Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7934:cef417a24755 quic
QUIC: cleaned up quic encryption state tracking.
The patch removes remnants of the old state tracking mechanism, which did
not take into account assimetry of read/write states and was not very
useful.
The encryption state now is entirely tracked using SSL_quic_read/write_level().
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 18 Jun 2020 14:29:24 +0300 |
parents | a2c34e77cfc1 |
children | b9bce2c4fe33 |
comparison
equal
deleted
inserted
replaced
7933:a2c34e77cfc1 | 7934:cef417a24755 |
---|---|
83 ngx_str_t token; | 83 ngx_str_t token; |
84 | 84 |
85 ngx_uint_t client_tp_done; | 85 ngx_uint_t client_tp_done; |
86 ngx_quic_tp_t tp; | 86 ngx_quic_tp_t tp; |
87 ngx_quic_tp_t ctp; | 87 ngx_quic_tp_t ctp; |
88 | |
89 enum ssl_encryption_level_t state; | |
90 | 88 |
91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; | 89 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; |
92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; | 90 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; |
93 ngx_quic_secrets_t next_key; | 91 ngx_quic_secrets_t next_key; |
94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; | 92 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; |
294 ngx_quic_hexdump(c->log, "quic read secret", rsecret, secret_len); | 292 ngx_quic_hexdump(c->log, "quic read secret", rsecret, secret_len); |
295 #endif | 293 #endif |
296 | 294 |
297 keys = &c->quic->keys[level]; | 295 keys = &c->quic->keys[level]; |
298 | 296 |
299 if (level == ssl_encryption_early_data) { | |
300 c->quic->state = ssl_encryption_early_data; | |
301 } | |
302 | |
303 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, | 297 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, |
304 rsecret, secret_len, | 298 rsecret, secret_len, |
305 &keys->client); | 299 &keys->client); |
306 } | 300 } |
307 | 301 |
356 if (rc != 1) { | 350 if (rc != 1) { |
357 return rc; | 351 return rc; |
358 } | 352 } |
359 | 353 |
360 if (level == ssl_encryption_early_data) { | 354 if (level == ssl_encryption_early_data) { |
361 c->quic->state = ssl_encryption_early_data; | |
362 return 1; | 355 return 1; |
363 } | 356 } |
364 | 357 |
365 #ifdef NGX_QUIC_DEBUG_CRYPTO | 358 #ifdef NGX_QUIC_DEBUG_CRYPTO |
366 ngx_quic_hexdump(c->log, "quic write", wsecret, secret_len); | 359 ngx_quic_hexdump(c->log, "quic write", wsecret, secret_len); |
673 qc->push.data = c; | 666 qc->push.data = c; |
674 qc->push.handler = ngx_quic_push_handler; | 667 qc->push.handler = ngx_quic_push_handler; |
675 qc->push.cancelable = 1; | 668 qc->push.cancelable = 1; |
676 | 669 |
677 c->quic = qc; | 670 c->quic = qc; |
678 qc->state = ssl_encryption_initial; | |
679 qc->ssl = ssl; | 671 qc->ssl = ssl; |
680 qc->tp = *tp; | 672 qc->tp = *tp; |
681 qc->streams.handler = handler; | 673 qc->streams.handler = handler; |
682 | 674 |
683 ctp = &qc->ctp; | 675 ctp = &qc->ctp; |
1140 return NGX_ERROR; | 1132 return NGX_ERROR; |
1141 } | 1133 } |
1142 #endif | 1134 #endif |
1143 | 1135 |
1144 qc->max_streams = qc->tp.initial_max_streams_bidi; | 1136 qc->max_streams = qc->tp.initial_max_streams_bidi; |
1145 qc->state = ssl_encryption_handshake; | |
1146 | 1137 |
1147 return NGX_OK; | 1138 return NGX_OK; |
1148 } | 1139 } |
1149 | 1140 |
1150 | 1141 |
1741 | 1732 |
1742 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { | 1733 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { |
1743 return NGX_ERROR; | 1734 return NGX_ERROR; |
1744 } | 1735 } |
1745 | 1736 |
1746 if (c->quic->state != ssl_encryption_early_data) { | |
1747 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic unexpected 0-RTT packet"); | |
1748 return NGX_OK; | |
1749 } | |
1750 | |
1751 keys = &c->quic->keys[ssl_encryption_early_data]; | 1737 keys = &c->quic->keys[ssl_encryption_early_data]; |
1738 | |
1739 if (keys->client.key.len == 0) { | |
1740 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1741 "quic no 0-RTT keys yet, packet ignored"); | |
1742 return NGX_DECLINED; | |
1743 } | |
1744 | |
1752 | 1745 |
1753 pkt->secret = &keys->client; | 1746 pkt->secret = &keys->client; |
1754 pkt->level = ssl_encryption_early_data; | 1747 pkt->level = ssl_encryption_early_data; |
1755 pkt->plaintext = buf; | 1748 pkt->plaintext = buf; |
1756 | 1749 |
2612 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | 2605 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
2613 return NGX_ERROR; | 2606 return NGX_ERROR; |
2614 } | 2607 } |
2615 | 2608 |
2616 } else if (n == 1 && !SSL_in_init(ssl_conn)) { | 2609 } else if (n == 1 && !SSL_in_init(ssl_conn)) { |
2617 c->quic->state = ssl_encryption_application; | |
2618 | 2610 |
2619 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2611 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2620 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); | 2612 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); |
2621 | 2613 |
2622 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2614 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |