Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_ssl.c @ 8781:81d491f0dc8c quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: unroll and inline ngx_quic_varint_len()/ngx_quic_build_int(). According to profiling, those two are among most frequently called, so inlining is generally useful, and unrolling should help with it. Further, this fixes undefined behaviour seen with invalid values. Inspired by Yu Liu.
author Sergey Kandaurov <pluknet@nginx.com>
date Sat, 22 May 2021 18:40:45 +0300
parents 4117aa7fa38e
children b3f6ad181df4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8753
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2 /*
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 * Copyright (C) Nginx, Inc.
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7 #include <ngx_config.h>
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8 #include <ngx_core.h>
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9 #include <ngx_event.h>
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
10 #include <ngx_event_quic_connection.h>
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
11
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
12
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
13 /*
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
14 * 7.4. Cryptographic Message Buffering
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
15 * Implementations MUST support buffering at least 4096 bytes of data
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
16 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
17 #define NGX_QUIC_MAX_BUFFERED 65535
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
18
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
19
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
20 #if BORINGSSL_API_VERSION >= 10
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
21 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
22 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
23 const uint8_t *secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
24 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
25 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
26 const uint8_t *secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
27 #else
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
28 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
29 enum ssl_encryption_level_t level, const uint8_t *read_secret,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
30 const uint8_t *write_secret, size_t secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
31 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
32
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
33 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
34 enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
35 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
36
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
37
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
38 static SSL_QUIC_METHOD quic_method = {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
39 #if BORINGSSL_API_VERSION >= 10
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
40 ngx_quic_set_read_secret,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
41 ngx_quic_set_write_secret,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
42 #else
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
43 ngx_quic_set_encryption_secrets,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
44 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
45 ngx_quic_add_handshake_data,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
46 ngx_quic_flush_flight,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
47 ngx_quic_send_alert,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
48 };
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
49
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
50
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
51 #if BORINGSSL_API_VERSION >= 10
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
52
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
53 static int
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
54 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
55 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
56 const uint8_t *rsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
57 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
58 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
59 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
60
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
61 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
62 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
63
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
64 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
65 "quic ngx_quic_set_read_secret() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
66 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
67 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
68 "quic read secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
69 secret_len, rsecret);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
70 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
71
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
72 return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
73 cipher, rsecret, secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
75
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
76
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
77 static int
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
78 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
79 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
80 const uint8_t *wsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
81 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
82 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
83 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
84
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
85 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
86 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
87
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
88 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
89 "quic ngx_quic_set_write_secret() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
90 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
91 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
92 "quic write secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
93 secret_len, wsecret);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
94 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
95
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
96 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
97 cipher, wsecret, secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
98 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
99
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
100 #else
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
101
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
102 static int
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
103 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
104 enum ssl_encryption_level_t level, const uint8_t *rsecret,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
105 const uint8_t *wsecret, size_t secret_len)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
106 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
107 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
108 const SSL_CIPHER *cipher;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
109 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
110
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
112 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
113
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
114 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
115 "quic ngx_quic_set_encryption_secrets() level:%d", level);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
116 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
117 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
118 "quic read secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
119 secret_len, rsecret);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
120 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
121
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
122 cipher = SSL_get_current_cipher(ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
123
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
124 if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
125 cipher, rsecret, secret_len)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
126 != 1)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
127 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
128 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
129 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
130
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
131 if (level == ssl_encryption_early_data) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
132 return 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
133 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
134
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
135 #ifdef NGX_QUIC_DEBUG_CRYPTO
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
136 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
137 "quic write secret len:%uz %*xs", secret_len,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
138 secret_len, wsecret);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
139 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
140
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
141 return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
142 cipher, wsecret, secret_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
143 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
144
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
145 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
146
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
147
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
148 static int
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
149 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
150 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
151 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
152 u_char *p, *end;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
153 size_t client_params_len;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
154 const uint8_t *client_params;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
155 ngx_quic_tp_t ctp;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
156 ngx_quic_frame_t *frame;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
157 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
158 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
159 ngx_quic_frames_stream_t *fs;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
160
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
161 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
162 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
163
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
164 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
165 "quic ngx_quic_add_handshake_data");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
166
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
167 if (!qc->client_tp_done) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
168 /*
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
169 * things to do once during handshake: check ALPN and transport
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
170 * parameters; we want to break handshake if something is wrong
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
