# HG changeset patch # User Sergey Kandaurov # Date 1591030393 -10800 # Node ID 90b02ff6b003ddafe795b2df18a1163aa75a9677 # Parent c206233d9c29f807804ab463e2e7bfc4e943b0b7 Compatibility with BoringSSL master branch. Recently BoringSSL introduced SSL_set_quic_early_data_context() that serves as an additional constrain to enable 0-RTT in QUIC. Relevant changes: * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/ * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/ diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf --- a/auto/lib/openssl/conf +++ b/auto/lib/openssl/conf @@ -167,3 +167,15 @@ END fi fi + + +if [ $USE_OPENSSL_QUIC = YES ]; then + ngx_feature="OpenSSL QUIC 0-RTT context" + ngx_feature_name="NGX_OPENSSL_QUIC_ZRTT_CTX" + ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD" + ngx_feature_test="SSL_set_quic_early_data_context(NULL, NULL, 0)" + . auto/feature +fi diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -1040,6 +1040,7 @@ static ngx_int_t ngx_quic_init_connection(ngx_connection_t *c) { u_char *p; + size_t clen; ssize_t len; ngx_ssl_conn_t *ssl_conn; ngx_quic_connection_t *qc; @@ -1064,7 +1065,7 @@ ngx_quic_init_connection(ngx_connection_ } #endif - len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp); + len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen); /* always succeeds */ p = ngx_pnalloc(c->pool, len); @@ -1072,7 +1073,7 @@ ngx_quic_init_connection(ngx_connection_ return NGX_ERROR; } - len = ngx_quic_create_transport_params(p, p + len, &qc->tp); + len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL); if (len < 0) { return NGX_ERROR; } @@ -1087,6 +1088,14 @@ ngx_quic_init_connection(ngx_connection_ return NGX_ERROR; } +#if NGX_OPENSSL_QUIC_ZRTT_CTX + if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "quic SSL_set_quic_early_data_context() failed"); + return NGX_ERROR; + } +#endif + qc->max_streams = qc->tp.initial_max_streams_bidi; qc->state = ssl_encryption_handshake; diff --git a/src/event/ngx_event_quic_transport.c b/src/event/ngx_event_quic_transport.c --- a/src/event/ngx_event_quic_transport.c +++ b/src/event/ngx_event_quic_transport.c @@ -1616,7 +1616,8 @@ ngx_quic_create_max_data(u_char *p, ngx_ ssize_t -ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp) +ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp, + size_t *clen) { u_char *p; size_t len; @@ -1647,10 +1648,7 @@ ngx_quic_create_transport_params(u_char p = pos; - len = ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT, - tp->active_connection_id_limit); - - len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA,tp->initial_max_data); + len = ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA, tp->initial_max_data); len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_STREAMS_UNI, tp->initial_max_streams_uni); @@ -1670,6 +1668,13 @@ ngx_quic_create_transport_params(u_char len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT, tp->max_idle_timeout); + if (clen) { + *clen = len; + } + + len += ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT, + tp->active_connection_id_limit); + #if (NGX_QUIC_DRAFT_VERSION >= 28) len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); len += ngx_quic_tp_strlen(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid); @@ -1687,9 +1692,6 @@ ngx_quic_create_transport_params(u_char return len; } - ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT, - tp->active_connection_id_limit); - ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA, tp->initial_max_data); @@ -1711,6 +1713,9 @@ ngx_quic_create_transport_params(u_char ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT, tp->max_idle_timeout); + ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT, + tp->active_connection_id_limit); + #if (NGX_QUIC_DRAFT_VERSION >= 28) ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid); ngx_quic_tp_str(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid); diff --git a/src/event/ngx_event_quic_transport.h b/src/event/ngx_event_quic_transport.h --- a/src/event/ngx_event_quic_transport.h +++ b/src/event/ngx_event_quic_transport.h @@ -335,6 +335,6 @@ ssize_t ngx_quic_parse_ack_range(ngx_qui ngx_int_t ngx_quic_parse_transport_params(u_char *p, u_char *end, ngx_quic_tp_t *tp, ngx_log_t *log); ssize_t ngx_quic_create_transport_params(u_char *p, u_char *end, - ngx_quic_tp_t *tp); + ngx_quic_tp_t *tp, size_t *clen); #endif /* _NGX_EVENT_QUIC_WIRE_H_INCLUDED_ */