Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic.c @ 9168:ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Keys may be released by TLS stack in different times, so it makes sense
to check this independently as well. This allows to fine-tune what key
direction is used when checking keys availability.
When discarding, server keys are now marked in addition to client keys.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 31 Aug 2023 19:54:10 +0400 |
parents | f9845e4b5c14 |
children | 4ccb0d973206 |
comparison
equal
deleted
inserted
replaced
9167:3038bd4d7816 | 9168:ff98ae7d261e |
---|---|
528 qc->error_reason ? qc->error_reason : ""); | 528 qc->error_reason ? qc->error_reason : ""); |
529 | 529 |
530 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { | 530 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
531 ctx = &qc->send_ctx[i]; | 531 ctx = &qc->send_ctx[i]; |
532 | 532 |
533 if (!ngx_quic_keys_available(qc->keys, ctx->level)) { | 533 if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) { |
534 continue; | 534 continue; |
535 } | 535 } |
536 | 536 |
537 qc->error_level = ctx->level; | 537 qc->error_level = ctx->level; |
538 (void) ngx_quic_send_cc(c); | 538 (void) ngx_quic_send_cc(c); |
957 qc->error = (ngx_uint_t) -1; | 957 qc->error = (ngx_uint_t) -1; |
958 qc->error_reason = 0; | 958 qc->error_reason = 0; |
959 | 959 |
960 c->log->action = "decrypting packet"; | 960 c->log->action = "decrypting packet"; |
961 | 961 |
962 if (!ngx_quic_keys_available(qc->keys, pkt->level)) { | 962 if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) { |
963 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 963 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
964 "quic no %s keys, ignoring packet", | 964 "quic no %s keys, ignoring packet", |
965 ngx_quic_level_name(pkt->level)); | 965 ngx_quic_level_name(pkt->level)); |
966 return NGX_DECLINED; | 966 return NGX_DECLINED; |
967 } | 967 } |
1080 ngx_quic_send_ctx_t *ctx; | 1080 ngx_quic_send_ctx_t *ctx; |
1081 ngx_quic_connection_t *qc; | 1081 ngx_quic_connection_t *qc; |
1082 | 1082 |
1083 qc = ngx_quic_get_connection(c); | 1083 qc = ngx_quic_get_connection(c); |
1084 | 1084 |
1085 if (!ngx_quic_keys_available(qc->keys, level)) { | 1085 if (!ngx_quic_keys_available(qc->keys, level, 0) |
1086 && !ngx_quic_keys_available(qc->keys, level, 1)) | |
1087 { | |
1086 return; | 1088 return; |
1087 } | 1089 } |
1088 | 1090 |
1089 ngx_quic_keys_discard(qc->keys, level); | 1091 ngx_quic_keys_discard(qc->keys, level); |
1090 | 1092 |