]> git.kaiwu.me - nginx.git/commitdiff
Compatibility with BoringSSL master branch.
authorSergey Kandaurov <pluknet@nginx.com>
Mon, 1 Jun 2020 16:53:13 +0000 (19:53 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Mon, 1 Jun 2020 16:53:13 +0000 (19:53 +0300)
Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/

auto/lib/openssl/conf
src/event/ngx_event_quic.c
src/event/ngx_event_quic_transport.c
src/event/ngx_event_quic_transport.h

index 046317f8a22920f21fe82a8c61dc5c50d821fc8a..f4dcab725340200a7a6a3b5d1d6b5fb8ee318a45 100644 (file)
@@ -167,3 +167,15 @@ END
     fi
 
 fi
+
+
+if [ $USE_OPENSSL_QUIC = YES ]; then
+    ngx_feature="OpenSSL QUIC 0-RTT context"
+    ngx_feature_name="NGX_OPENSSL_QUIC_ZRTT_CTX"
+    ngx_feature_run=no
+    ngx_feature_incs="#include <openssl/ssl.h>"
+    ngx_feature_path=
+    ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD"
+    ngx_feature_test="SSL_set_quic_early_data_context(NULL, NULL, 0)"
+    . auto/feature
+fi
index cd5b530c9814d4e172b156c3dd2057bdacc5960b..2b226a3eb1689fedaafa31960f0adf079a035d43 100644 (file)
@@ -1040,6 +1040,7 @@ static ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
     u_char                 *p;
+    size_t                  clen;
     ssize_t                 len;
     ngx_ssl_conn_t         *ssl_conn;
     ngx_quic_connection_t  *qc;
@@ -1064,7 +1065,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
     }
 #endif
 
-    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp);
+    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
     /* always succeeds */
 
     p = ngx_pnalloc(c->pool, len);
@@ -1072,7 +1073,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
-    len = ngx_quic_create_transport_params(p, p + len, &qc->tp);
+    len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
     if (len < 0) {
         return NGX_ERROR;
     }
@@ -1087,6 +1088,14 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
+#if NGX_OPENSSL_QUIC_ZRTT_CTX
+    if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic SSL_set_quic_early_data_context() failed");
+        return NGX_ERROR;
+    }
+#endif
+
     qc->max_streams = qc->tp.initial_max_streams_bidi;
     qc->state = ssl_encryption_handshake;
 
index 3b64aef6d60a6f632b73480539fae973c0e92630..e056e23de5d177972c493226e0922e178829c19c 100644 (file)
@@ -1616,7 +1616,8 @@ ngx_quic_create_max_data(u_char *p, ngx_quic_max_data_frame_t *md)
 
 
 ssize_t
-ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
+ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp,
+    size_t *clen)
 {
     u_char  *p;
     size_t   len;
@@ -1647,10 +1648,7 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
 
     p = pos;
 
-    len = ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                          tp->active_connection_id_limit);
-
-    len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA,tp->initial_max_data);
+    len = ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA, tp->initial_max_data);
 
     len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_STREAMS_UNI,
                            tp->initial_max_streams_uni);
@@ -1670,6 +1668,13 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
     len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                            tp->max_idle_timeout);
 
+    if (clen) {
+        *clen = len;
+    }
+
+    len += ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                           tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
     len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
     len += ngx_quic_tp_strlen(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
@@ -1687,9 +1692,6 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
         return len;
     }
 
-    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                     tp->active_connection_id_limit);
-
     ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA,
                      tp->initial_max_data);
 
@@ -1711,6 +1713,9 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
     ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                      tp->max_idle_timeout);
 
+    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                     tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
     ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
     ngx_quic_tp_str(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
index 322fc78cfc7c19f9404f4c1dc936507b642f6b43..e703171777d2b9f45177ab6372ba7a5156fbec9b 100644 (file)
@@ -335,6 +335,6 @@ ssize_t ngx_quic_parse_ack_range(ngx_quic_header_t *pkt, u_char *start,
 ngx_int_t ngx_quic_parse_transport_params(u_char *p, u_char *end,
     ngx_quic_tp_t *tp, ngx_log_t *log);
 ssize_t ngx_quic_create_transport_params(u_char *p, u_char *end,
-    ngx_quic_tp_t *tp);
+    ngx_quic_tp_t *tp, size_t *clen);
 
 #endif /* _NGX_EVENT_QUIC_WIRE_H_INCLUDED_ */