ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic handle stateless reset output");
- if (conf->sr_token_key.len == 0) {
- return NGX_DECLINED;
- }
-
if (pkt->len <= NGX_QUIC_MIN_PKT_LEN) {
return NGX_DECLINED;
}
}
#endif
- if (qc->conf->sr_token_key.len) {
- qc->tp.sr_enabled = 1;
-
- if (ngx_quic_new_sr_token(c, &qc->dcid, &qc->conf->sr_token_key,
- qc->tp.sr_token)
- != NGX_OK)
- {
- return NGX_ERROR;
- }
-
- ngx_quic_hexdump(c->log, "quic stateless reset token",
- qc->tp.sr_token, (size_t) NGX_QUIC_SR_TOKEN_LEN);
+ if (ngx_quic_new_sr_token(c, &qc->dcid, &qc->conf->sr_token_key,
+ qc->tp.sr_token)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
}
+ ngx_quic_hexdump(c->log, "quic stateless reset token",
+ qc->tp.sr_token, (size_t) NGX_QUIC_SR_TOKEN_LEN);
+
len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
/* always succeeds */
#define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
#define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25
+#define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32
#define NGX_QUIC_RETRY_TIMEOUT 3000
#define NGX_QUIC_RETRY_LIFETIME 30000
ngx_str_t initial_scid;
ngx_str_t retry_scid;
u_char sr_token[NGX_QUIC_SR_TOKEN_LEN];
- ngx_uint_t sr_enabled;
/* TODO */
void *preferred_address;
}
#endif
- if (tp->sr_enabled) {
- len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN);
- len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN);
- len += NGX_QUIC_SR_TOKEN_LEN;
- }
+ len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN);
+ len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN);
+ len += NGX_QUIC_SR_TOKEN_LEN;
if (pos == NULL) {
return len;
}
#endif
- if (tp->sr_enabled) {
- ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN);
- ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN);
- p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN);
- }
+ ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN);
+ ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN);
+ p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN);
return p - pos;
}
ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
+ if (conf->sr_token_key.len == 0) {
+ conf->sr_token_key.len = NGX_QUIC_DEFAULT_SRT_KEY_LEN;
+
+ conf->sr_token_key.data = ngx_pnalloc(cf->pool, conf->sr_token_key.len);
+ if (conf->sr_token_key.data == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (RAND_bytes(conf->sr_token_key.data, conf->sr_token_key.len) <= 0) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module);
conf->ssl = &sscf->ssl;
ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
+ if (conf->sr_token_key.len == 0) {
+ conf->sr_token_key.len = NGX_QUIC_DEFAULT_SRT_KEY_LEN;
+
+ conf->sr_token_key.data = ngx_pnalloc(cf->pool, conf->sr_token_key.len);
+ if (conf->sr_token_key.data == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (RAND_bytes(conf->sr_token_key.data, conf->sr_token_key.len) <= 0) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module);
conf->ssl = &scf->ssl;