Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_ssl.c @ 9015:a2fbae359828 quic
QUIC: fixed indentation.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 16 Feb 2022 15:45:47 +0300 |
parents | b5656025ddb5 |
children | f2925c80401c |
rev | line source |
---|---|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
14 * RFC 9000, 7.5. Cryptographic Message Buffering |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
15 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
16 * Implementations MUST support buffering at least 4096 bytes of data |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 #define NGX_QUIC_MAX_BUFFERED 65535 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 const uint8_t *secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 const uint8_t *write_secret, size_t secret_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
8916
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
37 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
38 enum ssl_encryption_level_t level, uint8_t alert); |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 static SSL_QUIC_METHOD quic_method = { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 ngx_quic_set_read_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_set_write_secret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 ngx_quic_set_encryption_secrets, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 ngx_quic_add_handshake_data, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 ngx_quic_flush_flight, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 ngx_quic_send_alert, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 }; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 #if BORINGSSL_API_VERSION >= 10 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 const uint8_t *rsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 "quic ngx_quic_set_read_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 |
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
76 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
77 cipher, rsecret, secret_len) |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
78 != NGX_OK) |
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
79 { |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
80 return 0; |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
81 } |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
82 |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
83 if (level == ssl_encryption_early_data) { |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
84 if (ngx_quic_init_streams(c) != NGX_OK) { |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
85 return 0; |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
86 } |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
87 } |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
88 |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
89 return 1; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 "quic ngx_quic_set_write_secret() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
112 if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
113 cipher, wsecret, secret_len) |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
114 != NGX_OK) |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
115 { |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
116 return 0; |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
117 } |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
118 |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
119 return 1; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 #else |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 const uint8_t *wsecret, size_t secret_len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 const SSL_CIPHER *cipher; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 "quic read secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 secret_len, rsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 cipher = SSL_get_current_cipher(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 cipher, rsecret, secret_len) |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
148 != NGX_OK) |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 if (level == ssl_encryption_early_data) { |
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
154 if (ngx_quic_init_streams(c) != NGX_OK) { |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
155 return 0; |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
156 } |
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
157 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 #ifdef NGX_QUIC_DEBUG_CRYPTO |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 "quic write secret len:%uz %*xs", secret_len, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 secret_len, wsecret); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
167 if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
168 cipher, wsecret, secret_len) |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
169 != NGX_OK) |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
170 { |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
171 return 0; |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
172 } |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
173 |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
174 return 1; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 { |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
184 u_char *p, *end; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
185 size_t client_params_len; |
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
186 ngx_buf_t buf; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
187 ngx_chain_t *out, cl; |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
188 const uint8_t *client_params; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
189 ngx_quic_tp_t ctp; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
190 ngx_quic_frame_t *frame; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
191 ngx_connection_t *c; |
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
192 ngx_quic_buffer_t qb; |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
193 ngx_quic_send_ctx_t *ctx; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
194 ngx_quic_connection_t *qc; |
8895
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
195 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
196 unsigned int alpn_len; |
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
197 const unsigned char *alpn_data; |
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
198 #endif |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 "quic ngx_quic_add_handshake_data"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 if (!qc->client_tp_done) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 /* |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 * things to do once during handshake: check ALPN and transport |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 * parameters; we want to break handshake if something is wrong |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 * here; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 |
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
215 SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 |
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
217 if (alpn_len == 0) { |
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
218 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
219 qc->error_reason = "unsupported protocol in ALPN extension"; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 |
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
221 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
222 "quic unsupported protocol in ALPN extension"); |
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
223 return 0; |
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
224 } |
8895
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
225 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 &client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 "quic SSL_get_peer_quic_transport_params():" |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 " params_len:%ui", client_params_len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 if (client_params_len == 0) { |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
236 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */ |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 qc->error_reason = "missing transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 "missing transport parameters"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 p = (u_char *) client_params; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 end = p + client_params_len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 /* defaults for parameters not sent by client */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 qc->error_reason = "failed to process transport parameters"; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 qc->client_tp_done = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
267 ctx = ngx_quic_get_send_ctx(qc, level); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 |
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
269 ngx_memzero(&buf, sizeof(ngx_buf_t)); |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
270 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
271 buf.pos = (u_char *) data; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
272 buf.last = buf.pos + len; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
273 buf.temporary = 1; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
274 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
275 cl.buf = &buf; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
276 cl.next = NULL; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
