Fix several thread safety issues

Fixes bug #128 and bug #167.
This commit is contained in:
Dmitri Tikhonov 2020-10-01 08:53:35 -04:00
parent 966c52fc78
commit 2f4629f27d
9 changed files with 125 additions and 100 deletions

View file

@ -166,18 +166,26 @@ static int
match_common_cert (lsquic_str_t * cert, lsquic_str_t * common_set_hashes, match_common_cert (lsquic_str_t * cert, lsquic_str_t * common_set_hashes,
uint64_t* out_hash, uint32_t* out_index); uint64_t* out_hash, uint32_t* out_index);
int
lsquic_crt_init (void)
{
unsigned i;
s_ccsbuf = lsquic_str_new(NULL, 0);
if (!s_ccsbuf)
return -1;
for (i=0 ;i<common_certs_num; ++i)
{
if (0 != lsquic_str_append(s_ccsbuf, (const char *)&common_cert_set[i].hash, 8))
return -1;
}
return 0;
}
lsquic_str_t * lsquic_str_t *
lsquic_get_common_certs_hash() lsquic_get_common_certs_hash()
{ {
int i;
if (s_ccsbuf == NULL)
{
s_ccsbuf = lsquic_str_new(NULL, 0);
for (i=0 ;i<common_certs_num; ++i)
{
lsquic_str_append(s_ccsbuf, (const char *)&common_cert_set[i].hash, 8);
}
}
return s_ccsbuf; return s_ccsbuf;
} }

View file

@ -34,6 +34,9 @@ typedef struct common_cert_st
uint64_t hash; uint64_t hash;
} common_cert_t; } common_cert_t;
int
lsquic_crt_init (void);
struct lsquic_str * lsquic_get_common_certs_hash(); struct lsquic_str * lsquic_get_common_certs_hash();

View file

@ -158,7 +158,7 @@ struct enc_session_funcs_gquic
/* Create server session */ /* Create server session */
enc_session_t * enc_session_t *
(*esf_create_server) (struct lsquic_conn *, (*esf_create_server) (struct lsquic_conn *,
lsquic_cid_t cid, const struct lsquic_engine_public *); lsquic_cid_t cid, struct lsquic_engine_public *);
/* out_len should have init value as the max length of out */ /* out_len should have init value as the max length of out */
enum handshake_error enum handshake_error
@ -216,7 +216,7 @@ struct enc_session_funcs_gquic
enc_session_t * enc_session_t *
(*esf_create_client) (struct lsquic_conn *, const char *domain, (*esf_create_client) (struct lsquic_conn *, const char *domain,
lsquic_cid_t cid, lsquic_cid_t cid,
const struct lsquic_engine_public *, struct lsquic_engine_public *,
const unsigned char *, size_t); const unsigned char *, size_t);
/* -1 error, 0, OK, response in `buf' */ /* -1 error, 0, OK, response in `buf' */

View file

@ -86,6 +86,7 @@
#include "lsquic_handshake.h" #include "lsquic_handshake.h"
#include "lsquic_crand.h" #include "lsquic_crand.h"
#include "lsquic_ietf.h" #include "lsquic_ietf.h"
#include "lsquic_handshake.h"
#define LSQUIC_LOGGER_MODULE LSQLM_ENGINE #define LSQUIC_LOGGER_MODULE LSQLM_ENGINE
#include "lsquic_logger.h" #include "lsquic_logger.h"
@ -667,6 +668,11 @@ lsquic_engine_new (unsigned flags,
return NULL; return NULL;
} }
} }
if ((flags & LSENG_SERVER) && 0 != lsquic_init_gquic_crypto(&engine->pub))
{
lsquic_engine_destroy(engine);
return NULL;
}
if (alpn_len) if (alpn_len)
{ {
@ -1502,6 +1508,8 @@ lsquic_engine_destroy (lsquic_engine_t *engine)
#endif #endif
if (engine->pub.enp_tokgen) if (engine->pub.enp_tokgen)
lsquic_tg_destroy(engine->pub.enp_tokgen); lsquic_tg_destroy(engine->pub.enp_tokgen);
if (engine->flags & LSENG_SERVER)
lsquic_cleanup_gquic_crypto(&engine->pub);
#if LSQUIC_CONN_STATS #if LSQUIC_CONN_STATS
if (engine->stats_fh) if (engine->stats_fh)
{ {

