[~] 修复与chrome >= 124兼容性问题，处理server接收到client发送的多个initial包时、下行状态的正确更新 (#447)

Author: Yanmei-Liu

src/tls/babassl/xqc_ssl_if_impl.c

@@ -6,6 +6,7 @@
 #include <openssl/err.h>
 #include "src/tls/xqc_ssl_if.h"
 #include "src/tls/xqc_tls_common.h"
+#include "src/transport/xqc_conn.h"
 
 
 void
@@ -114,9 +115,22 @@ xqc_ssl_session_is_early_data_enabled(SSL_SESSION *session)
 
 
 xqc_ssl_handshake_res_t
-xqc_ssl_do_handshake(SSL *ssl)
+xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log)
 {
     int rv = SSL_do_handshake(ssl);
+
+    xqc_log(log, XQC_LOG_DEBUG, "|ssl_do_handshake|SSL_quic_read_level:%d|SSL_quic_write_level:%d|rv:%d|",
+            (int) SSL_quic_read_level(ssl),
+            (int) SSL_quic_write_level(ssl),
+            rv);
+    /* check if client hello is received completely */
+    if (SSL_quic_read_level(ssl) > 0
+        && conn != NULL
+        && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD))
+    {
+        conn->conn_flag |= XQC_CONN_FLAG_TLS_CH_RECVD;
+    }
+
     if (rv <= 0) {
         int err = SSL_get_error(ssl, rv);
         switch (err) {

src/tls/boringssl/xqc_ssl_if_impl.c

@@ -6,6 +6,7 @@
 #include <openssl/ssl.h>
 #include "src/tls/xqc_ssl_if.h"
 #include "src/tls/xqc_tls_common.h"
+#include "src/transport/xqc_conn.h"
 
 
 void
@@ -83,13 +84,26 @@ xqc_ssl_is_early_data_accepted(SSL *ssl)
 
 
 xqc_ssl_handshake_res_t
-xqc_ssl_do_handshake(SSL *ssl)
+xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log)
 {
     int ret;
 
 again:
     ERR_clear_error();
     ret = SSL_do_handshake(ssl);
+
+    /* check if client hello is received completely */
+    if (SSL_quic_read_level(ssl) > 0
+        && conn != NULL
+        && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD))
+    {
+        conn->conn_flag |= XQC_CONN_FLAG_TLS_CH_RECVD;
+    }
+    xqc_log(log, XQC_LOG_DEBUG, "|ssl_do_handshake|SSL_quic_read_level:%d|SSL_quic_write_level:%d|rv:%d|",
+            (int) SSL_quic_read_level(ssl),
+            (int) SSL_quic_write_level(ssl),
+            ret);
+
     if (ret <= 0) {
         switch (SSL_get_error(ssl, ret)) {
         case SSL_ERROR_WANT_READ:

src/tls/xqc_ssl_if.h

@@ -37,6 +37,6 @@ xqc_int_t xqc_ssl_get_certs_array(SSL *ssl, X509_STORE_CTX *store_ctx, unsigned
     size_t array_cap, size_t *certs_array_len, size_t *certs_len);
 void xqc_ssl_free_certs_array(unsigned char **certs_array, size_t certs_array_len);
 
-xqc_ssl_handshake_res_t xqc_ssl_do_handshake(SSL *ssl);
+xqc_ssl_handshake_res_t xqc_ssl_do_handshake(SSL *ssl, xqc_connection_t *conn, xqc_log_t *log);
 
 #endif

src/tls/xqc_tls.c

@@ -391,7 +391,9 @@ xqc_tls_process_trans_param(xqc_tls_t *tls)
 xqc_int_t
 xqc_tls_do_handshake(xqc_tls_t *tls)
 {
-    xqc_ssl_handshake_res_t res = xqc_ssl_do_handshake(tls->ssl);
+    xqc_ssl_handshake_res_t res = xqc_ssl_do_handshake(tls->ssl, tls->user_data, tls->log);
+    xqc_log(tls->log, XQC_LOG_DEBUG, "|TLS handshake|ret:%d|", res);
+
     if (res == XQC_SSL_HSK_RES_FAIL) {
         xqc_log(tls->log, XQC_LOG_ERROR, "|TLS handshake error:%s|",
                 ERR_error_string(ERR_get_error(), NULL));
@@ -555,6 +557,8 @@ xqc_tls_process_crypto_data(xqc_tls_t *tls, xqc_encrypt_level_t level,
     int ret;
     int err;
 
