QUIC: ssl_encryption_level_t abstraction layer.

Encryption level values are decoupled from ssl_encryption_level_t,
which is now limited to BoringSSL QUIC callbacks, with mappings
provided.  Although the values match, this provides a technically
safe approach, in particular, to access protection level sized arrays.

In preparation for using OpenSSL 3.5 TLS callbacks.

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 4f2e50240e2a547841b455f2484609e7d09fe395..8df4877732b9a855d3efc3a8bb3c5c38a9005bcc 100644 (file)
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -260,9 +260,9 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
         qc->send_ctx[i].pending_ack = NGX_QUIC_UNSET_PN;
     }
 
-    qc->send_ctx[0].level = ssl_encryption_initial;
-    qc->send_ctx[1].level = ssl_encryption_handshake;
-    qc->send_ctx[2].level = ssl_encryption_application;
+    qc->send_ctx[0].level = NGX_QUIC_ENCRYPTION_INITIAL;
+    qc->send_ctx[1].level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
+    qc->send_ctx[2].level = NGX_QUIC_ENCRYPTION_APPLICATION;
 
     ngx_queue_init(&qc->free_frames);
 
@@ -800,13 +800,13 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
                    pkt->dcid.len, &pkt->dcid);
 
 #if (NGX_DEBUG)
-    if (pkt->level != ssl_encryption_application) {
+    if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic packet rx scid len:%uz %xV",
                        pkt->scid.len, &pkt->scid);
     }
 
-    if (pkt->level == ssl_encryption_initial) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic address validation token len:%uz %xV",
                        pkt->token.len, &pkt->token);
@@ -823,7 +823,7 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
             return NGX_DECLINED;
         }
 
-        if (pkt->level != ssl_encryption_application) {
+        if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
 
             if (pkt->version != qc->version) {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
@@ -853,7 +853,9 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
 
         rc = ngx_quic_handle_payload(c, pkt);
 
-        if (rc == NGX_DECLINED && pkt->level == ssl_encryption_application) {
+        if (rc == NGX_DECLINED
+            && pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION)
+        {
             if (ngx_quic_handle_stateless_reset(c, pkt) == NGX_OK) {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "quic stateless reset packet detected");
@@ -874,11 +876,11 @@ ngx_quic_handle_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
         return ngx_quic_negotiate_version(c, pkt);
     }
 
-    if (pkt->level == ssl_encryption_application) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
         return ngx_quic_send_stateless_reset(c, conf, pkt);
     }
 
-    if (pkt->level != ssl_encryption_initial) {
+    if (pkt->level != NGX_QUIC_ENCRYPTION_INITIAL) {
         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic expected initial, got handshake");
         return NGX_ERROR;
@@ -976,7 +978,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
 #if (NGX_QUIC_QUICTLS_API)
     /* QuicTLS provides app read keys before completing handshake */
 
-    if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION && !c->ssl->handshaked) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic no %s keys ready, ignoring packet",
                       ngx_quic_level_name(pkt->level));
@@ -1014,14 +1016,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
         }
     }
 
-    if (pkt->level == ssl_encryption_handshake) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
         /*
          * RFC 9001, 4.9.1.  Discarding Initial Keys
          *
          * The successful use of Handshake packets indicates
          * that no more Initial packets need to be exchanged
          */
-        ngx_quic_discard_ctx(c, ssl_encryption_initial);
+        ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_INITIAL);
 
         if (!qc->path->validated) {
             qc->path->validated = 1;
@@ -1030,14 +1032,14 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
         }
     }
 
-    if (pkt->level == ssl_encryption_application) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
         /*
          * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
          *
          * After receiving a 1-RTT packet, servers MUST discard
          * 0-RTT keys within a short time
          */
-        ngx_quic_keys_discard(qc->keys, ssl_encryption_early_data);
+        ngx_quic_keys_discard(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA);
     }
 
     if (qc->closing) {
@@ -1064,7 +1066,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
 
     c->log->action = "handling payload";
 
-    if (pkt->level != ssl_encryption_application) {
+    if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION) {
         return ngx_quic_handle_frames(c, pkt);
     }
 
@@ -1089,7 +1091,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
 
 
 void
-ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
+ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level)
 {
     ngx_queue_t            *q;
     ngx_quic_frame_t       *f;
@@ -1130,7 +1132,7 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
         ngx_quic_free_frame(c, f);
     }
 
