[PATCH 8 of 8] QUIC: explicitly zero out unused keying material

Thu Sep 7 15:14:00 UTC 2023

# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1694099425 -14400
#      Thu Sep 07 19:10:25 2023 +0400
# Node ID 813128cee322830435a95903993b17fb24683da7
# Parent  8bd0104b7e6b658a1696fe7f3e2f1868ac2ae1f9
QUIC: explicitly zero out unused keying material.

diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
--- a/src/event/quic/ngx_event_quic_openssl_compat.c
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c
@@ -245,15 +245,6 @@ ngx_quic_compat_set_encryption_secret(ng
         return NGX_ERROR;
     }
 
-    if (sizeof(peer_secret->secret.data) < secret_len) {
-        ngx_log_error(NGX_LOG_ALERT, c->log, 0,
-                      "unexpected secret len: %uz", secret_len);
-        return NGX_ERROR;
-    }
-
-    peer_secret->secret.len = secret_len;
-    ngx_memcpy(peer_secret->secret.data, secret, secret_len);
-
     peer_secret->key.len = key_len;
     peer_secret->iv.len = NGX_QUIC_IV_LEN;
 
@@ -275,6 +266,9 @@ ngx_quic_compat_set_encryption_secret(ng
         return NGX_ERROR;
     }
 
+    ngx_explicit_memzero(secret_str.data, secret_str.len);
+    ngx_explicit_memzero(peer_secret->key.data, peer_secret->key.len);
+
     /* register cleanup handler once */
 
     if (level == ssl_encryption_handshake) {
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -719,6 +719,8 @@ ngx_quic_keys_set_encryption_secret(ngx_
         return NGX_ERROR;
     }
 
+    ngx_explicit_memzero(peer_secret->key.data, peer_secret->key.len);
+
     return NGX_OK;
 }
 
@@ -749,6 +751,12 @@ ngx_quic_keys_discard(ngx_quic_keys_t *k
 
     ngx_quic_crypto_hp_cleanup(client);
     ngx_quic_crypto_hp_cleanup(server);
+
+    ngx_explicit_memzero(client->secret.data, client->secret.len);
+    ngx_explicit_memzero(client->key.data, client->key.len);
+
+    ngx_explicit_memzero(server->secret.data, server->secret.len);
+    ngx_explicit_memzero(server->key.data, server->key.len);
 }
 
 
@@ -838,6 +846,14 @@ ngx_quic_keys_update(ngx_event_t *ev)
         goto failed;
     }
 
+    ngx_explicit_memzero(current->client.secret.data,
+                         current->client.secret.len);
+    ngx_explicit_memzero(current->server.secret.data,
+                         current->server.secret.len);
+
+    ngx_explicit_memzero(next->client.key.data, next->client.key.len);
+    ngx_explicit_memzero(next->server.key.data, next->server.key.len);
+
     return;
 
 failed:
@@ -866,6 +882,12 @@ ngx_quic_keys_cleanup(void *data)
     secrets = &keys->next_key;
     ngx_quic_crypto_cleanup(&secrets->client);
     ngx_quic_crypto_cleanup(&secrets->server);
+
+    ngx_explicit_memzero(secrets->client.secret.data,
+                         secrets->client.secret.len);
+
+    ngx_explicit_memzero(secrets->server.secret.data,
+                         secrets->server.secret.len);
 }
 
 
