mirror of
https://github.com/nginx/nginx.git
synced 2025-06-11 12:22:41 +08:00
Compare commits
26 Commits
release-1.
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
5b8a5c08ce | ||
|
|
3d5889a3ee | ||
|
|
0fdbfc1ff4 | ||
|
|
6a134dfd48 | ||
|
|
1d4d2f2c96 | ||
|
|
bcb9d3fd2c | ||
|
|
9857578f15 | ||
|
|
e561f7dbcf | ||
|
|
54e6b7cfee | ||
|
|
5d7fd4a7e3 | ||
|
|
7468a10b62 | ||
|
|
47f96993f6 | ||
|
|
ef9cd3214f | ||
|
|
aa43385ffa | ||
|
|
39b1e3fe9d | ||
|
|
335993154c | ||
|
|
f3542500b6 | ||
|
|
adda704158 | ||
|
|
4f8bc0b282 | ||
|
|
9785db9bd5 | ||
|
|
020b1db7eb | ||
|
|
b9d0ba6677 | ||
|
|
0f9f43b79e | ||
|
|
444954abac | ||
|
|
04813dac86 | ||
|
|
0626e60a75 |
@ -26,6 +26,10 @@ ngx_msvc_ver=`echo $NGX_MSVC_VER | sed -e 's/^\([0-9]*\).*/\1/'`
|
||||
|
||||
case "$NGX_MSVC_VER" in
|
||||
|
||||
*ARM64)
|
||||
NGX_MACHINE=arm64
|
||||
;;
|
||||
|
||||
*x64)
|
||||
NGX_MACHINE=amd64
|
||||
;;
|
||||
|
||||
@ -12,7 +12,6 @@ if [ $OPENSSL != NONE ]; then
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
have=NGX_QUIC . auto/have
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
fi
|
||||
|
||||
case "$CC" in
|
||||
@ -148,14 +147,18 @@ else
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
|
||||
ngx_feature="OpenSSL QUIC support"
|
||||
ngx_feature="OpenSSL QUIC API"
|
||||
ngx_feature_name="NGX_QUIC"
|
||||
ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
|
||||
ngx_feature_test="SSL_set_quic_tls_cbs(NULL, NULL, NULL)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
ngx_feature="BoringSSL-like QUIC API"
|
||||
ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
ngx_feature="OpenSSL QUIC compatibility"
|
||||
ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
|
||||
NULL, NULL, NULL, NULL, NULL)"
|
||||
|
||||
@ -13,6 +13,10 @@ case "$CC" in
|
||||
OPENSSL_TARGET=VC-WIN64A
|
||||
;;
|
||||
|
||||
arm64)
|
||||
OPENSSL_TARGET=VC-WIN64-ARM
|
||||
;;
|
||||
|
||||
*)
|
||||
OPENSSL_TARGET=VC-WIN32
|
||||
;;
|
||||
|
||||
@ -118,3 +118,19 @@ ngx_feature_libs=
|
||||
ngx_feature_test="int32_t lock = 0;
|
||||
if (!OSAtomicCompareAndSwap32Barrier(0, 1, &lock)) return 1"
|
||||
. auto/feature
|
||||
|
||||
|
||||
ngx_feature="TCP_KEEPALIVE"
|
||||
ngx_feature_name="NGX_HAVE_KEEPALIVE_TUNABLE"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_KEEPALIVE, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPINTVL, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPCNT, NULL, 0)"
|
||||
. auto/feature
|
||||
|
||||
NGX_KEEPALIVE_CHECKED=YES
|
||||
|
||||
26
auto/unix
26
auto/unix
@ -508,18 +508,20 @@ ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_DEFER_ACCEPT, NULL, 0)"
|
||||
. auto/feature
|
||||
|
||||
|
||||
ngx_feature="TCP_KEEPIDLE"
|
||||
ngx_feature_name="NGX_HAVE_KEEPALIVE_TUNABLE"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_KEEPIDLE, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPINTVL, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPCNT, NULL, 0)"
|
||||
. auto/feature
|
||||
if test -z "$NGX_KEEPALIVE_CHECKED"; then
|
||||
ngx_feature="TCP_KEEPIDLE"
|
||||
ngx_feature_name="NGX_HAVE_KEEPALIVE_TUNABLE"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_KEEPIDLE, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPINTVL, NULL, 0);
|
||||
setsockopt(0, IPPROTO_TCP, TCP_KEEPCNT, NULL, 0)"
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
|
||||
ngx_feature="TCP_FASTOPEN"
|
||||
|
||||
@ -9,8 +9,8 @@
|
||||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1027005
|
||||
#define NGINX_VERSION "1.27.5"
|
||||
#define nginx_version 1029000
|
||||
#define NGINX_VERSION "1.29.0"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#ifdef NGX_BUILD
|
||||
|
||||
@ -94,7 +94,7 @@ typedef intptr_t ngx_flag_t;
|
||||
|
||||
|
||||
#ifndef NGX_ALIGNMENT
|
||||
#define NGX_ALIGNMENT sizeof(unsigned long) /* platform word */
|
||||
#define NGX_ALIGNMENT sizeof(uintptr_t) /* platform word */
|
||||
#endif
|
||||
|
||||
#define ngx_align(d, a) (((d) + (a - 1)) & ~(a - 1))
|
||||
|
||||
@ -765,6 +765,8 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
|
||||
|
||||
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
|
||||
|
||||
#if !(NGX_DARWIN)
|
||||
|
||||
if (ls[i].keepidle) {
|
||||
value = ls[i].keepidle;
|
||||
|
||||
@ -782,6 +784,8 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (ls[i].keepintvl) {
|
||||
value = ls[i].keepintvl;
|
||||
|
||||
|
||||
@ -203,6 +203,23 @@ ngx_event_accept(ngx_event_t *ev)
|
||||
}
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_KEEPALIVE_TUNABLE && NGX_DARWIN)
|
||||
|
||||
/* Darwin doesn't inherit TCP_KEEPALIVE from a listening socket */
|
||||
|
||||
if (ls->keepidle) {
|
||||
if (setsockopt(s, IPPROTO_TCP, TCP_KEEPALIVE,
|
||||
(const void *) &ls->keepidle, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
|
||||
"setsockopt(TCP_KEEPALIVE, %d) failed, ignored",
|
||||
ls->keepidle);
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
*log = ls->log;
|
||||
|
||||
c->recv = ngx_recv;
|
||||
|
||||
@ -45,8 +45,6 @@ static ssize_t ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file,
|
||||
size_t size);
|
||||
static void ngx_ssl_read_handler(ngx_event_t *rev);
|
||||
static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
|
||||
static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
|
||||
ngx_err_t err, char *text);
|
||||
static void ngx_ssl_clear_error(ngx_log_t *log);
|
||||
|
||||
static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl,
|
||||
@ -1315,6 +1313,8 @@ ngx_ssl_passwords_cleanup(void *data)
|
||||
ngx_int_t
|
||||
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
||||
{
|
||||
#ifndef OPENSSL_NO_DH
|
||||
|
||||
BIO *bio;
|
||||
|
||||
if (file->len == 0) {
|
||||
@ -1385,6 +1385,8 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
||||
|
||||
BIO_free(bio);
|
||||
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
@ -3297,7 +3299,7 @@ ngx_ssl_shutdown_handler(ngx_event_t *ev)
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
void
|
||||
ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
||||
char *text)
|
||||
{
|
||||
|
||||
@ -19,7 +19,9 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <openssl/dh.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
@ -83,6 +85,17 @@
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef OPENSSL_NO_DEPRECATED_3_4
|
||||
