Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
quic: clean up crypto streams when dropping packet protection keys
When dropping packet protection keys for a number space: Check to see if there is unused CRYPTO data received from the peer in the space. If so, close the connection with an error. This can only happen if the peer has sent us data with a gap in it. We can never read the data that fills that gap (because we're dropping the key it would be encrypted with), and this situation cannot happen without the peer sending invalid TLS handshake data. Drop any buffered CRYPTO data being sent to the peer. Under normal operations, we may have data that was sent to the peer but which we haven't received an ACK for yet. The peer has received the data (or we wouldn't be dropping the number space) and we will never see the ACK (because we're dropping the key it would be encrypted with). Fixes golang/go#70704 Change-Id: I53380169cb59a2a6f87e69b38522ba81ad38c2b0 Reviewed-on: https://go-review.googlesource.com/c/net/+/634617 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Auto-Submit: Damien Neil <dneil@google.com>
- Loading branch information