iv-org-mirror/litespeed-quic
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/litespeed-quic.git synced 2024-08-15 00:53:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix: must take xlct into account while determine_rtt (#248)

Browse source 
Co-authored-by: ivanfywang <ivanfywang@gmail.com>
This commit is contained in:
wangfuyu 2021-04-02 04:09:37 +08:00 committed by GitHub
parent eea998962a
commit ab69788e51
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/liblsquic/lsquic_handshake.c
View file

@ -120,6 +120,7 @@ enum enc_sess_history_event
ESHE_SNO_OK = 'f',
ESHE_MULTI2_2BITS = 'i',
ESHE_SNI_DELAYED = 'Y',
ESHE_XLCT_MISMATCH = 'x',
};
#endif
@ -155,6 +156,7 @@ typedef struct hs_ctx_st
uint32_t tcid;
uint32_t smhl;
uint64_t sttl;
uint64_t xlct;
unsigned char scid[SCID_LENGTH];
//unsigned char chlo_hash[32]; //SHA256 HASH of CHLO
unsigned char nonc[DNONC_LENGTH]; /* 4 tm, 8 orbit ---> REJ, 20 rand */
@ -1264,6 +1266,10 @@ static int parse_hs_data (struct lsquic_enc_session *enc_session, uint32_t tag,
ESHIST_APPEND(enc_session, ESHE_SET_SRST);
break;
case QTAG_XLCT:
hs_ctx->xlct = get_tag_value_i64(val, len);
break;
default:
LSQ_DEBUG("Ignored tag '%.*s'", 4, (char *)&tag);
break;
@ -1658,6 +1664,7 @@ determine_rtts (struct lsquic_enc_session *enc_session,
{
hs_ctx_t *const hs_ctx = &enc_session->hs_ctx;
enum hsk_failure_reason hfr;
uint64_t hash = 0;
if (!(hs_ctx->set & HSET_SCID))
{
@ -1694,6 +1701,20 @@ determine_rtts (struct lsquic_enc_session *enc_session,
goto fail_1rtt;
}
if (hs_ctx->xlct)
{
hash = lsquic_fnv1a_64((const uint8_t *)lsquic_str_buf(enc_session->cert_ptr),
lsquic_str_len(enc_session->cert_ptr));
if (hash != hs_ctx->xlct)
{
/* The expected leaf certificate hash could not be validated. */
hs_ctx->rrej = HFR_INVALID_EXPECTED_LEAF_CERTIFICATE;
ESHIST_APPEND(enc_session, ESHE_XLCT_MISMATCH);
goto fail_1rtt;
}
}
if (lsquic_str_len(&enc_session->ssno) > 0)
{
if (lsquic_str_len(&hs_ctx->sno) == 0)
@ -2333,9 +2354,6 @@ handle_chlo_frames_data(const uint8_t *data, int len,
}
rtt = determine_rtts(enc_session, ip, t);
ESHIST_APPEND(enc_session, ESHE_MULTI2_2BITS + rtt);
lsquic_str_setto(&enc_session->chlo, (const char *)data, len);
switch (get_sni_SSL_CTX(enc_session, cb, cb_ctx, local))
{
case GET_SNI_ERR:
@ -2346,6 +2364,9 @@ handle_chlo_frames_data(const uint8_t *data, int len,
break;
}
rtt = determine_rtts(enc_session, ip, t);
ESHIST_APPEND(enc_session, ESHE_MULTI2_2BITS + rtt);
lsquic_str_setto(&enc_session->chlo, (const char *)data, len);
LSQ_DEBUG("handle_chlo_frames_data return %d.", rtt);
return rtt;