View file

@ -19,6 +19,7 @@ struct lsquic_stream_if;
struct ssl_ctx_st; struct ssl_ctx_st;
struct crand; struct crand;
struct evp_aead_ctx_st; struct evp_aead_ctx_st;
struct lsquic_server_config;
enum warning_type enum warning_type
{ {
@ -72,6 +73,11 @@ struct lsquic_engine_public {
/* es_noprogress_timeout converted to microseconds for speed */ /* es_noprogress_timeout converted to microseconds for speed */
lsquic_time_t enp_noprog_timeout; lsquic_time_t enp_noprog_timeout;
lsquic_time_t enp_mtu_probe_timer; lsquic_time_t enp_mtu_probe_timer;
/* Certs used by gQUIC server: */
struct lsquic_hash *enp_compressed_server_certs;
struct lsquic_hash *enp_server_certs;
/* gQUIC server configuration: */
struct lsquic_server_config *enp_server_config;
}; };
/* Put connection onto the Tickable Queue if it is not already on it. If /* Put connection onto the Tickable Queue if it is not already on it. If

View file

@ -275,7 +275,7 @@ struct lsquic_enc_session
c_cert_item_t *cert_item; c_cert_item_t *cert_item;
lsquic_server_config_t *server_config; lsquic_server_config_t *server_config;
SSL_CTX * ssl_ctx; SSL_CTX * ssl_ctx;
const struct lsquic_engine_public *enpub; struct lsquic_engine_public *enpub;
struct lsquic_str * cert_ptr; /* pointer to the leaf cert of the server, not real copy */ struct lsquic_str * cert_ptr; /* pointer to the leaf cert of the server, not real copy */
struct lsquic_str chlo; /* real copy of CHLO message */ struct lsquic_str chlo; /* real copy of CHLO message */
struct lsquic_str sstk; struct lsquic_str sstk;
@ -300,23 +300,6 @@ typedef struct compress_cert_hash_item_st
} compress_cert_hash_item_t; } compress_cert_hash_item_t;
/**
* server side, just for performance, will save the compressed certs buffer
*/
static struct lsquic_hash *s_compressed_server_certs;
/***
* Server side, it will store thr domain/cert [only the leaf cert]
*/
static struct lsquic_hash *s_server_certs;
/**
* server side, will save one copy of s_server_scfg, it will update once a day
* This global pointer is point to the value in the hashtable
* Better to be put in ShM
*/
static lsquic_server_config_t s_server_config;
/* server side, only one cert */ /* server side, only one cert */
typedef struct cert_item_st typedef struct cert_item_st
{ {
@ -326,12 +309,12 @@ typedef struct cert_item_st
} cert_item_t; } cert_item_t;
/* server */ /* server */
static cert_item_t* s_find_cert(const unsigned char *, size_t); static cert_item_t* find_cert(struct lsquic_engine_public *, const unsigned char *, size_t);
static void s_free_cert_hash_item(cert_item_t *item); static void s_free_cert_hash_item(cert_item_t *item);
static cert_item_t* s_insert_cert(const unsigned char *key, size_t key_sz, static cert_item_t* insert_cert(struct lsquic_engine_public *,
const struct lsquic_str *crt); const unsigned char *key, size_t key_sz, const struct lsquic_str *crt);
static compress_cert_hash_item_t* find_compress_certs(struct lsquic_str *domain); static compress_cert_hash_item_t* find_compress_certs(struct lsquic_engine_public *, struct lsquic_str *domain);
static compress_cert_hash_item_t *make_compress_cert_hash_item(struct lsquic_str *domain, struct lsquic_str *crts_compress_buf); static compress_cert_hash_item_t *make_compress_cert_hash_item(struct lsquic_str *domain, struct lsquic_str *crts_compress_buf);
#ifdef NDEBUG #ifdef NDEBUG
@ -350,7 +333,6 @@ static c_cert_item_t *make_c_cert_item(struct lsquic_str **certs, int count);
static void free_c_cert_item(c_cert_item_t *item); static void free_c_cert_item(c_cert_item_t *item);
static int get_tag_val_u32 (unsigned char *v, int len, uint32_t *val); static int get_tag_val_u32 (unsigned char *v, int len, uint32_t *val);
