Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_ssl.c @ 9045:c6580dce98a8 quic
QUIC: fixed triggering stream read event (ticket #2409).
If a client packet carrying a stream data frame is not acked due to packet loss,
the stream data is retransmitted later by client. It's also possible that the
retransmitted range is bigger than before due to more stream data being
available by then. If the original data was read out by the application,
there would be no read event triggered by the retransmitted frame, even though
it contains new data.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 23 Nov 2022 18:50:26 +0400 |
| parents | 8c0bccdf2743 |
| children | bf2267887014 |
| rev | line source |
|---|---|
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
14 * RFC 9000, 7.5. Cryptographic Message Buffering |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
15 * |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
16 * Implementations MUST support buffering at least 4096 bytes of data |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 #define NGX_QUIC_MAX_BUFFERED 65535 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
|
9033
9076a74f1221
QUIC: removed compatibility with older BoringSSL API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9032
diff
changeset
|
21 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 const uint8_t *write_secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
8916
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
37 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
38 enum ssl_encryption_level_t level, uint8_t alert); |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 |
|
9033
9076a74f1221
QUIC: removed compatibility with older BoringSSL API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9032
diff
changeset
|
42 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 const uint8_t *rsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 "quic ngx_quic_set_read_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9015
diff
changeset
|
63 if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, |
|
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
64 cipher, rsecret, secret_len) |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
65 != NGX_OK) |
|
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
66 { |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
67 return 0; |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
68 } |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
69 |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
70 if (level == ssl_encryption_early_data) { |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
71 if (ngx_quic_init_streams(c) != NGX_OK) { |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
72 return 0; |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
73 } |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
74 } |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
75 |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
76 return 1; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 "quic ngx_quic_set_write_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9015
diff
changeset
|
99 if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
100 cipher, wsecret, secret_len) |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
101 != NGX_OK) |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
102 { |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
103 return 0; |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
104 } |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
105 |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
106 return 1; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 const SSL_CIPHER *cipher; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 cipher = SSL_get_current_cipher(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9015
diff
changeset
|
133 if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 cipher, rsecret, secret_len) |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
135 != NGX_OK) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 if (level == ssl_encryption_early_data) { |
|
8887
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
141 if (ngx_quic_init_streams(c) != NGX_OK) { |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
142 return 0; |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
143 } |
|
61b038fb59c6
QUIC: speeding up processing 0-RTT.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8886
diff
changeset
|
144 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9015
diff
changeset
|
154 if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
155 cipher, wsecret, secret_len) |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
156 != NGX_OK) |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
157 { |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
158 return 0; |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
159 } |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
160 |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8916
diff
changeset
|
161 return 1; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 { |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
171 u_char *p, *end; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
172 size_t client_params_len; |
|
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
173 ngx_buf_t buf; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
174 ngx_chain_t *out, cl; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
175 const uint8_t *client_params; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
176 ngx_quic_tp_t ctp; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
177 ngx_quic_frame_t *frame; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
178 ngx_connection_t *c; |
|
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
179 ngx_quic_buffer_t qb; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
180 ngx_quic_send_ctx_t *ctx; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
181 ngx_quic_connection_t *qc; |
|
8895
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
182 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
|
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
183 unsigned int alpn_len; |
|
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
184 const unsigned char *alpn_data; |
|
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
185 #endif |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 "quic ngx_quic_add_handshake_data"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 if (!qc->client_tp_done) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 * things to do once during handshake: check ALPN and transport |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 * parameters; we want to break handshake if something is wrong |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 * here; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 |
|
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
202 SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 |
|
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
204 if (alpn_len == 0) { |
|
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
205 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
|
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
206 qc->error_reason = "unsupported protocol in ALPN extension"; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 |
|
9015
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
208 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
209 "quic unsupported protocol in ALPN extension"); |
|
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
210 return 0; |
|
a2fbae359828
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9013
diff
changeset
|
211 } |
|
8895
4b2d259bdadd
QUIC: connections with wrong ALPN protocols are now rejected.
