nginx: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_ssl.c @ 9168:ff98ae7d261e

QUIC: split keys availability checks to read and write sides. Keys may be released by TLS stack in different times, so it makes sense to check this independently as well. This allows to fine-tune what key direction is used when checking keys availability. When discarding, server keys are now marked in addition to client keys.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 31 Aug 2023 19:54:10 +0400
parents	daf8f5ba23d8
children	bbdcab20d67e

rev	line source
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10 #include <ngx_event_quic_connection.h>
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	13 #if defined OPENSSL_IS_BORINGSSL \
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	14 \|\| defined LIBRESSL_VERSION_NUMBER \
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	15 \|\| NGX_QUIC_OPENSSL_COMPAT
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	16 #define NGX_QUIC_BORINGSSL_API 1
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	17 #endif
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	18
7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	19
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	21 * RFC 9000, 7.5. Cryptographic Message Buffering
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	22 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	23 * Implementations MUST support buffering at least 4096 bytes of data
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 #define NGX_QUIC_MAX_BUFFERED 65535
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	28 #if (NGX_QUIC_BORINGSSL_API)
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	31 const uint8_t *secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34 const uint8_t *secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	35 #else
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	36 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	37 enum ssl_encryption_level_t level, const uint8_t *read_secret,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	38 const uint8_t *write_secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	39 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	40
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	41 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	42 enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
8916 ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	44 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	45 enum ssl_encryption_level_t level, uint8_t alert);
9157 daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	46 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t c, ngx_chain_t data,
daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	47 enum ssl_encryption_level_t level);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	48
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	50 #if (NGX_QUIC_BORINGSSL_API)
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	51
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 static int
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	53 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	55 const uint8_t *rsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	57 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 "quic ngx_quic_set_read_secret() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	65 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	66 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67 "quic read secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68 secret_len, rsecret);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9015 diff changeset	71 if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
8887 61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	72 cipher, rsecret, secret_len)
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	73 != NGX_OK)
8887 61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	74 {
61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	75 return 0;
61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	76 }
61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	77
61b038fb59c6 QUIC: speeding up processing 0-RTT. Sergey Kandaurov <pluknet@nginx.com> parents: 8886 diff changeset	78 return 1;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 static int
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 const uint8_t *wsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94 "quic ngx_quic_set_write_secret() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	97 "quic write secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 secret_len, wsecret);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	99 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	100
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9015 diff changeset	101 if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	102 cipher, wsecret, secret_len)
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	103 != NGX_OK)
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	104 {
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	105 return 0;
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	106 }
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	107
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	108 return 1;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 #else
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	112
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	113 static int
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	115 enum ssl_encryption_level_t level, const uint8_t *rsecret,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	116 const uint8_t *wsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	117 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	118 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	119 const SSL_CIPHER *cipher;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	120 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	121
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	122 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	123 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	126 "quic ngx_quic_set_encryption_secrets() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	127 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	129 "quic read secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	130 secret_len, rsecret);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	131 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	132
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	133 cipher = SSL_get_current_cipher(ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	134
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9015 diff changeset	135 if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	136 cipher, rsecret, secret_len)
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	137 != NGX_OK)
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 return 0;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	140 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142 if (level == ssl_encryption_early_data) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	143 return 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148 "quic write secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	149 secret_len, wsecret);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	150 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9015 diff changeset	152 if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	153 cipher, wsecret, secret_len)