static int init_hs_hash_tables(int flags);
static uint32_t get_tag_value_i32(unsigned char *, int); static uint32_t get_tag_value_i32(unsigned char *, int);
static uint64_t get_tag_value_i64(unsigned char *, int); static uint64_t get_tag_value_i64(unsigned char *, int);
@ -376,60 +358,66 @@ static int
lsquic_handshake_init(int flags) lsquic_handshake_init(int flags)
{ {
lsquic_crypto_init(); lsquic_crypto_init();
return init_hs_hash_tables(flags); return lsquic_crt_init();
} }
static void void
cleanup_hs_hash_tables (void) lsquic_cleanup_gquic_crypto (struct lsquic_engine_public *enpub)
{ {
struct lsquic_hash_elem *el; struct lsquic_hash_elem *el;
if (s_compressed_server_certs) if (enpub->enp_compressed_server_certs)
{ {
for (el = lsquic_hash_first(s_compressed_server_certs); el; for (el = lsquic_hash_first(enpub->enp_compressed_server_certs); el;
el = lsquic_hash_next(s_compressed_server_certs)) el = lsquic_hash_next(enpub->enp_compressed_server_certs))
{ {
compress_cert_hash_item_t *item = lsquic_hashelem_getdata(el); compress_cert_hash_item_t *item = lsquic_hashelem_getdata(el);
lsquic_str_delete(item->domain); lsquic_str_delete(item->domain);
lsquic_str_delete(item->crts_compress_buf); lsquic_str_delete(item->crts_compress_buf);
free(item); free(item);
} }
lsquic_hash_destroy(s_compressed_server_certs); lsquic_hash_destroy(enpub->enp_compressed_server_certs);
s_compressed_server_certs = NULL; enpub->enp_compressed_server_certs = NULL;
} }
if (s_server_certs) if (enpub->enp_server_certs)
{ {
for (el = lsquic_hash_first(s_server_certs); el; for (el = lsquic_hash_first(enpub->enp_server_certs); el;
el = lsquic_hash_next(s_server_certs)) el = lsquic_hash_next(enpub->enp_server_certs))
{ {
s_free_cert_hash_item( lsquic_hashelem_getdata(el) ); s_free_cert_hash_item( lsquic_hashelem_getdata(el) );
} }
lsquic_hash_destroy(s_server_certs); lsquic_hash_destroy(enpub->enp_server_certs);
s_server_certs = NULL; enpub->enp_server_certs = NULL;
} }
free(enpub->enp_server_config);
} }
static void static void
lsquic_handshake_cleanup (void) lsquic_handshake_cleanup (void)
{ {
cleanup_hs_hash_tables();
lsquic_crt_cleanup(); lsquic_crt_cleanup();
} }
/* return -1 for fail, 0 OK*/ int
static int init_hs_hash_tables(int flags) lsquic_init_gquic_crypto (struct lsquic_engine_public *enpub)
{ {
if (flags & LSQUIC_GLOBAL_SERVER) enpub->enp_server_config = calloc(1, sizeof(*enpub->enp_server_config));
{ if (!enpub->enp_server_config)
s_compressed_server_certs = lsquic_hash_create();
if (!s_compressed_server_certs)
return -1; return -1;
s_server_certs = lsquic_hash_create(); enpub->enp_compressed_server_certs = lsquic_hash_create();
if (!s_server_certs) if (!enpub->enp_compressed_server_certs)
return -1;
enpub->enp_server_certs = lsquic_hash_create();
if (!enpub->enp_server_certs)
{
lsquic_hash_destroy(enpub->enp_compressed_server_certs);
enpub->enp_compressed_server_certs = NULL;
return -1; return -1;
} }
@ -439,14 +427,15 @@ static int init_hs_hash_tables(int flags)
/* server */ /* server */
static cert_item_t * static cert_item_t *
s_find_cert (const unsigned char *key, size_t key_sz) find_cert (struct lsquic_engine_public *enpub, const unsigned char *key,
size_t key_sz)
{ {
struct lsquic_hash_elem *el; struct lsquic_hash_elem *el;
if (!s_server_certs) if (!enpub->enp_server_certs)
return NULL; return NULL;
el = lsquic_hash_find(s_server_certs, key, key_sz); el = lsquic_hash_find(enpub->enp_server_certs, key, key_sz);
if (el == NULL) if (el == NULL)
return NULL; return NULL;
@ -505,7 +494,8 @@ s_free_cert_hash_item (cert_item_t *item)
/* server */ /* server */
static cert_item_t * static cert_item_t *