171 * here;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
172 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
173
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
174 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
175 if (qc->conf->require_alpn) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
176 unsigned int len;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
177 const unsigned char *data;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
178
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
179 SSL_get0_alpn_selected(ssl_conn, &data, &len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
180
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
181 if (len == 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
182 qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
183 qc->error_reason = "unsupported protocol in ALPN extension";
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
184
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
185 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
186 "quic unsupported protocol in ALPN extension");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
187 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
188 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
189 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
190 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
191
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
192 SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
193 &client_params_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
194
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
195 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
196 "quic SSL_get_peer_quic_transport_params():"
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
197 " params_len:%ui", client_params_len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
198
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
199 if (client_params_len == 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
200 /* quic-tls 8.2 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
201 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
202 qc->error_reason = "missing transport parameters";
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
203
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
204 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
205 "missing transport parameters");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
206 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
207 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
208
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
209 p = (u_char *) client_params;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
210 end = p + client_params_len;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
211
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
212 /* defaults for parameters not sent by client */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
213 ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
214
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
215 if (ngx_quic_parse_transport_params(p, end, &ctp, c->log)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
216 != NGX_OK)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
217 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
218 qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
219 qc->error_reason = "failed to process transport parameters";
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
220
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
221 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
222 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
223
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
224 if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
225 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
226 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
227
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
228 qc->client_tp_done = 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
229 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
230
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
231 fs = &qc->crypto[level];
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
232
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
233 frame = ngx_quic_alloc_frame(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
234 if (frame == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
235 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
236 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
237
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
238 frame->data = ngx_quic_copy_buf(c, (u_char *) data, len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
239 if (frame->data == NGX_CHAIN_ERROR) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
240 return 0;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
241 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
242
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
243 frame->level = level;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
244 frame->type = NGX_QUIC_FT_CRYPTO;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
245 frame->u.crypto.offset = fs->sent;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
246 frame->u.crypto.length = len;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
247
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
248 fs->sent += len;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
249
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
250 ngx_quic_queue_frame(qc, frame);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
251
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
252 return 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
253 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
254
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
255
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
256 static int
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
257 ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
258 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
259 #if (NGX_DEBUG)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
260 ngx_connection_t *c;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
261
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
262 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
263
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
264 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
265 "quic ngx_quic_flush_flight()");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
266 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
267 return 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
268 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
269
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
270
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
271 ngx_int_t
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
272 ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
273 ngx_quic_frame_t *frame)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
274 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
275 uint64_t last;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
276 ngx_int_t rc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
277 ngx_quic_send_ctx_t *ctx;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
278 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
279 ngx_quic_crypto_frame_t *f;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
280 ngx_quic_frames_stream_t *fs;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
281
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
282 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
283 fs = &qc->crypto[pkt->level];
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
284 f = &frame->u.crypto;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
285
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
286 /* no overflow since both values are 62-bit */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
287 last = f->offset + f->length;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
288
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
289 if (last > fs->received && last - fs->received > NGX_QUIC_MAX_BUFFERED) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
290 qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
291 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
292 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
293
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
294 rc = ngx_quic_handle_ordered_frame(c, fs, frame, ngx_quic_crypto_input,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
295 NULL);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
296 if (rc != NGX_DECLINED) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
297 return rc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
298 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
299
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
300 /* speeding up handshake completion */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
301
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
302 if (pkt->level == ssl_encryption_initial) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
303 ctx = ngx_quic_get_send_ctx(qc, pkt->level);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
304
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
305 if (!ngx_queue_empty(&ctx->sent)) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
306 ngx_quic_resend_frames(c, ctx);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
307
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
308 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
309 while (!ngx_queue_empty(&ctx->sent)) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
310 ngx_quic_resend_frames(c, ctx);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
311 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
312 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
313 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
314
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
315 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
316 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
317
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
318
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
319 ngx_int_t
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
320 ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
321 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
322 int n, sslerr;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
323 ngx_buf_t *b;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
324 ngx_chain_t *cl;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
325 ngx_ssl_conn_t *ssl_conn;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
326 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
327
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
328 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
329
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
330 ssl_conn = c->ssl->connection;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
331
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
332 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
333 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
334 (int) SSL_quic_read_level(ssl_conn),
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
335 (int) SSL_quic_write_level(ssl_conn));
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
336
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
337 for (cl = frame->data; cl; cl = cl->next) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
338 b = cl->buf;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
339
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