#define SSL_SESSION_get_time(s) SSL_SESSION_get_time_ex(s)
|
||||
#define SSL_SESSION_set_time(s, t) SSL_SESSION_set_time_ex(s, t)
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef OPENSSL_NO_DEPRECATED_3_0
|
||||
#define EVP_CIPHER_CTX_cipher(c) EVP_CIPHER_CTX_get0_cipher(c)
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t;
|
||||
|
||||
|
||||
@ -348,6 +361,8 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
|
||||
off_t limit);
|
||||
void ngx_ssl_free_buffer(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
|
||||
void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
||||
char *text);
|
||||
void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
|
||||
char *fmt, ...);
|
||||
void ngx_ssl_cleanup_ctx(void *data);
|
||||
|
||||
@ -8,10 +8,16 @@
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
|
||||
#ifdef ERR_R_OSSL_STORE_LIB
|
||||
#include <openssl/store.h>
|
||||
#include <openssl/ui.h>
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_SSL_CACHE_PATH 0
|
||||
#define NGX_SSL_CACHE_DATA 1
|
||||
#define NGX_SSL_CACHE_ENGINE 2
|
||||
#define NGX_SSL_CACHE_STORE 3
|
||||
|
||||
#define NGX_SSL_CACHE_DISABLED (ngx_array_t *) (uintptr_t) -1
|
||||
|
||||
@ -116,6 +122,8 @@ static void ngx_ssl_cache_node_insert(ngx_rbtree_node_t *temp,
|
||||
static void ngx_ssl_cache_node_free(ngx_rbtree_t *rbtree,
|
||||
ngx_ssl_cache_node_t *cn);
|
||||
|
||||
static ngx_int_t ngx_openssl_cache_init_worker(ngx_cycle_t *cycle);
|
||||
|
||||
|
||||
static ngx_command_t ngx_openssl_cache_commands[] = {
|
||||
|
||||
@ -144,7 +152,7 @@ ngx_module_t ngx_openssl_cache_module = {
|
||||
NGX_CORE_MODULE, /* module type */
|
||||
NULL, /* init master */
|
||||
NULL, /* init module */
|
||||
NULL, /* init process */
|
||||
ngx_openssl_cache_init_worker, /* init process */
|
||||
NULL, /* init thread */
|
||||
NULL, /* exit thread */
|
||||
NULL, /* exit process */
|
||||
@ -444,6 +452,11 @@ ngx_ssl_cache_init_key(ngx_pool_t *pool, ngx_uint_t index, ngx_str_t *path,
|
||||
{
|
||||
id->type = NGX_SSL_CACHE_ENGINE;
|
||||
|
||||
} else if (index == NGX_SSL_CACHE_PKEY
|
||||
&& ngx_strncmp(path->data, "store:", sizeof("store:") - 1) == 0)
|
||||
{
|
||||
id->type = NGX_SSL_CACHE_STORE;
|
||||
|
||||
} else {
|
||||
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, path)
|
||||
!= NGX_OK)
|
||||
@ -714,11 +727,6 @@ ngx_ssl_cache_pkey_create(ngx_ssl_cache_key_t *id, char **err, void *data)
|
||||
#endif
|
||||
}
|
||||
|
||||
bio = ngx_ssl_cache_create_bio(id, err);
|
||||
if (bio == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cb_data.encrypted = 0;
|
||||
|
||||
if (*passwords) {
|
||||
@ -734,6 +742,76 @@ ngx_ssl_cache_pkey_create(ngx_ssl_cache_key_t *id, char **err, void *data)
|
||||
cb = NULL;
|
||||
}
|
||||
|
||||
if (id->type == NGX_SSL_CACHE_STORE) {
|
||||
|
||||
#ifdef ERR_R_OSSL_STORE_LIB
|
||||
|
||||
u_char *uri;
|
||||
UI_METHOD *method;
|
||||
OSSL_STORE_CTX *store;
|
||||
OSSL_STORE_INFO *info;
|
||||
|
||||
method = (cb != NULL) ? UI_UTIL_wrap_read_pem_callback(cb, 0) : NULL;
|
||||
uri = id->data + sizeof("store:") - 1;
|
||||
|
||||
store = OSSL_STORE_open((char *) uri, method, pwd, NULL, NULL);
|
||||
|
||||
if (store == NULL) {
|
||||
*err = "OSSL_STORE_open() failed";
|
||||
|
||||
if (method != NULL) {
|
||||
UI_destroy_method(method);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pkey = NULL;
|
||||
|
||||
while (pkey == NULL && !OSSL_STORE_eof(store)) {
|
||||
info = OSSL_STORE_load(store);
|
||||
|
||||
if (info == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
|
||||
pkey = OSSL_STORE_INFO_get1_PKEY(info);
|
||||
}
|
||||
|
||||
OSSL_STORE_INFO_free(info);
|
||||
}
|
||||
|
||||
OSSL_STORE_close(store);
|
||||
|
||||
if (method != NULL) {
|
||||
UI_destroy_method(method);
|
||||
}
|
||||
|
||||
if (pkey == NULL) {
|
||||
*err = "OSSL_STORE_load() failed";
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (cb_data.encrypted) {
|
||||
*passwords = NGX_SSL_CACHE_DISABLED;
|
||||
}
|
||||
|
||||
return pkey;
|
||||
|
||||
#else
|
||||
|
||||
*err = "loading \"store:...\" certificate keys is not supported";
|
||||
return NULL;
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
bio = ngx_ssl_cache_create_bio(id, err);
|
||||
if (bio == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for ( ;; ) {
|
||||
|
||||
pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, pwd);
|
||||
@ -1157,3 +1235,20 @@ ngx_ssl_cache_node_insert(ngx_rbtree_node_t *temp,
|
||||
node->right = sentinel;
|
||||
ngx_rbt_red(node);
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_openssl_cache_init_worker(ngx_cycle_t *cycle)
|
||||
{
|
||||
#ifdef ERR_R_OSSL_STORE_LIB
|
||||
|
||||
if (ngx_process != NGX_PROCESS_WORKER) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
UI_set_default_method(UI_null());
|
||||
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
@ -72,7 +72,7 @@ ngx_quic_connstate_dbg(ngx_connection_t *c)
|
||||
|
||||
if (qc) {
|
||||
|
||||
if (qc->error != (ngx_uint_t) -1) {
|
||||
if (qc->error) {
|
||||
p = ngx_slprintf(p, last, "%s", qc->error_app ? " app" : "");
|
||||
p = ngx_slprintf(p, last, " error:%ui", qc->error);
|
||||
|
||||
@ -135,6 +135,9 @@ ngx_quic_apply_transport_params(ngx_connection_t *c, ngx_quic_tp_t *ctp)
|
||||
if (scid.len != ctp->initial_scid.len
|
||||
|| ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
|
||||
{
|
||||
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
|
||||
qc->error_reason = "invalid initial_source_connection_id";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic client initial_source_connection_id mismatch");
|
||||
return NGX_ERROR;
|
||||
@ -257,9 +260,9 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
|
||||
qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN;
|
||||
}
|
||||
|
||||
qc->send_ctx[0].level = ssl_encryption_initial;
|
||||
qc->send_ctx[1].level = ssl_encryption_handshake;
|
||||
qc->send_ctx[2].level = ssl_encryption_application;
|
||||
qc->send_ctx[0].level = NGX_QUIC_ENCRYPTION_INITIAL;
|
||||
qc->send_ctx[1].level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
|
||||
qc->send_ctx[2].level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
|
||||
ngx_queue_init(&qc->free_frames);
|
||||
|
||||
@ -517,7 +520,7 @@ ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
|
||||
* to terminate the connection immediately.
