Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_ssl.c @ 8763:4117aa7fa38e quic
QUIC: connection migration.
The patch adds proper transitions between multiple networking addresses that
can be used by a single quic connection. New networking paths are validated
using PATH_CHALLENGE/PATH_RESPONSE frames.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 29 Apr 2021 15:35:02 +0300 |
| parents | 46161c610919 |
| children | b3f6ad181df4 |
| rev | line source |
|---|---|
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 * 7.4. Cryptographic Message Buffering |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 * Implementations MUST support buffering at least 4096 bytes of data |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 #define NGX_QUIC_MAX_BUFFERED 65535 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 const uint8_t *secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 const uint8_t *write_secret, size_t secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 enum ssl_encryption_level_t level, const uint8_t *data, size_t len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 static SSL_QUIC_METHOD quic_method = { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 ngx_quic_set_read_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 ngx_quic_set_write_secret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 ngx_quic_set_encryption_secrets, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 ngx_quic_add_handshake_data, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 ngx_quic_flush_flight, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 ngx_quic_send_alert, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 }; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 #if BORINGSSL_API_VERSION >= 10 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 const uint8_t *rsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 "quic ngx_quic_set_read_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 cipher, rsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 "quic ngx_quic_set_write_secret() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 cipher, wsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 #else |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 enum ssl_encryption_level_t level, const uint8_t *rsecret, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 const uint8_t *wsecret, size_t secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 const SSL_CIPHER *cipher; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 "quic ngx_quic_set_encryption_secrets() level:%d", level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 "quic read secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 secret_len, rsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 cipher = SSL_get_current_cipher(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 cipher, rsecret, secret_len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 != 1) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 if (level == ssl_encryption_early_data) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 "quic write secret len:%uz %*xs", secret_len, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 secret_len, wsecret); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 cipher, wsecret, secret_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 u_char *p, *end; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 size_t client_params_len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 const uint8_t *client_params; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 ngx_quic_tp_t ctp; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 ngx_quic_frame_t *frame; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 ngx_quic_frames_stream_t *fs; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 "quic ngx_quic_add_handshake_data"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 if (!qc->client_tp_done) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 * things to do once during handshake: check ALPN and transport |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 * parameters; we want to break handshake if something is wrong |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 * here; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 if (qc->conf->require_alpn) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 unsigned int len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 const unsigned char *data; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 SSL_get0_alpn_selected(ssl_conn, &data, &len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 if (len == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 qc->error_reason = "unsupported protocol in ALPN extension"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 "quic unsupported protocol in ALPN extension"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 SSL_get_peer_quic_transport_params(ssl_conn, &client_params, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 &client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 "quic SSL_get_peer_quic_transport_params():" |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 " params_len:%ui", client_params_len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 if (client_params_len == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 /* quic-tls 8.2 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 qc->error_reason = "missing transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 "missing transport parameters"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 p = (u_char *) client_params; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 end = p + client_params_len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 /* defaults for parameters not sent by client */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 qc->error_reason = "failed to process transport parameters"; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 qc->client_tp_done = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 fs = &qc->crypto[level]; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 if (frame->data == NGX_CHAIN_ERROR) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 return 0; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 frame->level = level; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 frame->type = NGX_QUIC_FT_CRYPTO; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 frame->u.crypto.offset = fs->sent; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 frame->u.crypto.length = len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 fs->sent += len; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 static int |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 #if (NGX_DEBUG) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 ngx_connection_t *c; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 "quic ngx_quic_flush_flight()"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 return 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 ngx_quic_frame_t *frame) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 uint64_t last; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 ngx_int_t rc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 ngx_quic_send_ctx_t *ctx; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 ngx_quic_crypto_frame_t *f; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 ngx_quic_frames_stream_t *fs; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 fs = &qc->crypto[pkt->level]; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 f = &frame->u.crypto; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 /* no overflow since both values are 62-bit */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 last = f->offset + f->length; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 NULL); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 if (rc != NGX_DECLINED) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 return rc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 /* speeding up handshake completion */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 if (pkt->level == ssl_encryption_initial) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 if (!ngx_queue_empty(&ctx->sent)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 ngx_quic_resend_frames(c, ctx); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 while (!ngx_queue_empty(&ctx->sent)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 ngx_quic_resend_frames(c, ctx); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 int n, sslerr; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 ngx_buf_t *b; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 ngx_chain_t *cl; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 ngx_ssl_conn_t *ssl_conn; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
329 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
330 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
332 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
333 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
334 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
335 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
336 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 for (cl = frame->data; cl; cl = cl->next) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 b = cl->buf; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
340 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 b->pos, b->last - b->pos)) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
342 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 "SSL_provide_quic_data() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
345 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 n = SSL_do_handshake(ssl_conn); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 (int) SSL_quic_read_level(ssl_conn), |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 (int) SSL_quic_write_level(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 if (n <= 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 sslerr = SSL_get_error(ssl_conn, n); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 sslerr); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 if (sslerr != SSL_ERROR_WANT_READ) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 if (SSL_in_init(ssl_conn)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 "quic handshake completed successfully"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 c->ssl->handshaked = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 frame = ngx_quic_alloc_frame(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 if (frame == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 /* 12.4 Frames and frame types, figure 8 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 frame->level = ssl_encryption_application; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 ngx_quic_queue_frame(qc, frame); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
394 if (qc->conf->retry) { |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
395 if (ngx_quic_send_new_token(c, qc->socket->path) != NGX_OK) { |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
396 return NGX_ERROR; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
397 } |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 * Generating next keys before a key update is received. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 * See quic-tls 9.4 Header Protection Timing Side-Channels. |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 /* |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 * 4.10.2 An endpoint MUST discard its handshake keys |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 * when the TLS handshake is confirmed |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
415 /* start accepting clients on negotiated number of server ids */ |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
416 if (ngx_quic_create_sockets(c) != NGX_OK) { |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 ngx_int_t |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 ngx_quic_init_connection(ngx_connection_t *c) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 u_char *p; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 size_t clen; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 ssize_t len; |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
430 ngx_str_t dcid; |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 ngx_ssl_conn_t *ssl_conn; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 ngx_quic_connection_t *qc; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 qc = ngx_quic_get_connection(c); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 c->ssl->no_wait_shutdown = 1; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 ssl_conn = c->ssl->connection; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 "quic SSL_set_quic_method() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 #ifdef SSL_READ_EARLY_DATA_SUCCESS |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 #if BORINGSSL_API_VERSION >= 13 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 |
|
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
460 dcid.data = qc->socket->sid.id; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
461 dcid.len = qc->socket->sid.len; |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
462 |
|
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8753
diff
changeset
|
463 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token) |
|
8753
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 != NGX_OK) |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 "quic stateless reset token %*xs", |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 /* always succeeds */ |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 p = ngx_pnalloc(c->pool, len); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 if (p == NULL) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 if (len < 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 "quic transport parameters len:%uz %*xs", len, len, p); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 "quic SSL_set_quic_transport_params() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 #if NGX_OPENSSL_QUIC_ZRTT_CTX |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 "quic SSL_set_quic_early_data_context() failed"); |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 return NGX_ERROR; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 } |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
503 #endif |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 return NGX_OK; |
|
46161c610919
QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 } |