Mercurial > hg > nginx
changeset 8328:e76be8639621 quic
Added basic offset support in client CRYPTO frames.
The offset in client CRYPTO frames is tracked in c->quic->crypto_offset_in.
This means that CRYPTO frames with non-zero offset are now accepted making
possible to finish handshake with client certificates that exceed max packet
size (if no reordering happens).
The c->quic->crypto_offset field is renamed to crypto_offset_out to avoid
confusion with tracking of incoming CRYPTO stream.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Tue, 07 Apr 2020 15:50:38 +0300 |
parents | 0ae50d90658a |
children | 7bd334b8d91a |
files | src/event/ngx_event_quic.c |
diffstat | 1 files changed, 20 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c Tue Apr 07 12:54:34 2020 +0300 +++ b/src/event/ngx_event_quic.c Tue Apr 07 15:50:38 2020 +0300 @@ -69,7 +69,8 @@ ngx_quic_namespace_t ns[NGX_QUIC_NAMESPACE_LAST]; ngx_quic_secrets_t keys[NGX_QUIC_ENCRYPTION_LAST]; ngx_quic_secrets_t next_key; - uint64_t crypto_offset[NGX_QUIC_ENCRYPTION_LAST]; + uint64_t crypto_offset_out[NGX_QUIC_ENCRYPTION_LAST]; + uint64_t crypto_offset_in[NGX_QUIC_ENCRYPTION_LAST]; ngx_ssl_t *ssl; @@ -334,11 +335,11 @@ frame->level = level; frame->type = NGX_QUIC_FT_CRYPTO; - frame->u.crypto.offset += qc->crypto_offset[level]; + frame->u.crypto.offset += qc->crypto_offset_out[level]; frame->u.crypto.len = len; frame->u.crypto.data = frame->data; - qc->crypto_offset[level] += len; + qc->crypto_offset_out[level] += len; ngx_sprintf(frame->info, "crypto, generated by SSL len=%ui level=%d", len, level); @@ -1368,14 +1369,21 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, ngx_quic_crypto_frame_t *f) { - int sslerr; - ssize_t n; - ngx_ssl_conn_t *ssl_conn; - - if (f->offset != 0x0) { + int sslerr; + ssize_t n; + uint64_t *curr_offset; + ngx_ssl_conn_t *ssl_conn; + ngx_quic_connection_t *qc; + + qc = c->quic; + + curr_offset = &qc->crypto_offset_in[pkt->level]; + + if (f->offset != *curr_offset) { ngx_log_error(NGX_LOG_INFO, c->log, 0, - "crypto frame with non-zero offset"); - // TODO: add support for crypto frames spanning packets + "crypto frame with unexpected offset"); + + /* TODO: support reordering/buffering of data */ return NGX_ERROR; } @@ -1394,6 +1402,8 @@ return NGX_ERROR; } + *curr_offset += f->len; + n = SSL_do_handshake(ssl_conn); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);