|
||||
*/
|
||||
|
||||
if (qc->error == (ngx_uint_t) -1) {
|
||||
if (qc->error == 0 && rc == NGX_ERROR) {
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
qc->error_app = 0;
|
||||
}
|
||||
@ -797,13 +800,13 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
|
||||
pkt->dcid.len, &pkt->dcid);
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
if (pkt->level != ssl_encryption_application) {
|
||||
if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic packet rx scid len:%uz %xV",
|
||||
pkt->scid.len, &pkt->scid);
|
||||
}
|
||||
|
||||
if (pkt->level == ssl_encryption_initial) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic address validation token len:%uz %xV",
|
||||
pkt->token.len, &pkt->token);
|
||||
@ -820,7 +823,7 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if (pkt->level != ssl_encryption_application) {
|
||||
if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
|
||||
if (pkt->version != qc->version) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
@ -850,7 +853,9 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
|
||||
|
||||
rc = ngx_quic_handle_payload(c, pkt);
|
||||
|
||||
if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
|
||||
if (rc == NGX_DECLINED
|
||||
&& pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION)
|
||||
{
|
||||
if (ngx_quic_handle_stateless_reset(c, pkt) == NGX_OK) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic stateless reset packet detected");
|
||||
@ -871,11 +876,11 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
|
||||
return ngx_quic_negotiate_version(c, pkt);
|
||||
}
|
||||
|
||||
if (pkt->level == ssl_encryption_application) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
return ngx_quic_send_stateless_reset(c, conf, pkt);
|
||||
}
|
||||
|
||||
if (pkt->level != ssl_encryption_initial) {
|
||||
if (pkt->level != NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic expected initial, got handshake");
|
||||
return NGX_ERROR;
|
||||
@ -958,7 +963,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
qc->error = (ngx_uint_t) -1;
|
||||
qc->error = 0;
|
||||
qc->error_reason = 0;
|
||||
|
||||
c->log->action = "decrypting packet";
|
||||
@ -970,10 +975,10 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
#if !defined (OPENSSL_IS_BORINGSSL)
|
||||
/* OpenSSL provides read keys for an application level before it's ready */
|
||||
#if (NGX_QUIC_QUICTLS_API)
|
||||
/* QuicTLS provides app read keys before completing handshake */
|
||||
|
||||
if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION && !c->ssl->handshaked) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic no %s keys ready, ignoring packet",
|
||||
ngx_quic_level_name(pkt->level));
|
||||
@ -1011,14 +1016,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
}
|
||||
}
|
||||
|
||||
if (pkt->level == ssl_encryption_handshake) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
|
||||
/*
|
||||
* RFC 9001, 4.9.1. Discarding Initial Keys
|
||||
*
|
||||
* The successful use of Handshake packets indicates
|
||||
* that no more Initial packets need to be exchanged
|
||||
*/
|
||||
ngx_quic_discard_ctx(c, ssl_encryption_initial);
|
||||
ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_INITIAL);
|
||||
|
||||
if (!qc->path->validated) {
|
||||
qc->path->validated = 1;
|
||||
@ -1027,14 +1032,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
}
|
||||
}
|
||||
|
||||
if (pkt->level == ssl_encryption_application) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
/*
|
||||
* RFC 9001, 4.9.3. Discarding 0-RTT Keys
|
||||
*
|
||||
* After receiving a 1-RTT packet, servers MUST discard
|
||||
* 0-RTT keys within a short time
|
||||
*/
|
||||
ngx_quic_keys_discard(qc->keys, ssl_encryption_early_data);
|
||||
ngx_quic_keys_discard(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA);
|
||||
}
|
||||
|
||||
if (qc->closing) {
|
||||
@ -1061,7 +1066,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
|
||||
c->log->action = "handling payload";
|
||||
|
||||
if (pkt->level != ssl_encryption_application) {
|
||||
if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
return ngx_quic_handle_frames(c, pkt);
|
||||
}
|
||||
|
||||
@ -1086,7 +1091,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
|
||||
ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *f;
|
||||
@ -1127,7 +1132,7 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
|
||||
ngx_quic_free_frame(c, f);
|
||||
}
|
||||
|
||||
if (level == ssl_encryption_initial) {
|
||||
if (level == NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
/* close temporary listener with initial dcid */
|
||||
qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
|
||||
if (qsock) {
|
||||
|
||||
@ -12,6 +12,21 @@
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#ifdef OSSL_RECORD_PROTECTION_LEVEL_NONE
|
||||
#define NGX_QUIC_OPENSSL_API 1
|
||||
|
||||
#elif (defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION)
|
||||
#define NGX_QUIC_QUICTLS_API 1
|
||||
|
||||
#elif (defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER)
|
||||
#define NGX_QUIC_BORINGSSL_API 1
|
||||
|
||||
#else
|
||||
#define NGX_QUIC_BORINGSSL_API 1
|
||||
#define NGX_QUIC_OPENSSL_COMPAT 1
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527
|
||||
|
||||
#define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
|
||||
/* CUBIC parameters x10 */
|
||||
#define NGX_QUIC_CUBIC_BETA 7
|
||||
#define MGX_QUIC_CUBIC_C 4
|
||||
#define NGX_QUIC_CUBIC_C 4
|
||||
|
||||
|
||||
/* send time of ACK'ed packets */
|
||||
@ -36,7 +36,7 @@ typedef struct {
|
||||
static ngx_inline ngx_msec_t ngx_quic_time_threshold(ngx_quic_connection_t *qc);
|
||||
static uint64_t ngx_quic_packet_threshold(ngx_quic_send_ctx_t *ctx);
|
||||
static void ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
|
||||
enum ssl_encryption_level_t level, ngx_msec_t send_time);
|
||||
ngx_uint_t level, ngx_msec_t send_time);
|
||||
static ngx_int_t ngx_quic_handle_ack_frame_range(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx, uint64_t min, uint64_t max,
|
||||
ngx_quic_ack_stat_t *st);
|
||||
@ -108,7 +108,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_handle_ack_frame level:%d", pkt->level);
|
||||
"quic ngx_quic_handle_ack_frame level:%ui", pkt->level);
|
||||
|
||||
ack = &f->u.ack;
|
||||
|
||||
@ -207,7 +207,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
|
||||
static void
|
||||
ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
|
||||
enum ssl_encryption_level_t level, ngx_msec_t send_time)
|
||||
ngx_uint_t level, ngx_msec_t send_time)
|
||||
{
|
||||
ngx_msec_t latest_rtt, ack_delay, adjusted_rtt, rttvar_sample;
|
||||
ngx_quic_connection_t *qc;
|
||||
@ -260,7 +260,7 @@ ngx_quic_handle_ack_frame_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (ctx->level == ssl_encryption_application) {
|
||||
if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
if (ngx_quic_handle_path_mtu(c, qc->path, min, max) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
@ -483,7 +483,7 @@ ngx_quic_congestion_cubic(ngx_connection_t *c)
|
||||
* w_cubic = C * (t_msec / 1000) ^ 3 * mtu + w_max
|
||||
*/
|
||||
|
||||
cc = 10000000000ll / (int64_t) cg->mtu / MGX_QUIC_CUBIC_C;
|
||||
cc = 10000000000ll / (int64_t) cg->mtu / NGX_QUIC_CUBIC_C;
|
||||
w = t * t * t / cc + (int64_t) cg->w_max;
|
||||
|
||||
if (w > NGX_MAX_SIZE_T_VALUE) {
|
||||
@ -634,7 +634,7 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
|
||||
wait = start->send_time + thr - now;
|
||||
|
||||
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%d",
|
||||
"quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%ui",
|
||||
start->pnum, thr, pkt_thr, (ngx_int_t) wait, start->level);
|
||||
|
||||
if ((ngx_msec_int_t) wait > 0
|
||||
@ -787,7 +787,7 @@ ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
|
||||
switch (f->type) {
|
||||
case NGX_QUIC_FT_ACK:
|
||||
case NGX_QUIC_FT_ACK_ECN:
|
||||
if (ctx->level == ssl_encryption_application) {
|
||||
if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
/* force generation of most recent acknowledgment */
|
||||
ctx->send_ack = NGX_QUIC_MAX_ACK_GAP;
|
||||
}
|
||||
@ -945,7 +945,7 @@ ngx_quic_congestion_cubic_time(ngx_connection_t *c)
|
||||
return 0;
|
||||
}
|
||||
|
||||
cc = 10000000000ll / (int64_t) cg->mtu / MGX_QUIC_CUBIC_C;
|
||||
cc = 10000000000ll / (int64_t) cg->mtu / NGX_QUIC_CUBIC_C;
|
||||
v = (int64_t) (cg->w_max - cg->window) * cc;
|
||||
|
||||
/*
|
||||
@ -1073,7 +1073,7 @@ ngx_quic_pto(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
|
||||
duration = qc->avg_rtt;
|
||||
duration += ngx_max(4 * qc->rttvar, NGX_QUIC_TIME_GRANULARITY);
|
||||
|
||||
if (ctx->level == ssl_encryption_application && c->ssl->handshaked) {
|
||||
if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION && c->ssl->handshaked) {
|
||||
duration += qc->ctp.max_ack_delay;
|
||||
}
|
||||
|
||||
@ -1428,7 +1428,7 @@ ngx_quic_generate_ack(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (ctx->level == ssl_encryption_application) {
|
||||
if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
|
||||
|
||||
delay = ngx_current_msec - ctx->ack_delay_start;
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
@ -17,6 +17,15 @@
|
||||
/* #define NGX_QUIC_DEBUG_ALLOC */ /* log frames and bufs alloc */
|
||||
/* #define NGX_QUIC_DEBUG_CRYPTO */
|
||||
|
||||
#define NGX_QUIC_ENCRYPTION_INITIAL 0
|
||||
#define NGX_QUIC_ENCRYPTION_EARLY_DATA 1
|
||||
#define NGX_QUIC_ENCRYPTION_HANDSHAKE 2
|
||||
#define NGX_QUIC_ENCRYPTION_APPLICATION 3
|
||||
#define NGX_QUIC_ENCRYPTION_LAST 4
|
||||
|
||||
#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
|
||||
|
||||
|
||||
typedef struct ngx_quic_connection_s ngx_quic_connection_t;
|
||||
typedef struct ngx_quic_server_id_s ngx_quic_server_id_t;
|
||||
typedef struct ngx_quic_client_id_s ngx_quic_client_id_t;
|
||||
@ -46,8 +55,6 @@ typedef struct ngx_quic_keys_s ngx_quic_keys_t;
|
||||
|
||||
#define NGX_QUIC_UNSET_PN (uint64_t) -1
|
||||
|
||||
#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
|
||||
|
||||
/* 0-RTT and 1-RTT data exist in the same packet number space,
|
||||
* so we have 3 packet number spaces:
|
||||
*
|
||||
@ -56,9 +63,9 @@ typedef struct ngx_quic_keys_s ngx_quic_keys_t;
|
||||
* 2 - 0-RTT and 1-RTT
|
||||
*/
|
||||
#define ngx_quic_get_send_ctx(qc, level) \
|
||||
((level) == ssl_encryption_initial) ? &((qc)->send_ctx[0]) \
|
||||
: (((level) == ssl_encryption_handshake) ? &((qc)->send_ctx[1]) \
|
||||
: &((qc)->send_ctx[2]))
|
||||
((level) == NGX_QUIC_ENCRYPTION_INITIAL) ? &((qc)->send_ctx[0]) \
|
||||
: (((level) == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? &((qc)->send_ctx[1]) \
|
||||
: &((qc)->send_ctx[2]))
|
||||
|
||||
#define ngx_quic_get_connection(c) \
|
||||
(((c)->udp) ? (((ngx_quic_socket_t *)((c)->udp))->quic) : NULL)
|
||||
@ -188,7 +195,7 @@ typedef struct {
|
||||
* are also Initial packets.