Vladimir Homutov <vl@nginx.com>
parents:
8887
diff
changeset
|
212 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 &client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 "quic SSL_get_peer_quic_transport_params():" |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 " params_len:%ui", client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 if (client_params_len == 0) { |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
223 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */ |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 qc->error_reason = "missing transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 "missing transport parameters"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 p = (u_char *) client_params; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 end = p + client_params_len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 /* defaults for parameters not sent by client */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 qc->error_reason = "failed to process transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 qc->client_tp_done = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
254 ctx = ngx_quic_get_send_ctx(qc, level); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 |
|
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
256 ngx_memzero(&buf, sizeof(ngx_buf_t)); |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
257 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
258 buf.pos = (u_char *) data; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
259 buf.last = buf.pos + len; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
260 buf.temporary = 1; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
261 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
262 cl.buf = &buf; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
263 cl.next = NULL; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
264 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
265 ngx_memzero(&qb, sizeof(ngx_quic_buffer_t)); |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
266 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
267 if (ngx_quic_write_buffer(c, &qb, &cl, len, 0) == NGX_CHAIN_ERROR) { |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
268 return 0; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
269 } |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
270 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
271 out = ngx_quic_read_buffer(c, &qb, len); |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
272 if (out == NGX_CHAIN_ERROR) { |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
273 return 0; |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
274 } |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
275 |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
276 ngx_quic_free_buffer(c, &qb); |
|
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
277 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 |
|
9013
b5656025ddb5
QUIC: eliminated ngx_quic_copy_buf().
Roman Arutyunyan <arut@nginx.com>
parents:
9011
diff
changeset
|
283 frame->data = out; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 frame->level = level; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 frame->type = NGX_QUIC_FT_CRYPTO; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
286 frame->u.crypto.offset = ctx->crypto_sent; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 frame->u.crypto.length = len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
289 ctx->crypto_sent += len; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 #if (NGX_DEBUG) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 "quic ngx_quic_flush_flight()"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 |
|
8916
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
312 static int |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
313 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
314 uint8_t alert) |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
315 { |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
316 ngx_connection_t *c; |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
317 ngx_quic_connection_t *qc; |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
318 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
319 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
320 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
321 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
322 "quic ngx_quic_send_alert() level:%s alert:%d", |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
323 ngx_quic_level_name(level), (int) alert); |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
324 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
325 /* already closed on regular shutdown */ |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
326 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
327 qc = ngx_quic_get_connection(c); |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
328 if (qc == NULL) { |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
329 return 1; |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
330 } |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
331 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
332 qc->error = NGX_QUIC_ERR_CRYPTO(alert); |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
333 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
334 return 1; |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
335 } |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
336 |
|
ff473a6f656c
QUIC: ngx_quic_send_alert() callback moved to its place.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8895
diff
changeset
|
337 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
340 ngx_quic_frame_t *frame) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 { |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
342 uint64_t last; |
|
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
343 ngx_chain_t *cl; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
344 ngx_quic_send_ctx_t *ctx; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
345 ngx_quic_connection_t *qc; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
346 ngx_quic_crypto_frame_t *f; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 qc = ngx_quic_get_connection(c); |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
349 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 f = &frame->u.crypto; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 /* no overflow since both values are 62-bit */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 last = f->offset + f->length; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 |
|
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
355 if (last > ctx->crypto.offset + NGX_QUIC_MAX_BUFFERED) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 |
|
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
360 if (last <= ctx->crypto.offset) { |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
361 if (pkt->level == ssl_encryption_initial) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
362 /* speeding up handshake completion */ |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
363 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
364 if (!ngx_queue_empty(&ctx->sent)) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
365 ngx_quic_resend_frames(c, ctx); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
366 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
367 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
368 while (!ngx_queue_empty(&ctx->sent)) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
369 ngx_quic_resend_frames(c, ctx); |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
370 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
371 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
372 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
373 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
374 return NGX_OK; |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
375 } |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
376 |
|
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
377 if (f->offset == ctx->crypto.offset) { |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
378 if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) { |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
379 return NGX_ERROR; |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
380 } |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
381 |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
382 ngx_quic_skip_buffer(c, &ctx->crypto, last); |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
383 |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
384 } else { |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
385 if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length, |
|
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
386 f->offset) |
|
8947
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
387 == NGX_CHAIN_ERROR) |
|
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
388 { |
|
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
389 return NGX_ERROR; |
|
6ccf3867959a
QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs().
Roman Arutyunyan <arut@nginx.com>
parents:
8946
diff
changeset
|
390 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 |
|
9011
f9c788f3f5cc
QUIC: ngx_quic_buffer_t object.
Roman Arutyunyan <arut@nginx.com>
parents:
8999
diff
changeset
|
393 cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1); |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
394 |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
395 if (cl) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
396 if (ngx_quic_crypto_input(c, cl) != NGX_OK) { |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
397 return NGX_ERROR; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 } |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
399 |
|
8948
19e063e955bf
QUIC: renamed buffer-related functions.
Roman Arutyunyan <arut@nginx.com>
parents:
8947
diff
changeset
|
400 ngx_quic_free_chain(c, cl); |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
407 static ngx_int_t |
|
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
408 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 int n, sslerr; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 ngx_buf_t *b; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 ngx_chain_t *cl; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 ngx_ssl_conn_t *ssl_conn; |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
414 ngx_quic_frame_t *frame; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 |
|
8782
b3f6ad181df4
QUIC: refactored CRYPTO and STREAM buffer ordering.
