From 58b92177e7c3c50f77f807ab3846ad5c7bbf0ebe Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Fri, 9 Aug 2024 19:12:25 +0400
Subject: [PATCH] QUIC: discarding 0-RTT keys.

For simplicity, this is done on successful decryption of a 1-RTT packet.
---
 src/event/quic/ngx_event_quic.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index e4690f7dd..c03b1d003 100644
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
         }
     }
 
+    if (pkt->level == ssl_encryption_application) {
+        /*
+         * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
+         *
+         * After receiving a 1-RTT packet, servers MUST discard
+         * 0-RTT keys within a short time
+         */
+        ngx_quic_discard_ctx(c, ssl_encryption_early_data);
+    }
+
     if (qc->closing) {
         /*
          * RFC 9000, 10.2.  Immediate Close