|
||||
*/
|
||||
struct ngx_quic_send_ctx_s {
|
||||
enum ssl_encryption_level_t level;
|
||||
ngx_uint_t level;
|
||||
|
||||
ngx_quic_buffer_t crypto;
|
||||
uint64_t crypto_sent;
|
||||
@ -279,7 +286,7 @@ struct ngx_quic_connection_s {
|
||||
off_t received;
|
||||
|
||||
ngx_uint_t error;
|
||||
enum ssl_encryption_level_t error_level;
|
||||
ngx_uint_t error_level;
|
||||
ngx_uint_t error_ftype;
|
||||
const char *error_reason;
|
||||
|
||||
@ -294,13 +301,17 @@ struct ngx_quic_connection_s {
|
||||
unsigned key_phase:1;
|
||||
unsigned validated:1;
|
||||
unsigned client_tp_done:1;
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
unsigned read_level:2;
|
||||
unsigned write_level:2;
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c,
|
||||
ngx_quic_tp_t *ctp);
|
||||
void ngx_quic_discard_ctx(ngx_connection_t *c,
|
||||
enum ssl_encryption_level_t level);
|
||||
void ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level);
|
||||
void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc);
|
||||
void ngx_quic_shutdown_quic(ngx_connection_t *c);
|
||||
|
||||
|
||||
@ -99,7 +99,7 @@ ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = f->seqnum;
|
||||
|
||||
@ -452,7 +452,7 @@ ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID;
|
||||
frame->u.ncid.seqnum = sid->seqnum;
|
||||
frame->u.ncid.retire = 0;
|
||||
@ -485,7 +485,7 @@ ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = cid->seqnum;
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *fp;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
if (pkt->level != ssl_encryption_application || pkt->path_challenged) {
|
||||
if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION || pkt->path_challenged) {
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ignoring PATH_CHALLENGE");
|
||||
return NGX_OK;
|
||||
@ -55,7 +55,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
fp->level = ssl_encryption_application;
|
||||
fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
fp->type = NGX_QUIC_FT_PATH_RESPONSE;
|
||||
fp->u.path_response = *f;
|
||||
|
||||
@ -93,7 +93,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
fp->level = ssl_encryption_application;
|
||||
fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
fp->type = NGX_QUIC_FT_PING;
|
||||
|
||||
ngx_quic_queue_frame(qc, fp);
|
||||
@ -177,7 +177,7 @@ valid:
|
||||
if (rst) {
|
||||
/* prevent old path packets contribution to congestion control */
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
qc->rst_pnum = ctx->pnum;
|
||||
|
||||
ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
|
||||
@ -549,7 +549,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
|
||||
(void) ngx_quic_send_path_challenge(c, path);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
|
||||
|
||||
path->expires = ngx_current_msec + pto;
|
||||
@ -579,7 +579,7 @@ ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_PATH_CHALLENGE;
|
||||
|
||||
ngx_memcpy(frame->u.path_challenge.data, path->challenge[n], 8);
|
||||
@ -767,7 +767,7 @@ ngx_quic_expire_path_validation(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
|
||||
if (++path->tries < NGX_QUIC_PATH_RETRIES) {
|
||||
pto = ngx_max(ngx_quic_pto(c, ctx), 1000) << path->tries;
|
||||
@ -830,7 +830,7 @@ ngx_quic_expire_path_mtu_delay(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
|
||||
path->tries = 0;
|
||||
|
||||
@ -876,7 +876,7 @@ ngx_quic_expire_path_mtu_discovery(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
|
||||
if (++path->tries < NGX_QUIC_PATH_RETRIES) {
|
||||
rc = ngx_quic_send_path_mtu_probe(c, path);
|
||||
@ -922,13 +922,13 @@ ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_PING;
|
||||
frame->ignore_loss = 1;
|
||||
frame->ignore_congestion = 1;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
pnum = ctx->pnum;
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
|
||||
@ -35,8 +35,6 @@ typedef struct {
|
||||
ngx_str_t payload;
|
||||
uint64_t number;
|
||||
ngx_quic_compat_keys_t *keys;
|
||||
|
||||
enum ssl_encryption_level_t level;
|
||||
} ngx_quic_compat_record_t;
|
||||
|
||||
|
||||
@ -435,11 +433,10 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
|
||||
|
||||
case SSL3_RT_HANDSHAKE:
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat tx %s len:%uz ",
|
||||
ngx_quic_level_name(level), len);
|
||||
"quic compat tx level:%d len:%uz", level, len);
|
||||
|
||||
if (com->method->add_handshake_data(ssl, level, buf, len) != 1) {
|
||||
goto failed;
|
||||
return;
|
||||
}
|
||||
|
||||
break;
|
||||
@ -449,11 +446,11 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
|
||||
alert = ((u_char *) buf)[1];
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat %s alert:%ui len:%uz ",
|
||||
ngx_quic_level_name(level), alert, len);
|
||||
"quic compat level:%d alert:%ui len:%uz",
|
||||
level, alert, len);
|
||||
|
||||
if (com->method->send_alert(ssl, level, alert) != 1) {
|
||||
goto failed;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -461,10 +458,6 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
|
||||
}
|
||||
|
||||
return;
|
||||
|
||||
failed:
|
||||
|
||||
ngx_post_event(&qc->close, &ngx_posted_events);
|
||||
}
|
||||
|
||||
|
||||
@ -487,8 +480,8 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
|
||||
c = ngx_ssl_get_connection(ssl);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz",
|
||||
ngx_quic_level_name(level), len);
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic compat rx level:%d len:%uz", level, len);
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
com = qc->compat;
|
||||
@ -501,7 +494,6 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
||||
rec.log = c->log;
|
||||
rec.number = com->read_record++;
|
||||
rec.keys = &com->keys;
|
||||
rec.level = level;
|
||||
|
||||
if (level == ssl_encryption_initial) {
|
||||
n = ngx_min(len, 65535);
|
||||
|
||||
@ -7,11 +7,6 @@
|
||||
#ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
|
||||
|
||||
#if defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION \
|
||||
|| defined LIBRESSL_VERSION_NUMBER
|
||||
#undef NGX_QUIC_OPENSSL_COMPAT
|
||||
#else
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
@ -53,7 +48,4 @@ int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
|
||||
void SSL_get_peer_quic_transport_params(const SSL *ssl,
|
||||
const uint8_t **out_params, size_t *out_params_len);
|
||||
|
||||
|
||||
#endif /* TLSEXT_TYPE_quic_transport_parameters */
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */
|
||||
|
||||
@ -55,7 +55,8 @@ static ssize_t ngx_quic_send_segments(ngx_connection_t *c, u_char *buf,
|
||||
size_t len, struct sockaddr *sockaddr, socklen_t socklen, size_t segment);
|
||||
#endif
|
||||
static ssize_t ngx_quic_output_packet(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx, u_char *data, size_t max, size_t min);
|
||||
ngx_quic_send_ctx_t *ctx, u_char *data, size_t max, size_t min,
|
||||
ngx_uint_t ack_only);
|
||||
static void ngx_quic_init_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
|
||||
ngx_quic_header_t *pkt, ngx_quic_path_t *path);
|
||||
static ngx_uint_t ngx_quic_get_padding_level(ngx_connection_t *c);
|
||||
@ -131,8 +132,7 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
|
||||
ngx_memzero(preserved_pnum, sizeof(preserved_pnum));
|
||||
#endif
|
||||
|
||||
while (cg->in_flight < cg->window) {
|
||||
|
||||
do {
|
||||
p = dst;
|
||||
|
||||
len = ngx_quic_path_limit(c, path, path->mtu);
|
||||
@ -158,7 +158,8 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
n = ngx_quic_output_packet(c, ctx, p, len, min);
|
||||
n = ngx_quic_output_packet(c, ctx, p, len, min,
|
||||
cg->in_flight >= cg->window);
|
||||
if (n == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
@ -187,7 +188,8 @@ ngx_quic_create_datagrams(ngx_connection_t *c)
|
||||
ngx_quic_commit_send(c);
|
||||
|
||||
path->sent += len;
|
||||
}
|
||||
|
||||
} while (cg->in_flight < cg->window);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
@ -292,17 +294,17 @@ ngx_quic_allow_segmentation(ngx_connection_t *c)
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
|
||||
if (!ngx_queue_empty(&ctx->frames)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
|
||||
if (!ngx_queue_empty(&ctx->frames)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
|
||||
bytes = 0;
|
||||
len = ngx_min(qc->path->mtu, NGX_QUIC_MAX_UDP_SEGMENT_BUF);
|
||||
@ -315,6 +317,10 @@ ngx_quic_allow_segmentation(ngx_connection_t *c)
|
||||
|
||||
bytes += f->len;
|
||||
|
||||
if (qc->congestion.in_flight + bytes >= qc->congestion.window) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bytes > len * 3) {
|
||||
/* require at least ~3 full packets to batch */
|
||||
return 1;
|
||||
@ -343,7 +349,7 @@ ngx_quic_create_segments(ngx_connection_t *c)
|
||||
cg = &qc->congestion;
|
||||
path = qc->path;
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
|
