[gnurl] 33/151: ngtcp2: handle key updates as ngtcp2 master branch tells

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 33/151: ngtcp2: handle key updates as ngtcp2 master branch tells

From:	gnunet
Subject:	[gnurl] 33/151: ngtcp2: handle key updates as ngtcp2 master branch tells us
Date:	Fri, 20 Dec 2019 14:25:42 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit a72b6b9606d382e3c4b883484743735b3e2ed241
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Nov 18 10:34:26 2019 +0100

    ngtcp2: handle key updates as ngtcp2 master branch tells us
    
    Reviewed-by: Tatsuhiro Tsujikawa
    
    Fixes #4612
    Closes #4613
---
 lib/vquic/ngtcp2.c | 36 +++++++++++++++++++++++++++++++++---
 lib/vquic/ngtcp2.h |  3 +++
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 86151b8a2..b97c0c3d4 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -174,8 +174,19 @@ static int quic_set_encryption_secrets(SSL *ssl,
          tx_secret, secretlen, NGTCP2_CRYPTO_SIDE_CLIENT) != 0)
     return 0;
 
-  if(level == NGTCP2_CRYPTO_LEVEL_APP && init_ngh3_conn(qs) != CURLE_OK)
-    return 0;
+  if(level == NGTCP2_CRYPTO_LEVEL_APP) {
+    if(init_ngh3_conn(qs) != CURLE_OK)
+      return 0;
+
+    /* malloc an area big enough for both secrets */
+    qs->rx_secret = malloc(secretlen * 2);
+    if(!qs->rx_secret)
+      return 0;
+    memcpy(qs->rx_secret, rx_secret, secretlen);
+    memcpy(&qs->rx_secret[secretlen], tx_secret, secretlen);
+    qs->tx_secret = &qs->rx_secret[secretlen];
+    qs->rx_secretlen = secretlen;
+  }
 
   return 1;
 }
@@ -503,6 +514,25 @@ static int cb_get_new_connection_id(ngtcp2_conn *tconn, 
ngtcp2_cid *cid,
   return 0;
 }
 
+static int cb_update_key(ngtcp2_conn *tconn, uint8_t *rx_key,
+                         uint8_t *rx_iv, uint8_t *tx_key,
+                         uint8_t *tx_iv, void *user_data)
+{
+  struct quicsocket *qs = (struct quicsocket *)user_data;
+  uint8_t rx_secret[64];
+  uint8_t tx_secret[64];
+
+  if(ngtcp2_crypto_update_key(tconn, rx_secret, tx_secret,
+                              rx_key, rx_iv, tx_key, tx_iv, qs->rx_secret,
+                              qs->tx_secret, qs->rx_secretlen) != 0)
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+
+  /* store the updated secrets */
+  memcpy(qs->rx_secret, rx_secret, qs->rx_secretlen);
+  memcpy(qs->tx_secret, tx_secret, qs->rx_secretlen);
+  return 0;
+}
+
 static ngtcp2_conn_callbacks ng_callbacks = {
   cb_initial,
   NULL, /* recv_client_initial */
@@ -524,7 +554,7 @@ static ngtcp2_conn_callbacks ng_callbacks = {
   NULL, /* rand  */
   cb_get_new_connection_id,
   NULL, /* remove_connection_id */
-  NULL, /* update_key */
+  cb_update_key, /* update_key */
   NULL, /* path_validation */
   NULL, /* select_preferred_addr */
   cb_stream_reset,
diff --git a/lib/vquic/ngtcp2.h b/lib/vquic/ngtcp2.h
index 5570fc7e7..62eae4895 100644
--- a/lib/vquic/ngtcp2.h
+++ b/lib/vquic/ngtcp2.h
@@ -46,6 +46,9 @@ struct quicsocket {
   ngtcp2_settings settings;
   SSL_CTX *sslctx;
   SSL *ssl;
+  uint8_t *rx_secret; /* malloced */
+  uint8_t *tx_secret; /* points into the above buffer */
+  size_t rx_secretlen;
   struct quic_handshake client_crypto_data[3];
   /* the last TLS alert description generated by the local endpoint */
   uint8_t tls_alert;

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 08/151: RELEASE-NOTES: synced, (continued)
- [gnurl] 08/151: RELEASE-NOTES: synced, gnunet, 2019/12/20
- [gnurl] 24/151: curl: fix -T globbing, gnunet, 2019/12/20
- [gnurl] 20/151: CURL-DISABLE: initial docs for the CURL_DISABLE_* defines, gnunet, 2019/12/20
- [gnurl] 23/151: HISTORY: added cmake, HTTP/3 and parallel downloads with curl, gnunet, 2019/12/20
- [gnurl] 09/151: copyrights: fix copyright year range, gnunet, 2019/12/20
- [gnurl] 26/151: examples: add multi-poll.c, gnunet, 2019/12/20
- [gnurl] 14/151: TODO: curl_multi_unblock, gnunet, 2019/12/20
- [gnurl] 17/151: pause: avoid updating socket if done was already called, gnunet, 2019/12/20
- [gnurl] 25/151: multi_poll: avoid busy-loop when called without easy handles attached, gnunet, 2019/12/20
- [gnurl] 27/151: config-win32: cpu-machine-OS for Windows on ARM, gnunet, 2019/12/20
- [gnurl] 33/151: ngtcp2: handle key updates as ngtcp2 master branch tells us, gnunet <=
- [gnurl] 32/151: multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds, gnunet, 2019/12/20
- [gnurl] 29/151: doh: improced both encoding and decoding, gnunet, 2019/12/20
- [gnurl] 28/151: ngtcp2: increase QUIC window size when data is consumed, gnunet, 2019/12/20
- [gnurl] 34/151: ngtcp2: free used resources on disconnect, gnunet, 2019/12/20
- [gnurl] 45/151: openssl: Revert to less sensitivity for SYSCALL errors, gnunet, 2019/12/20
- [gnurl] 44/151: openssl: improve error message for SYSCALL during connect, gnunet, 2019/12/20
- [gnurl] 40/151: curl: add --parallel-immediate, gnunet, 2019/12/20
- [gnurl] 37/151: RELEASE-NOTES: synced, gnunet, 2019/12/20
- [gnurl] 42/151: include: make CURLE_HTTP3 use a new error code, gnunet, 2019/12/20
- [gnurl] 39/151: docs: fix typos, gnunet, 2019/12/20

Prev by Date: [gnurl] 27/151: config-win32: cpu-machine-OS for Windows on ARM
Next by Date: [gnurl] 32/151: multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds
Previous by thread: [gnurl] 27/151: config-win32: cpu-machine-OS for Windows on ARM
Next by thread: [gnurl] 32/151: multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds
Index(es):
- Date
- Thread