Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7941:df29219988bc quic
Discard short packets which could not be decrypted.
So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 23 Jun 2020 11:57:00 +0300 |
| parents | 3b5fbf1bcdee |
| children | 97adb87f149b |
comparison
equal
deleted
inserted
replaced
| 7940:3de1b7399650 | 7941:df29219988bc |
|---|---|
| 1828 pkt->level = ssl_encryption_application; | 1828 pkt->level = ssl_encryption_application; |
| 1829 pkt->plaintext = buf; | 1829 pkt->plaintext = buf; |
| 1830 | 1830 |
| 1831 ctx = ngx_quic_get_send_ctx(qc, pkt->level); | 1831 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
| 1832 | 1832 |
| 1833 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | 1833 rc = ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn); |
| 1834 | |
| 1835 if (rc != NGX_OK) { | |
| 1834 qc->error = pkt->error; | 1836 qc->error = pkt->error; |
| 1835 return NGX_ERROR; | 1837 return rc; |
| 1836 } | 1838 } |
| 1837 | 1839 |
| 1838 /* switch keys on Key Phase change */ | 1840 /* switch keys on Key Phase change */ |
| 1839 | 1841 |
| 1840 if (pkt->key_update) { | 1842 if (pkt->key_update) { |