||||
|
||||
if (ngx_quic_generate_ack(c, ctx) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
@ -364,7 +370,7 @@ ngx_quic_create_segments(ngx_connection_t *c)
|
||||
|
||||
if (len && cg->in_flight + (p - dst) < cg->window) {
|
||||
|
||||
n = ngx_quic_output_packet(c, ctx, p, len, len);
|
||||
n = ngx_quic_output_packet(c, ctx, p, len, len, 0);
|
||||
if (n == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
@ -494,7 +500,7 @@ ngx_quic_get_padding_level(ngx_connection_t *c)
|
||||
*/
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
|
||||
|
||||
for (q = ngx_queue_head(&ctx->frames);
|
||||
q != ngx_queue_sentinel(&ctx->frames);
|
||||
@ -521,7 +527,7 @@ ngx_quic_get_padding_level(ngx_connection_t *c)
|
||||
|
||||
static ssize_t
|
||||
ngx_quic_output_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
|
||||
u_char *data, size_t max, size_t min)
|
||||
u_char *data, size_t max, size_t min, ngx_uint_t ack_only)
|
||||
{
|
||||
size_t len, pad, min_payload, max_payload;
|
||||
u_char *p;
|
||||
@ -585,6 +591,10 @@ ngx_quic_output_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
|
||||
{
|
||||
f = ngx_queue_data(q, ngx_quic_frame_t, queue);
|
||||
|
||||
if (ack_only && f->type != NGX_QUIC_FT_ACK) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (len >= max_payload) {
|
||||
break;
|
||||
}
|
||||
@ -677,10 +687,10 @@ ngx_quic_init_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
|
||||
|
||||
pkt->flags = NGX_QUIC_PKT_FIXED_BIT;
|
||||
|
||||
if (ctx->level == ssl_encryption_initial) {
|
||||
if (ctx->level == NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_INITIAL;
|
||||
|
||||
} else if (ctx->level == ssl_encryption_handshake) {
|
||||
} else if (ctx->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
|
||||
pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_HANDSHAKE;
|
||||
|
||||
} else {
|
||||
@ -1093,7 +1103,7 @@ ngx_quic_send_new_token(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_NEW_TOKEN;
|
||||
frame->data = out;
|
||||
frame->u.token.length = token.len;
|
||||
|
||||
@ -125,12 +125,13 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
|
||||
ngx_quic_secret_t *client, *server;
|
||||
ngx_quic_ciphers_t ciphers;
|
||||
|
||||
static const uint8_t salt[20] =
|
||||
"\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
|
||||
"\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
|
||||
static const uint8_t salt[20] = {
|
||||
0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17,
|
||||
0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
|
||||
};
|
||||
|
||||
client = &keys->secrets[ssl_encryption_initial].client;
|
||||
server = &keys->secrets[ssl_encryption_initial].server;
|
||||
client = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].client;
|
||||
server = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].server;
|
||||
|
||||
/*
|
||||
* RFC 9001, section 5. Packet Protection
|
||||
@ -655,8 +656,8 @@ ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s)
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
|
||||
ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
|
||||
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
|
||||
ngx_quic_keys_t *keys, ngx_uint_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len)
|
||||
{
|
||||
ngx_int_t key_len;
|
||||
ngx_str_t secret_str;
|
||||
@ -721,8 +722,8 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
|
||||
|
||||
|
||||
ngx_uint_t
|
||||
ngx_quic_keys_available(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level, ngx_uint_t is_write)
|
||||
ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
|
||||
ngx_uint_t is_write)
|
||||
{
|
||||
if (is_write == 0) {
|
||||
return keys->secrets[level].client.ctx != NULL;
|
||||
@ -733,8 +734,7 @@ ngx_quic_keys_available(ngx_quic_keys_t *keys,
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_keys_discard(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level)
|
||||
ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level)
|
||||
{
|
||||
ngx_quic_secret_t *client, *server;
|
||||
|
||||
@ -764,7 +764,7 @@ ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys)
|
||||
{
|
||||
ngx_quic_secrets_t *current, *next, tmp;
|
||||
|
||||
current = &keys->secrets[ssl_encryption_application];
|
||||
current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
|
||||
next = &keys->next_key;
|
||||
|
||||
ngx_quic_crypto_cleanup(¤t->client);
|
||||
@ -793,7 +793,7 @@ ngx_quic_keys_update(ngx_event_t *ev)
|
||||
qc = ngx_quic_get_connection(c);
|
||||
keys = qc->keys;
|
||||
|
||||
current = &keys->secrets[ssl_encryption_application];
|
||||
current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
|
||||
next = &keys->next_key;
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
|
||||
@ -958,8 +958,9 @@ ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
|
||||
/* 5.8. Retry Packet Integrity */
|
||||
static ngx_quic_md_t key = ngx_quic_md(
|
||||
"\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e");
|
||||
static const u_char nonce[NGX_QUIC_IV_LEN] =
|
||||
"\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
|
||||
static const u_char nonce[NGX_QUIC_IV_LEN] = {
|
||||
0x46, 0x15, 0x99, 0xd3, 0x5d, 0x63, 0x2b, 0xf2, 0x23, 0x98, 0x25, 0xbb
|
||||
};
|
||||
static ngx_str_t in = ngx_string("");
|
||||
|
||||
ad.data = res->data;
|
||||
|
||||
@ -14,8 +14,6 @@
|
||||
#include <ngx_event_quic_transport.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
|
||||
|
||||
/* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */
|
||||
#define NGX_QUIC_IV_LEN 12
|
||||
#define NGX_QUIC_TAG_LEN 16
|
||||
@ -94,13 +92,11 @@ typedef struct {
|
||||
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
|
||||
ngx_str_t *secret, ngx_log_t *log);
|
||||
ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
|
||||
ngx_uint_t is_write, ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level, ngx_uint_t is_write);
|
||||
void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
|
||||
enum ssl_encryption_level_t level);
|
||||
ngx_uint_t is_write, ngx_quic_keys_t *keys, ngx_uint_t level,
|
||||
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
|
||||
ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
|
||||
ngx_uint_t is_write);
|
||||
void ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level);
|
||||
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
|
||||
void ngx_quic_keys_update(ngx_event_t *ev);
|
||||
void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);
|
||||
|
||||
@ -10,13 +10,6 @@
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
#if defined OPENSSL_IS_BORINGSSL \
|
||||
|| defined LIBRESSL_VERSION_NUMBER \
|
||||
|| NGX_QUIC_OPENSSL_COMPAT
|
||||
#define NGX_QUIC_BORINGSSL_API 1
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* RFC 9000, 7.5. Cryptographic Message Buffering
|
||||
*
|
||||
@ -25,43 +18,343 @@
|
||||
#define NGX_QUIC_MAX_BUFFERED 65535
|
||||
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
|
||||
static int ngx_quic_cbs_send(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char *data, size_t len, size_t *consumed, void *arg);
|
||||
static int ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char **data, size_t *bytes_read, void *arg);
|
||||
static int ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn,
|
||||
size_t bytes_read, void *arg);
|
||||
static int ngx_quic_cbs_yield_secret(ngx_ssl_conn_t *ssl_conn, uint32_t level,
|
||||
int direction, const unsigned char *secret, size_t secret_len, void *arg);
|
||||
static int ngx_quic_cbs_got_transport_params(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char *params, size_t params_len, void *arg);
|
||||
static int ngx_quic_cbs_alert(ngx_ssl_conn_t *ssl_conn, unsigned char alert,
|
||||
void *arg);
|
||||
|
||||
#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
|
||||
|
||||
static ngx_inline ngx_uint_t ngx_quic_map_encryption_level(
|
||||
enum ssl_encryption_level_t ssl_level);
|
||||
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
#else
|
||||
#else /* NGX_QUIC_QUICTLS_API */
|
||||
static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *read_secret,
|
||||
enum ssl_encryption_level_t ssl_level, const uint8_t *read_secret,
|
||||
const uint8_t *write_secret, size_t secret_len);
|
||||
#endif
|
||||
|
||||
static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
|
||||
enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len);
|
||||
static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
|
||||
static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, uint8_t alert);
|
||||
static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
enum ssl_encryption_level_t level);
|
||||
enum ssl_encryption_level_t ssl_level, uint8_t alert);
|
||||
|
||||
#endif
|
||||
|
||||
static ngx_int_t ngx_quic_handshake(ngx_connection_t *c);
|
||||