-    if (level == ssl_encryption_initial) {
+    if (level == NGX_QUIC_ENCRYPTION_INITIAL) {
         /* close temporary listener with initial dcid */
         qsock = ngx_quic_find_socket(c, NGX_QUIC_UNSET_PN);
         if (qsock) {

diff --git a/src/event/quic/ngx_event_quic_ack.c b/src/event/quic/ngx_event_quic_ack.c
index c7fd96c2cdd4356eadde2f011436db39939400fa..abd3f7ade9acb140670d06bfe567166fd05baf19 100644 (file)
--- a/src/event/quic/ngx_event_quic_ack.c
+++ b/src/event/quic/ngx_event_quic_ack.c
@@ -36,7 +36,7 @@ typedef struct {
 static ngx_inline ngx_msec_t ngx_quic_time_threshold(ngx_quic_connection_t *qc);
 static uint64_t ngx_quic_packet_threshold(ngx_quic_send_ctx_t *ctx);
 static void ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
-    enum ssl_encryption_level_t level, ngx_msec_t send_time);
+    ngx_uint_t level, ngx_msec_t send_time);
 static ngx_int_t ngx_quic_handle_ack_frame_range(ngx_connection_t *c,
     ngx_quic_send_ctx_t *ctx, uint64_t min, uint64_t max,
     ngx_quic_ack_stat_t *st);
@@ -108,7 +108,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
     ctx = ngx_quic_get_send_ctx(qc, pkt->level);
 
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic ngx_quic_handle_ack_frame level:%d", pkt->level);
+                   "quic ngx_quic_handle_ack_frame level:%ui", pkt->level);
 
     ack = &f->u.ack;
 
@@ -207,7 +207,7 @@ ngx_quic_handle_ack_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
 
 static void
 ngx_quic_rtt_sample(ngx_connection_t *c, ngx_quic_ack_frame_t *ack,
-    enum ssl_encryption_level_t level, ngx_msec_t send_time)
+    ngx_uint_t level, ngx_msec_t send_time)
 {
     ngx_msec_t              latest_rtt, ack_delay, adjusted_rtt, rttvar_sample;
     ngx_quic_connection_t  *qc;
@@ -260,7 +260,7 @@ ngx_quic_handle_ack_frame_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
 
     qc = ngx_quic_get_connection(c);
 
-    if (ctx->level == ssl_encryption_application) {
+    if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
         if (ngx_quic_handle_path_mtu(c, qc->path, min, max) != NGX_OK) {
             return NGX_ERROR;
         }
@@ -634,7 +634,7 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
             wait = start->send_time + thr - now;
 
             ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                  "quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%d",
+                  "quic detect_lost pnum:%uL thr:%M pthr:%uL wait:%i level:%ui",
                   start->pnum, thr, pkt_thr, (ngx_int_t) wait, start->level);
 
             if ((ngx_msec_int_t) wait > 0
@@ -787,7 +787,7 @@ ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
         switch (f->type) {
         case NGX_QUIC_FT_ACK:
         case NGX_QUIC_FT_ACK_ECN:
-            if (ctx->level == ssl_encryption_application) {
+            if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
                 /* force generation of most recent acknowledgment */
                 ctx->send_ack = NGX_QUIC_MAX_ACK_GAP;
             }
@@ -1073,7 +1073,7 @@ ngx_quic_pto(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
     duration = qc->avg_rtt;
     duration += ngx_max(4 * qc->rttvar, NGX_QUIC_TIME_GRANULARITY);
 
-    if (ctx->level == ssl_encryption_application && c->ssl->handshaked) {
+    if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION && c->ssl->handshaked) {
         duration += qc->ctp.max_ack_delay;
     }
 
@@ -1428,7 +1428,7 @@ ngx_quic_generate_ack(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
         return NGX_OK;
     }
 
-    if (ctx->level == ssl_encryption_application) {
+    if (ctx->level == NGX_QUIC_ENCRYPTION_APPLICATION) {
 
         delay = ngx_current_msec - ctx->ack_delay_start;
         qc = ngx_quic_get_connection(c);

diff --git a/src/event/quic/ngx_event_quic_connection.h b/src/event/quic/ngx_event_quic_connection.h
index 04cda859ee08df2f56f7e73707e087091ee7e7b7..856512118f91674f31bef1cc26659361dbc24166 100644 (file)
--- a/src/event/quic/ngx_event_quic_connection.h
+++ b/src/event/quic/ngx_event_quic_connection.h
@@ -17,6 +17,15 @@
 /* #define NGX_QUIC_DEBUG_ALLOC */    /* log frames and bufs alloc */
 /* #define NGX_QUIC_DEBUG_CRYPTO */
 
+#define NGX_QUIC_ENCRYPTION_INITIAL          0
+#define NGX_QUIC_ENCRYPTION_EARLY_DATA       1
+#define NGX_QUIC_ENCRYPTION_HANDSHAKE        2
+#define NGX_QUIC_ENCRYPTION_APPLICATION      3
+#define NGX_QUIC_ENCRYPTION_LAST             4
+
+#define NGX_QUIC_SEND_CTX_LAST               (NGX_QUIC_ENCRYPTION_LAST - 1)
+
+
 typedef struct ngx_quic_connection_s  ngx_quic_connection_t;
 typedef struct ngx_quic_server_id_s   ngx_quic_server_id_t;
 typedef struct ngx_quic_client_id_s   ngx_quic_client_id_t;
@@ -46,8 +55,6 @@ typedef struct ngx_quic_keys_s        ngx_quic_keys_t;
 