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	154 != NGX_OK)
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	155 {
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	156 return 0;
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	157 }
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	158
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8916 diff changeset	159 return 1;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	161
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	162 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	163
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	164
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	165 static int
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	167 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	168 {
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	169 u_char p, end;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	170 size_t client_params_len;
9071 3c98fa8fef6f QUIC: ngx_quic_copy_buffer() function. Roman Arutyunyan <arut@nginx.com> parents: 9068 diff changeset	171 ngx_chain_t *out;
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	172 const uint8_t *client_params;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	173 ngx_quic_tp_t ctp;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	174 ngx_quic_frame_t *frame;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	175 ngx_connection_t *c;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	176 ngx_quic_send_ctx_t *ctx;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	177 ngx_quic_connection_t *qc;
8895 4b2d259bdadd QUIC: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 8887 diff changeset	178 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
4b2d259bdadd QUIC: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 8887 diff changeset	179 unsigned int alpn_len;
4b2d259bdadd QUIC: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 8887 diff changeset	180 const unsigned char *alpn_data;
4b2d259bdadd QUIC: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 8887 diff changeset	181 #endif
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	184 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	185
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187 "quic ngx_quic_add_handshake_data");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	189 if (!qc->client_tp_done) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	190 /*
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	191 * things to do once during handshake: check ALPN and transport
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	192 * parameters; we want to break handshake if something is wrong
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	193 * here;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	194 */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	195
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	196 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	197
9015 a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	198 SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	199
9015 a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	200 if (alpn_len == 0) {
9076 5dcea9f91482 QUIC: using NGX_QUIC_ERR_CRYPTO macro in ALPN checks. Sergey Kandaurov <pluknet@nginx.com> parents: 9071 diff changeset	201 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
9015 a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	202 qc->error_reason = "unsupported protocol in ALPN extension";
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	203
9015 a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	204 ngx_log_error(NGX_LOG_INFO, c->log, 0,
a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	205 "quic unsupported protocol in ALPN extension");
a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	206 return 0;
a2fbae359828 QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 9013 diff changeset	207 }
8895 4b2d259bdadd QUIC: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 8887 diff changeset	208
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	209 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	210
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	211 SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	212 &client_params_len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	213
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	214 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	215 "quic SSL_get_peer_quic_transport_params():"
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	216 " params_len:%ui", client_params_len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	217
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	218 if (client_params_len == 0) {
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	219 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221 qc->error_reason = "missing transport parameters";
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	223 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	224 "missing transport parameters");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 return 0;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228 p = (u_char *) client_params;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229 end = p + client_params_len;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	230
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231 /* defaults for parameters not sent by client */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	233
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	234 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	235 != NGX_OK)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	236 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238 qc->error_reason = "failed to process transport parameters";
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	239
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	240 return 0;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	242
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	243 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	244 return 0;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247 qc->client_tp_done = 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	248 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	249
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	250 ctx = ngx_quic_get_send_ctx(qc, level);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	251
9071 3c98fa8fef6f QUIC: ngx_quic_copy_buffer() function. Roman Arutyunyan <arut@nginx.com> parents: 9068 diff changeset	252 out = ngx_quic_copy_buffer(c, (u_char *) data, len);
9013 b5656025ddb5 QUIC: eliminated ngx_quic_copy_buf(). Roman Arutyunyan <arut@nginx.com> parents: 9011 diff changeset	253 if (out == NGX_CHAIN_ERROR) {
b5656025ddb5 QUIC: eliminated ngx_quic_copy_buf(). Roman Arutyunyan <arut@nginx.com> parents: 9011 diff changeset	254 return 0;
b5656025ddb5 QUIC: eliminated ngx_quic_copy_buf(). Roman Arutyunyan <arut@nginx.com> parents: 9011 diff changeset	255 }
b5656025ddb5 QUIC: eliminated ngx_quic_copy_buf(). Roman Arutyunyan <arut@nginx.com> parents: 9011 diff changeset	256
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257 frame = ngx_quic_alloc_frame(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 if (frame == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 return 0;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261
