details:
https://github.com/nginx/nginx/commit/9857578f15352ec248813f5b3e58ca55dc82f967
branches: master
commit: 9857578f15352ec248813f5b3e58ca55dc82f967
user: Sergey Kandaurov <pluk...@nginx.com>
date: Wed, 21 May 2025 20:32:48 +0400
description:
QUIC: factored out SSL_provide_quic_data() to the helper function.
It is now called from ngx_quic_handle_crypto_frame(), prior to proceeding
with the handshake. With this logic removed, the handshake function is
renamed to ngx_quic_handshake() to better match ngx_ssl_handshake().
---
src/event/quic/ngx_event_quic_ssl.c | 53 +++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 17 deletions(-)
diff --git a/src/event/quic/ngx_event_quic_ssl.c
b/src/event/quic/ngx_event_quic_ssl.c
index 1bb34831c..c9ebd70bc 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -36,7 +36,8 @@ static int ngx_quic_add_handshake_data(ngx_ssl_conn_t
*ssl_conn,
static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
enum ssl_encryption_level_t level, uint8_t alert);
-static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
+static ngx_int_t ngx_quic_handshake(ngx_connection_t *c);
+static ngx_int_t ngx_quic_crypto_provide(ngx_connection_t *c, ngx_chain_t *out,
enum ssl_encryption_level_t level);
@@ -357,7 +358,11 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c,
ngx_quic_header_t *pkt,
}
if (f->offset == ctx->crypto.offset) {
- if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) {
+ if (ngx_quic_crypto_provide(c, frame->data, pkt->level) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_quic_handshake(c) != NGX_OK) {
return NGX_ERROR;
}
@@ -375,7 +380,11 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c,
ngx_quic_header_t *pkt,
cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);
if (cl) {
- if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) {
+ if (ngx_quic_crypto_provide(c, cl, pkt->level) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_quic_handshake(c) != NGX_OK) {
return NGX_ERROR;
}
@@ -387,12 +396,9 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c,
ngx_quic_header_t *pkt,
static ngx_int_t
-ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
- enum ssl_encryption_level_t level)
+ngx_quic_handshake(ngx_connection_t *c)
{
int n, sslerr;
- ngx_buf_t *b;
- ngx_chain_t *cl;
ngx_ssl_conn_t *ssl_conn;
ngx_quic_frame_t *frame;
ngx_quic_connection_t *qc;
@@ -401,16 +407,6 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t
*data,
ssl_conn = c->ssl->connection;
- for (cl = data; cl; cl = cl->next) {
- b = cl->buf;
-
- if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos))
{
- ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
- "SSL_provide_quic_data() failed");
- return NGX_ERROR;
- }
- }
-
n = SSL_do_handshake(ssl_conn);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
@@ -503,6 +499,29 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t
*data,
}
+static ngx_int_t
+ngx_quic_crypto_provide(ngx_connection_t *c, ngx_chain_t *out,
+ enum ssl_encryption_level_t level)
+{
+ ngx_buf_t *b;
+ ngx_chain_t *cl;
+
+ for (cl = out; cl; cl = cl->next) {
+ b = cl->buf;
+
+ if (!SSL_provide_quic_data(c->ssl->connection, level, b->pos,
+ b->last - b->pos))
+ {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "SSL_provide_quic_data() failed");
+ return NGX_ERROR;
+ }
+ }
+
+ return NGX_OK;
+}
+
+
ngx_int_t
ngx_quic_init_connection(ngx_connection_t *c)
{
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
