mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-08-06 14:56:15 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: raise error on missing transport parameters.

Browse Source 
quic-tls, 8.2:

    The quic_transport_parameters extension is carried in the ClientHello
    and the EncryptedExtensions messages during the handshake.  Endpoints
    MUST send the quic_transport_parameters extension; endpoints that
    receive ClientHello or EncryptedExtensions messages without the
    quic_transport_parameters extension MUST close the connection with an
    error of type 0x16d (equivalent to a fatal TLS missing_extension
    alert, see Section 4.10).
This commit is contained in:
Vladimir Homutov 2020-06-15 17:06:40 +03:00
parent 6c2712f781
commit d6d7838c79
1 changed files with 48 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
src/event/ngx_event_quic.c
View File

@ -400,56 +400,64 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
"quic SSL_get_peer_quic_transport_params():" "quic SSL_get_peer_quic_transport_params():"
" params_len %ui", client_params_len); " params_len %ui", client_params_len);
if (client_params_len != 0) { if (client_params_len == 0) {
p = (u_char *) client_params; /* quic-tls 8.2 */
end = p + client_params_len; qc->error = 0x100 + SSL_AD_MISSING_EXTENSION;
qc->error_reason = "missing transport parameters";
if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log) ngx_log_error(NGX_LOG_INFO, c->log, 0,
!= NGX_OK) "missing transport parameters");
{ return 0;
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR; }
qc->error_reason = "failed to process transport parameters";
return 0; p = (u_char *) client_params;
} end = p + client_params_len;
if (qc->ctp.max_idle_timeout > 0 if (ngx_quic_parse_transport_params(p, end, &qc->ctp, c->log)
&& qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout) != NGX_OK)
{ {
qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout; qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
} qc->error_reason = "failed to process transport parameters";
if (qc->ctp.max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE return 0;
|| qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE) }
{
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
qc->error_reason = "invalid maximum packet size";
ngx_log_error(NGX_LOG_INFO, c->log, 0, if (qc->ctp.max_idle_timeout > 0
"quic maximum packet size is invalid"); && qc->ctp.max_idle_timeout < qc->tp.max_idle_timeout)
return 0; {
} qc->tp.max_idle_timeout = qc->ctp.max_idle_timeout;
}
if (qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_OUT) { if (qc->ctp.max_udp_payload_size < NGX_QUIC_MIN_INITIAL_SIZE
qc->ctp.max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_OUT; || qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_SIZE)
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, {
"quic client maximum packet size truncated"); qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
} qc->error_reason = "invalid maximum packet size";
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic maximum packet size is invalid");
return 0;
}
if (qc->ctp.max_udp_payload_size > NGX_QUIC_MAX_UDP_PAYLOAD_OUT) {
qc->ctp.max_udp_payload_size = NGX_QUIC_MAX_UDP_PAYLOAD_OUT;
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic client maximum packet size truncated");
}
#if (NGX_QUIC_DRAFT_VERSION >= 28) #if (NGX_QUIC_DRAFT_VERSION >= 28)
if (qc->scid.len != qc->ctp.initial_scid.len if (qc->scid.len != qc->ctp.initial_scid.len
|| ngx_memcmp(qc->scid.data, qc->ctp.initial_scid.data, || ngx_memcmp(qc->scid.data, qc->ctp.initial_scid.data,
qc->scid.len) != 0) qc->scid.len) != 0)
{ {
ngx_log_error(NGX_LOG_INFO, c->log, 0, ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic client initial_source_connection_id " "quic client initial_source_connection_id "
"mismatch"); "mismatch");
return 0; return 0;
} }
#endif #endif
qc->client_tp_done = 1; qc->client_tp_done = 1;
}
} }
/* /*