Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8620:d10118e38943 quic
QUIC: refactored SSL_do_handshake() handling.
No functional changes.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 29 Oct 2020 21:50:49 +0000 |
| parents | bb3f4f669417 |
| children | 9c3be23ddbe7 |
comparison
equal
deleted
inserted
replaced
| 8619:bb3f4f669417 | 8620:d10118e38943 |
|---|---|
| 3579 return NGX_ERROR; | 3579 return NGX_ERROR; |
| 3580 } | 3580 } |
| 3581 | 3581 |
| 3582 n = SSL_do_handshake(ssl_conn); | 3582 n = SSL_do_handshake(ssl_conn); |
| 3583 | 3583 |
| 3584 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
| 3585 | |
| 3586 if (n == -1) { | |
| 3587 sslerr = SSL_get_error(ssl_conn, n); | |
| 3588 | |
| 3589 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
| 3590 sslerr); | |
| 3591 | |
| 3592 if (sslerr != SSL_ERROR_WANT_READ) { | |
| 3593 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | |
| 3594 return NGX_ERROR; | |
| 3595 } | |
| 3596 | |
| 3597 } else if (n == 1 && !SSL_in_init(ssl_conn)) { | |
| 3598 | |
| 3599 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 3600 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); | |
| 3601 | |
| 3602 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 3603 "quic handshake completed successfully"); | |
| 3604 | |
| 3605 c->ssl->handshaked = 1; | |
| 3606 c->ssl->no_wait_shutdown = 1; | |
| 3607 | |
| 3608 frame = ngx_quic_alloc_frame(c, 0); | |
| 3609 if (frame == NULL) { | |
| 3610 return NGX_ERROR; | |
| 3611 } | |
| 3612 | |
| 3613 /* 12.4 Frames and frame types, figure 8 */ | |
| 3614 frame->level = ssl_encryption_application; | |
| 3615 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | |
| 3616 ngx_quic_queue_frame(c->quic, frame); | |
| 3617 | |
| 3618 if (ngx_quic_send_new_token(c) != NGX_OK) { | |
| 3619 return NGX_ERROR; | |
| 3620 } | |
| 3621 | |
| 3622 /* | |
| 3623 * Generating next keys before a key update is received. | |
| 3624 * See quic-tls 9.4 Header Protection Timing Side-Channels. | |
| 3625 */ | |
| 3626 | |
| 3627 if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application], | |
| 3628 &c->quic->next_key) | |
| 3629 != NGX_OK) | |
| 3630 { | |
| 3631 return NGX_ERROR; | |
| 3632 } | |
| 3633 | |
| 3634 /* | |
| 3635 * 4.10.2 An endpoint MUST discard its handshake keys | |
| 3636 * when the TLS handshake is confirmed | |
| 3637 */ | |
| 3638 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | |
| 3639 } | |
| 3640 | |
| 3641 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 3584 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 3642 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", | 3585 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
| 3643 (int) SSL_quic_read_level(ssl_conn), | 3586 (int) SSL_quic_read_level(ssl_conn), |
| 3644 (int) SSL_quic_write_level(ssl_conn)); | 3587 (int) SSL_quic_write_level(ssl_conn)); |
| 3588 | |
| 3589 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
| 3590 | |
| 3591 if (n <= 0) { | |
| 3592 sslerr = SSL_get_error(ssl_conn, n); | |
| 3593 | |
| 3594 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
| 3595 sslerr); | |
| 3596 | |
| 3597 if (sslerr != SSL_ERROR_WANT_READ) { | |
| 3598 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | |
| 3599 return NGX_ERROR; | |
| 3600 } | |
| 3601 | |
| 3602 return NGX_OK; | |
| 3603 } | |
| 3604 | |
| 3605 if (SSL_in_init(ssl_conn)) { | |
| 3606 return NGX_OK; | |
| 3607 } | |
| 3608 | |
| 3609 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 3610 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); | |
| 3611 | |
| 3612 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 3613 "quic handshake completed successfully"); | |
| 3614 | |
| 3615 c->ssl->handshaked = 1; | |
| 3616 c->ssl->no_wait_shutdown = 1; | |
| 3617 | |
| 3618 frame = ngx_quic_alloc_frame(c, 0); | |
| 3619 if (frame == NULL) { | |
| 3620 return NGX_ERROR; | |
| 3621 } | |
| 3622 | |
| 3623 /* 12.4 Frames and frame types, figure 8 */ | |
| 3624 frame->level = ssl_encryption_application; | |
| 3625 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | |
| 3626 ngx_quic_queue_frame(c->quic, frame); | |
| 3627 | |
| 3628 if (ngx_quic_send_new_token(c) != NGX_OK) { | |
| 3629 return NGX_ERROR; | |
| 3630 } | |
| 3631 | |
| 3632 /* | |
| 3633 * Generating next keys before a key update is received. | |
| 3634 * See quic-tls 9.4 Header Protection Timing Side-Channels. | |
| 3635 */ | |
| 3636 | |
| 3637 if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application], | |
| 3638 &c->quic->next_key) | |
| 3639 != NGX_OK) | |
| 3640 { | |
| 3641 return NGX_ERROR; | |
| 3642 } | |
| 3643 | |
| 3644 /* | |
| 3645 * 4.10.2 An endpoint MUST discard its handshake keys | |
| 3646 * when the TLS handshake is confirmed | |
| 3647 */ | |
| 3648 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | |
| 3645 | 3649 |
| 3646 return NGX_OK; | 3650 return NGX_OK; |
| 3647 } | 3651 } |
| 3648 | 3652 |
| 3649 | 3653 |