340 if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn),
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
341 b->pos, b->last - b->pos))
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
342 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
343 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
344 "SSL_provide_quic_data() failed");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
345 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
346 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
347 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
348
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
349 n = SSL_do_handshake(ssl_conn);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
350
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
351 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
352 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
353 (int) SSL_quic_read_level(ssl_conn),
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
354 (int) SSL_quic_write_level(ssl_conn));
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
355
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
356 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
357
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
358 if (n <= 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
359 sslerr = SSL_get_error(ssl_conn, n);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
360
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
361 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
362 sslerr);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
363
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
364 if (sslerr != SSL_ERROR_WANT_READ) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
365 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
366 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
367 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
368
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
369 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
370 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
371
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
372 if (SSL_in_init(ssl_conn)) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
373 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
374 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
375
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
376 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
377 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn));
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
378
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
379 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
380 "quic handshake completed successfully");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
381
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
382 c->ssl->handshaked = 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
383
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
384 frame = ngx_quic_alloc_frame(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
385 if (frame == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
386 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
387 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
388
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
389 /* 12.4 Frames and frame types, figure 8 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
390 frame->level = ssl_encryption_application;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
391 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
392 ngx_quic_queue_frame(qc, frame);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
393
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
394 if (qc->conf->retry) {
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
395 if (ngx_quic_send_new_token(c, qc->socket->path) != NGX_OK) {
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
396 return NGX_ERROR;
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
397 }
8753
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
398 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
399
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
400 /*
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
401 * Generating next keys before a key update is received.
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
402 * See quic-tls 9.4 Header Protection Timing Side-Channels.
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
403 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
404
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
405 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
406 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
407 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
408
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
409 /*
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
410 * 4.10.2 An endpoint MUST discard its handshake keys
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
411 * when the TLS handshake is confirmed
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
412 */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
413 ngx_quic_discard_ctx(c, ssl_encryption_handshake);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
414
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
415 /* start accepting clients on negotiated number of server ids */
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
416 if (ngx_quic_create_sockets(c) != NGX_OK) {
8753
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
417 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
418 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
419
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
420 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
421 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
422
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
423
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
424 ngx_int_t
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
425 ngx_quic_init_connection(ngx_connection_t *c)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
426 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
427 u_char *p;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
428 size_t clen;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
429 ssize_t len;
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
430 ngx_str_t dcid;
8753
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
431 ngx_ssl_conn_t *ssl_conn;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
432 ngx_quic_connection_t *qc;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
433
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
434 qc = ngx_quic_get_connection(c);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
435
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
436 if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
437 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
438 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
439
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
440 c->ssl->no_wait_shutdown = 1;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
441
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
442 ssl_conn = c->ssl->connection;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
443
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
444 if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
445 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
446 "quic SSL_set_quic_method() failed");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
447 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
448 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
449
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
450 #ifdef SSL_READ_EARLY_DATA_SUCCESS
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
451 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
452 SSL_set_quic_early_data_enabled(ssl_conn, 1);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
453 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
454 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
455
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
456 #if BORINGSSL_API_VERSION >= 13
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
457 SSL_set_quic_use_legacy_codepoint(ssl_conn, qc->version != 1);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
458 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
459
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
460 dcid.data = qc->socket->sid.id;
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
461 dcid.len = qc->socket->sid.len;
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
462
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8753
diff changeset
463 if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token)
8753
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
464 != NGX_OK)
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
465 {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
466 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
467 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
468
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
469 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
470 "quic stateless reset token %*xs",
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
471 (size_t) NGX_QUIC_SR_TOKEN_LEN, qc->tp.sr_token);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
472
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
473 len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
474 /* always succeeds */
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
475
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
476 p = ngx_pnalloc(c->pool, len);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
477 if (p == NULL) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
478 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
479 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
480
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
481 len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
482 if (len < 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
483 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
484 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
485
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
486 #ifdef NGX_QUIC_DEBUG_PACKETS
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
487 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
488 "quic transport parameters len:%uz %*xs", len, len, p);
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
489 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
490
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
491 if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
492 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
493 "quic SSL_set_quic_transport_params() failed");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
494 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
495 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
496
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
497 #if NGX_OPENSSL_QUIC_ZRTT_CTX
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
498 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
499 ngx_log_error(NGX_LOG_INFO, c->log, 0,
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
500 "quic SSL_set_quic_early_data_context() failed");
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
501 return NGX_ERROR;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
502 }
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
503 #endif
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
504
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
505 return NGX_OK;
46161c610919 QUIC: separate files for SSL library interfaces.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
506 }