static ngx_int_t ngx_quic_crypto_provide(ngx_connection_t *c, ngx_uint_t level);
|
||||
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_send(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char *data, size_t len, size_t *consumed, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
ngx_chain_t *out;
|
||||
unsigned int alpn_len;
|
||||
ngx_quic_frame_t *frame;
|
||||
const unsigned char *alpn_data;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_send len:%uz", len);
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
*consumed = 0;
|
||||
|
||||
SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
|
||||
|
||||
if (alpn_len == 0) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
|
||||
qc->error_reason = "missing ALPN extension";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic missing ALPN extension");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!qc->client_tp_done) {
|
||||
/* RFC 9001, 8.2. QUIC Transport Parameters Extension */
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
|
||||
qc->error_reason = "missing transport parameters";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"missing transport parameters");
|
||||
return 1;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, qc->write_level);
|
||||
|
||||
out = ngx_quic_copy_buffer(c, (u_char *) data, len);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
frame->data = out;
|
||||
frame->level = qc->write_level;
|
||||
frame->type = NGX_QUIC_FT_CRYPTO;
|
||||
frame->u.crypto.offset = ctx->crypto_sent;
|
||||
frame->u.crypto.length = len;
|
||||
|
||||
ctx->crypto_sent += len;
|
||||
*consumed = len;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char **data, size_t *bytes_read, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_recv_rcd");
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
|
||||
|
||||
for (cl = ctx->crypto.chain; cl; cl = cl->next) {
|
||||
b = cl->buf;
|
||||
|
||||
if (b->sync) {
|
||||
/* hole */
|
||||
|
||||
*bytes_read = 0;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
*data = b->pos;
|
||||
*bytes_read = b->last - b->pos;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn, size_t bytes_read, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
ngx_chain_t *cl;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_release_rcd len:%uz", bytes_read);
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
|
||||
|
||||
cl = ngx_quic_read_buffer(c, &ctx->crypto, bytes_read);
|
||||
if (cl == NGX_CHAIN_ERROR) {
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
ngx_quic_free_chain(c, cl);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_yield_secret(ngx_ssl_conn_t *ssl_conn, uint32_t ssl_level,
|
||||
int direction, const unsigned char *secret, size_t secret_len, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
ngx_uint_t level;
|
||||
const SSL_CIPHER *cipher;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_yield_secret() level:%uD", ssl_level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic %s secret len:%uz %*xs",
|
||||
direction ? "write" : "read", secret_len,
|
||||
secret_len, secret);
|
||||
#endif
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
cipher = SSL_get_current_cipher(ssl_conn);
|
||||
|
||||
switch (ssl_level) {
|
||||
case OSSL_RECORD_PROTECTION_LEVEL_NONE:
|
||||
level = NGX_QUIC_ENCRYPTION_INITIAL;
|
||||
break;
|
||||
case OSSL_RECORD_PROTECTION_LEVEL_EARLY:
|
||||
level = NGX_QUIC_ENCRYPTION_EARLY_DATA;
|
||||
break;
|
||||
case OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE:
|
||||
level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
|
||||
break;
|
||||
default: /* OSSL_RECORD_PROTECTION_LEVEL_APPLICATION */
|
||||
level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
break;
|
||||
}
|
||||
|
||||
if (ngx_quic_keys_set_encryption_secret(c->log, direction, qc->keys, level,
|
||||
cipher, secret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (direction) {
|
||||
qc->write_level = level;
|
||||
|
||||
} else {
|
||||
qc->read_level = level;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_got_transport_params(ngx_ssl_conn_t *ssl_conn,
|
||||
const unsigned char *params, size_t params_len, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
u_char *p, *end;
|
||||
ngx_quic_tp_t ctp;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_got_transport_params() len:%uz",
|
||||
params_len);
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
/* defaults for parameters not sent by client */
|
||||
ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));
|
||||
|
||||
p = (u_char *) params;
|
||||
end = p + params_len;
|
||||
|
||||
if (ngx_quic_parse_transport_params(p, end, &ctp, c->log) != NGX_OK) {
|
||||
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
|
||||
qc->error_reason = "failed to process transport parameters";
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
qc->client_tp_done = 1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_cbs_alert(ngx_ssl_conn_t *ssl_conn, unsigned char alert, void *arg)
|
||||
{
|
||||
ngx_connection_t *c = arg;
|
||||
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_cbs_alert() alert:%d", (int) alert);
|
||||
|
||||
/* already closed on regular shutdown */
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
if (qc == NULL) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(alert);
|
||||
qc->error_reason = "handshake failed";
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
|
||||
|
||||
|
||||
static ngx_inline ngx_uint_t
|
||||
ngx_quic_map_encryption_level(enum ssl_encryption_level_t ssl_level)
|
||||
{
|
||||
switch (ssl_level) {
|
||||
case ssl_encryption_initial:
|
||||
return NGX_QUIC_ENCRYPTION_INITIAL;
|
||||
case ssl_encryption_early_data:
|
||||
return NGX_QUIC_ENCRYPTION_EARLY_DATA;
|
||||
case ssl_encryption_handshake:
|
||||
return NGX_QUIC_ENCRYPTION_HANDSHAKE;
|
||||
default: /* ssl_encryption_application */
|
||||
return NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
|
||||
static int
|
||||
ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *rsecret, size_t secret_len)
|
||||
{
|
||||
ngx_uint_t level;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
level = ngx_quic_map_encryption_level(ssl_level);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_read_secret() level:%d", level);
|
||||
"quic ngx_quic_set_read_secret() level:%d", ssl_level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic read secret len:%uz %*xs", secret_len,
|
||||
@ -72,7 +365,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
cipher, rsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
@ -81,17 +374,19 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
|
||||
static int
|
||||
ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
|
||||
enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
|
||||
const uint8_t *wsecret, size_t secret_len)
|
||||
{
|
||||
ngx_uint_t level;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
level = ngx_quic_map_encryption_level(ssl_level);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_write_secret() level:%d", level);
|
||||
"quic ngx_quic_set_write_secret() level:%d", ssl_level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic write secret len:%uz %*xs", secret_len,
|
||||
@ -102,28 +397,31 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
|
||||
cipher, wsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#else
|
||||
#else /* NGX_QUIC_QUICTLS_API */
|
||||
|
||||
static int
|
||||
ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *rsecret,
|
||||
enum ssl_encryption_level_t ssl_level, const uint8_t *rsecret,
|
||||
const uint8_t *wsecret, size_t secret_len)
|
||||
{
|
||||
ngx_uint_t level;
|
||||
ngx_connection_t *c;
|
||||
const SSL_CIPHER *cipher;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
level = ngx_quic_map_encryption_level(ssl_level);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_set_encryption_secrets() level:%d", level);
|
||||
"quic ngx_quic_set_encryption_secrets() level:%d",
|
||||
ssl_level);
|
||||
#ifdef NGX_QUIC_DEBUG_CRYPTO
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic read secret len:%uz %*xs", secret_len,
|
||||
@ -136,10 +434,11 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
cipher, rsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (level == ssl_encryption_early_data) {
|
||||
if (level == NGX_QUIC_ENCRYPTION_EARLY_DATA) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -153,7 +452,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
cipher, wsecret, secret_len)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
return 1;
|
||||
@ -164,24 +463,24 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
||||
|
||||
static int
|
||||
ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
|
||||
enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len)
|
||||
{
|
||||
u_char *p, *end;
|
||||
size_t client_params_len;
|
||||
ngx_uint_t level;
|
