Mercurial > hg > nginx-quic

comparison src/event/ngx_event_openssl.c @ 7633:5d91389e0fd3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial QUIC support in http.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:51 +0300
parents f1720934c45b
children bd006bd520a9
comparison
equal deleted inserted replaced
7632:7999d3fbb765 7633:5d91389e0fd3
87 87
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); 90 static void ngx_openssl_exit(ngx_cycle_t *cycle);
91 91
92 #if NGX_OPENSSL_QUIC
93
94 static int
95 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
96 enum ssl_encryption_level_t level, const uint8_t *read_secret,
97 const uint8_t *write_secret, size_t secret_len)
98 {
99 size_t *len;
100 uint8_t **rsec, **wsec;
101 ngx_connection_t *c;
102
103 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
104
105 ngx_ssl_handshake_log(c);
106
107 #if (NGX_DEBUG)
108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
109 u_char buf[64];
110 size_t m;
111
112 m = ngx_hex_dump(buf, (u_char *) read_secret, secret_len) - buf;
113 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
114 "set_encryption_secrets: %*s, len: %uz, level:%d",
115 m, buf, secret_len, (int) level);
116
117 m = ngx_hex_dump(buf, (u_char *) write_secret, secret_len) - buf;
118 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
119 "set_encryption_secrets: %*s, len: %uz, level:%d",
120 m, buf, secret_len, (int) level);
121 }
122 #endif
123
124 switch (level) {
125
126 case ssl_encryption_handshake:
127 len = &c->quic->handshake_secret_len;
128 rsec = &c->quic->handshake_read_secret;
129 wsec = &c->quic->handshake_write_secret;
130 break;
131
132 case ssl_encryption_application:
133 len = &c->quic->application_secret_len;
134 rsec = &c->quic->application_read_secret;
135 wsec = &c->quic->application_write_secret;
136 break;
137
138 default:
139 return 0;
140 }
141
142 *len = secret_len;
143
144 *rsec = ngx_pnalloc(c->pool, secret_len);
145 if (*rsec == NULL) {
146 return NGX_ERROR;
147 }
148
149 ngx_memcpy(*rsec, read_secret, secret_len);
150
151 *wsec = ngx_pnalloc(c->pool, secret_len);
152 if (*wsec == NULL) {
153 return NGX_ERROR;
154 }
155
156 ngx_memcpy(*wsec, write_secret, secret_len);
157
158 return 1;
159 }
160
161
162 static int
163 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
164 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
165 {
166 u_char buf[512];
167 ngx_int_t m;
168 ngx_connection_t *c;
169
170 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
171
172 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 256)) - buf;
173 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
174 "quic_add_handshake_data: %*s%s, len: %uz, level:%d",
175 m, buf, len < 512 ? "" : "...", len, (int) level);
176
177 if (!(SSL_provide_quic_data(ssl_conn, level, data, len))) {
178 ERR_print_errors_fp(stderr);
179 return 0;
180 }
181
182 return 1;
183 }
184
185
186 static int
187 quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
188 {
189 printf("quic_flush_flight()\n");
190 return 1;
191 }
192
193
194 static int
195 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
196 uint8_t alert)
197 {
198 printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert);
199 return 1;
200 }
201
202
203 static SSL_QUIC_METHOD quic_method = {
204 quic_set_encryption_secrets,
205 quic_add_handshake_data,
206 quic_flush_flight,
207 quic_send_alert,
208 };
209
210 #endif
211
92 212
93 static ngx_command_t ngx_openssl_commands[] = { 213 static ngx_command_t ngx_openssl_commands[] = {
94 214
95 { ngx_string("ssl_engine"), 215 { ngx_string("ssl_engine"),
96 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, 216 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
1454 "\"ssl_early_data\" is not supported on this platform, " 1574 "\"ssl_early_data\" is not supported on this platform, "
1455 "ignored"); 1575 "ignored");
1456 #endif 1576 #endif
1457 1577
1458 return NGX_OK; 1578 return NGX_OK;
1579 }
1580
1581
1582 ngx_int_t
1583 ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
1584 {
1585 if (!enable) {
1586 return NGX_OK;
1587 }
1588
1589 #if NGX_OPENSSL_QUIC
1590
1591 SSL_CTX_set_quic_method(ssl->ctx, &quic_method);
1592 printf("%s\n", __func__);
1593 return NGX_OK;
1594
1595 #else
1596
1597 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
1598 "\"ssl_quic\" is not supported on this platform");
1599 return NGX_ERROR;
1600
1601 #endif
1459 } 1602 }
1460 1603
1461 1604
1462 ngx_int_t 1605 ngx_int_t
1463 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) 1606 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)