Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_ssl.c @ 8822:ad046179eb91 quic
QUIC: handle EAGAIN properly on UDP sockets.
Previously, the error was ignored leading to unnecessary retransmits.
Now, unsent frames are returned into output queue, state is reset, and
timer is started for the next send attempt.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 28 Jul 2021 17:23:18 +0300 |
| parents | 4715f3e669f1 |
| children | fe919fd63b0b |
| rev | line source |
|---|---|
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
14 * RFC 9000, 7.5. Cryptographic Message Buffering |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
15 * |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
16 * Implementations MUST support buffering at least 4096 bytes of data |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 #define NGX_QUIC_MAX_BUFFERED 65535 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 const uint8_t *write_secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
37 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 static SSL_QUIC_METHOD quic_method = { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 ngx_quic_set_read_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 ngx_quic_set_write_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_set_encryption_secrets, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 ngx_quic_add_handshake_data, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 ngx_quic_flush_flight, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 ngx_quic_send_alert, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 }; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 const uint8_t *rsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 "quic ngx_quic_set_read_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 cipher, rsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 "quic ngx_quic_set_write_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 cipher, wsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 const SSL_CIPHER *cipher; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 cipher = SSL_get_current_cipher(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 cipher, rsecret, secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 != 1) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 if (level == ssl_encryption_early_data) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 cipher, wsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 { |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
154 u_char *p, *end; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
155 size_t client_params_len; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
156 const uint8_t *client_params; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
157 ngx_quic_tp_t ctp; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
158 ngx_quic_frame_t *frame; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
159 ngx_connection_t *c; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
160 ngx_quic_send_ctx_t *ctx; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
161 ngx_quic_connection_t *qc; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 "quic ngx_quic_add_handshake_data"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 if (!qc->client_tp_done) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 * things to do once during handshake: check ALPN and transport |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 * parameters; we want to break handshake if something is wrong |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 * here; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 if (qc->conf->require_alpn) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 unsigned int len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 const unsigned char *data; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 if (len == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 qc->error_reason = "unsupported protocol in ALPN extension"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 "quic unsupported protocol in ALPN extension"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 &client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 "quic SSL_get_peer_quic_transport_params():" |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 " params_len:%ui", client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 if (client_params_len == 0) { |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
202 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */ |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 qc->error_reason = "missing transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 "missing transport parameters"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 p = (u_char *) client_params; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 end = p + client_params_len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 /* defaults for parameters not sent by client */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 qc->error_reason = "failed to process transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 qc->client_tp_done = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
233 ctx = ngx_quic_get_send_ctx(qc, level); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 if (frame->data == NGX_CHAIN_ERROR) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 frame->level = level; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 frame->type = NGX_QUIC_FT_CRYPTO; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
247 frame->u.crypto.offset = ctx->crypto_sent; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 frame->u.crypto.length = len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
250 ctx->crypto_sent += len; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 #if (NGX_DEBUG) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 "quic ngx_quic_flush_flight()"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 ngx_quic_frame_t *frame) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 { |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
277 size_t len; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
278 uint64_t last; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
279 ngx_buf_t *b; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
280 ngx_chain_t *cl, **ll; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
281 ngx_quic_send_ctx_t *ctx; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
282 ngx_quic_connection_t *qc; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
283 ngx_quic_crypto_frame_t *f; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 qc = ngx_quic_get_connection(c); |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
286 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 f = &frame->u.crypto; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 /* no overflow since both values are 62-bit */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 last = f->offset + f->length; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
292 if (last > ctx->crypto_received + NGX_QUIC_MAX_BUFFERED) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
297 if (last <= ctx->crypto_received) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
298 if (pkt->level == ssl_encryption_initial) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
299 /* speeding up handshake completion */ |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
300 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
301 if (!ngx_queue_empty(&ctx->sent)) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
302 ngx_quic_resend_frames(c, ctx); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
303 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
304 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
305 while (!ngx_queue_empty(&ctx->sent)) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
306 ngx_quic_resend_frames(c, ctx); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
307 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
308 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
309 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
310 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
311 return NGX_OK; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
312 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
313 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
314 if (f->offset > ctx->crypto_received) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
315 return ngx_quic_order_bufs(c, &ctx->crypto, frame->data, |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
