Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9168:ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Keys may be released by TLS stack in different times, so it makes sense
to check this independently as well. This allows to fine-tune what key
direction is used when checking keys availability.
When discarding, server keys are now marked in addition to client keys.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 31 Aug 2023 19:54:10 +0400 |
parents | 2880f60a80c3 |
children | f98636db77ef |
comparison
equal
deleted
inserted
replaced
9167:3038bd4d7816 | 9168:ff98ae7d261e |
---|---|
670 } | 670 } |
671 | 671 |
672 | 672 |
673 ngx_uint_t | 673 ngx_uint_t |
674 ngx_quic_keys_available(ngx_quic_keys_t *keys, | 674 ngx_quic_keys_available(ngx_quic_keys_t *keys, |
675 enum ssl_encryption_level_t level) | 675 enum ssl_encryption_level_t level, ngx_uint_t is_write) |
676 { | 676 { |
677 return keys->secrets[level].client.key.len != 0; | 677 if (is_write == 0) { |
678 return keys->secrets[level].client.key.len != 0; | |
679 } | |
680 | |
681 return keys->secrets[level].server.key.len != 0; | |
678 } | 682 } |
679 | 683 |
680 | 684 |
681 void | 685 void |
682 ngx_quic_keys_discard(ngx_quic_keys_t *keys, | 686 ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
683 enum ssl_encryption_level_t level) | 687 enum ssl_encryption_level_t level) |
684 { | 688 { |
685 keys->secrets[level].client.key.len = 0; | 689 keys->secrets[level].client.key.len = 0; |
690 keys->secrets[level].server.key.len = 0; | |
686 } | 691 } |
687 | 692 |
688 | 693 |
689 void | 694 void |
690 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) | 695 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) |