s_insert_cert (const unsigned char *key, size_t key_sz, const lsquic_str_t *crt) insert_cert (struct lsquic_engine_public *enpub, const unsigned char *key,
size_t key_sz, const lsquic_str_t *crt)
{ {
struct lsquic_hash_elem *el; struct lsquic_hash_elem *el;
lsquic_str_t *crt_copy; lsquic_str_t *crt_copy;
@ -524,7 +514,7 @@ s_insert_cert (const unsigned char *key, size_t key_sz, const lsquic_str_t *crt)
item->crt = crt_copy; item->crt = crt_copy;
memcpy(item->key, key, key_sz); memcpy(item->key, key, key_sz);
el = lsquic_hash_insert(s_server_certs, item->key, key_sz, el = lsquic_hash_insert(enpub->enp_server_certs, item->key, key_sz,
item, &item->hash_el); item, &item->hash_el);
if (el) if (el)
return lsquic_hashelem_getdata(el); return lsquic_hashelem_getdata(el);
@ -538,15 +528,15 @@ s_insert_cert (const unsigned char *key, size_t key_sz, const lsquic_str_t *crt)
/* server */ /* server */
static compress_cert_hash_item_t * static compress_cert_hash_item_t *
find_compress_certs(lsquic_str_t *domain) find_compress_certs (struct lsquic_engine_public *enpub, lsquic_str_t *domain)
{ {
struct lsquic_hash_elem *el; struct lsquic_hash_elem *el;
if (!s_compressed_server_certs) if (!enpub->enp_compressed_server_certs)
return NULL; return NULL;
el = lsquic_hash_find(s_compressed_server_certs, lsquic_str_cstr(domain), el = lsquic_hash_find(enpub->enp_compressed_server_certs,
lsquic_str_len(domain)); lsquic_str_cstr(domain), lsquic_str_len(domain));
if (el == NULL) if (el == NULL)
return NULL; return NULL;
@ -568,9 +558,11 @@ make_compress_cert_hash_item(lsquic_str_t *domain, lsquic_str_t *crts_compress_b
/* server */ /* server */
static int insert_compress_certs(compress_cert_hash_item_t *item) static int
insert_compress_certs (struct lsquic_engine_public *enpub,
compress_cert_hash_item_t *item)
{ {
if (lsquic_hash_insert(s_compressed_server_certs, if (lsquic_hash_insert(enpub->enp_compressed_server_certs,
lsquic_str_cstr(item->domain), lsquic_str_cstr(item->domain),
lsquic_str_len(item->domain), item, &item->hash_el) == NULL) lsquic_str_len(item->domain), item, &item->hash_el) == NULL)
{ {
@ -823,7 +815,7 @@ maybe_log_secrets (struct lsquic_enc_session *enc_session)
static enc_session_t * static enc_session_t *
lsquic_enc_session_create_client (struct lsquic_conn *lconn, const char *domain, lsquic_enc_session_create_client (struct lsquic_conn *lconn, const char *domain,
lsquic_cid_t cid, const struct lsquic_engine_public *enpub, lsquic_cid_t cid, struct lsquic_engine_public *enpub,
const unsigned char *sess_resume, size_t sess_resume_len) const unsigned char *sess_resume, size_t sess_resume_len)
{ {
lsquic_session_cache_info_t *info; lsquic_session_cache_info_t *info;
@ -901,7 +893,7 @@ lsquic_enc_session_create_client (struct lsquic_conn *lconn, const char *domain,
/* Server side: Session_cache_entry can be saved for 0rtt */ /* Server side: Session_cache_entry can be saved for 0rtt */
static enc_session_t * static enc_session_t *
lsquic_enc_session_create_server (struct lsquic_conn *lconn, lsquic_cid_t cid, lsquic_enc_session_create_server (struct lsquic_conn *lconn, lsquic_cid_t cid,
const struct lsquic_engine_public *enpub) struct lsquic_engine_public *enpub)
{ {
fiu_return_on("handshake/new_enc_session", NULL); fiu_return_on("handshake/new_enc_session", NULL);
@ -1792,23 +1784,23 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
unsigned msg_len, server_config_sz; unsigned msg_len, server_config_sz;
struct message_writer mw; struct message_writer mw;
if (s_server_config.lsc_scfg && (s_server_config.lsc_scfg->info.expy > (uint64_t)t)) if (enc_session->enpub->enp_server_config->lsc_scfg && (enc_session->enpub->enp_server_config->lsc_scfg->info.expy > (uint64_t)t))
