diff options
| -rw-r--r-- | src/event/ngx_event_quic.c | 24 | ||||
| -rw-r--r-- | src/event/ngx_event_quic.h | 2 | ||||
| -rw-r--r-- | src/event/ngx_event_quic_transport.c | 16 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_quic_module.c | 13 | ||||
| -rw-r--r-- | src/stream/ngx_stream_quic_module.c | 13 |
5 files changed, 41 insertions, 27 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index 099f8778e..97ffd96c4 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -1133,10 +1133,6 @@ ngx_quic_send_stateless_reset(ngx_connection_t *c, ngx_quic_conf_t *conf, ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic handle stateless reset output"); - if (conf->sr_token_key.len == 0) { - return NGX_DECLINED; - } - if (pkt->len <= NGX_QUIC_MIN_PKT_LEN) { return NGX_DECLINED; } @@ -1573,20 +1569,16 @@ ngx_quic_init_connection(ngx_connection_t *c) } #endif - if (qc->conf->sr_token_key.len) { - qc->tp.sr_enabled = 1; - - if (ngx_quic_new_sr_token(c, &qc->dcid, &qc->conf->sr_token_key, - qc->tp.sr_token) - != NGX_OK) - { - return NGX_ERROR; - } - - ngx_quic_hexdump(c->log, "quic stateless reset token", - qc->tp.sr_token, (size_t) NGX_QUIC_SR_TOKEN_LEN); + if (ngx_quic_new_sr_token(c, &qc->dcid, &qc->conf->sr_token_key, + qc->tp.sr_token) + != NGX_OK) + { + return NGX_ERROR; } + ngx_quic_hexdump(c->log, "quic stateless reset token", + qc->tp.sr_token, (size_t) NGX_QUIC_SR_TOKEN_LEN); + len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); /* always succeeds */ diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h index 51b6491f1..db24b6642 100644 --- a/src/event/ngx_event_quic.h +++ b/src/event/ngx_event_quic.h @@ -27,6 +27,7 @@ #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 +#define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32 #define NGX_QUIC_RETRY_TIMEOUT 3000 #define NGX_QUIC_RETRY_LIFETIME 30000 @@ -82,7 +83,6 @@ typedef struct { ngx_str_t initial_scid; ngx_str_t retry_scid; u_char sr_token[NGX_QUIC_SR_TOKEN_LEN]; - ngx_uint_t sr_enabled; /* TODO */ void *preferred_address; diff --git a/src/event/ngx_event_quic_transport.c b/src/event/ngx_event_quic_transport.c index 626da6c9e..756b679e5 100644 --- a/src/event/ngx_event_quic_transport.c +++ b/src/event/ngx_event_quic_transport.c @@ -1883,11 +1883,9 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp, } #endif - if (tp->sr_enabled) { - len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN); - len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN); - len += NGX_QUIC_SR_TOKEN_LEN; - } + len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN); + len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN); + len += NGX_QUIC_SR_TOKEN_LEN; if (pos == NULL) { return len; @@ -1935,11 +1933,9 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp, } #endif - if (tp->sr_enabled) { - ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN); - ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN); - p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN); - } + ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN); + ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN); + p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN); return p - pos; } diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c index 515d6c953..ff79cdc8d 100644 --- a/src/http/modules/ngx_http_quic_module.c +++ b/src/http/modules/ngx_http_quic_module.c @@ -317,6 +317,19 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); + if (conf->sr_token_key.len == 0) { + conf->sr_token_key.len = NGX_QUIC_DEFAULT_SRT_KEY_LEN; + + conf->sr_token_key.data = ngx_pnalloc(cf->pool, conf->sr_token_key.len); + if (conf->sr_token_key.data == NULL) { + return NGX_CONF_ERROR; + } + + if (RAND_bytes(conf->sr_token_key.data, conf->sr_token_key.len) <= 0) { + return NGX_CONF_ERROR; + } + } + sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module); conf->ssl = &sscf->ssl; diff --git a/src/stream/ngx_stream_quic_module.c b/src/stream/ngx_stream_quic_module.c index 4ddf5c90a..eaaaba89a 100644 --- a/src/stream/ngx_stream_quic_module.c +++ b/src/stream/ngx_stream_quic_module.c @@ -313,6 +313,19 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); + if (conf->sr_token_key.len == 0) { + conf->sr_token_key.len = NGX_QUIC_DEFAULT_SRT_KEY_LEN; + + conf->sr_token_key.data = ngx_pnalloc(cf->pool, conf->sr_token_key.len); + if (conf->sr_token_key.data == NULL) { + return NGX_CONF_ERROR; + } + + if (RAND_bytes(conf->sr_token_key.data, conf->sr_token_key.len) <= 0) { + return NGX_CONF_ERROR; + } + } + scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module); conf->ssl = &scf->ssl; |