+    xqc_log(tls->log, XQC_LOG_DEBUG, "|xqc_tls_process_crypto_data|level:%d|%zu|", level, data_len);
+
     if (SSL_provide_quic_data(ssl, (enum ssl_encryption_level_t)level, crypto_data, data_len)
         != XQC_SSL_SUCCESS)
     {

src/transport/xqc_conn.h

@@ -123,6 +123,7 @@ typedef enum {
     XQC_CONN_FLAG_NEW_CID_ACKED_SHIFT,
     XQC_CONN_FLAG_LINGER_CLOSING_SHIFT,
     XQC_CONN_FLAG_RETRY_RECVD_SHIFT,
+    XQC_CONN_FLAG_TLS_CH_SHIFT,
     XQC_CONN_FLAG_TLS_HSK_COMPLETED_SHIFT,
     XQC_CONN_FLAG_RECV_NEW_PATH_SHIFT,
     XQC_CONN_FLAG_VALIDATE_REBINDING_SHIFT,
@@ -169,6 +170,7 @@ typedef enum {
     XQC_CONN_FLAG_NEW_CID_ACKED         = 1ULL << XQC_CONN_FLAG_NEW_CID_ACKED_SHIFT,
     XQC_CONN_FLAG_LINGER_CLOSING        = 1ULL << XQC_CONN_FLAG_LINGER_CLOSING_SHIFT,
     XQC_CONN_FLAG_RETRY_RECVD           = 1ULL << XQC_CONN_FLAG_RETRY_RECVD_SHIFT,
+    XQC_CONN_FLAG_TLS_CH_RECVD          = 1ULL << XQC_CONN_FLAG_TLS_CH_SHIFT,
     XQC_CONN_FLAG_TLS_HSK_COMPLETED     = 1ULL << XQC_CONN_FLAG_TLS_HSK_COMPLETED_SHIFT,
     XQC_CONN_FLAG_RECV_NEW_PATH         = 1ULL << XQC_CONN_FLAG_RECV_NEW_PATH_SHIFT,
     XQC_CONN_FLAG_VALIDATE_REBINDING    = 1ULL << XQC_CONN_FLAG_VALIDATE_REBINDING_SHIFT,

src/transport/xqc_frame.c

@@ -682,6 +682,8 @@ xqc_process_crypto_frame(xqc_connection_t *conn, xqc_packet_in_t *packet_in)
         }
     }
 
+    xqc_log(conn->log, XQC_LOG_DEBUG, "|level:%d|", encrypt_level);
+
     xqc_stream_t *stream = conn->crypto_stream[encrypt_level];
 
     ret = xqc_insert_crypto_frame(conn, stream, stream_frame);

src/transport/xqc_stream.c

@@ -1118,6 +1118,8 @@ xqc_crypto_stream_on_write(xqc_stream_t *stream, void *user_data)
     xqc_connection_t *conn = stream->stream_conn;
     xqc_list_head_t *crypto_data_list = NULL;
 
+    xqc_log(conn->log, XQC_LOG_DEBUG, "|enc_level|%d|", encrypt_level);
+
     if (encrypt_level == XQC_ENC_LEV_INIT) {
         pns = XQC_PNS_INIT;
         pkt_type = XQC_PTYPE_INIT;
@@ -1130,6 +1132,13 @@ xqc_crypto_stream_on_write(xqc_stream_t *stream, void *user_data)
 
         case XQC_CONN_STATE_SERVER_INIT:
         case XQC_CONN_STATE_SERVER_INITIAL_RECVD:
+
+            xqc_log(stream->stream_conn->log, XQC_LOG_DEBUG, "|cur_state:%d|switch|", cur_state);
+            /* haven't recved enough data for client hello */
+            if (conn->conn_type == XQC_CONN_TYPE_SERVER && !(conn->conn_flag & XQC_CONN_FLAG_TLS_CH_RECVD)) {
+                return XQC_OK;
+            }
+
             crypto_data_list = &conn->initial_crypto_data_list;
             if (conn->crypto_stream[XQC_ENC_LEV_HSK] != NULL) {
                 xqc_stream_ready_to_write(conn->crypto_stream[XQC_ENC_LEV_HSK]);