mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-24 07:10:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

QUIC: trial packet decryption in response to invalid key update.

Browse Source 
Inspired by RFC 9001, Section 6.3, trial packet decryption with the current
keys is now used to avoid a timing side-channel signal.  Further, this fixes
segfault while accessing missing next keys (ticket #2585).
This commit is contained in:
Sergey Kandaurov 2024-02-14 15:55:34 +04:00
parent ed47f72a85
commit 5902baf680
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/event/quic/ngx_event_quic_protection.c
View File

@ -1144,8 +1144,19 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
if (key_phase != pkt->key_phase) { if (key_phase != pkt->key_phase) {
if (pkt->keys->next_key.client.ctx != NULL) {
secret = &pkt->keys->next_key.client; secret = &pkt->keys->next_key.client;
pkt->key_update = 1; pkt->key_update = 1;
} else {
/*
* RFC 9001, 6.3. Timing of Receive Key Generation.
*
* Trial decryption to avoid timing side-channel.
*/
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
"quic next key missing");
}
} }
} }