Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic_ssl.c @ 8441:81d491f0dc8c quic
QUIC: unroll and inline ngx_quic_varint_len()/ngx_quic_build_int().
According to profiling, those two are among most frequently called,
so inlining is generally useful, and unrolling should help with it.
Further, this fixes undefined behaviour seen with invalid values.
Inspired by Yu Liu.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Sat, 22 May 2021 18:40:45 +0300 |
parents | 4117aa7fa38e |
children | b3f6ad181df4 |
rev | line source |
---|---|
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 * 7.4. Cryptographic Message Buffering |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 * Implementations MUST support buffering at least 4096 bytes of data |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 #define NGX_QUIC_MAX_BUFFERED 65535 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 const uint8_t *write_secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 static SSL_QUIC_METHOD quic_method = { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 ngx_quic_set_read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 ngx_quic_set_write_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 ngx_quic_set_encryption_secrets, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_add_handshake_data, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 ngx_quic_flush_flight, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 ngx_quic_send_alert, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 }; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 const uint8_t *rsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 "quic ngx_quic_set_read_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 cipher, rsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 "quic ngx_quic_set_write_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 cipher, wsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 const SSL_CIPHER *cipher; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 cipher = SSL_get_current_cipher(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 cipher, rsecret, secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 != 1) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 if (level == ssl_encryption_early_data) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 cipher, wsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 u_char *p, *end; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 size_t client_params_len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 const uint8_t *client_params; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 ngx_quic_tp_t ctp; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 ngx_quic_frame_t *frame; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 ngx_quic_frames_stream_t *fs; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 "quic ngx_quic_add_handshake_data"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 if (!qc->client_tp_done) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 * things to do once during handshake: check ALPN and transport |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 * parameters; we want to break handshake if something is wrong |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 * here; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 if (qc->conf->require_alpn) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 unsigned int len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 const unsigned char *data; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 if (len == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 qc->error_reason = "unsupported protocol in ALPN extension"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 "quic unsupported protocol in ALPN extension"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 &client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 "quic SSL_get_peer_quic_transport_params():" |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 " params_len:%ui", client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 if (client_params_len == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 /* quic-tls 8.2 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 qc->error_reason = "missing transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 "missing transport parameters"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 p = (u_char *) client_params; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 end = p + client_params_len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 /* defaults for parameters not sent by client */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 qc->error_reason = "failed to process transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 qc->client_tp_done = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 fs = &qc->crypto[level]; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 if (frame->data == NGX_CHAIN_ERROR) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 frame->level = level; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 frame->type = NGX_QUIC_FT_CRYPTO; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 frame->u.crypto.offset = fs->sent; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 frame->u.crypto.length = len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 fs->sent += len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 #if (NGX_DEBUG) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 "quic ngx_quic_flush_flight()"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 ngx_quic_frame_t *frame) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 uint64_t last; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 ngx_int_t rc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 ngx_quic_send_ctx_t *ctx; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 ngx_quic_crypto_frame_t *f; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 ngx_quic_frames_stream_t *fs; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 fs = &qc->crypto[pkt->level]; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 f = &frame->u.crypto; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 /* no overflow since both values are 62-bit */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 last = f->offset + f->length; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 NULL); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 if (rc != NGX_DECLINED) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 return rc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 /* speeding up handshake completion */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 if (pkt->level == ssl_encryption_initial) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 if (!ngx_queue_empty(&ctx->sent)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 ngx_quic_resend_frames(c, ctx); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 while (!ngx_queue_empty(&ctx->sent)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 ngx_quic_resend_frames(c, ctx); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 int n, sslerr; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 ngx_buf_t *b; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 ngx_chain_t *cl; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 ngx_ssl_conn_t *ssl_conn; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
329 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
330 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
332 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
333 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
334 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
335 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
336 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 for (cl = frame->data; cl; cl = cl->next) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 b = cl->buf; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
340 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 b->pos, b->last - b->pos)) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
342 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 "SSL_provide_quic_data() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
345 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 n = SSL_do_handshake(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 if (n <= 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 sslerr = SSL_get_error(ssl_conn, n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 sslerr); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 if (sslerr != SSL_ERROR_WANT_READ) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 if (SSL_in_init(ssl_conn)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 "quic handshake completed successfully"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 c->ssl->handshaked = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 /* 12.4 Frames and frame types, figure 8 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 frame->level = ssl_encryption_application; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
394 if (qc->conf->retry) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
395 if (ngx_quic_send_new_token(c, qc->socket->path) != NGX_OK) { |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
396 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
397 } |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 * Generating next keys before a key update is received. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 * 4.10.2 An endpoint MUST discard its handshake keys |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 * when the TLS handshake is confirmed |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
415 /* start accepting clients on negotiated number of server ids */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
416 if (ngx_quic_create_sockets(c) != NGX_OK) { |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 ngx_quic_init_connection(ngx_connection_t *c) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 u_char *p; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 size_t clen; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 ssize_t len; |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
430 ngx_str_t dcid; |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 ngx_ssl_conn_t *ssl_conn; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 c->ssl->no_wait_shutdown = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 "quic SSL_set_quic_method() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 #if BORINGSSL_API_VERSION >= 13 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 |
8423
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
460 dcid.data = qc->socket->sid.id; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
461 dcid.len = qc->socket->sid.len; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
462 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8413
diff
changeset
|
463 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) |
8413
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 "quic stateless reset token %*xs", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 /* always succeeds */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 p = ngx_pnalloc(c->pool, len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 if (p == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 if (len < 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 #ifdef NGX_QUIC_DEBUG_PACKETS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 "quic transport parameters len:%uz %*xs", len, len, p); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 "quic SSL_set_quic_transport_params() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 "quic SSL_set_quic_early_data_context() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
503 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 } |