Mercurial > hg > nginx-quic
changeset 7934:cef417a24755 quic
QUIC: cleaned up quic encryption state tracking.
The patch removes remnants of the old state tracking mechanism, which did
not take into account assimetry of read/write states and was not very
useful.
The encryption state now is entirely tracked using SSL_quic_read/write_level().
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 18 Jun 2020 14:29:24 +0300 |
parents | a2c34e77cfc1 |
children | f9592e804834 |
files | src/event/ngx_event_quic.c |
diffstat | 1 files changed, 6 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -86,8 +86,6 @@ struct ngx_quic_connection_s { ngx_quic_tp_t tp; ngx_quic_tp_t ctp; - enum ssl_encryption_level_t state; - ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST]; ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; ngx_quic_secrets_t next_key; @@ -296,10 +294,6 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t keys = &c->quic->keys[level]; - if (level == ssl_encryption_early_data) { - c->quic->state = ssl_encryption_early_data; - } - return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, rsecret, secret_len, &keys->client); @@ -358,7 +352,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ } if (level == ssl_encryption_early_data) { - c->quic->state = ssl_encryption_early_data; return 1; } @@ -675,7 +668,6 @@ ngx_quic_new_connection(ngx_connection_t qc->push.cancelable = 1; c->quic = qc; - qc->state = ssl_encryption_initial; qc->ssl = ssl; qc->tp = *tp; qc->streams.handler = handler; @@ -1142,7 +1134,6 @@ ngx_quic_init_connection(ngx_connection_ #endif qc->max_streams = qc->tp.initial_max_streams_bidi; - qc->state = ssl_encryption_handshake; return NGX_OK; } @@ -1743,12 +1734,14 @@ ngx_quic_early_input(ngx_connection_t *c return NGX_ERROR; } - if (c->quic->state != ssl_encryption_early_data) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic unexpected 0-RTT packet"); - return NGX_OK; + keys = &c->quic->keys[ssl_encryption_early_data]; + + if (keys->client.key.len == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "quic no 0-RTT keys yet, packet ignored"); + return NGX_DECLINED; } - keys = &c->quic->keys[ssl_encryption_early_data]; pkt->secret = &keys->client; pkt->level = ssl_encryption_early_data; @@ -2614,7 +2607,6 @@ ngx_quic_crypto_input(ngx_connection_t * } } else if (n == 1 && !SSL_in_init(ssl_conn)) { - c->quic->state = ssl_encryption_application; ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic ssl cipher: %s", SSL_get_cipher(ssl_conn));