9013 b5656025ddb5 QUIC: eliminated ngx_quic_copy_buf(). Roman Arutyunyan <arut@nginx.com> parents: 9011 diff changeset	262 frame->data = out;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	263 frame->level = level;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264 frame->type = NGX_QUIC_FT_CRYPTO;
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	265 frame->u.crypto.offset = ctx->crypto_sent;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 frame->u.crypto.length = len;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	268 ctx->crypto_sent += len;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	269
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	270 ngx_quic_queue_frame(qc, frame);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	271
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 return 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 static int
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	277 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	278 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	279 #if (NGX_DEBUG)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	282 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 "quic ngx_quic_flush_flight()");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	286 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 return 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	290
8916 ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	291 static int
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	292 ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	293 uint8_t alert)
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	294 {
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	295 ngx_connection_t *c;
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	296 ngx_quic_connection_t *qc;
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	297
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	298 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	299
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	300 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	301 "quic ngx_quic_send_alert() level:%s alert:%d",
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	302 ngx_quic_level_name(level), (int) alert);
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	303
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	304 /* already closed on regular shutdown */
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	305
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	306 qc = ngx_quic_get_connection(c);
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	307 if (qc == NULL) {
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	308 return 1;
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	309 }
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	310
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	311 qc->error = NGX_QUIC_ERR_CRYPTO(alert);
9077 cb7dc35ed428 QUIC: moved "handshake failed" reason to send_alert. Sergey Kandaurov <pluknet@nginx.com> parents: 9076 diff changeset	312 qc->error_reason = "handshake failed";
8916 ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	313
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	314 return 1;
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	315 }
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	316
ff473a6f656c QUIC: ngx_quic_send_alert() callback moved to its place. Sergey Kandaurov <pluknet@nginx.com> parents: 8895 diff changeset	317
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318 ngx_int_t
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 ngx_quic_handle_crypto_frame(ngx_connection_t c, ngx_quic_header_t pkt,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 ngx_quic_frame_t *frame)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 {
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	322 uint64_t last;
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	323 ngx_chain_t *cl;
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	324 ngx_quic_send_ctx_t *ctx;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	325 ngx_quic_connection_t *qc;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	326 ngx_quic_crypto_frame_t *f;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 qc = ngx_quic_get_connection(c);
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	329 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 f = &frame->u.crypto;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	332 /* no overflow since both values are 62-bit */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	333 last = f->offset + f->length;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	334
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	335 if (last > ctx->crypto.offset + NGX_QUIC_MAX_BUFFERED) {
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	340 if (last <= ctx->crypto.offset) {
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	341 if (pkt->level == ssl_encryption_initial) {
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	342 /* speeding up handshake completion */
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	343
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	344 if (!ngx_queue_empty(&ctx->sent)) {
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	345 ngx_quic_resend_frames(c, ctx);
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	346
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	347 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	348 while (!ngx_queue_empty(&ctx->sent)) {
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	349 ngx_quic_resend_frames(c, ctx);
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	350 }
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	351 }
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	352 }
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	353
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	354 return NGX_OK;
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	355 }
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	356
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	357 if (f->offset == ctx->crypto.offset) {
9157 daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	358 if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) {
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	359 return NGX_ERROR;
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	360 }
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	361
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	362 ngx_quic_skip_buffer(c, &ctx->crypto, last);
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	363
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	364 } else {
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	365 if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	366 f->offset)
8947 6ccf3867959a QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs(). Roman Arutyunyan <arut@nginx.com> parents: 8946 diff changeset	367 == NGX_CHAIN_ERROR)
6ccf3867959a QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs(). Roman Arutyunyan <arut@nginx.com> parents: 8946 diff changeset	368 {
6ccf3867959a QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs(). Roman Arutyunyan <arut@nginx.com> parents: 8946 diff changeset	369 return NGX_ERROR;
6ccf3867959a QUIC: refactored ngx_quic_order_bufs() and ngx_quic_split_bufs(). Roman Arutyunyan <arut@nginx.com> parents: 8946 diff changeset	370 }
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372
9011 f9c788f3f5cc QUIC: ngx_quic_buffer_t object. Roman Arutyunyan <arut@nginx.com> parents: 8999 diff changeset	373 cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	374
