}
func (c *Conn) handleHandshakeConfirmed(now monotime.Time) error {
+ // Drop initial keys.
+ // On the client side, this should have happened when sending the first Handshake packet,
+ // but this is not guaranteed if the server misbehaves.
+ // See CVE-2025-59530 for more details.
+ if err := c.dropEncryptionLevel(protocol.EncryptionInitial, now); err != nil {
+ return err
+ }
if err := c.dropEncryptionLevel(protocol.EncryptionHandshake, now); err != nil {
return err
}
data, err := (&wire.CryptoFrame{Data: []byte("foobar")}).Append(nil, protocol.Version1)
require.NoError(t, err)
- cs.EXPECT().DiscardInitialKeys()
+ cs.EXPECT().DiscardInitialKeys().Times(2)
gomock.InOrder(
cs.EXPECT().StartHandshake(gomock.Any()),
cs.EXPECT().NextEvent().Return(handshake.Event{Kind: handshake.EventNoEvent}),
unpacker.EXPECT().UnpackLongHeader(gomock.Any(), gomock.Any()).Return(
&unpackedPacket{hdr: hdr, encryptionLevel: protocol.Encryption1RTT, data: data}, nil,
),
+ cs.EXPECT().DiscardInitialKeys(),
cs.EXPECT().SetHandshakeConfirmed(),
tc.packer.EXPECT().AppendPacket(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
func(buf *packetBuffer, _ protocol.ByteCount, _ monotime.Time, _ protocol.Version) (shortHeaderPacket, error) {
projects / 0xmirror / quic-go.git / commitdiff