||||
ngx_chain_t *out;
|
||||
unsigned int alpn_len;
|
||||
const uint8_t *client_params;
|
||||
ngx_quic_tp_t ctp;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_connection_t *c;
|
||||
const unsigned char *alpn_data;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
|
||||
unsigned int alpn_len;
|
||||
const unsigned char *alpn_data;
|
||||
#endif
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
qc = ngx_quic_get_connection(c);
|
||||
level = ngx_quic_map_encryption_level(ssl_level);
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_add_handshake_data");
|
||||
@ -193,21 +492,20 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
* here;
|
||||
*/
|
||||
|
||||
#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
|
||||
|
||||
SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
|
||||
|
||||
if (alpn_len == 0) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
|
||||
qc->error_reason = "unsupported protocol in ALPN extension";
|
||||
if (qc->error == 0) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
|
||||
qc->error_reason = "missing ALPN extension";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic unsupported protocol in ALPN extension");
|
||||
return 0;
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic missing ALPN extension");
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
|
||||
&client_params_len);
|
||||
|
||||
@ -217,12 +515,16 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
|
||||
if (client_params_len == 0) {
|
||||
/* RFC 9001, 8.2. QUIC Transport Parameters Extension */
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
|
||||
qc->error_reason = "missing transport parameters";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"missing transport parameters");
|
||||
return 0;
|
||||
if (qc->error == 0) {
|
||||
qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
|
||||
qc->error_reason = "missing transport parameters";
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"missing transport parameters");
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
p = (u_char *) client_params;
|
||||
@ -237,11 +539,11 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
|
||||
qc->error_reason = "failed to process transport parameters";
|
||||
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
qc->client_tp_done = 1;
|
||||
@ -251,12 +553,14 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||
|
||||
out = ngx_quic_copy_buffer(c, (u_char *) data, len);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return 0;
|
||||
qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
|
||||
return 1;
|
||||
}
|
||||
|
||||
frame->data = out;
|
||||
@ -279,7 +583,7 @@ ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
|
||||
#if (NGX_DEBUG)
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_flush_flight()");
|
||||
@ -289,17 +593,17 @@ ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
|
||||
|
||||
|
||||
static int
|
||||
ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
|
||||
uint8_t alert)
|
||||
ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
|
||||
enum ssl_encryption_level_t ssl_level, uint8_t alert)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic ngx_quic_send_alert() level:%s alert:%d",
|
||||
ngx_quic_level_name(level), (int) alert);
|
||||
"quic ngx_quic_send_alert() level:%d alert:%d",
|
||||
ssl_level, (int) alert);
|
||||
|
||||
/* already closed on regular shutdown */
|
||||
|
||||
@ -314,13 +618,14 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
ngx_quic_frame_t *frame)
|
||||
{
|
||||
uint64_t last;
|
||||
ngx_chain_t *cl;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
ngx_quic_crypto_frame_t *f;
|
||||
@ -343,13 +648,13 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
}
|
||||
|
||||
if (last <= ctx->crypto.offset) {
|
||||
if (pkt->level == ssl_encryption_initial) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
/* speeding up handshake completion */
|
||||
|
||||
if (!ngx_queue_empty(&ctx->sent)) {
|
||||
ngx_quic_resend_frames(c, ctx);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
|
||||
ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
|
||||
while (!ngx_queue_empty(&ctx->sent)) {
|
||||
ngx_quic_resend_frames(c, ctx);
|
||||
}
|
||||
@ -359,43 +664,25 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (f->offset == ctx->crypto.offset) {
|
||||
if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_skip_buffer(c, &ctx->crypto, last);
|
||||
|
||||
} else {
|
||||
if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
|
||||
f->offset)
|
||||
== NGX_CHAIN_ERROR)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
|
||||
f->offset)
|
||||
== NGX_CHAIN_ERROR)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
|
||||
|
||||
if (cl) {
|
||||
if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_free_chain(c, cl);
|
||||
if (ngx_quic_crypto_provide(c, pkt->level) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
return ngx_quic_handshake(c);
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
enum ssl_encryption_level_t level)
|
||||
ngx_quic_handshake(ngx_connection_t *c)
|
||||
{
|
||||
int n, sslerr;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl;
|
||||
ngx_ssl_conn_t *ssl_conn;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
@ -404,20 +691,14 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
|
||||
ssl_conn = c->ssl->connection;
|
||||
|
||||
for (cl = data; cl; cl = cl->next) {
|
||||
b = cl->buf;
|
||||
|
||||
if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos)) {
|
||||
ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
|
||||
"SSL_provide_quic_data() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
n = SSL_do_handshake(ssl_conn);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
|
||||
|
||||
if (qc->error) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (n <= 0) {
|
||||
sslerr = SSL_get_error(ssl_conn, n);
|
||||
|
||||
@ -433,13 +714,13 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
|
||||
ngx_ssl_connection_error(c, sslerr, 0, "SSL_do_handshake() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (n <= 0 || SSL_in_init(ssl_conn)) {
|
||||
if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
|
||||
if (!SSL_is_init_finished(ssl_conn)) {
|
||||
if (ngx_quic_keys_available(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA, 0)
|
||||
&& qc->client_tp_done)
|
||||
{
|
||||
if (ngx_quic_init_streams(c) != NGX_OK) {
|
||||
@ -461,7 +742,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
@ -485,7 +766,7 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
* An endpoint MUST discard its Handshake keys
|
||||
* when the TLS handshake is confirmed.
|
||||
*/
|
||||
ngx_quic_discard_ctx(c, ssl_encryption_handshake);
|
||||
ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_HANDSHAKE);
|
||||
|
||||
ngx_quic_discover_path_mtu(c, qc->path);
|
||||
|
||||
@ -502,17 +783,97 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_crypto_provide(ngx_connection_t *c, ngx_uint_t level)
|
||||
{
|
||||
#if (NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API)
|
||||
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *out, *cl;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
enum ssl_encryption_level_t ssl_level;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
ctx = ngx_quic_get_send_ctx(qc, level);
|
||||
|
||||
out = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
switch (level) {
|
||||
case NGX_QUIC_ENCRYPTION_INITIAL:
|
||||
ssl_level = ssl_encryption_initial;
|
||||
break;
|
||||
case NGX_QUIC_ENCRYPTION_EARLY_DATA:
|
||||
ssl_level = ssl_encryption_early_data;
|
||||
break;
|
||||
case NGX_QUIC_ENCRYPTION_HANDSHAKE:
|
||||
ssl_level = ssl_encryption_handshake;
|
||||
break;
|
||||
default: /* NGX_QUIC_ENCRYPTION_APPLICATION */
|
||||
ssl_level = ssl_encryption_application;
|
||||
break;
|
||||
}
|
||||
|
||||
for (cl = out; cl; cl = cl->next) {
|
||||
b = cl->buf;
|
||||
|
||||
if (!SSL_provide_quic_data(c->ssl->connection, ssl_level, b->pos,
|
||||
b->last - b->pos))
|
||||
{
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"SSL_provide_quic_data() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_quic_free_chain(c, out);
|
||||
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_init_connection(ngx_connection_t *c)
|
||||
{
|
||||
u_char *p;
|
||||
size_t clen;
|
||||
ssize_t len;
|
||||
ngx_str_t dcid;
|
||||
ngx_ssl_conn_t *ssl_conn;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
static SSL_QUIC_METHOD quic_method;
|
||||
u_char *p;
|
||||
size_t clen;
|
||||
ssize_t len;
|
||||
ngx_str_t dcid;
|
||||
ngx_ssl_conn_t *ssl_conn;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
static const OSSL_DISPATCH qtdis[] = {
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND,
|
||||
(void (*)(void)) ngx_quic_cbs_send },
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD,
|
||||