316 f->offset - ctx->crypto_received); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
317 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
318 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
319 ngx_quic_trim_bufs(frame->data, ctx->crypto_received - f->offset); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
320 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
321 if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
322 return NGX_ERROR; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
325 ngx_quic_trim_bufs(ctx->crypto, last - ctx->crypto_received); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
326 ctx->crypto_received = last; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
327 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
328 cl = ctx->crypto; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
329 ll = &cl; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
330 len = 0; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
332 while (*ll) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
333 b = (*ll)->buf; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
334 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
335 if (b->sync && b->pos != b->last) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
336 /* hole */ |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
337 break; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
338 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
340 len += b->last - b->pos; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
341 ll = &(*ll)->next; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
342 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
344 ctx->crypto_received += len; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
345 ctx->crypto = *ll; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
346 *ll = NULL; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
347 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
348 if (cl) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
349 if (ngx_quic_crypto_input(c, cl) != NGX_OK) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
350 return NGX_ERROR; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 } |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
352 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
353 ngx_quic_free_bufs(c, cl); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
360 static ngx_int_t |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
361 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 int n, sslerr; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 ngx_buf_t *b; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 ngx_chain_t *cl; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 ngx_ssl_conn_t *ssl_conn; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
367 ngx_quic_frame_t *frame; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
379 for (cl = data; cl; cl = cl->next) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 b = cl->buf; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 b->pos, b->last - b->pos)) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 "SSL_provide_quic_data() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 n = SSL_do_handshake(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
394 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
395 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
396 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
397 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 if (n <= 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 sslerr = SSL_get_error(ssl_conn, n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 sslerr); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 if (sslerr != SSL_ERROR_WANT_READ) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
8793
80d396fd8ee8
QUIC: improved errors readability.
Vladimir Homutov <vl@nginx.com>
parents:
8782
diff
changeset
|
408 qc->error_reason = "handshake failed"; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 if (SSL_in_init(ssl_conn)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 "quic handshake completed successfully"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 c->ssl->handshaked = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 frame->level = ssl_encryption_application; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
436 if (qc->conf->retry) { |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
437 if (ngx_quic_send_new_token(c, qc->socket->path) != NGX_OK) { |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
438 return NGX_ERROR; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
439 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
443 * RFC 9001, 9.5. Header Protection Timing Side Channels |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
444 * |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 * Generating next keys before a key update is received. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
453 * RFC 9001, 4.9.2. Discarding Handshake Keys |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
454 * |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
455 * An endpoint MUST discard its Handshake keys |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
456 * when the TLS handshake is confirmed. |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
460 /* start accepting clients on negotiated number of server ids */ |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
461 if (ngx_quic_create_sockets(c) != NGX_OK) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 ngx_quic_init_connection(ngx_connection_t *c) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 u_char *p; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 size_t clen; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 ssize_t len; |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
475 ngx_str_t dcid; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 ngx_ssl_conn_t *ssl_conn; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 c->ssl->no_wait_shutdown = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 "quic SSL_set_quic_method() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 #if BORINGSSL_API_VERSION >= 13 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
503 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
505 dcid.data = qc->socket->sid.id; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
506 dcid.len = qc->socket->sid.len; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
507 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
508 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
512 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
513 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
514 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
515 "quic stateless reset token %*xs", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
516 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
518 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
519 /* always succeeds */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
520 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
521 p = ngx_pnalloc(c->pool, len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 if (p == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
523 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
524 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
525 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
526 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
527 if (len < 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
528 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 "quic transport parameters len:%uz %*xs", len, len, p); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 "quic SSL_set_quic_transport_params() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
539 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
541 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
542 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
543 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
544 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
545 "quic SSL_set_quic_early_data_context() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
546 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
547 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
548 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
549 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
551 } |