Mercurial > hg > nginx

changeset 8816:7f29db5294bd quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL. OpenSSL is known to provide read keys for an encryption level before the level is active in TLS, following the old BoringSSL API. In BoringSSL, it was then fixed to defer releasing read keys until QUIC may use them.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 22 Jul 2021 15:00:37 +0300
parents 8ab0d609af09
children 8e8cdb7bfb17
files src/event/quic/ngx_event_quic.c
diffstat 1 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -918,6 +918,20 @@ ngx_quic_process_payload(ngx_connection_
         return NGX_DECLINED;
     }
 
+#if !defined (OPENSSL_IS_BORINGSSL)
+    /* OpenSSL provides read keys for an application level before it's ready */
+
+    if (pkt->level == ssl_encryption_application
+        && SSL_quic_read_level(c->ssl->connection)
+           < ssl_encryption_application)
+    {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic no %s keys ready, ignoring packet",
+                      ngx_quic_level_name(pkt->level));
+        return NGX_DECLINED;
+    }
+#endif
+
     pkt->keys = qc->keys;
     pkt->key_phase = qc->key_phase;
     pkt->plaintext = buf;