diff --git a/src/tls/babassl/xqc_ssl_if_impl.c b/src/tls/babassl/xqc_ssl_if_impl.c index 0fd24816..d4959b89 100644 --- a/src/tls/babassl/xqc_ssl_if_impl.c +++ b/src/tls/babassl/xqc_ssl_if_impl.c @@ -6,6 +6,7 @@ #include #include "src/tls/xqc_ssl_if.h" #include "src/tls/xqc_tls_common.h" +#include "src/transport/xqc_conn.h" void @@ -114,9 +115,22 @@ xqc_ssl_session_is_early_data_enabled(SSL_SESSION *session) xqc_ssl_handshake_res_t -xqc_ssl_do_handshake(SSL *ssl) +xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log) { int rv = SSL_do_handshake(ssl); + + xqc_log(log, XQC_LOG_DEBUG, "|ssl_do_handshake|SSL_quic_read_level:%d|SSL_quic_write_level:%d|rv:%d|", + (int) SSL_quic_read_level(ssl), + (int) SSL_quic_write_level(ssl), + rv); + /* check if client hello is received completely */ + if (SSL_quic_read_level(ssl) > 0 + && conn != NULL + && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD)) + { + conn->conn_flag |= XQC_CONN_FLAG_TLS_CH_RECVD; + } + if (rv <= 0) { int err = SSL_get_error(ssl, rv); switch (err) { diff --git a/src/tls/boringssl/xqc_ssl_if_impl.c b/src/tls/boringssl/xqc_ssl_if_impl.c index fa29bfc7..938fbf9f 100644 --- a/src/tls/boringssl/xqc_ssl_if_impl.c +++ b/src/tls/boringssl/xqc_ssl_if_impl.c @@ -6,6 +6,7 @@ #include #include "src/tls/xqc_ssl_if.h" #include "src/tls/xqc_tls_common.h" +#include "src/transport/xqc_conn.h" void @@ -83,13 +84,26 @@ xqc_ssl_is_early_data_accepted(SSL *ssl) xqc_ssl_handshake_res_t -xqc_ssl_do_handshake(SSL *ssl) +xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log) { int ret; again: ERR_clear_error(); ret = SSL_do_handshake(ssl); + + /* check if client hello is received completely */ + if (SSL_quic_read_level(ssl) > 0 + && conn != NULL + && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD)) + { + conn->conn_flag |= XQC_CONN_FLAG_TLS_CH_RECVD; + } + xqc_log(log, XQC_LOG_DEBUG, "|ssl_do_handshake|SSL_quic_read_level:%d|SSL_quic_write_level:%d|rv:%d|", + (int) SSL_quic_read_level(ssl), + (int) SSL_quic_write_level(ssl), + ret); + if (ret <= 0) { switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_WANT_READ: diff --git a/src/tls/xqc_ssl_if.h b/src/tls/xqc_ssl_if.h index b774e545..fadf731b 100644 --- a/src/tls/xqc_ssl_if.h +++ b/src/tls/xqc_ssl_if.h @@ -37,6 +37,6 @@ xqc_int_t xqc_ssl_get_certs_array(SSL *ssl, X509_STORE_CTX *store_ctx, unsigned size_t array_cap, size_t *certs_array_len, size_t *certs_len); void xqc_ssl_free_certs_array(unsigned char **certs_array, size_t certs_array_len); -xqc_ssl_handshake_res_t xqc_ssl_do_handshake(SSL *ssl); +xqc_ssl_handshake_res_t xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log); #endif \ No newline at end of file diff --git a/src/tls/xqc_tls.c b/src/tls/xqc_tls.c index 2c69e22a..3f8bb6a6 100644 --- a/src/tls/xqc_tls.c +++ b/src/tls/xqc_tls.c @@ -391,7 +391,9 @@ xqc_tls_process_trans_param(xqc_tls_t *tls) xqc_int_t xqc_tls_do_handshake(xqc_tls_t *tls) { - xqc_ssl_handshake_res_t res = xqc_ssl_do_handshake(tls->ssl); + xqc_ssl_handshake_res_t res = xqc_ssl_do_handshake(tls->ssl, tls->user_data, tls->log); + xqc_log(tls->log, XQC_LOG_DEBUG, "|TLS