[PATCH] QUIC: fixed encryption level in ngx_quic_frame_sendto()
Sergey Kandaurov
pluknet at nginx.com
Thu May 4 15:32:00 UTC 2023
> On 4 May 2023, at 19:04, Roman Arutyunyan <arut at nginx.com> wrote:
>
> # HG changeset patch
> # User Roman Arutyunyan <arut at nginx.com>
> # Date 1683212627 -14400
> # Thu May 04 19:03:47 2023 +0400
> # Branch quic
> # Node ID 99591a6dd409e18adb6bd2a895d940f7c0415080
> # Parent 2610c54070bec4e55b6c9d31c16e8526fc8ee1ae
> QUIC: fixed encryption level in ngx_quic_frame_sendto().
>
> Previously, ssl_encryption_application was hardcoded. Before 9553eea74f2a
> ngx_quic_frame_sendto() was used only for PATH_CHALLENGE/PATH_RESPONSE, which
> are only sent at the application level. Since 9553eea74f2a,
> ngx_quic_frame_sendto() is also used for sending CONNECTION_CLOSE, which can
> be sent at initial level after SSL handshake error or rejection. This
> resulted in packet encryption error. Now level is copied from frame, which
> fixes the error.
>
> diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
> --- a/src/event/quic/ngx_event_quic_output.c
> +++ b/src/event/quic/ngx_event_quic_output.c
> @@ -1223,7 +1223,7 @@ ngx_quic_frame_sendto(ngx_connection_t *
> static u_char dst[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE];
>
> qc = ngx_quic_get_connection(c);
> - ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
> + ctx = ngx_quic_get_send_ctx(qc, frame->level);
>
> ngx_quic_init_packet(c, ctx, &pkt, path);
>
Proposed text:
Previously, ssl_encryption_application was hardcoded. Before 9553eea74f2a,
ngx_quic_frame_sendto() was used only for PATH_CHALLENGE/PATH_RESPONSE sent
at the application level only. Since 9553eea74f2a, ngx_quic_frame_sendto()
is also used for CONNECTION_CLOSE, which can be sent at initial level after
SSL handshake error or rejection. This resulted in packet encryption error.
Now level is copied from frame, which fixes the error.
Otherwise, looks fine.
--
Sergey Kandaurov
More information about the nginx-devel
mailing list