277 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
278 ngx_memzero(&qb, sizeof(ngx_quic_buffer_t)); |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
279 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
280 if (ngx_quic_write_buffer(c, &qb, &cl, len, 0) == NGX_CHAIN_ERROR) { |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
281 return 0; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
282 } |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
283 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
284 out = ngx_quic_read_buffer(c, &qb, len); |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
285 if (out == NGX_CHAIN_ERROR) { |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
286 return 0; |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
287 } |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
288 |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
289 ngx_quic_free_buffer(c, &qb); |
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
290 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 return 0; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 |
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
296 frame->data = out; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 frame->level = level; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 frame->type = NGX_QUIC_FT_CRYPTO; |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
299 frame->u.crypto.offset = ctx->crypto_sent; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 frame->u.crypto.length = len; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
302 ctx->crypto_sent += len; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 static int |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 #if (NGX_DEBUG) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 ngx_connection_t *c; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 "quic ngx_quic_flush_flight()"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 return 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 |
8916
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
325 static int |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
326 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
327 uint8_t alert) |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
328 { |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
329 ngx_connection_t *c; |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
330 ngx_quic_connection_t *qc; |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
331 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
332 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
333 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
334 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
335 "quic ngx_quic_send_alert() level:%s alert:%d", |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
336 ngx_quic_level_name(level), (int) alert); |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
337 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
338 /* already closed on regular shutdown */ |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
339 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
340 qc = ngx_quic_get_connection(c); |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
341 if (qc == NULL) { |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
342 return 1; |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
343 } |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
344 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
345 qc->error = NGX_QUIC_ERR_CRYPTO(alert); |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
346 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
347 return 1; |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
348 } |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
349 |
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
350 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 ngx_quic_frame_t *frame) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 { |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
355 uint64_t last; |
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
356 ngx_chain_t *cl; |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
357 ngx_quic_send_ctx_t *ctx; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
358 ngx_quic_connection_t *qc; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
359 ngx_quic_crypto_frame_t *f; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 qc = ngx_quic_get_connection(c); |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
362 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 f = &frame->u.crypto; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 /* no overflow since both values are 62-bit */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 last = f->offset + f->length; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 |
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
368 if (last > ctx->crypto.offset + NGX_QUIC_MAX_BUFFERED) { |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 |
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
373 if (last <= ctx->crypto.offset) { |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
374 if (pkt->level == ssl_encryption_initial) { |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
375 /* speeding up handshake completion */ |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
376 |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
377 if (!ngx_queue_empty(&ctx->sent)) { |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
378 ngx_quic_resend_frames(c, ctx); |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
379 |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
380 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
381 while (!ngx_queue_empty(&ctx->sent)) { |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
382 ngx_quic_resend_frames(c, ctx); |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
383 } |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
384 } |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
385 } |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
386 |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
387 return NGX_OK; |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
388 } |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
389 |
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
390 if (f->offset == ctx->crypto.offset) { |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
391 if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) { |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
392 return NGX_ERROR; |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
393 } |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
394 |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
395 ngx_quic_skip_buffer(c, &ctx->crypto, last); |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
396 |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
397 } else { |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
398 if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length, |
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
399 f->offset) |
8947
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
400 == NGX_CHAIN_ERROR) |
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
401 { |
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
402 return NGX_ERROR; |
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
403 } |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 |
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
406 cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1); |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
407 |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
408 if (cl) { |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
409 if (ngx_quic_crypto_input(c, cl) != NGX_OK) { |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
410 return NGX_ERROR; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 } |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
412 |
8948
19e063e955bf
QUIC: renamed buffer-related functions.
Roman Arutyunyan <arut@nginx.com>
parents:
8947
diff
changeset
|
413 ngx_quic_free_chain(c, cl); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
420 static ngx_int_t |
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
421 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 int n, sslerr; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 ngx_buf_t *b; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 ngx_chain_t *cl; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 ngx_ssl_conn_t *ssl_conn; |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
427 ngx_quic_frame_t *frame; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 |
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
439 for (cl = data; cl; cl = cl->next) { |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 b = cl->buf; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 b->pos, b->last - b->pos)) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 "SSL_provide_quic_data() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 n = SSL_do_handshake(ssl_conn); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 (int) SSL_quic_read_level(ssl_conn), |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 (int) SSL_quic_write_level(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 if (n <= 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 sslerr = SSL_get_error(ssl_conn, n); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 sslerr); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 if (sslerr != SSL_ERROR_WANT_READ) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
8793
80d396fd8ee8
QUIC: improved errors readability.
