From d3f0dd0321cc4e956400164de4d32ede942a8b92 Mon Sep 17 00:00:00 2001
From: Martin Duke <m.duke@f5.com>
Date: Tue, 12 Oct 2021 11:57:50 +0300
Subject: [PATCH] QUIC: attempt decrypt before checking for stateless reset.

Checking the reset after encryption avoids false positives.  More importantly,
it avoids the check entirely in the usual case where decryption succeeds.

RFC 9000, 10.3.1  Detecting a Stateless Reset

    Endpoints MAY skip this check if any packet from a datagram is
    successfully processed.
---
 src/event/quic/ngx_event_quic.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 1217d0230..8741b83e6 100644
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -804,8 +804,11 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
                 return NGX_DECLINED;
             }
 
-        } else {
+        }
 
+        rc = ngx_quic_process_payload(c, pkt);
+
+        if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
             if (ngx_quic_process_stateless_reset(c, pkt) == NGX_OK) {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "quic stateless reset packet detected");
@@ -817,7 +820,7 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
             }
         }
 
-        return ngx_quic_process_payload(c, pkt);
+        return rc;
     }
 
     /* packet does not belong to a connection */