 #define NGX_QUIC_UNSET_PN                    (uint64_t) -1
 
-#define NGX_QUIC_SEND_CTX_LAST               (NGX_QUIC_ENCRYPTION_LAST - 1)
-
 /*  0-RTT and 1-RTT data exist in the same packet number space,
  *  so we have 3 packet number spaces:
  *
@@ -56,9 +63,9 @@ typedef struct ngx_quic_keys_s        ngx_quic_keys_t;
  *  2 - 0-RTT and 1-RTT
  */
 #define ngx_quic_get_send_ctx(qc, level)                                      \
-    ((level) == ssl_encryption_initial) ? &((qc)->send_ctx[0])                \
-        : (((level) == ssl_encryption_handshake) ? &((qc)->send_ctx[1])       \
-                                                 : &((qc)->send_ctx[2]))
+    ((level) == NGX_QUIC_ENCRYPTION_INITIAL) ? &((qc)->send_ctx[0])           \
+        : (((level) == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? &((qc)->send_ctx[1])  \
+                                                      : &((qc)->send_ctx[2]))
 
 #define ngx_quic_get_connection(c)                                            \
     (((c)->udp) ? (((ngx_quic_socket_t *)((c)->udp))->quic) : NULL)
@@ -188,7 +195,7 @@ typedef struct {
  *  are also Initial packets.
  */
 struct ngx_quic_send_ctx_s {
-    enum ssl_encryption_level_t       level;
+    ngx_uint_t                        level;
 
     ngx_quic_buffer_t                 crypto;
     uint64_t                          crypto_sent;
@@ -279,7 +286,7 @@ struct ngx_quic_connection_s {
     off_t                             received;
 
     ngx_uint_t                        error;
-    enum ssl_encryption_level_t       error_level;
+    ngx_uint_t                        error_level;
     ngx_uint_t                        error_ftype;
     const char                       *error_reason;
 
@@ -299,8 +306,7 @@ struct ngx_quic_connection_s {
 
 ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c,
     ngx_quic_tp_t *ctp);
-void ngx_quic_discard_ctx(ngx_connection_t *c,
-    enum ssl_encryption_level_t level);
+void ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level);
 void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc);
 void ngx_quic_shutdown_quic(ngx_connection_t *c);
 

diff --git a/src/event/quic/ngx_event_quic_connid.c b/src/event/quic/ngx_event_quic_connid.c
index f50868205247b0ba023c0d36614cdb433013413e..4e7b8dc2203b931a749306457809dc4a5b5cae01 100644 (file)
--- a/src/event/quic/ngx_event_quic_connid.c
+++ b/src/event/quic/ngx_event_quic_connid.c
@@ -99,7 +99,7 @@ ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
             return NGX_ERROR;
         }
 
-        frame->level = ssl_encryption_application;
+        frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
         frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
         frame->u.retire_cid.sequence_number = f->seqnum;
 
@@ -452,7 +452,7 @@ ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID;
     frame->u.ncid.seqnum = sid->seqnum;
     frame->u.ncid.retire = 0;
@@ -485,7 +485,7 @@ ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
     frame->u.retire_cid.sequence_number = cid->seqnum;
 

diff --git a/src/event/quic/ngx_event_quic_migration.c b/src/event/quic/ngx_event_quic_migration.c
index 6befc34270bec8a2c4f14e526895cac3d3d72a99..42354ca669755626bc1a6fb1cac2ddd40f531662 100644 (file)
--- a/src/event/quic/ngx_event_quic_migration.c
+++ b/src/event/quic/ngx_event_quic_migration.c
@@ -40,7 +40,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
     ngx_quic_frame_t       *fp;
     ngx_quic_connection_t  *qc;
 
-    if (pkt->level != ssl_encryption_application || pkt->path_challenged) {
+    if (pkt->level != NGX_QUIC_ENCRYPTION_APPLICATION || pkt->path_challenged) {
         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic ignoring PATH_CHALLENGE");
         return NGX_OK;
@@ -55,7 +55,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
         return NGX_ERROR;
     }
 
-    fp->level = ssl_encryption_application;
+    fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     fp->type = NGX_QUIC_FT_PATH_RESPONSE;
     fp->u.path_response = *f;
 
@@ -93,7 +93,7 @@ ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
             return NGX_ERROR;
         }
 
-        fp->level = ssl_encryption_application;
+        fp->level = NGX_QUIC_ENCRYPTION_APPLICATION;
         fp->type = NGX_QUIC_FT_PING;
 
         ngx_quic_queue_frame(qc, fp);
@@ -177,7 +177,7 @@ valid:
     if (rst) {
         /* prevent old path packets contribution to congestion control */
 