handshake|ret:%d|", res); + if (res == XQC_SSL_HSK_RES_FAIL) { xqc_log(tls->log, XQC_LOG_ERROR, "|TLS handshake error:%s|", ERR_error_string(ERR_get_error(), NULL)); @@ -555,6 +557,8 @@ xqc_tls_process_crypto_data(xqc_tls_t *tls, xqc_encrypt_level_t level, int ret; int err; + xqc_log(tls->log, XQC_LOG_DEBUG, "|xqc_tls_process_crypto_data|level:%d|%zu|", level, data_len); + if (SSL_provide_quic_data(ssl, (enum ssl_encryption_level_t)level, crypto_data, data_len) != XQC_SSL_SUCCESS) { diff --git a/src/transport/xqc_conn.h b/src/transport/xqc_conn.h index 160ad432..96dc715c 100644 --- a/src/transport/xqc_conn.h +++ b/src/transport/xqc_conn.h @@ -123,6 +123,7 @@ typedef enum { XQC_CONN_FLAG_NEW_CID_ACKED_SHIFT, XQC_CONN_FLAG_LINGER_CLOSING_SHIFT, XQC_CONN_FLAG_RETRY_RECVD_SHIFT, + XQC_CONN_FLAG_TLS_CH_SHIFT, XQC_CONN_FLAG_TLS_HSK_COMPLETED_SHIFT, XQC_CONN_FLAG_RECV_NEW_PATH_SHIFT, XQC_CONN_FLAG_VALIDATE_REBINDING_SHIFT, @@ -169,6 +170,7 @@ typedef enum { XQC_CONN_FLAG_NEW_CID_ACKED = 1ULL << XQC_CONN_FLAG_NEW_CID_ACKED_SHIFT, XQC_CONN_FLAG_LINGER_CLOSING = 1ULL << XQC_CONN_FLAG_LINGER_CLOSING_SHIFT, XQC_CONN_FLAG_RETRY_RECVD = 1ULL << XQC_CONN_FLAG_RETRY_RECVD_SHIFT, + XQC_CONN_FLAG_TLS_CH_RECVD = 1ULL << XQC_CONN_FLAG_TLS_CH_SHIFT, XQC_CONN_FLAG_TLS_HSK_COMPLETED = 1ULL << XQC_CONN_FLAG_TLS_HSK_COMPLETED_SHIFT, XQC_CONN_FLAG_RECV_NEW_PATH = 1ULL << XQC_CONN_FLAG_RECV_NEW_PATH_SHIFT, XQC_CONN_FLAG_VALIDATE_REBINDING = 1ULL << XQC_CONN_FLAG_VALIDATE_REBINDING_SHIFT, diff --git a/src/transport/xqc_frame.c b/src/transport/xqc_frame.c index 4aff7fb2..c294f3d0 100644 --- a/src/transport/xqc_frame.c +++ b/src/transport/xqc_frame.c @@ -682,6 +682,8 @@ xqc_process_crypto_frame(xqc_connection_t *conn, xqc_packet_in_t *packet_in) } } + xqc_log(conn->log, XQC_LOG_DEBUG, "|level:%d|", encrypt_level); + xqc_stream_t *stream = conn->crypto_stream[encrypt_level]; ret = xqc_insert_crypto_frame(conn, stream, stream_frame); diff --git a/src/transport/xqc_stream.c b/src/transport/xqc_stream.c index bcb3c3bd..119115bc 100644 --- a/src/transport/xqc_stream.c +++ b/src/transport/xqc_stream.c @@ -1118,6 +1118,8 @@ xqc_crypto_stream_on_write(xqc_stream_t *stream, void *user_data) xqc_connection_t *conn = stream->stream_conn; xqc_list_head_t *crypto_data_list = NULL; + xqc_log(conn->log, XQC_LOG_DEBUG, "|enc_level|%d|", encrypt_level); + if (encrypt_level == XQC_ENC_LEV_INIT) { pns = XQC_PNS_INIT; pkt_type = XQC_PTYPE_INIT; @@ -1130,6 +1132,13 @@ xqc_crypto_stream_on_write(xqc_stream_t *stream, void *user_data) case XQC_CONN_STATE_SERVER_INIT: case XQC_CONN_STATE_SERVER_INITIAL_RECVD: + + xqc_log(stream->stream_conn->log, XQC_LOG_DEBUG, "|cur_state:%d|switch|", cur_state); + /* haven't recved enough data for client hello */ + if (conn->conn_type == XQC_CONN_TYPE_SERVER && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD)) { + return XQC_OK; + } + crypto_data_list = &conn->initial_crypto_data_list; if (conn->crypto_stream[XQC_ENC_LEV_HSK] != NULL) { xqc_stream_ready_to_write(conn->crypto_stream[XQC_ENC_LEV_HSK]);