[nginx] QUIC: added safety belt to prevent using discarded keys.

Sergey Kandaurov pluknet at nginx.com
Fri Oct 20 14:42:15 UTC 2023


details:   https://hg.nginx.org/nginx/rev/60c4e8d3151f
branches:  
changeset: 9169:60c4e8d3151f
user:      Sergey Kandaurov <pluknet at nginx.com>
date:      Fri Oct 20 18:05:07 2023 +0400
description:
QUIC: added safety belt to prevent using discarded keys.

In addition to triggering alert, it ensures that such packets won't be sent.

With the previous change that marks server keys as discarded by zeroing the
key lengh, it is now an error to send packets with discarded keys.  OpenSSL
based stacks tolerate such behaviour because key length isn't used in packet
protection, but BoringSSL will raise the UNSUPPORTED_KEY_SIZE cipher error.
It won't be possible to use discarded keys with reused crypto contexts as it
happens in subsequent changes.

diffstat:

 src/event/quic/ngx_event_quic_output.c |  15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)

diffs (25 lines):

diff -r ff98ae7d261e -r 60c4e8d3151f src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c	Thu Aug 31 19:54:10 2023 +0400
+++ b/src/event/quic/ngx_event_quic_output.c	Fri Oct 20 18:05:07 2023 +0400
@@ -519,6 +519,21 @@ ngx_quic_output_packet(ngx_connection_t 
 
     qc = ngx_quic_get_connection(c);
 
+    if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) {
+        ngx_log_error(NGX_LOG_ALERT, c->log, 0, "quic %s write keys discarded",
+                      ngx_quic_level_name(ctx->level));
+
+        while (!ngx_queue_empty(&ctx->frames)) {
+            q = ngx_queue_head(&ctx->frames);
+            ngx_queue_remove(q);
+
+            f = ngx_queue_data(q, ngx_quic_frame_t, queue);
+            ngx_quic_free_frame(c, f);
+        }
+
+        return 0;
+    }
+
     ngx_quic_init_packet(c, ctx, &pkt, qc->path);
 
     min_payload = ngx_quic_payload_size(&pkt, min);


More information about the nginx-devel mailing list