/ngx_event_quic.c @ 8816:7f29db5294bd quic

QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL. OpenSSL is known to provide read keys for an encryption level before the level is active in TLS, following the old BoringSSL API. In BoringSSL, it was then fixed to defer releasing read keys until QUIC may use them.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 22 Jul 2021 15:00:37 +0300
parents f8ad3dd142ad
children 4009f120cad4
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -918,6 +918,20 @@ ngx_quic_process_payload(ngx_connection_
         return NGX_DECLINED;
     }
 
+#if !defined (OPENSSL_IS_BORINGSSL)
+    /* OpenSSL provides read keys for an application level before it's ready */
+
+    if (pkt->level == ssl_encryption_application
+        && SSL_quic_read_level(c->ssl->connection)
+           < ssl_encryption_application)
+    {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic no %s keys ready, ignoring packet",
+                      ngx_quic_level_name(pkt->level));
+        return NGX_DECLINED;
+    }
+#endif
+
     pkt->keys = qc->keys;
     pkt->key_phase = qc->key_phase;
     pkt->plaintext = buf;