return &s_server_config; return enc_session->enpub->enp_server_config;
ret = shi->shi_lookup(shi_ctx, SERVER_SCFG_KEY, SERVER_SCFG_KEY_SIZE, ret = shi->shi_lookup(shi_ctx, SERVER_SCFG_KEY, SERVER_SCFG_KEY_SIZE,
&scfg_ptr, &real_len); &scfg_ptr, &real_len);
if (ret == 1) if (ret == 1)
{ {
if (config_has_correct_size(enc_session, scfg_ptr, real_len) && if (config_has_correct_size(enc_session, scfg_ptr, real_len) &&
(s_server_config.lsc_scfg = scfg_ptr, (enc_session->enpub->enp_server_config->lsc_scfg = scfg_ptr,
s_server_config.lsc_scfg->info.expy > (uint64_t)t)) enc_session->enpub->enp_server_config->lsc_scfg->info.expy > (uint64_t)t))
{ {
/* Why need to init here, because this memory may be read from SHM, /* Why need to init here, because this memory may be read from SHM,
* the struct is ready but AEAD_CTX is not ready. * the struct is ready but AEAD_CTX is not ready.
**/ **/
EVP_AEAD_CTX_init(&s_server_config.lsc_stk_ctx, EVP_aead_aes_128_gcm(), EVP_AEAD_CTX_init(&enc_session->enpub->enp_server_config->lsc_stk_ctx, EVP_aead_aes_128_gcm(),
s_server_config.lsc_scfg->info.skt_key, 16, 12, NULL); enc_session->enpub->enp_server_config->lsc_scfg->info.skt_key, 16, 12, NULL);
return &s_server_config; return enc_session->enpub->enp_server_config;
} }
else else
{ {
@ -1826,12 +1818,12 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
MSG_LEN_ADD(msg_len, sizeof(temp_scfg->orbt)); MSG_LEN_ADD(msg_len, sizeof(temp_scfg->orbt));
MSG_LEN_ADD(msg_len, sizeof(temp_scfg->expy)); MSG_LEN_ADD(msg_len, sizeof(temp_scfg->expy));
server_config_sz = sizeof(*s_server_config.lsc_scfg) + MSG_LEN_VAL(msg_len); server_config_sz = sizeof(*enc_session->enpub->enp_server_config->lsc_scfg) + MSG_LEN_VAL(msg_len);
s_server_config.lsc_scfg = malloc(server_config_sz); enc_session->enpub->enp_server_config->lsc_scfg = malloc(server_config_sz);
if (!s_server_config.lsc_scfg) if (!enc_session->enpub->enp_server_config->lsc_scfg)
return NULL; return NULL;
temp_scfg = &s_server_config.lsc_scfg->info; temp_scfg = &enc_session->enpub->enp_server_config->lsc_scfg->info;
RAND_bytes(temp_scfg->skt_key, sizeof(temp_scfg->skt_key)); RAND_bytes(temp_scfg->skt_key, sizeof(temp_scfg->skt_key));
RAND_bytes(temp_scfg->sscid, sizeof(temp_scfg->sscid)); RAND_bytes(temp_scfg->sscid, sizeof(temp_scfg->sscid));
RAND_bytes(temp_scfg->priv_key, sizeof(temp_scfg->priv_key)); RAND_bytes(temp_scfg->priv_key, sizeof(temp_scfg->priv_key));
@ -1842,7 +1834,7 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
temp_scfg->orbt = 0; temp_scfg->orbt = 0;
temp_scfg->expy = t + settings->es_sttl; temp_scfg->expy = t + settings->es_sttl;
MW_BEGIN(&mw, QTAG_SCFG, 8, s_server_config.lsc_scfg->scfg); MW_BEGIN(&mw, QTAG_SCFG, 8, enc_session->enpub->enp_server_config->lsc_scfg->scfg);
MW_WRITE_BUFFER(&mw, QTAG_VER, enpub->enp_ver_tags_buf, MW_WRITE_BUFFER(&mw, QTAG_VER, enpub->enp_ver_tags_buf,
enpub->enp_ver_tags_len); enpub->enp_ver_tags_len);
MW_WRITE_UINT32(&mw, QTAG_AEAD, temp_scfg->aead); MW_WRITE_UINT32(&mw, QTAG_AEAD, temp_scfg->aead);
@ -1853,7 +1845,7 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
MW_WRITE_UINT64(&mw, QTAG_ORBT, temp_scfg->orbt); MW_WRITE_UINT64(&mw, QTAG_ORBT, temp_scfg->orbt);
MW_WRITE_UINT64(&mw, QTAG_EXPY, temp_scfg->expy); MW_WRITE_UINT64(&mw, QTAG_EXPY, temp_scfg->expy);
MW_END(&mw); MW_END(&mw);
assert(MW_P(&mw) == s_server_config.lsc_scfg->scfg + MSG_LEN_VAL(msg_len)); assert(MW_P(&mw) == enc_session->enpub->enp_server_config->lsc_scfg->scfg + MSG_LEN_VAL(msg_len));
temp_scfg->scfg_len = MSG_LEN_VAL(msg_len); temp_scfg->scfg_len = MSG_LEN_VAL(msg_len);
@ -1863,17 +1855,17 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