b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	375 if (cl) {
9157 daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	376 if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) {
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	377 return NGX_ERROR;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	378 }
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	379
8948 19e063e955bf QUIC: renamed buffer-related functions. Roman Arutyunyan <arut@nginx.com> parents: 8947 diff changeset	380 ngx_quic_free_chain(c, cl);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	382
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	383 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	384 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	387 static ngx_int_t
9157 daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	388 ngx_quic_crypto_input(ngx_connection_t c, ngx_chain_t data,
daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	389 enum ssl_encryption_level_t level)
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	390 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 int n, sslerr;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392 ngx_buf_t *b;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 ngx_chain_t *cl;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 ngx_ssl_conn_t *ssl_conn;
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	395 ngx_quic_frame_t *frame;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400 ssl_conn = c->ssl->connection;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401
8782 b3f6ad181df4 QUIC: refactored CRYPTO and STREAM buffer ordering. Roman Arutyunyan <arut@nginx.com> parents: 8763 diff changeset	402 for (cl = data; cl; cl = cl->next) {
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 b = cl->buf;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404
9157 daf8f5ba23d8 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	405 if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos)) {
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	407 "SSL_provide_quic_data() failed");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	411
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	412 n = SSL_do_handshake(ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	413
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	414 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	415
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	416 if (n <= 0) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	417 sslerr = SSL_get_error(ssl_conn, n);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	418
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	419 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	420 sslerr);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	421
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	422 if (sslerr != SSL_ERROR_WANT_READ) {
9079 639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	423
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	424 if (c->ssl->handshake_rejected) {
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	425 ngx_connection_error(c, 0, "handshake rejected");
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	426 ERR_clear_error();
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	427
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	428 return NGX_ERROR;
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	429 }
639fa6723700 QUIC: improved ssl_reject_handshake error logging. Sergey Kandaurov <pluknet@nginx.com> parents: 9078 diff changeset	430
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	431 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	433 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	434 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	435
9068 bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	436 if (n <= 0 \|\| SSL_in_init(ssl_conn)) {
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9157 diff changeset	437 if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
9068 bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	438 && qc->client_tp_done)
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	439 {
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	440 if (ngx_quic_init_streams(c) != NGX_OK) {
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	441 return NGX_ERROR;
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	442 }
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	443 }
bf2267887014 QUIC: relocated ngx_quic_init_streams() for 0-RTT. Roman Arutyunyan <arut@nginx.com> parents: 9040 diff changeset	444
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	445 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	446 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	447
9078 0f4f781e57c1 QUIC: using ngx_ssl_handshake_log(). Sergey Kandaurov <pluknet@nginx.com> parents: 9077 diff changeset	448 #if (NGX_DEBUG)
0f4f781e57c1 QUIC: using ngx_ssl_handshake_log(). Sergey Kandaurov <pluknet@nginx.com> parents: 9077 diff changeset	449 ngx_ssl_handshake_log(c);
0f4f781e57c1 QUIC: using ngx_ssl_handshake_log(). Sergey Kandaurov <pluknet@nginx.com> parents: 9077 diff changeset	450 #endif
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	451
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	452 c->ssl->handshaked = 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	453
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	454 frame = ngx_quic_alloc_frame(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	455 if (frame == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	456 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	457 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	458
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	459 frame->level = ssl_encryption_application;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	460 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	461 ngx_quic_queue_frame(qc, frame);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	462
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	463 if (qc->conf->retry) {
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8967 diff changeset	464 if (ngx_quic_send_new_token(c, qc->path) != NGX_OK) {
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	465 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	466 }
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	467 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	468
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	469 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	470 * RFC 9001, 9.5. Header Protection Timing Side Channels
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	471 *
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	472 * Generating next keys before a key update is received.
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	473 */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	474
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9147 diff changeset	475 ngx_post_event(&qc->key_update, &ngx_posted_events);
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	476
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	477 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	478 * RFC 9001, 4.9.2. Discarding Handshake Keys
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	479 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	480 * An endpoint MUST discard its Handshake keys
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8793 diff changeset	481 * when the TLS handshake is confirmed.
