mirror of
https://github.com/nginx/nginx.git
synced 2024-11-27 15:39:01 +08:00
QUIC: trial packet decryption in response to invalid key update.
Inspired by RFC 9001, Section 6.3, trial packet decryption with the current keys is now used to avoid a timing side-channel signal. Further, this fixes segfault while accessing missing next keys (ticket #2585).
This commit is contained in:
parent
ed47f72a85
commit
5902baf680
@ -1144,8 +1144,19 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
|
||||
key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
|
||||
|
||||
if (key_phase != pkt->key_phase) {
|
||||
secret = &pkt->keys->next_key.client;
|
||||
pkt->key_update = 1;
|
||||
if (pkt->keys->next_key.client.ctx != NULL) {
|
||||
secret = &pkt->keys->next_key.client;
|
||||
pkt->key_update = 1;
|
||||
|
||||
} else {
|
||||
/*
|
||||
* RFC 9001, 6.3. Timing of Receive Key Generation.
|
||||
*
|
||||
* Trial decryption to avoid timing side-channel.
|
||||
*/
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
|
||||
"quic next key missing");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user