// shi->shi_delete(shi_ctx, SERVER_SCFG_KEY, SERVER_SCFG_KEY_SIZE); // shi->shi_delete(shi_ctx, SERVER_SCFG_KEY, SERVER_SCFG_KEY_SIZE);
void *scfg_key = strdup(SERVER_SCFG_KEY); void *scfg_key = strdup(SERVER_SCFG_KEY);
shi->shi_insert(shi_ctx, scfg_key, SERVER_SCFG_KEY_SIZE, shi->shi_insert(shi_ctx, scfg_key, SERVER_SCFG_KEY_SIZE,
s_server_config.lsc_scfg, server_config_sz, t + settings->es_sttl); enc_session->enpub->enp_server_config->lsc_scfg, server_config_sz, t + settings->es_sttl);
ret = shi->shi_lookup(shi_ctx, scfg_key, SERVER_SCFG_KEY_SIZE, ret = shi->shi_lookup(shi_ctx, scfg_key, SERVER_SCFG_KEY_SIZE,
&scfg_ptr, &real_len); &scfg_ptr, &real_len);
if (ret == 1) if (ret == 1)
{ {
tmp_scfg_copy = scfg_ptr; tmp_scfg_copy = scfg_ptr;
if (tmp_scfg_copy != s_server_config.lsc_scfg) if (tmp_scfg_copy != enc_session->enpub->enp_server_config->lsc_scfg)
{ {
free(s_server_config.lsc_scfg); free(enc_session->enpub->enp_server_config->lsc_scfg);
s_server_config.lsc_scfg = tmp_scfg_copy; enc_session->enpub->enp_server_config->lsc_scfg = tmp_scfg_copy;
} }
} }
else else
@ -1882,12 +1874,12 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
LSQ_DEBUG("get_valid_scfg got an shi internal error.\n"); LSQ_DEBUG("get_valid_scfg got an shi internal error.\n");
} }
ret = EVP_AEAD_CTX_init(&s_server_config.lsc_stk_ctx, EVP_aead_aes_128_gcm(), ret = EVP_AEAD_CTX_init(&enc_session->enpub->enp_server_config->lsc_stk_ctx, EVP_aead_aes_128_gcm(),
s_server_config.lsc_scfg->info.skt_key, enc_session->enpub->enp_server_config->lsc_scfg->info.skt_key,
sizeof(s_server_config.lsc_scfg->info.skt_key), 12, NULL); sizeof(enc_session->enpub->enp_server_config->lsc_scfg->info.skt_key), 12, NULL);
LSQ_DEBUG("get_valid_scfg::EVP_AEAD_CTX_init return %d.", ret); LSQ_DEBUG("get_valid_scfg::EVP_AEAD_CTX_init return %d.", ret);
return &s_server_config; return enc_session->enpub->enp_server_config;
} }
@ -1932,8 +1924,8 @@ generate_crt (struct lsquic_enc_session *enc_session, int common_case)
if (common_case) if (common_case)
{ {
if (0 != insert_compress_certs(make_compress_cert_hash_item( if (0 != insert_compress_certs(enc_session->enpub,
&hs_ctx->sni, &hs_ctx->crt))) make_compress_cert_hash_item(&hs_ctx->sni, &hs_ctx->crt)))
goto cleanup; goto cleanup;
} }
@ -1982,7 +1974,7 @@ gen_rej1_data (struct lsquic_enc_session *enc_session, uint8_t *data,
common_case = lsquic_str_len(&hs_ctx->ccrt) == 0 common_case = lsquic_str_len(&hs_ctx->ccrt) == 0
&& lsquic_str_bcmp(&hs_ctx->ccs, lsquic_get_common_certs_hash()) == 0; && lsquic_str_bcmp(&hs_ctx->ccs, lsquic_get_common_certs_hash()) == 0;
if (common_case) if (common_case)
compress_certs_item = find_compress_certs(&hs_ctx->sni); compress_certs_item = find_compress_certs(enc_session->enpub, &hs_ctx->sni);
else else
compress_certs_item = NULL; compress_certs_item = NULL;
@ -2219,7 +2211,7 @@ get_sni_SSL_CTX(struct lsquic_enc_session *enc_session, lsquic_lookup_cert_f cb,
key_sz = gen_iasn_key(crt, key, sizeof(key)); key_sz = gen_iasn_key(crt, key, sizeof(key));
if (key_sz) if (key_sz)
{ {
item = s_find_cert(key, key_sz); item = find_cert(enc_session->enpub, key, key_sz);
if (item) if (item)
LSQ_DEBUG("found cert in cache"); LSQ_DEBUG("found cert in cache");
else else
@ -2229,7 +2221,7 @@ get_sni_SSL_CTX(struct lsquic_enc_session *enc_session, lsquic_lookup_cert_f cb,
if (len < 0) if (len < 0)
return GET_SNI_ERR; return GET_SNI_ERR;
lsquic_str_set(&crtstr, (char *) out, len); lsquic_str_set(&crtstr, (char *) out, len);
item = s_insert_cert(key, key_sz, &crtstr); item = insert_cert(enc_session->enpub, key, key_sz, &crtstr);
if (item) if (item)
{ {
OPENSSL_free(out); OPENSSL_free(out);

