]> git.kaiwu.me - nginx.git/commitdiff
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
authorSergey Kandaurov <pluknet@nginx.com>
Thu, 22 Jul 2021 12:00:37 +0000 (15:00 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Thu, 22 Jul 2021 12:00:37 +0000 (15:00 +0300)
OpenSSL is known to provide read keys for an encryption level before the
level is active in TLS, following the old BoringSSL API.  In BoringSSL,
it was then fixed to defer releasing read keys until QUIC may use them.

src/event/quic/ngx_event_quic.c

index 0d61be8372dad1a856bb2370d9faaedf2aebceba..8f57b9f5d05a8f489fdf6bb8dcf465fbe9ff9837 100644 (file)
@@ -918,6 +918,20 @@ ngx_quic_process_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
         return NGX_DECLINED;
     }
 
+#if !defined (OPENSSL_IS_BORINGSSL)
+    /* OpenSSL provides read keys for an application level before it's ready */
+
+    if (pkt->level == ssl_encryption_application
+        && SSL_quic_read_level(c->ssl->connection)
+           < ssl_encryption_application)
+    {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic no %s keys ready, ignoring packet",
+                      ngx_quic_level_name(pkt->level));
+        return NGX_DECLINED;
+    }
+#endif
+
     pkt->keys = qc->keys;
     pkt->key_phase = qc->key_phase;
     pkt->plaintext = buf;