Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_ssl.c @ 8753:46161c610919 quic
QUIC: separate files for SSL library interfaces.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 14 Apr 2021 14:47:04 +0300 |
parents | |
children | 4117aa7fa38e |
rev | line source |
---|---|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 * 7.4. Cryptographic Message Buffering |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 * Implementations MUST support buffering at least 4096 bytes of data |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 #define NGX_QUIC_MAX_BUFFERED 65535 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 const uint8_t *write_secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 static SSL_QUIC_METHOD quic_method = { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 ngx_quic_set_read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 ngx_quic_set_write_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 ngx_quic_set_encryption_secrets, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_add_handshake_data, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 ngx_quic_flush_flight, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 ngx_quic_send_alert, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 }; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 const uint8_t *rsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 "quic ngx_quic_set_read_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 cipher, rsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 "quic ngx_quic_set_write_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 cipher, wsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 const SSL_CIPHER *cipher; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 cipher = SSL_get_current_cipher(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 cipher, rsecret, secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 != 1) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 if (level == ssl_encryption_early_data) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 cipher, wsecret, secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 u_char *p, *end; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 size_t client_params_len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 const uint8_t *client_params; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 ngx_quic_tp_t ctp; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 ngx_quic_frame_t *frame; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 ngx_quic_frames_stream_t *fs; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 "quic ngx_quic_add_handshake_data"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 if (!qc->client_tp_done) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 * things to do once during handshake: check ALPN and transport |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 * parameters; we want to break handshake if something is wrong |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 * here; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 if (qc->conf->require_alpn) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 unsigned int len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 const unsigned char *data; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 if (len == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 qc->error_reason = "unsupported protocol in ALPN extension"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 "quic unsupported protocol in ALPN extension"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 &client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 "quic SSL_get_peer_quic_transport_params():" |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 " params_len:%ui", client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 if (client_params_len == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 /* quic-tls 8.2 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 qc->error_reason = "missing transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 "missing transport parameters"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 p = (u_char *) client_params; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 end = p + client_params_len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 /* defaults for parameters not sent by client */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 qc->error_reason = "failed to process transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 qc->client_tp_done = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 fs = &qc->crypto[level]; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 if (frame->data == NGX_CHAIN_ERROR) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 frame->level = level; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 frame->type = NGX_QUIC_FT_CRYPTO; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 frame->u.crypto.offset = fs->sent; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 frame->u.crypto.length = len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 fs->sent += len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 #if (NGX_DEBUG) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 "quic ngx_quic_flush_flight()"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 ngx_quic_frame_t *frame) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 uint64_t last; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 ngx_int_t rc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 ngx_quic_send_ctx_t *ctx; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 ngx_quic_crypto_frame_t *f; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 ngx_quic_frames_stream_t *fs; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 fs = &qc->crypto[pkt->level]; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 f = &frame->u.crypto; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 /* no overflow since both values are 62-bit */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 last = f->offset + f->length; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 NULL); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 if (rc != NGX_DECLINED) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 return rc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 /* speeding up handshake completion */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 if (pkt->level == ssl_encryption_initial) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 if (!ngx_queue_empty(&ctx->sent)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 ngx_quic_resend_frames(c, ctx); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 while (!ngx_queue_empty(&ctx->sent)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 ngx_quic_resend_frames(c, ctx); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 int n, sslerr; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 ngx_buf_t *b; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 ngx_chain_t *cl; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 ngx_ssl_conn_t *ssl_conn; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
329 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
330 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
332 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
333 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
334 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
335 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
336 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 for (cl = frame->data; cl; cl = cl->next) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 b = cl->buf; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
340 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 b->pos, b->last - b->pos)) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
342 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 "SSL_provide_quic_data() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
345 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 n = SSL_do_handshake(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 if (n <= 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 sslerr = SSL_get_error(ssl_conn, n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 sslerr); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 if (sslerr != SSL_ERROR_WANT_READ) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 if (SSL_in_init(ssl_conn)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 "quic handshake completed successfully"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 c->ssl->handshaked = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 /* 12.4 Frames and frame types, figure 8 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 frame->level = ssl_encryption_application; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
394 if (ngx_quic_send_new_token(c) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
395 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
396 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
397 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 * Generating next keys before a key update is received. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 * 4.10.2 An endpoint MUST discard its handshake keys |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 * when the TLS handshake is confirmed |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 if (ngx_quic_issue_server_ids(c) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 ngx_quic_init_connection(ngx_connection_t *c) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 u_char *p; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 size_t clen; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 ssize_t len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 ngx_ssl_conn_t *ssl_conn; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 c->ssl->no_wait_shutdown = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 "quic SSL_set_quic_method() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 #if BORINGSSL_API_VERSION >= 13 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 if (ngx_quic_new_sr_token(c, &qc->dcid, qc->conf->sr_token_key, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 qc->tp.sr_token) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 "quic stateless reset token %*xs", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 /* always succeeds */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 p = ngx_pnalloc(c->pool, len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 if (p == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 if (len < 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 #ifdef NGX_QUIC_DEBUG_PACKETS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 "quic transport parameters len:%uz %*xs", len, len, p); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 "quic SSL_set_quic_transport_params() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 "quic SSL_set_quic_early_data_context() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 } |