Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9080:7da4791e0264 quic
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 22 Feb 2023 19:16:53 +0400 |
| parents | 639fa6723700 |
| children | 58afcd72446f |
comparison
equal
deleted
inserted
replaced
| 9079:639fa6723700 | 9080:7da4791e0264 |
|---|---|
| 6 | 6 |
| 7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
| 9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
| 10 #include <ngx_event_quic_connection.h> | 10 #include <ngx_event_quic_connection.h> |
| 11 | |
| 12 | |
| 13 #if defined OPENSSL_IS_BORINGSSL \ | |
| 14 || defined LIBRESSL_VERSION_NUMBER \ | |
| 15 || NGX_QUIC_OPENSSL_COMPAT | |
| 16 #define NGX_QUIC_BORINGSSL_API 1 | |
| 17 #endif | |
| 11 | 18 |
| 12 | 19 |
| 13 /* | 20 /* |
| 14 * RFC 9000, 7.5. Cryptographic Message Buffering | 21 * RFC 9000, 7.5. Cryptographic Message Buffering |
| 15 * | 22 * |
| 16 * Implementations MUST support buffering at least 4096 bytes of data | 23 * Implementations MUST support buffering at least 4096 bytes of data |
| 17 */ | 24 */ |
| 18 #define NGX_QUIC_MAX_BUFFERED 65535 | 25 #define NGX_QUIC_MAX_BUFFERED 65535 |
| 19 | 26 |
| 20 | 27 |
| 21 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 28 #if (NGX_QUIC_BORINGSSL_API) |
| 22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 29 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
| 23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 30 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 24 const uint8_t *secret, size_t secret_len); | 31 const uint8_t *secret, size_t secret_len); |
| 25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, | 32 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
| 26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 33 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 37 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, | 44 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
| 38 enum ssl_encryption_level_t level, uint8_t alert); | 45 enum ssl_encryption_level_t level, uint8_t alert); |
| 39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); | 46 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
| 40 | 47 |
| 41 | 48 |
| 42 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 49 #if (NGX_QUIC_BORINGSSL_API) |
| 43 | 50 |
| 44 static int | 51 static int |
| 45 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 52 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
| 46 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 53 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 47 const uint8_t *rsecret, size_t secret_len) | 54 const uint8_t *rsecret, size_t secret_len) |
| 521 c->ssl->no_wait_shutdown = 1; | 528 c->ssl->no_wait_shutdown = 1; |
| 522 | 529 |
| 523 ssl_conn = c->ssl->connection; | 530 ssl_conn = c->ssl->connection; |
| 524 | 531 |
| 525 if (!quic_method.send_alert) { | 532 if (!quic_method.send_alert) { |
| 526 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 533 #if (NGX_QUIC_BORINGSSL_API) |
| 527 quic_method.set_read_secret = ngx_quic_set_read_secret; | 534 quic_method.set_read_secret = ngx_quic_set_read_secret; |
| 528 quic_method.set_write_secret = ngx_quic_set_write_secret; | 535 quic_method.set_write_secret = ngx_quic_set_write_secret; |
| 529 #else | 536 #else |
| 530 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; | 537 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; |
| 531 #endif | 538 #endif |