Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 7934:cef417a24755 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: cleaned up quic encryption state tracking. The patch removes remnants of the old state tracking mechanism, which did not take into account assimetry of read/write states and was not very useful. The encryption state now is entirely tracked using SSL_quic_read/write_level().
author Vladimir Homutov <vl@nginx.com>
date Thu, 18 Jun 2020 14:29:24 +0300
parents a2c34e77cfc1
children b9bce2c4fe33
comparison
equal deleted inserted replaced
7933:a2c34e77cfc1 7934:cef417a24755
83 ngx_str_t token; 83 ngx_str_t token;
84 84
85 ngx_uint_t client_tp_done; 85 ngx_uint_t client_tp_done;
86 ngx_quic_tp_t tp; 86 ngx_quic_tp_t tp;
87 ngx_quic_tp_t ctp; 87 ngx_quic_tp_t ctp;
88
89 enum ssl_encryption_level_t state;
90 88
91 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; 89 ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST];
92 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; 90 ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST];
93 ngx_quic_secrets_t next_key; 91 ngx_quic_secrets_t next_key;
94 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST]; 92 ngx_quic_frames_stream_t crypto[NGX_QUIC_ENCRYPTION_LAST];
294 ngx_quic_hexdump(c->log, "quic read secret", rsecret, secret_len); 292 ngx_quic_hexdump(c->log, "quic read secret", rsecret, secret_len);
295 #endif 293 #endif
296 294
297 keys = &c->quic->keys[level]; 295 keys = &c->quic->keys[level];
298 296
299 if (level == ssl_encryption_early_data) {
300 c->quic->state = ssl_encryption_early_data;
301 }
302
303 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, 297 return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
304 rsecret, secret_len, 298 rsecret, secret_len,
305 &keys->client); 299 &keys->client);
306 } 300 }
307 301
356 if (rc != 1) { 350 if (rc != 1) {
357 return rc; 351 return rc;
358 } 352 }
359 353
360 if (level == ssl_encryption_early_data) { 354 if (level == ssl_encryption_early_data) {
361 c->quic->state = ssl_encryption_early_data;
362 return 1; 355 return 1;
363 } 356 }
364 357
365 #ifdef NGX_QUIC_DEBUG_CRYPTO 358 #ifdef NGX_QUIC_DEBUG_CRYPTO
366 ngx_quic_hexdump(c->log, "quic write", wsecret, secret_len); 359 ngx_quic_hexdump(c->log, "quic write", wsecret, secret_len);
673 qc->push.data = c; 666 qc->push.data = c;
674 qc->push.handler = ngx_quic_push_handler; 667 qc->push.handler = ngx_quic_push_handler;
675 qc->push.cancelable = 1; 668 qc->push.cancelable = 1;
676 669
677 c->quic = qc; 670 c->quic = qc;
678 qc->state = ssl_encryption_initial;
679 qc->ssl = ssl; 671 qc->ssl = ssl;
680 qc->tp = *tp; 672 qc->tp = *tp;
681 qc->streams.handler = handler; 673 qc->streams.handler = handler;
682 674
683 ctp = &qc->ctp; 675 ctp = &qc->ctp;
1140 return NGX_ERROR; 1132 return NGX_ERROR;
1141 } 1133 }
1142 #endif 1134 #endif
1143 1135
1144 qc->max_streams = qc->tp.initial_max_streams_bidi; 1136 qc->max_streams = qc->tp.initial_max_streams_bidi;
1145 qc->state = ssl_encryption_handshake;
1146 1137
1147 return NGX_OK; 1138 return NGX_OK;
1148 } 1139 }
1149 1140
1150 1141
1741 1732
1742 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) { 1733 if (ngx_quic_parse_handshake_header(pkt) != NGX_OK) {
1743 return NGX_ERROR; 1734 return NGX_ERROR;
1744 } 1735 }
1745 1736
1746 if (c->quic->state != ssl_encryption_early_data) {
1747 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic unexpected 0-RTT packet");
1748 return NGX_OK;
1749 }
1750
1751 keys = &c->quic->keys[ssl_encryption_early_data]; 1737 keys = &c->quic->keys[ssl_encryption_early_data];
1738
1739 if (keys->client.key.len == 0) {
1740 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1741 "quic no 0-RTT keys yet, packet ignored");
1742 return NGX_DECLINED;
1743 }
1744
1752 1745
1753 pkt->secret = &keys->client; 1746 pkt->secret = &keys->client;
1754 pkt->level = ssl_encryption_early_data; 1747 pkt->level = ssl_encryption_early_data;
1755 pkt->plaintext = buf; 1748 pkt->plaintext = buf;
1756 1749
2612 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); 2605 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
2613 return NGX_ERROR; 2606 return NGX_ERROR;
2614 } 2607 }
2615 2608
2616 } else if (n == 1 && !SSL_in_init(ssl_conn)) { 2609 } else if (n == 1 && !SSL_in_init(ssl_conn)) {
2617 c->quic->state = ssl_encryption_application;
2618 2610
2619 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 2611 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
2620 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn)); 2612 "quic ssl cipher: %s", SSL_get_cipher(ssl_conn));
2621 2613
2622 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, 2614 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,