View file

@ -13,6 +13,7 @@ struct lsquic_str;
struct lsquic_packet_in; struct lsquic_packet_in;
struct lsquic_cid; struct lsquic_cid;
struct lsquic_enc_session; struct lsquic_enc_session;
struct lsquic_engine_public;
/* client side, certs and hashs /* client side, certs and hashs
*/ */
@ -113,4 +114,10 @@ enum hsk_failure_reason
enum lsquic_version enum lsquic_version
lsquic_sess_resume_version (const unsigned char *, size_t); lsquic_sess_resume_version (const unsigned char *, size_t);
int
lsquic_init_gquic_crypto (struct lsquic_engine_public *enpub);
void
lsquic_cleanup_gquic_crypto (struct lsquic_engine_public *enpub);
#endif #endif

View file

@ -49,7 +49,7 @@ lsquic_str_setto (lsquic_str_t *lstr, const void *str, size_t len)
} }
void int
lsquic_str_append (lsquic_str_t *lstr, const char *str, size_t len) lsquic_str_append (lsquic_str_t *lstr, const char *str, size_t len)
{ {
size_t newlen; size_t newlen;
@ -58,12 +58,13 @@ lsquic_str_append (lsquic_str_t *lstr, const char *str, size_t len)
newlen = lstr->len + len; newlen = lstr->len + len;
newstr = realloc(lstr->str, newlen + 1); newstr = realloc(lstr->str, newlen + 1);
if (!newstr) if (!newstr)
return; return -1;
memcpy(newstr + lstr->len, str, len); memcpy(newstr + lstr->len, str, len);
newstr[newlen] = '\0'; newstr[newlen] = '\0';
lstr->str = newstr; lstr->str = newstr;
lstr->len = newlen; lstr->len = newlen;
return 0;
} }

View file

@ -28,7 +28,7 @@ lsquic_str_new (const char *, size_t);
void void
lsquic_str_setto (lsquic_str_t *, const void *, size_t); lsquic_str_setto (lsquic_str_t *, const void *, size_t);
void int
lsquic_str_append (lsquic_str_t *, const char *, size_t); lsquic_str_append (lsquic_str_t *, const char *, size_t);
void void