gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

drop initial keys when the handshake is confirmed (#5354)

Browse Source
This commit is contained in:
Marten Seemann
2025-10-03 13:25:05 +08:00
committed by GitHub
parent 97f3aae776
commit ce7c9ea883
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
connection.go
View File

@@ -949,6 +949,13 @@ func (c *Conn) handleHandshakeComplete(now monotime.Time) error {
}
func (c *Conn) handleHandshakeConfirmed(now monotime.Time) error {
// Drop initial keys.
// On the client side, this should have happened when sending the first Handshake packet,
// but this is not guaranteed if the server misbehaves.
// See CVE-2025-59530 for more details.
if err := c.dropEncryptionLevel(protocol.EncryptionInitial, now); err != nil {
return err
}
if err := c.dropEncryptionLevel(protocol.EncryptionHandshake, now); err != nil {
return err
}

3
connection_test.go
View File

@@ -1084,7 +1084,7 @@ func TestConnectionHandshakeServer(t *testing.T) {
data, err := (&wire.CryptoFrame{Data: []byte("foobar")}).Append(nil, protocol.Version1)
require.NoError(t, err)
cs.EXPECT().DiscardInitialKeys()
cs.EXPECT().DiscardInitialKeys().Times(2)
gomock.InOrder(
cs.EXPECT().StartHandshake(gomock.Any()),
cs.EXPECT().NextEvent().Return(handshake.Event{Kind: handshake.EventNoEvent}),
@@ -1235,6 +1235,7 @@ func testConnectionHandshakeClient(t *testing.T, usePreferredAddress bool) {
unpacker.EXPECT().UnpackLongHeader(gomock.Any(), gomock.Any()).Return(
&unpackedPacket{hdr: hdr, encryptionLevel: protocol.Encryption1RTT, data: data}, nil,
),
cs.EXPECT().DiscardInitialKeys(),
cs.EXPECT().SetHandshakeConfirmed(),
tc.packer.EXPECT().AppendPacket(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
func(buf *packetBuffer, _ protocol.ByteCount, _ monotime.Time, _ protocol.Version) (shortHeaderPacket, error) {