Mercurial > hg > nginx

changeset 8439:cef417a24755 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: cleaned up quic encryption state tracking. The patch removes remnants of the old state tracking mechanism, which did not take into account assimetry of read/write states and was not very useful. The encryption state now is entirely tracked using SSL_quic_read/write_level().
author Vladimir Homutov <vl@nginx.com>
date Thu, 18 Jun 2020 14:29:24 +0300
parents a2c34e77cfc1
children f9592e804834
files src/event/ngx_event_quic.c
diffstat 1 files changed, 6 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -86,8 +86,6 @@ struct ngx_quic_connection_s {
     ngx_quic_tp_t                     tp;
     ngx_quic_tp_t                     ctp;
 
-    enum ssl_encryption_level_t       state;
-
     ngx_quic_send_ctx_t               send_ctx[NGX_QUIC_SEND_CTX_LAST];
     ngx_quic_secrets_t                keys[NGX_QUIC_ENCRYPTION_LAST];
     ngx_quic_secrets_t                next_key;
@@ -296,10 +294,6 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t 
 
     keys = &c->quic->keys[level];
 
-    if (level == ssl_encryption_early_data) {
-        c->quic->state = ssl_encryption_early_data;
-    }
-
     return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                           rsecret, secret_len,
                                           &keys->client);
@@ -358,7 +352,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
     }
 
     if (level == ssl_encryption_early_data) {
-        c->quic->state = ssl_encryption_early_data;
         return 1;
     }
 
@@ -675,7 +668,6 @@ ngx_quic_new_connection(ngx_connection_t
     qc->push.cancelable = 1;
 
     c->quic = qc;
-    qc->state = ssl_encryption_initial;
     qc->ssl = ssl;
     qc->tp = *tp;
     qc->streams.handler = handler;
@@ -1142,7 +1134,6 @@ ngx_quic_init_connection(ngx_connection_
 #endif
 
     qc->max_streams = qc->tp.initial_max_streams_bidi;
-    qc->state = ssl_encryption_handshake;
 
     return NGX_OK;
 }
@@ -1743,12 +1734,14 @@ ngx_quic_early_input(ngx_connection_t *c
         return NGX_ERROR;
     }
 
-    if (c->quic->state != ssl_encryption_early_data) {
-        ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic unexpected 0-RTT packet");
-        return NGX_OK;
+    keys = &c->quic->keys[ssl_encryption_early_data];
+
+    if (keys->client.key.len == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic no 0-RTT keys yet, packet ignored");
+        return NGX_DECLINED;
     }
 
-    keys = &c->quic->keys[ssl_encryption_early_data];
 
     pkt->secret = &keys->client;
     pkt->level = ssl_encryption_early_data;
@@ -2614,7 +2607,6 @@ ngx_quic_crypto_input(ngx_connection_t *
         }
 
     } else if (n == 1 && !SSL_in_init(ssl_conn)) {
-        c->quic->state = ssl_encryption_application;
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic ssl cipher: %s", SSL_get_cipher(ssl_conn));