-        ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+        ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
         qc->rst_pnum = ctx->pnum;
 
         ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
@@ -549,7 +549,7 @@ ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
 
     (void) ngx_quic_send_path_challenge(c, path);
 
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
     pto = ngx_max(ngx_quic_pto(c, ctx), 1000);
 
     path->expires = ngx_current_msec + pto;
@@ -579,7 +579,7 @@ ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
             return NGX_ERROR;
         }
 
-        frame->level = ssl_encryption_application;
+        frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
         frame->type = NGX_QUIC_FT_PATH_CHALLENGE;
 
         ngx_memcpy(frame->u.path_challenge.data, path->challenge[n], 8);
@@ -767,7 +767,7 @@ ngx_quic_expire_path_validation(ngx_connection_t *c, ngx_quic_path_t *path)
     ngx_quic_connection_t  *qc;
 
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
 
     if (++path->tries < NGX_QUIC_PATH_RETRIES) {
         pto = ngx_max(ngx_quic_pto(c, ctx), 1000) << path->tries;
@@ -830,7 +830,7 @@ ngx_quic_expire_path_mtu_delay(ngx_connection_t *c, ngx_quic_path_t *path)
     ngx_quic_connection_t  *qc;
 
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
 
     path->tries = 0;
 
@@ -876,7 +876,7 @@ ngx_quic_expire_path_mtu_discovery(ngx_connection_t *c, ngx_quic_path_t *path)
     ngx_quic_connection_t  *qc;
 
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
 
     if (++path->tries < NGX_QUIC_PATH_RETRIES) {
         rc = ngx_quic_send_path_mtu_probe(c, path);
@@ -922,13 +922,13 @@ ngx_quic_send_path_mtu_probe(ngx_connection_t *c, ngx_quic_path_t *path)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_PING;
     frame->ignore_loss = 1;
     frame->ignore_congestion = 1;
 
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
     pnum = ctx->pnum;
 
     ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,

diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
index c5762f15521d8aabdd45af4c235c82fda6829b79..58298dcb8167c4bd3f085cec9e514641d5fdb4b1 100644 (file)
--- a/src/event/quic/ngx_event_quic_openssl_compat.c
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c
@@ -433,8 +433,7 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
 
     case SSL3_RT_HANDSHAKE:
         ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                       "quic compat tx %s len:%uz ",
-                       ngx_quic_level_name(level), len);
+                       "quic compat tx level:%d len:%uz", level, len);
 
         if (com->method->add_handshake_data(ssl, level, buf, len) != 1) {
             return;
@@ -447,8 +446,8 @@ ngx_quic_compat_message_callback(int write_p, int version, int content_type,
             alert = ((u_char *) buf)[1];
 
             ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                           "quic compat %s alert:%ui len:%uz ",
-                           ngx_quic_level_name(level), alert, len);
+                           "quic compat level:%d alert:%ui len:%uz",
+                           level, alert, len);
 
             if (com->method->send_alert(ssl, level, alert) != 1) {
                 return;
@@ -481,8 +480,8 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
 
     c = ngx_ssl_get_connection(ssl);
 
-    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz",
-                   ngx_quic_level_name(level), len);
+    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                   "quic compat rx level:%d len:%uz", level, len);
 
     qc = ngx_quic_get_connection(c);
     com = qc->compat;

diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
index 01f1f911324039350fea47f072d1bfae3eb7c952..8c33505048b6ee72503a1de29d82f9325eff27dd 100644 (file)
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -294,17 +294,17 @@ ngx_quic_allow_segmentation(ngx_connection_t *c)
         return 0;
     }
 
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
     if (!ngx_queue_empty(&ctx->frames)) {
         return 0;
     }
 
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
     if (!ngx_queue_empty(&ctx->frames)) {
         return 0;
     }
 
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
 
     bytes = 0;
     len = ngx_min(qc->path->mtu, NGX_QUIC_MAX_UDP_SEGMENT_BUF);
@@ -349,7 +349,7 @@ ngx_quic_create_segments(ngx_connection_t *c)
     cg = &qc->congestion;
     path = qc->path;
 
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_APPLICATION);
 
     if (ngx_quic_generate_ack(c, ctx) != NGX_OK) {
         return NGX_ERROR;
@@ -500,7 +500,7 @@ ngx_quic_get_padding_level(ngx_connection_t *c)
      */
 
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_initial);
+    ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_INITIAL);
 
     for (q = ngx_queue_head(&ctx->frames);
          q != ngx_queue_sentinel(&ctx->frames);
@@ -687,10 +687,10 @@ ngx_quic_init_packet(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
 
     pkt->flags = NGX_QUIC_PKT_FIXED_BIT;
 
-    if (ctx->level == ssl_encryption_initial) {
+    if (ctx->level == NGX_QUIC_ENCRYPTION_INITIAL) {
         pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_INITIAL;
 
