Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.c @ 9168:ff98ae7d261e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: split keys availability checks to read and write sides. Keys may be released by TLS stack in different times, so it makes sense to check this independently as well. This allows to fine-tune what key direction is used when checking keys availability. When discarding, server keys are now marked in addition to client keys.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 31 Aug 2023 19:54:10 +0400
parents 2880f60a80c3
children f98636db77ef
comparison
equal deleted inserted replaced
9167:3038bd4d7816 9168:ff98ae7d261e
670 } 670 }
671 671
672 672
673 ngx_uint_t 673 ngx_uint_t
674 ngx_quic_keys_available(ngx_quic_keys_t *keys, 674 ngx_quic_keys_available(ngx_quic_keys_t *keys,
675 enum ssl_encryption_level_t level) 675 enum ssl_encryption_level_t level, ngx_uint_t is_write)
676 { 676 {
677 return keys->secrets[level].client.key.len != 0; 677 if (is_write == 0) {
678 return keys->secrets[level].client.key.len != 0;
679 }
680
681 return keys->secrets[level].server.key.len != 0;
678 } 682 }
679 683
680 684
681 void 685 void
682 ngx_quic_keys_discard(ngx_quic_keys_t *keys, 686 ngx_quic_keys_discard(ngx_quic_keys_t *keys,
683 enum ssl_encryption_level_t level) 687 enum ssl_encryption_level_t level)
684 { 688 {
685 keys->secrets[level].client.key.len = 0; 689 keys->secrets[level].client.key.len = 0;
690 keys->secrets[level].server.key.len = 0;
686 } 691 }
687 692
688 693
689 void 694 void
690 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) 695 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys)