Mercurial > hg > nginx
changeset 8435:5bc9229ec4cf quic
QUIC: raise error on missing transport parameters.
quic-tls, 8.2:
The quic_transport_parameters extension is carried in the ClientHello
and the EncryptedExtensions messages during the handshake. Endpoints
MUST send the quic_transport_parameters extension; endpoints that
receive ClientHello or EncryptedExtensions messages without the
quic_transport_parameters extension MUST close the connection with an
error of type 0x16d (equivalent to a fatal TLS missing_extension
alert, see Section 4.10).
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 15 Jun 2020 17:06:40 +0300 |
parents | ea4899591798 |
children | 9fe7875ce4bb |
files | src/event/ngx_event_quic.c |
diffstat | 1 files changed, 54 insertions(+), 46 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -400,56 +400,64 @@ ngx_quic_add_handshake_data(ngx_ssl_conn "quic SSL_get_peer_quic_transport_params():" " params_len %ui", client_params_len); - if (client_params_len != 0) { - p = (u_char *) client_params; - end = p + client_params_len; - - if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log) - != NGX_OK) - { - qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; - qc->error_reason = "failed to process transport parameters"; - - return 0; - } - - if (qc->ctp.max_idle_timeout > 0 - && qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout) - { - qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout; - } - - if (qc->ctp.max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE - || qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) - { - qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; - qc->error_reason = "invalid maximum packet size"; - - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "quic maximum packet size is invalid"); - return 0; - } - - if (qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_OUT) { - qc->ctp.max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_OUT; - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, - "quic client maximum packet size truncated"); - } + if (client_params_len == 0) { + /* quic-tls 8.2 */ + qc->error = 0x100 + SSL_AD_MISSING_EXTENSION; + qc->error_reason = "missing transport parameters"; + + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "missing transport parameters"); + return 0; + } + + p = (u_char *) client_params; + end = p + client_params_len; + + if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log) + != NGX_OK) + { + qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; + qc->error_reason = "failed to process transport parameters"; + + return 0; + } + + if (qc->ctp.max_idle_timeout > 0 + && qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout) + { + qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout; + } + + if (qc->ctp.max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE + || qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) + { + qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; + qc->error_reason = "invalid maximum packet size"; + + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "quic maximum packet size is invalid"); + return 0; + } + + if (qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_OUT) { + qc->ctp.max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_OUT; + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "quic client maximum packet size truncated"); + } #if (NGX_QUIC_DRAFT_VERSION >= 28) - if (qc->scid.len != qc->ctp.initial_scid.len - || ngx_memcmp(qc->scid.data, qc->ctp.initial_scid.data, - qc->scid.len) != 0) - { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "quic client initial_source_connection_id " - "mismatch"); - return 0; - } + if (qc->scid.len != qc->ctp.initial_scid.len + || ngx_memcmp(qc->scid.data, qc->ctp.initial_scid.data, + qc->scid.len) != 0) + { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "quic client initial_source_connection_id " + "mismatch"); + return 0; + } #endif - qc->client_tp_done = 1; - } + qc->client_tp_done = 1; } /*