Vladimir Homutov <vl@nginx.com>
parents:
8782
diff
changeset
|
468 qc->error_reason = "handshake failed"; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 if (SSL_in_init(ssl_conn)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 "quic handshake completed successfully"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 c->ssl->handshaked = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 frame = ngx_quic_alloc_frame(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 if (frame == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 frame->level = ssl_encryption_application; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 ngx_quic_queue_frame(qc, frame); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
496 if (qc->conf->retry) { |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
497 if (ngx_quic_send_new_token(c, qc->path) != NGX_OK) { |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
498 return NGX_ERROR; |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
499 } |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
503 * RFC 9001, 9.5. Header Protection Timing Side Channels |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
504 * |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 * Generating next keys before a key update is received. |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
507 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
508 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
512 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
513 * RFC 9001, 4.9.2. Discarding Handshake Keys |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
514 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
515 * An endpoint MUST discard its Handshake keys |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
516 * when the TLS handshake is confirmed. |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
518 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
519 |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
520 /* start accepting clients on negotiated number of server ids */ |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
521 if (ngx_quic_create_sockets(c) != NGX_OK) { |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
523 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
524 |
8886
66b4ff373dd9
QUIC: refactored OCSP validation in preparation for 0-RTT support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8865
diff
changeset
|
525 if (ngx_quic_init_streams(c) != NGX_OK) { |
8827
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
526 return NGX_ERROR; |
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
527 } |
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
528 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 ngx_int_t |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 ngx_quic_init_connection(ngx_connection_t *c) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 u_char *p; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 size_t clen; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 ssize_t len; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
539 ngx_str_t dcid; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 ngx_ssl_conn_t *ssl_conn; |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
541 ngx_quic_socket_t *qsock; |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
542 ngx_quic_connection_t *qc; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
543 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
544 qc = ngx_quic_get_connection(c); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
545 |
8999
92729be0377b
QUIC: do not declare SSL buffering, it's not used.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8987
diff
changeset
|
546 if (ngx_ssl_create_connection(qc->conf->ssl, c, 0) != NGX_OK) { |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
547 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
548 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
549 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 c->ssl->no_wait_shutdown = 1; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
551 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
552 ssl_conn = c->ssl->connection; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
553 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
554 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
555 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
556 "quic SSL_set_quic_method() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
558 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
559 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
560 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
562 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
563 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
564 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
565 |
8987
30cad5a0931e
QUIC: limited SSL_set_quic_use_legacy_codepoint() API usage.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8981
diff
changeset
|
566 #if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15) |
8981
7ea585a6ed0f
QUIC: set to standard TLS codepoint after draft versions removal.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8971
diff
changeset
|
567 SSL_set_quic_use_legacy_codepoint(ssl_conn, 0); |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
568 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
569 |
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
570 qsock = ngx_quic_get_socket(c); |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
571 |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
572 dcid.data = qsock->sid.id; |
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
573 dcid.len = qsock->sid.len; |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
574 |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
575 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
576 != NGX_OK) |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
578 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
579 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
580 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
581 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 /* always succeeds */ |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 p = ngx_pnalloc(c->pool, len); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 if (p == NULL) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
588 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
589 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
590 if (len < 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
591 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
592 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
593 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
594 #ifdef NGX_QUIC_DEBUG_PACKETS |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
596 "quic transport parameters len:%uz %*xs", len, len, p); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
597 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
598 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
599 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
600 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
601 "quic SSL_set_quic_transport_params() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
602 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
603 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
604 |
8865
646bb5361437
Configure: check for QUIC 0-RTT support at compile time.
Ruslan Ermilov <ru@nginx.com>
parents:
8845
diff
changeset
|
605 #if BORINGSSL_API_VERSION >= 11 |
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
606 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
607 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
608 "quic SSL_set_quic_early_data_context() failed"); |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
609 return NGX_ERROR; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
610 } |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
611 #endif |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
612 |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
613 return NGX_OK; |
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
614 } |