-    } else if (ctx->level == ssl_encryption_handshake) {
+    } else if (ctx->level == NGX_QUIC_ENCRYPTION_HANDSHAKE) {
         pkt->flags |= NGX_QUIC_PKT_LONG | NGX_QUIC_PKT_HANDSHAKE;
 
     } else {
@@ -1103,7 +1103,7 @@ ngx_quic_send_new_token(ngx_connection_t *c, ngx_quic_path_t *path)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_NEW_TOKEN;
     frame->data = out;
     frame->u.token.length = token.len;

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
index e5c0df7b44287413b3eb44941de60a2fc5d9d4f9..885843d72d842af746b42f8e5c80bb84c6e6b808 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -130,8 +130,8 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
         0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
     };
 
-    client = &keys->secrets[ssl_encryption_initial].client;
-    server = &keys->secrets[ssl_encryption_initial].server;
+    client = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].client;
+    server = &keys->secrets[NGX_QUIC_ENCRYPTION_INITIAL].server;
 
     /*
      * RFC 9001, section 5.  Packet Protection
@@ -656,8 +656,8 @@ ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s)
 
 ngx_int_t
 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
-    ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
-    const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
+    ngx_quic_keys_t *keys, ngx_uint_t level, const SSL_CIPHER *cipher,
+    const uint8_t *secret, size_t secret_len)
 {
     ngx_int_t            key_len;
     ngx_str_t            secret_str;
@@ -722,8 +722,8 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
 
 
 ngx_uint_t
-ngx_quic_keys_available(ngx_quic_keys_t *keys,
-    enum ssl_encryption_level_t level, ngx_uint_t is_write)
+ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
+    ngx_uint_t is_write)
 {
     if (is_write == 0) {
         return keys->secrets[level].client.ctx != NULL;
@@ -734,8 +734,7 @@ ngx_quic_keys_available(ngx_quic_keys_t *keys,
 
 
 void
-ngx_quic_keys_discard(ngx_quic_keys_t *keys,
-    enum ssl_encryption_level_t level)
+ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level)
 {
     ngx_quic_secret_t  *client, *server;
 
@@ -765,7 +764,7 @@ ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys)
 {
     ngx_quic_secrets_t  *current, *next, tmp;
 
-    current = &keys->secrets[ssl_encryption_application];
+    current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
     next = &keys->next_key;
 
     ngx_quic_crypto_cleanup(&current->client);
@@ -794,7 +793,7 @@ ngx_quic_keys_update(ngx_event_t *ev)
     qc = ngx_quic_get_connection(c);
     keys = qc->keys;
 
-    current = &keys->secrets[ssl_encryption_application];
+    current = &keys->secrets[NGX_QUIC_ENCRYPTION_APPLICATION];
     next = &keys->next_key;
 
     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");

diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
index c09456f53cd3f2d7d91d97673ba2f6e557d337ab..fddc6083a3262917ab6414dbf2614e015ceea63c 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -14,8 +14,6 @@
 #include <ngx_event_quic_transport.h>
 
 
-#define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)
-
 /* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */
 #define NGX_QUIC_IV_LEN               12
 #define NGX_QUIC_TAG_LEN              16
@@ -94,13 +92,11 @@ typedef struct {
 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
     ngx_str_t *secret, ngx_log_t *log);
 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
-    ngx_uint_t is_write, ngx_quic_keys_t *keys,
-    enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
-    const uint8_t *secret, size_t secret_len);
-ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
-    enum ssl_encryption_level_t level, ngx_uint_t is_write);
-void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
-    enum ssl_encryption_level_t level);
+    ngx_uint_t is_write, ngx_quic_keys_t *keys, ngx_uint_t level,
+    const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
+ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_uint_t level,
+    ngx_uint_t is_write);
+void ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_uint_t level);
 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
 void ngx_quic_keys_update(ngx_event_t *ev);
 void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index c9ebd70bc6857c2758398fc9eab84fe84bbb682b..fc8ebd8cf93603cd5c38ab2ac644c0304069842d 100644 (file)
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -18,44 +18,65 @@
 #define NGX_QUIC_MAX_BUFFERED    65535
 