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	482 */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	483 ngx_quic_discard_ctx(c, ssl_encryption_handshake);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	484
9147 58afcd72446f QUIC: path MTU discovery. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	485 ngx_quic_discover_path_mtu(c, qc->path);
58afcd72446f QUIC: path MTU discovery. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	486
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	487 /* start accepting clients on negotiated number of server ids */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	488 if (ngx_quic_create_sockets(c) != NGX_OK) {
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	489 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	490 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	491
8886 66b4ff373dd9 QUIC: refactored OCSP validation in preparation for 0-RTT support. Sergey Kandaurov <pluknet@nginx.com> parents: 8865 diff changeset	492 if (ngx_quic_init_streams(c) != NGX_OK) {
8827 fe919fd63b0b QUIC: client certificate validation with OCSP. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	493 return NGX_ERROR;
fe919fd63b0b QUIC: client certificate validation with OCSP. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	494 }
fe919fd63b0b QUIC: client certificate validation with OCSP. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	495
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	496 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	497 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	498
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	499
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	500 ngx_int_t
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	501 ngx_quic_init_connection(ngx_connection_t *c)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	502 {
9040 8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	503 u_char *p;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	504 size_t clen;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	505 ssize_t len;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	506 ngx_str_t dcid;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	507 ngx_ssl_conn_t *ssl_conn;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	508 ngx_quic_socket_t *qsock;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	509 ngx_quic_connection_t *qc;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	510 static SSL_QUIC_METHOD quic_method;
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	511
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	512 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	513
8999 92729be0377b QUIC: do not declare SSL buffering, it's not used. Sergey Kandaurov <pluknet@nginx.com> parents: 8987 diff changeset	514 if (ngx_ssl_create_connection(qc->conf->ssl, c, 0) != NGX_OK) {
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	515 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	516 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	517
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	518 c->ssl->no_wait_shutdown = 1;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	519
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	520 ssl_conn = c->ssl->connection;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	521
9040 8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	522 if (!quic_method.send_alert) {
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9079 diff changeset	523 #if (NGX_QUIC_BORINGSSL_API)
9040 8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	524 quic_method.set_read_secret = ngx_quic_set_read_secret;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	525 quic_method.set_write_secret = ngx_quic_set_write_secret;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	526 #else
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	527 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	528 #endif
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	529 quic_method.add_handshake_data = ngx_quic_add_handshake_data;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	530 quic_method.flush_flight = ngx_quic_flush_flight;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	531 quic_method.send_alert = ngx_quic_send_alert;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	532 }
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9033 diff changeset	533
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	534 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	535 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	536 "quic SSL_set_quic_method() failed");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	537 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	538 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	539
9031 cd0d6e176908 QUIC: using SSL_set_quic_early_data_enabled() only with QuicTLS. Sergey Kandaurov <pluknet@nginx.com> parents: 9024 diff changeset	540 #ifdef OPENSSL_INFO_QUIC
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	541 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	542 SSL_set_quic_early_data_enabled(ssl_conn, 1);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	543 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	544 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	545
8971 1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8967 diff changeset	546 qsock = ngx_quic_get_socket(c);
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8967 diff changeset	547
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8967 diff changeset	548 dcid.data = qsock->sid.id;
1e2f4e9c8195 QUIC: reworked migration handling. Vladimir Homutov <vl@nginx.com> parents: 8967 diff changeset	549 dcid.len = qsock->sid.len;
8763 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	550
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8753 diff changeset	551 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token)
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	552 != NGX_OK)
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	553 {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	554 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	555 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	556
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	557 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	558 /* always succeeds */
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	559
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	560 p = ngx_pnalloc(c->pool, len);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	561 if (p == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	562 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	563 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	564
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	565 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	566 if (len < 0) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	567 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	568 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	569
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	570 #ifdef NGX_QUIC_DEBUG_PACKETS
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	571 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	572 "quic transport parameters len:%uz %*xs", len, len, p);
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	573 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	574
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	575 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	576 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	577 "quic SSL_set_quic_transport_params() failed");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	578 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	579 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	580
9033 9076a74f1221 QUIC: removed compatibility with older BoringSSL API. Sergey Kandaurov <pluknet@nginx.com> parents: 9032 diff changeset	581 #ifdef OPENSSL_IS_BORINGSSL
8753 46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	582 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	583 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	584 "quic SSL_set_quic_early_data_context() failed");
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	585 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	586 }
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	587 #endif
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	588
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	589 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces. Vladimir Homutov <vl@nginx.com> parents: diff changeset	590 }

Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_ssl.c @ 9168:ff98ae7d261e