Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 7633:5d91389e0fd3 quic
Initial QUIC support in http.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:51 +0300 |
parents | f1720934c45b |
children | bd006bd520a9 |
comparison
equal
deleted
inserted
replaced
7632:7999d3fbb765 | 7633:5d91389e0fd3 |
---|---|
87 | 87 |
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 90 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
91 | 91 |
92 #if NGX_OPENSSL_QUIC | |
93 | |
94 static int | |
95 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, | |
96 enum ssl_encryption_level_t level, const uint8_t *read_secret, | |
97 const uint8_t *write_secret, size_t secret_len) | |
98 { | |
99 size_t *len; | |
100 uint8_t **rsec, **wsec; | |
101 ngx_connection_t *c; | |
102 | |
103 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
104 | |
105 ngx_ssl_handshake_log(c); | |
106 | |
107 #if (NGX_DEBUG) | |
108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | |
109 u_char buf[64]; | |
110 size_t m; | |
111 | |
112 m = ngx_hex_dump(buf, (u_char *) read_secret, secret_len) - buf; | |
113 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
114 "set_encryption_secrets: %*s, len: %uz, level:%d", | |
115 m, buf, secret_len, (int) level); | |
116 | |
117 m = ngx_hex_dump(buf, (u_char *) write_secret, secret_len) - buf; | |
118 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
119 "set_encryption_secrets: %*s, len: %uz, level:%d", | |
120 m, buf, secret_len, (int) level); | |
121 } | |
122 #endif | |
123 | |
124 switch (level) { | |
125 | |
126 case ssl_encryption_handshake: | |
127 len = &c->quic->handshake_secret_len; | |
128 rsec = &c->quic->handshake_read_secret; | |
129 wsec = &c->quic->handshake_write_secret; | |
130 break; | |
131 | |
132 case ssl_encryption_application: | |
133 len = &c->quic->application_secret_len; | |
134 rsec = &c->quic->application_read_secret; | |
135 wsec = &c->quic->application_write_secret; | |
136 break; | |
137 | |
138 default: | |
139 return 0; | |
140 } | |
141 | |
142 *len = secret_len; | |
143 | |
144 *rsec = ngx_pnalloc(c->pool, secret_len); | |
145 if (*rsec == NULL) { | |
146 return NGX_ERROR; | |
147 } | |
148 | |
149 ngx_memcpy(*rsec, read_secret, secret_len); | |
150 | |
151 *wsec = ngx_pnalloc(c->pool, secret_len); | |
152 if (*wsec == NULL) { | |
153 return NGX_ERROR; | |
154 } | |
155 | |
156 ngx_memcpy(*wsec, write_secret, secret_len); | |
157 | |
158 return 1; | |
159 } | |
160 | |
161 | |
162 static int | |
163 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, | |
164 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) | |
165 { | |
166 u_char buf[512]; | |
167 ngx_int_t m; | |
168 ngx_connection_t *c; | |
169 | |
170 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
171 | |
172 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 256)) - buf; | |
173 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
174 "quic_add_handshake_data: %*s%s, len: %uz, level:%d", | |
175 m, buf, len < 512 ? "" : "...", len, (int) level); | |
176 | |
177 if (!(SSL_provide_quic_data(ssl_conn, level, data, len))) { | |
178 ERR_print_errors_fp(stderr); | |
179 return 0; | |
180 } | |
181 | |
182 return 1; | |
183 } | |
184 | |
185 | |
186 static int | |
187 quic_flush_flight(ngx_ssl_conn_t *ssl_conn) | |
188 { | |
189 printf("quic_flush_flight()\n"); | |
190 return 1; | |
191 } | |
192 | |
193 | |
194 static int | |
195 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, | |
196 uint8_t alert) | |
197 { | |
198 printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert); | |
199 return 1; | |
200 } | |
201 | |
202 | |
203 static SSL_QUIC_METHOD quic_method = { | |
204 quic_set_encryption_secrets, | |
205 quic_add_handshake_data, | |
206 quic_flush_flight, | |
207 quic_send_alert, | |
208 }; | |
209 | |
210 #endif | |
211 | |
92 | 212 |
93 static ngx_command_t ngx_openssl_commands[] = { | 213 static ngx_command_t ngx_openssl_commands[] = { |
94 | 214 |
95 { ngx_string("ssl_engine"), | 215 { ngx_string("ssl_engine"), |
96 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, | 216 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, |
1454 "\"ssl_early_data\" is not supported on this platform, " | 1574 "\"ssl_early_data\" is not supported on this platform, " |
1455 "ignored"); | 1575 "ignored"); |
1456 #endif | 1576 #endif |
1457 | 1577 |
1458 return NGX_OK; | 1578 return NGX_OK; |
1579 } | |
1580 | |
1581 | |
1582 ngx_int_t | |
1583 ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) | |
1584 { | |
1585 if (!enable) { | |
1586 return NGX_OK; | |
1587 } | |
1588 | |
1589 #if NGX_OPENSSL_QUIC | |
1590 | |
1591 SSL_CTX_set_quic_method(ssl->ctx, &quic_method); | |
1592 printf("%s\n", __func__); | |
1593 return NGX_OK; | |
1594 | |
1595 #else | |
1596 | |
1597 ngx_log_error(NGX_LOG_WARN, ssl->log, 0, | |
1598 "\"ssl_quic\" is not supported on this platform"); | |
1599 return NGX_ERROR; | |
1600 | |
1601 #endif | |
1459 } | 1602 } |
1460 | 1603 |
1461 | 1604 |
1462 ngx_int_t | 1605 ngx_int_t |
1463 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) | 1606 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) |