Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9080:7da4791e0264 quic
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 22 Feb 2023 19:16:53 +0400 |
parents | 639fa6723700 |
children | 58afcd72446f |
comparison
equal
deleted
inserted
replaced
9079:639fa6723700 | 9080:7da4791e0264 |
---|---|
6 | 6 |
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 #include <ngx_event_quic_connection.h> | 10 #include <ngx_event_quic_connection.h> |
11 | |
12 | |
13 #if defined OPENSSL_IS_BORINGSSL \ | |
14 || defined LIBRESSL_VERSION_NUMBER \ | |
15 || NGX_QUIC_OPENSSL_COMPAT | |
16 #define NGX_QUIC_BORINGSSL_API 1 | |
17 #endif | |
11 | 18 |
12 | 19 |
13 /* | 20 /* |
14 * RFC 9000, 7.5. Cryptographic Message Buffering | 21 * RFC 9000, 7.5. Cryptographic Message Buffering |
15 * | 22 * |
16 * Implementations MUST support buffering at least 4096 bytes of data | 23 * Implementations MUST support buffering at least 4096 bytes of data |
17 */ | 24 */ |
18 #define NGX_QUIC_MAX_BUFFERED 65535 | 25 #define NGX_QUIC_MAX_BUFFERED 65535 |
19 | 26 |
20 | 27 |
21 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 28 #if (NGX_QUIC_BORINGSSL_API) |
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 29 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 30 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
24 const uint8_t *secret, size_t secret_len); | 31 const uint8_t *secret, size_t secret_len); |
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, | 32 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 33 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
37 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, | 44 static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, |
38 enum ssl_encryption_level_t level, uint8_t alert); | 45 enum ssl_encryption_level_t level, uint8_t alert); |
39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); | 46 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
40 | 47 |
41 | 48 |
42 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 49 #if (NGX_QUIC_BORINGSSL_API) |
43 | 50 |
44 static int | 51 static int |
45 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 52 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
46 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 53 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
47 const uint8_t *rsecret, size_t secret_len) | 54 const uint8_t *rsecret, size_t secret_len) |
521 c->ssl->no_wait_shutdown = 1; | 528 c->ssl->no_wait_shutdown = 1; |
522 | 529 |
523 ssl_conn = c->ssl->connection; | 530 ssl_conn = c->ssl->connection; |
524 | 531 |
525 if (!quic_method.send_alert) { | 532 if (!quic_method.send_alert) { |
526 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER | 533 #if (NGX_QUIC_BORINGSSL_API) |
527 quic_method.set_read_secret = ngx_quic_set_read_secret; | 534 quic_method.set_read_secret = ngx_quic_set_read_secret; |
528 quic_method.set_write_secret = ngx_quic_set_write_secret; | 535 quic_method.set_write_secret = ngx_quic_set_write_secret; |
529 #else | 536 #else |
530 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; | 537 quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; |
531 #endif | 538 #endif |