(void (*)(void)) ngx_quic_cbs_recv_rcd },
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD,
|
||||
(void (*)(void)) ngx_quic_cbs_release_rcd },
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET,
|
||||
(void (*)(void)) ngx_quic_cbs_yield_secret },
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS,
|
||||
(void (*)(void)) ngx_quic_cbs_got_transport_params },
|
||||
|
||||
{ OSSL_FUNC_SSL_QUIC_TLS_ALERT,
|
||||
(void (*)(void)) ngx_quic_cbs_alert },
|
||||
|
||||
{ 0, NULL }
|
||||
};
|
||||
#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
|
||||
static SSL_QUIC_METHOD quic_method;
|
||||
#endif
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
@ -524,6 +885,20 @@ ngx_quic_init_connection(ngx_connection_t *c)
|
||||
|
||||
ssl_conn = c->ssl->connection;
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
|
||||
if (SSL_set_quic_tls_cbs(ssl_conn, qtdis, c) == 0) {
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"quic SSL_set_quic_tls_cbs() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
|
||||
SSL_set_quic_tls_early_data_enabled(ssl_conn, 1);
|
||||
}
|
||||
|
||||
#else /* NGX_QUIC_BORINGSSL_API || NGX_QUIC_QUICTLS_API */
|
||||
|
||||
if (!quic_method.send_alert) {
|
||||
#if (NGX_QUIC_BORINGSSL_API)
|
||||
quic_method.set_read_secret = ngx_quic_set_read_secret;
|
||||
@ -537,15 +912,17 @@ ngx_quic_init_connection(ngx_connection_t *c)
|
||||
}
|
||||
|
||||
if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"quic SSL_set_quic_method() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_INFO_QUIC
|
||||
#if (NGX_QUIC_QUICTLS_API)
|
||||
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
|
||||
SSL_set_quic_early_data_enabled(ssl_conn, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
@ -577,15 +954,23 @@ ngx_quic_init_connection(ngx_connection_t *c)
|
||||
"quic transport parameters len:%uz %*xs", len, len, p);
|
||||
#endif
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_API)
|
||||
if (SSL_set_quic_tls_transport_params(ssl_conn, p, len) == 0) {
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"quic SSL_set_quic_tls_transport_params() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
#else
|
||||
if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"quic SSL_set_quic_transport_params() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"quic SSL_set_quic_early_data_context() failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
@ -280,7 +280,7 @@ ngx_quic_do_reset_stream(ngx_quic_stream_t *qs, ngx_uint_t err)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_RESET_STREAM;
|
||||
frame->u.reset_stream.id = qs->id;
|
||||
frame->u.reset_stream.error_code = err;
|
||||
@ -367,7 +367,7 @@ ngx_quic_shutdown_stream_recv(ngx_connection_t *c)
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pc->log, 0,
|
||||
"quic stream id:0x%xL recv shutdown", qs->id);
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_STOP_SENDING;
|
||||
frame->u.stop_sending.id = qs->id;
|
||||
frame->u.stop_sending.error_code = qc->conf->stream_close_code;
|
||||
@ -527,7 +527,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_RESET_STREAM;
|
||||
frame->u.reset_stream.id = id;
|
||||
frame->u.reset_stream.error_code = code;
|
||||
@ -540,7 +540,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_STOP_SENDING;
|
||||
frame->u.stop_sending.id = id;
|
||||
frame->u.stop_sending.error_code = code;
|
||||
@ -1062,7 +1062,7 @@ ngx_quic_stream_flush(ngx_quic_stream_t *qs)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_STREAM;
|
||||
frame->data = out;
|
||||
|
||||
@ -1180,7 +1180,7 @@ ngx_quic_close_stream(ngx_quic_stream_t *qs)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_MAX_STREAMS;
|
||||
|
||||
if (qs->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) {
|
||||
@ -1771,7 +1771,7 @@ ngx_quic_update_max_stream_data(ngx_quic_stream_t *qs)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_MAX_STREAM_DATA;
|
||||
frame->u.max_stream_data.id = qs->id;
|
||||
frame->u.max_stream_data.limit = qs->recv_max_data;
|
||||
@ -1807,7 +1807,7 @@ ngx_quic_update_max_data(ngx_connection_t *c)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
frame->type = NGX_QUIC_FT_MAX_DATA;
|
||||
frame->u.max_data.max_data = qc->streams.recv_max_data;
|
||||
|
||||
|
||||
@ -281,7 +281,7 @@ ngx_int_t
|
||||
ngx_quic_parse_packet(ngx_quic_header_t *pkt)
|
||||
{
|
||||
if (!ngx_quic_long_pkt(pkt->flags)) {
|
||||
pkt->level = ssl_encryption_application;
|
||||
pkt->level = NGX_QUIC_ENCRYPTION_APPLICATION;
|
||||
|
||||
if (ngx_quic_parse_short_header(pkt, NGX_QUIC_SERVER_CID_LEN) != NGX_OK)
|
||||
{
|
||||
@ -468,13 +468,13 @@ ngx_quic_parse_long_header_v1(ngx_quic_header_t *pkt)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
pkt->level = ssl_encryption_initial;
|
||||
pkt->level = NGX_QUIC_ENCRYPTION_INITIAL;
|
||||
|
||||
} else if (ngx_quic_pkt_zrtt(pkt->flags)) {
|
||||
pkt->level = ssl_encryption_early_data;
|
||||
pkt->level = NGX_QUIC_ENCRYPTION_EARLY_DATA;
|
||||
|
||||
} else if (ngx_quic_pkt_hs(pkt->flags)) {
|
||||
pkt->level = ssl_encryption_handshake;
|
||||
pkt->level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
|
||||
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
|
||||
@ -593,7 +593,7 @@ ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len)
|
||||
|
||||
/* flags, version, dcid and scid with lengths and zero-length token */
|
||||
len = 5 + 2 + pkt->dcid.len + pkt->scid.len
|
||||
+ (pkt->level == ssl_encryption_initial ? 1 : 0);
|
||||
+ (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
|
||||
|
||||
if (len > pkt_len) {
|
||||
return 0;
|
||||
@ -632,7 +632,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
|
||||
if (out == NULL) {
|
||||
return 5 + 2 + pkt->dcid.len + pkt->scid.len
|
||||
+ ngx_quic_varint_len(rem_len) + pkt->num_len
|
||||
+ (pkt->level == ssl_encryption_initial ? 1 : 0);
|
||||
+ (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
|
||||
}
|
||||
|
||||
p = start = out;
|
||||
@ -647,7 +647,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
|
||||
*p++ = pkt->scid.len;
|
||||
p = ngx_cpymem(p, pkt->scid.data, pkt->scid.len);
|
||||
|
||||
if (pkt->level == ssl_encryption_initial) {
|
||||
if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
|
||||
ngx_quic_build_int(&p, 0);
|
||||
}
|
||||
|
||||
@ -1773,7 +1773,7 @@ ngx_quic_parse_transport_params(u_char *p, u_char *end, ngx_quic_tp_t *tp,
|
||||
}
|
||||
|
||||
if (rc == NGX_DECLINED) {
|
||||
ngx_log_error(NGX_LOG_INFO, log, 0,
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
|
||||
"quic %s transport param id:0x%xL, skipped",
|
||||
(id % 31 == 27) ? "reserved" : "unknown", id);
|
||||
}
|
||||
|
||||
@ -47,9 +47,9 @@
|
||||
(ngx_quic_long_pkt(flags) ? 0x0F : 0x1F)
|
||||
|
||||
#define ngx_quic_level_name(lvl) \
|
||||
(lvl == ssl_encryption_application) ? "app" \
|
||||
: (lvl == ssl_encryption_initial) ? "init" \
|
||||
: (lvl == ssl_encryption_handshake) ? "hs" : "early"
|
||||
(lvl == NGX_QUIC_ENCRYPTION_APPLICATION) ? "app" \
|
||||
: (lvl == NGX_QUIC_ENCRYPTION_INITIAL) ? "init" \
|
||||
: (lvl == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? "hs" : "early"
|
||||
|
||||
#define NGX_QUIC_MAX_CID_LEN 20
|
||||
#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
|
||||
@ -262,7 +262,7 @@ typedef struct ngx_quic_frame_s ngx_quic_frame_t;
|
||||
|
||||
struct ngx_quic_frame_s {
|
||||
ngx_uint_t type;
|
||||
enum ssl_encryption_level_t level;
|
||||
ngx_uint_t level;
|
||||
ngx_queue_t queue;
|
||||
uint64_t pnum;
|
||||
size_t plen;
|
||||
@ -310,7 +310,7 @@ typedef struct {
|
||||
uint8_t flags;
|
||||
uint32_t version;
|
||||
ngx_str_t token;
|
||||
enum ssl_encryption_level_t level;
|
||||
ngx_uint_t level;
|
||||
ngx_uint_t error;
|
||||
|
||||
/* filled in by parser */
|
||||
|
||||
@ -115,10 +115,11 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
|
||||
ngx_http_core_srv_conf_t *cscf;
|
||||
u_char addr[NGX_SOCKADDR_STRLEN];
|
||||
|
||||
static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
|
||||
static const u_char nginx[5] = { 0x84, 0xaa, 0x63, 0x55, 0xe7 };
|
||||
#if (NGX_HTTP_GZIP)
|
||||
static const u_char accept_encoding[12] =
|
||||
"\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";
|
||||
static const u_char accept_encoding[12] = {
|
||||
0x8b, 0x84, 0x84, 0x2d, 0x69, 0x5b, 0x05, 0x44, 0x3c, 0x86, 0xaa, 0x6f
|
||||
};
|
||||
#endif
|
||||
|
||||
static size_t nginx_ver_len = ngx_http_v2_literal_size(NGINX_VER);
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#define NGX_HTTP_V3_HQ_ALPN_PROTO "\x0Ahq-interop"
|
||||
#define NGX_HTTP_V3_HQ_PROTO "hq-interop"
|
||||
|
||||
#define NGX_HTTP_V3_VARLEN_INT_LEN 4
|
||||
#define NGX_HTTP_V3_VARLEN_INT_LEN 8
|
||||
#define NGX_HTTP_V3_PREFIX_INT_LEN 11
|
||||
|
||||
#define NGX_HTTP_V3_STREAM_CONTROL 0x00
|
||||
|
||||
Loading…
Reference in New Issue
Block a user