diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/quic/ngx_event_quic.c | 5 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_openssl_compat.c | 28 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_openssl_compat.h | 2 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_ssl.c | 24 |
4 files changed, 8 insertions, 51 deletions
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c index cd8beb352..6852bb070 100644 --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -963,10 +963,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt) #if !defined (OPENSSL_IS_BORINGSSL) /* OpenSSL provides read keys for an application level before it's ready */ - if (pkt->level == ssl_encryption_application - && SSL_quic_read_level(c->ssl->connection) - < ssl_encryption_application) - { + if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic no %s keys ready, ignoring packet", ngx_quic_level_name(pkt->level)); diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c index 318feda10..e970cfb9b 100644 --- a/src/event/quic/ngx_event_quic_openssl_compat.c +++ b/src/event/quic/ngx_event_quic_openssl_compat.c @@ -44,7 +44,6 @@ struct ngx_quic_compat_s { const SSL_QUIC_METHOD *method; enum ssl_encryption_level_t write_level; - enum ssl_encryption_level_t read_level; uint64_t read_record; ngx_quic_compat_keys_t keys; @@ -213,7 +212,6 @@ ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line) } else { com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n); - com->read_level = level; com->read_record = 0; (void) ngx_quic_compat_set_encryption_secret(c->log, &com->keys, level, @@ -583,32 +581,6 @@ ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res) } -enum ssl_encryption_level_t -SSL_quic_read_level(const SSL *ssl) -{ - ngx_connection_t *c; - ngx_quic_connection_t *qc; - - c = ngx_ssl_get_connection(ssl); - qc = ngx_quic_get_connection(c); - - return qc->compat->read_level; -} - - -enum ssl_encryption_level_t -SSL_quic_write_level(const SSL *ssl) -{ - ngx_connection_t *c; - ngx_quic_connection_t *qc; - - c = ngx_ssl_get_connection(ssl); - qc = ngx_quic_get_connection(c); - - return qc->compat->write_level; -} - - int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len) diff --git a/src/event/quic/ngx_event_quic_openssl_compat.h b/src/event/quic/ngx_event_quic_openssl_compat.h index b04f6e0b5..77cc3cb0d 100644 --- a/src/event/quic/ngx_event_quic_openssl_compat.h +++ b/src/event/quic/ngx_event_quic_openssl_compat.h @@ -48,8 +48,6 @@ ngx_int_t ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx); int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len); -enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); -enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len); void SSL_get_peer_quic_transport_params(const SSL *ssl, diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c index 316d6b5eb..c719a1dd4 100644 --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -43,7 +43,8 @@ static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn); static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, uint8_t alert); -static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); +static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data, + enum ssl_encryption_level_t level); #if (NGX_QUIC_BORINGSSL_API) @@ -354,7 +355,7 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, } if (f->offset == ctx->crypto.offset) { - if (ngx_quic_crypto_input(c, frame->data) != NGX_OK) { + if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) { return NGX_ERROR; } @@ -372,7 +373,7 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1); if (cl) { - if (ngx_quic_crypto_input(c, cl) != NGX_OK) { + if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) { return NGX_ERROR; } @@ -384,7 +385,8 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt, static ngx_int_t -ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) +ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data, + enum ssl_encryption_level_t level) { int n, sslerr; ngx_buf_t *b; @@ -397,17 +399,10 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) ssl_conn = c->ssl->connection; - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, - "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", - (int) SSL_quic_read_level(ssl_conn), - (int) SSL_quic_write_level(ssl_conn)); - for (cl = data; cl; cl = cl->next) { b = cl->buf; - if (!SSL_provide_quic_data(ssl_conn, SSL_quic_read_level(ssl_conn), - b->pos, b->last - b->pos)) - { + if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos)) { ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "SSL_provide_quic_data() failed"); return NGX_ERROR; @@ -416,11 +411,6 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) n = SSL_do_handshake(ssl_conn); - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, - "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", - (int) SSL_quic_read_level(ssl_conn), - (int) SSL_quic_write_level(ssl_conn)); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); if (n <= 0) { |