Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_ssl.c @ 8797:4715f3e669f1 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: updated specification references. This includes updating citations and further clarification.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 16 Jun 2021 11:55:12 +0300
parents 80d396fd8ee8
children fe919fd63b0b
comparison
equal deleted inserted replaced
8796:1fec68e322d0 8797:4715f3e669f1
9 #include <ngx_event.h> 9 #include <ngx_event.h>
10 #include <ngx_event_quic_connection.h> 10 #include <ngx_event_quic_connection.h>
11 11
12 12
13 /* 13 /*
14 * 7.4. Cryptographic Message Buffering 14 * RFC 9000, 7.5. Cryptographic Message Buffering
15 * Implementations MUST support buffering at least 4096 bytes of data 15 *
16 * Implementations MUST support buffering at least 4096 bytes of data
16 */ 17 */
17 #define NGX_QUIC_MAX_BUFFERED 65535 18 #define NGX_QUIC_MAX_BUFFERED 65535
18 19
19 20
20 #if BORINGSSL_API_VERSION >= 10 21 #if BORINGSSL_API_VERSION >= 10
196 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 197 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
197 "quic SSL_get_peer_quic_transport_params():" 198 "quic SSL_get_peer_quic_transport_params():"
198 " params_len:%ui", client_params_len); 199 " params_len:%ui", client_params_len);
199 200
200 if (client_params_len == 0) { 201 if (client_params_len == 0) {
201 /* quic-tls 8.2 */ 202 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */
202 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); 203 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
203 qc->error_reason = "missing transport parameters"; 204 qc->error_reason = "missing transport parameters";
204 205
205 ngx_log_error(NGX_LOG_INFO, c->log, 0, 206 ngx_log_error(NGX_LOG_INFO, c->log, 0,
206 "missing transport parameters"); 207 "missing transport parameters");
426 frame = ngx_quic_alloc_frame(c); 427 frame = ngx_quic_alloc_frame(c);
427 if (frame == NULL) { 428 if (frame == NULL) {
428 return NGX_ERROR; 429 return NGX_ERROR;
429 } 430 }
430 431
431 /* 12.4 Frames and frame types, figure 8 */
432 frame->level = ssl_encryption_application; 432 frame->level = ssl_encryption_application;
433 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; 433 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
434 ngx_quic_queue_frame(qc, frame); 434 ngx_quic_queue_frame(qc, frame);
435 435
436 if (qc->conf->retry) { 436 if (qc->conf->retry) {
438 return NGX_ERROR; 438 return NGX_ERROR;
439 } 439 }
440 } 440 }
441 441
442 /* 442 /*
443 * RFC 9001, 9.5. Header Protection Timing Side Channels
444 *
443 * Generating next keys before a key update is received. 445 * Generating next keys before a key update is received.
444 * See quic-tls 9.4 Header Protection Timing Side-Channels.
445 */ 446 */
446 447
447 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { 448 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) {
448 return NGX_ERROR; 449 return NGX_ERROR;
449 } 450 }
450 451
451 /* 452 /*
452 * 4.10.2 An endpoint MUST discard its handshake keys 453 * RFC 9001, 4.9.2. Discarding Handshake Keys
453 * when the TLS handshake is confirmed 454 *
455 * An endpoint MUST discard its Handshake keys
456 * when the TLS handshake is confirmed.
454 */ 457 */
455 ngx_quic_discard_ctx(c, ssl_encryption_handshake); 458 ngx_quic_discard_ctx(c, ssl_encryption_handshake);
456 459
457 /* start accepting clients on negotiated number of server ids */ 460 /* start accepting clients on negotiated number of server ids */
458 if (ngx_quic_create_sockets(c) != NGX_OK) { 461 if (ngx_quic_create_sockets(c) != NGX_OK) {