Roman Arutyunyan <arut@nginx.com>
parents:
8763
diff
changeset
|
426 for (cl = data; cl; cl = cl->next) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 b = cl->buf; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 b->pos, b->last - b->pos)) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 "SSL_provide_quic_data() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 n = SSL_do_handshake(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 if (n <= 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 sslerr = SSL_get_error(ssl_conn, n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 sslerr); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 if (sslerr != SSL_ERROR_WANT_READ) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
8793
80d396fd8ee8
QUIC: improved errors readability.
Vladimir Homutov <vl@nginx.com>
parents:
8782
diff
changeset
|
455 qc->error_reason = "handshake failed"; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 if (SSL_in_init(ssl_conn)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 "quic handshake completed successfully"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 c->ssl->handshaked = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 frame->level = ssl_encryption_application; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
483 if (qc->conf->retry) { |
|
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
484 if (ngx_quic_send_new_token(c, qc->path) != NGX_OK) { |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
485 return NGX_ERROR; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
486 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
490 * RFC 9001, 9.5. Header Protection Timing Side Channels |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
491 * |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 * Generating next keys before a key update is received. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
500 * RFC 9001, 4.9.2. Discarding Handshake Keys |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
501 * |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
502 * An endpoint MUST discard its Handshake keys |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8793
diff
changeset
|
503 * when the TLS handshake is confirmed. |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
507 /* start accepting clients on negotiated number of server ids */ |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
508 if (ngx_quic_create_sockets(c) != NGX_OK) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 |
|
8886
66b4ff373dd9
QUIC: refactored OCSP validation in preparation for 0-RTT support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8865
diff
changeset
|
512 if (ngx_quic_init_streams(c) != NGX_OK) { |
|
8827
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
513 return NGX_ERROR; |
|
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
514 } |
|
fe919fd63b0b
QUIC: client certificate validation with OCSP.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
515 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
516 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
518 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
519 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
520 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
521 ngx_quic_init_connection(ngx_connection_t *c) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 { |
|
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
523 u_char *p; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
524 size_t clen; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
525 ssize_t len; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
526 ngx_str_t dcid; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
527 ngx_ssl_conn_t *ssl_conn; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
528 ngx_quic_socket_t *qsock; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
529 ngx_quic_connection_t *qc; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
530 static SSL_QUIC_METHOD quic_method; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 |
|
8999
92729be0377b
QUIC: do not declare SSL buffering, it's not used.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8987
diff
changeset
|
534 if (ngx_ssl_create_connection(qc->conf->ssl, c, 0) != NGX_OK) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 c->ssl->no_wait_shutdown = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
539 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
541 |
|
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
542 if (!quic_method.send_alert) { |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
543 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
544 quic_method.set_read_secret = ngx_quic_set_read_secret; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
545 quic_method.set_write_secret = ngx_quic_set_write_secret; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
546 #else |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
547 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
548 #endif |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
549 quic_method.add_handshake_data = ngx_quic_add_handshake_data; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
550 quic_method.flush_flight = ngx_quic_flush_flight; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
551 quic_method.send_alert = ngx_quic_send_alert; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
552 } |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9033
diff
changeset
|
553 |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
554 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
555 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
556 "quic SSL_set_quic_method() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
558 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
559 |
|
9031
cd0d6e176908
QUIC: using SSL_set_quic_early_data_enabled() only with QuicTLS.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9024
diff
changeset
|
560 #ifdef OPENSSL_INFO_QUIC |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
562 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
563 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
564 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
565 |
|
8971
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
566 qsock = ngx_quic_get_socket(c); |
|
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
567 |
|
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
568 dcid.data = qsock->sid.id; |
|
1e2f4e9c8195
QUIC: reworked migration handling.
Vladimir Homutov <vl@nginx.com>
parents:
8967
diff
changeset
|
569 dcid.len = qsock->sid.len; |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
570 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
571 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
572 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
573 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
574 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
575 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
576 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
578 /* always succeeds */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
579 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
580 p = ngx_pnalloc(c->pool, len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
581 if (p == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 if (len < 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
588 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
589 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
590 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
591 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
592 "quic transport parameters len:%uz %*xs", len, len, p); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
593 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
594 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
596 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
597 "quic SSL_set_quic_transport_params() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
598 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
599 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
600 |
|
9033
9076a74f1221
QUIC: removed compatibility with older BoringSSL API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9032
diff
changeset
|
601 #ifdef OPENSSL_IS_BORINGSSL |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
602 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
603 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
604 "quic SSL_set_quic_early_data_context() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
605 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
606 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
607 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
608 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
609 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
610 } |