 
+static ngx_inline ngx_uint_t ngx_quic_map_encryption_level(
+    enum ssl_encryption_level_t ssl_level);
+
 #if (NGX_QUIC_BORINGSSL_API)
 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+    enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+    enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
 #else /* NGX_QUIC_QUICTLS_API */
 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const uint8_t *read_secret,
+    enum ssl_encryption_level_t ssl_level, const uint8_t *read_secret,
     const uint8_t *write_secret, size_t secret_len);
 #endif
 
 static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
+    enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len);
 static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, uint8_t alert);
+    enum ssl_encryption_level_t ssl_level, uint8_t alert);
 static ngx_int_t ngx_quic_handshake(ngx_connection_t *c);
 static ngx_int_t ngx_quic_crypto_provide(ngx_connection_t *c, ngx_chain_t *out,
-    enum ssl_encryption_level_t level);
+    ngx_uint_t level);
+
+
+static ngx_inline ngx_uint_t
+ngx_quic_map_encryption_level(enum ssl_encryption_level_t ssl_level)
+{
+    switch (ssl_level) {
+    case ssl_encryption_initial:
+        return NGX_QUIC_ENCRYPTION_INITIAL;
+    case ssl_encryption_early_data:
+        return NGX_QUIC_ENCRYPTION_EARLY_DATA;
+    case ssl_encryption_handshake:
+        return NGX_QUIC_ENCRYPTION_HANDSHAKE;
+    default: /* ssl_encryption_application */
+        return NGX_QUIC_ENCRYPTION_APPLICATION;
+    }
+}
 
 
 #if (NGX_QUIC_BORINGSSL_API)
 
 static int
 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+    enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
     const uint8_t *rsecret, size_t secret_len)
 {
+    ngx_uint_t              level;
     ngx_connection_t       *c;
     ngx_quic_connection_t  *qc;
 
     c = ngx_ssl_get_connection(ssl_conn);
     qc = ngx_quic_get_connection(c);
+    level = ngx_quic_map_encryption_level(ssl_level);
 
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic ngx_quic_set_read_secret() level:%d", level);
+                   "quic ngx_quic_set_read_secret() level:%d", ssl_level);
 #ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic read secret len:%uz %*xs", secret_len,
@@ -75,17 +96,19 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
 
 static int
 ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
+    enum ssl_encryption_level_t ssl_level, const SSL_CIPHER *cipher,
     const uint8_t *wsecret, size_t secret_len)
 {
+    ngx_uint_t              level;
     ngx_connection_t       *c;
     ngx_quic_connection_t  *qc;
 
     c = ngx_ssl_get_connection(ssl_conn);
     qc = ngx_quic_get_connection(c);
+    level = ngx_quic_map_encryption_level(ssl_level);
 
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic ngx_quic_set_write_secret() level:%d", level);
+                   "quic ngx_quic_set_write_secret() level:%d", ssl_level);
 #ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic write secret len:%uz %*xs", secret_len,
@@ -106,18 +129,21 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
 
 static int
 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const uint8_t *rsecret,
+    enum ssl_encryption_level_t ssl_level, const uint8_t *rsecret,
     const uint8_t *wsecret, size_t secret_len)
 {
+    ngx_uint_t              level;
     ngx_connection_t       *c;
     const SSL_CIPHER       *cipher;
     ngx_quic_connection_t  *qc;
 
     c = ngx_ssl_get_connection(ssl_conn);
     qc = ngx_quic_get_connection(c);
+    level = ngx_quic_map_encryption_level(ssl_level);
 
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic ngx_quic_set_encryption_secrets() level:%d", level);
+                   "quic ngx_quic_set_encryption_secrets() level:%d",
+                   ssl_level);
 #ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic read secret len:%uz %*xs", secret_len,
@@ -134,7 +160,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
         return 1;
     }
 
-    if (level == ssl_encryption_early_data) {
+    if (level == NGX_QUIC_ENCRYPTION_EARLY_DATA) {
         return 1;
     }
 
@@ -159,10 +185,11 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
 
 static int
 ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
-    enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
+    enum ssl_encryption_level_t ssl_level, const uint8_t *data, size_t len)
 {
     u_char                 *p, *end;
     size_t                  client_params_len;
+    ngx_uint_t              level;
     ngx_chain_t            *out;
     unsigned int            alpn_len;
     const uint8_t          *client_params;
@@ -175,6 +202,7 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 
     c = ngx_ssl_get_connection(ssl_conn);
     qc = ngx_quic_get_connection(c);
+    level = ngx_quic_map_encryption_level(ssl_level);
 
     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic ngx_quic_add_handshake_data");
@@ -287,8 +315,8 @@ ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
 
 
 static int
-ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
-    uint8_t alert)
+ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
+    enum ssl_encryption_level_t ssl_level, uint8_t alert)
 {
     ngx_connection_t       *c;
     ngx_quic_connection_t  *qc;
@@ -296,8 +324,8 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
     c = ngx_ssl_get_connection(ssl_conn);
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic ngx_quic_send_alert() level:%s alert:%d",
-                   ngx_quic_level_name(level), (int) alert);
+                   "quic ngx_quic_send_alert() level:%d alert:%d",
+                   ssl_level, (int) alert);
 
     /* already closed on regular shutdown */
 
@@ -341,13 +369,13 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
     }
 
     if (last <= ctx->crypto.offset) {
-        if (pkt->level == ssl_encryption_initial) {
+        if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
             /* speeding up handshake completion */
 
             if (!ngx_queue_empty(&ctx->sent)) {
                 ngx_quic_resend_frames(c, ctx);
 
-                ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
+                ctx = ngx_quic_get_send_ctx(qc, NGX_QUIC_ENCRYPTION_HANDSHAKE);
                 while (!ngx_queue_empty(&ctx->sent)) {
                     ngx_quic_resend_frames(c, ctx);
                 }
@@ -436,7 +464,7 @@ ngx_quic_handshake(ngx_connection_t *c)
     }
 
     if (n <= 0 || SSL_in_init(ssl_conn)) {
-        if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
+        if (ngx_quic_keys_available(qc->keys, NGX_QUIC_ENCRYPTION_EARLY_DATA, 0)
             && qc->client_tp_done)
         {
             if (ngx_quic_init_streams(c) != NGX_OK) {
@@ -458,7 +486,7 @@ ngx_quic_handshake(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
     ngx_quic_queue_frame(qc, frame);
 
@@ -482,7 +510,7 @@ ngx_quic_handshake(ngx_connection_t *c)
      * An endpoint MUST discard its Handshake keys
      * when the TLS handshake is confirmed.
      */
-    ngx_quic_discard_ctx(c, ssl_encryption_handshake);
+    ngx_quic_discard_ctx(c, NGX_QUIC_ENCRYPTION_HANDSHAKE);
 
     ngx_quic_discover_path_mtu(c, qc->path);
 
@@ -501,15 +529,31 @@ ngx_quic_handshake(ngx_connection_t *c)
 
 static ngx_int_t
 ngx_quic_crypto_provide(ngx_connection_t *c, ngx_chain_t *out,
-    enum ssl_encryption_level_t level)
+    ngx_uint_t level)
 {
-    ngx_buf_t    *b;
-    ngx_chain_t  *cl;
+    ngx_buf_t                    *b;
+    ngx_chain_t                  *cl;
+    enum ssl_encryption_level_t   ssl_level;
+
+    switch (level) {
+    case NGX_QUIC_ENCRYPTION_INITIAL:
+        ssl_level = ssl_encryption_initial;
+        break;
+    case NGX_QUIC_ENCRYPTION_EARLY_DATA:
+        ssl_level = ssl_encryption_early_data;
+        break;
+    case NGX_QUIC_ENCRYPTION_HANDSHAKE:
+        ssl_level = ssl_encryption_handshake;
+        break;
+    default: /* NGX_QUIC_ENCRYPTION_APPLICATION */
+        ssl_level = ssl_encryption_application;
+        break;
+    }
 
     for (cl = out; cl; cl = cl->next) {
         b = cl->buf;
 
-        if (!SSL_provide_quic_data(c->ssl->connection, level, b->pos,
+        if (!SSL_provide_quic_data(c->ssl->connection, ssl_level, b->pos,
                                    b->last - b->pos))
         {
             ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,

diff --git a/src/event/quic/ngx_event_quic_streams.c b/src/event/quic/ngx_event_quic_streams.c
index a9a21f5785f17c85875dbf1d084d411138c86df6..18fffeabe4f76042c3dbf3673c0a1ed8d445009b 100644 (file)
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@@ -280,7 +280,7 @@ ngx_quic_do_reset_stream(ngx_quic_stream_t *qs, ngx_uint_t err)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_RESET_STREAM;
     frame->u.reset_stream.id = qs->id;
     frame->u.reset_stream.error_code = err;
@@ -367,7 +367,7 @@ ngx_quic_shutdown_stream_recv(ngx_connection_t *c)
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pc->log, 0,
                    "quic stream id:0x%xL recv shutdown", qs->id);
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_STOP_SENDING;
     frame->u.stop_sending.id = qs->id;
     frame->u.stop_sending.error_code = qc->conf->stream_close_code;
@@ -527,7 +527,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_RESET_STREAM;
     frame->u.reset_stream.id = id;
     frame->u.reset_stream.error_code = code;
@@ -540,7 +540,7 @@ ngx_quic_reject_stream(ngx_connection_t *c, uint64_t id)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_STOP_SENDING;
     frame->u.stop_sending.id = id;
     frame->u.stop_sending.error_code = code;
@@ -1062,7 +1062,7 @@ ngx_quic_stream_flush(ngx_quic_stream_t *qs)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_STREAM;
     frame->data = out;
 
@@ -1180,7 +1180,7 @@ ngx_quic_close_stream(ngx_quic_stream_t *qs)
             return NGX_ERROR;
         }
 
-        frame->level = ssl_encryption_application;
+        frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
         frame->type = NGX_QUIC_FT_MAX_STREAMS;
 
         if (qs->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) {
@@ -1771,7 +1771,7 @@ ngx_quic_update_max_stream_data(ngx_quic_stream_t *qs)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_MAX_STREAM_DATA;
     frame->u.max_stream_data.id = qs->id;
     frame->u.max_stream_data.limit = qs->recv_max_data;
@@ -1807,7 +1807,7 @@ ngx_quic_update_max_data(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
-    frame->level = ssl_encryption_application;
+    frame->level = NGX_QUIC_ENCRYPTION_APPLICATION;
     frame->type = NGX_QUIC_FT_MAX_DATA;
     frame->u.max_data.max_data = qc->streams.recv_max_data;
 

diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
index 0b3ef4b2ed43908e2af81fb700be94211df534f8..ba6211c33d43a1053aa90392db9ab92be4d9010b 100644 (file)
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -281,7 +281,7 @@ ngx_int_t
 ngx_quic_parse_packet(ngx_quic_header_t *pkt)
 {
     if (!ngx_quic_long_pkt(pkt->flags)) {
-        pkt->level = ssl_encryption_application;
+        pkt->level = NGX_QUIC_ENCRYPTION_APPLICATION;
 
         if (ngx_quic_parse_short_header(pkt, NGX_QUIC_SERVER_CID_LEN) != NGX_OK)
         {
@@ -468,13 +468,13 @@ ngx_quic_parse_long_header_v1(ngx_quic_header_t *pkt)
             return NGX_ERROR;
         }
 
-        pkt->level = ssl_encryption_initial;
+        pkt->level = NGX_QUIC_ENCRYPTION_INITIAL;
 
     } else if (ngx_quic_pkt_zrtt(pkt->flags)) {
-        pkt->level = ssl_encryption_early_data;
+        pkt->level = NGX_QUIC_ENCRYPTION_EARLY_DATA;
 
     } else if (ngx_quic_pkt_hs(pkt->flags)) {
-        pkt->level = ssl_encryption_handshake;
+        pkt->level = NGX_QUIC_ENCRYPTION_HANDSHAKE;
 
     } else {
         ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
@@ -593,7 +593,7 @@ ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len)
 
     /* flags, version, dcid and scid with lengths and zero-length token */
     len = 5 + 2 + pkt->dcid.len + pkt->scid.len
-          + (pkt->level == ssl_encryption_initial ? 1 : 0);
+          + (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
 
     if (len > pkt_len) {
         return 0;
@@ -632,7 +632,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
     if (out == NULL) {
         return 5 + 2 + pkt->dcid.len + pkt->scid.len
                + ngx_quic_varint_len(rem_len) + pkt->num_len
-               + (pkt->level == ssl_encryption_initial ? 1 : 0);
+               + (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL ? 1 : 0);
     }
 
     p = start = out;
@@ -647,7 +647,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
     *p++ = pkt->scid.len;
     p = ngx_cpymem(p, pkt->scid.data, pkt->scid.len);
 
-    if (pkt->level == ssl_encryption_initial) {
+    if (pkt->level == NGX_QUIC_ENCRYPTION_INITIAL) {
         ngx_quic_build_int(&p, 0);
     }
 

diff --git a/src/event/quic/ngx_event_quic_transport.h b/src/event/quic/ngx_event_quic_transport.h
index dcd763df1ff94494a8562cfe4196e4598611f791..656cb09fb55bf046d4a1dd5072c77db79abea404 100644 (file)
--- a/src/event/quic/ngx_event_quic_transport.h
+++ b/src/event/quic/ngx_event_quic_transport.h
@@ -47,9 +47,9 @@
     (ngx_quic_long_pkt(flags) ? 0x0F : 0x1F)
 
 #define ngx_quic_level_name(lvl)                                              \
-    (lvl == ssl_encryption_application) ? "app"                               \
-        : (lvl == ssl_encryption_initial) ? "init"                            \
-            : (lvl == ssl_encryption_handshake) ? "hs" : "early"
+    (lvl == NGX_QUIC_ENCRYPTION_APPLICATION) ? "app"                          \
+        : (lvl == NGX_QUIC_ENCRYPTION_INITIAL) ? "init"                       \
+            : (lvl == NGX_QUIC_ENCRYPTION_HANDSHAKE) ? "hs" : "early"
 
 #define NGX_QUIC_MAX_CID_LEN                             20
 #define NGX_QUIC_SERVER_CID_LEN                          NGX_QUIC_MAX_CID_LEN
@@ -262,7 +262,7 @@ typedef struct ngx_quic_frame_s                 ngx_quic_frame_t;
 
 struct ngx_quic_frame_s {
     ngx_uint_t                                  type;
-    enum ssl_encryption_level_t                 level;
+    ngx_uint_t                                  level;
     ngx_queue_t                                 queue;
     uint64_t                                    pnum;
     size_t                                      plen;
@@ -310,7 +310,7 @@ typedef struct {
     uint8_t                                     flags;
     uint32_t                                    version;
     ngx_str_t                                   token;
-    enum ssl_encryption_level_t                 level;
+    ngx_uint_t                                  level;
     ngx_uint_t                                  error;
 
     /* filled in by parser */