Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_openssl_compat.c @ 9171:f98636db77ef
QUIC: renamed protection functions.
Now these functions have names ngx_quic_crypto_XXX():
- ngx_quic_tls_open() -> ngx_quic_crypto_open()
- ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
- ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 20 Oct 2023 18:05:07 +0400 |
parents | 3db945fda515 |
children | 4ccb0d973206 |
rev | line source |
---|---|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 */ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
13 #if (NGX_QUIC_OPENSSL_COMPAT) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
15 #define NGX_QUIC_COMPAT_RECORD_SIZE 1024 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
16 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
17 #define NGX_QUIC_COMPAT_SSL_TP_EXT 0x39 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
19 #define NGX_QUIC_COMPAT_CLIENT_HANDSHAKE "CLIENT_HANDSHAKE_TRAFFIC_SECRET" |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
20 #define NGX_QUIC_COMPAT_SERVER_HANDSHAKE "SERVER_HANDSHAKE_TRAFFIC_SECRET" |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
21 #define NGX_QUIC_COMPAT_CLIENT_APPLICATION "CLIENT_TRAFFIC_SECRET_0" |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
22 #define NGX_QUIC_COMPAT_SERVER_APPLICATION "SERVER_TRAFFIC_SECRET_0" |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
23 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
24 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
25 typedef struct { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
26 ngx_quic_secret_t secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
27 ngx_uint_t cipher; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
28 } ngx_quic_compat_keys_t; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
29 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
30 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
31 typedef struct { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
32 ngx_log_t *log; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
33 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
34 u_char type; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
35 ngx_str_t payload; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
36 uint64_t number; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
37 ngx_quic_compat_keys_t *keys; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
38 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
39 enum ssl_encryption_level_t level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
40 } ngx_quic_compat_record_t; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
41 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
42 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
43 struct ngx_quic_compat_s { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
44 const SSL_QUIC_METHOD *method; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
45 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
46 enum ssl_encryption_level_t write_level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
47 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
48 uint64_t read_record; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
49 ngx_quic_compat_keys_t keys; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
50 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
51 ngx_str_t tp; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
52 ngx_str_t ctp; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
53 }; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
54 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
55 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
56 static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
57 static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
58 ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
59 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
60 static int ngx_quic_compat_add_transport_params_callback(SSL *ssl, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
61 unsigned int ext_type, unsigned int context, const unsigned char **out, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
62 size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
63 static int ngx_quic_compat_parse_transport_params_callback(SSL *ssl, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
64 unsigned int ext_type, unsigned int context, const unsigned char *in, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
65 size_t inlen, X509 *x, size_t chainidx, int *al, void *parse_arg); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
66 static void ngx_quic_compat_message_callback(int write_p, int version, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
67 int content_type, const void *buf, size_t len, SSL *ssl, void *arg); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
68 static size_t ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
69 u_char *out, ngx_uint_t plain); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
70 static ngx_int_t ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
71 ngx_str_t *res); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
72 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
73 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
74 ngx_int_t |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
75 ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
76 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
77 SSL_CTX_set_keylog_callback(ctx, ngx_quic_compat_keylog_callback); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
78 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
79 if (SSL_CTX_has_client_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT)) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
80 return NGX_OK; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
81 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
82 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
83 if (SSL_CTX_add_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
84 SSL_EXT_CLIENT_HELLO |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
85 |SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
86 ngx_quic_compat_add_transport_params_callback, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
87 NULL, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
88 NULL, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
89 ngx_quic_compat_parse_transport_params_callback, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
90 NULL) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
91 == 0) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
92 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
93 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
94 "SSL_CTX_add_custom_ext() failed"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
95 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
96 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
97 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
98 return NGX_OK; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
99 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
100 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
101 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
102 static void |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
103 ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
104 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
105 u_char ch, *p, *start, value; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
106 size_t n; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
107 ngx_uint_t write; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
108 const SSL_CIPHER *cipher; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
109 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
110 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
111 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
112 enum ssl_encryption_level_t level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
113 u_char secret[EVP_MAX_MD_SIZE]; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
114 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
115 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
116 if (c->type != SOCK_DGRAM) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
117 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
118 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
119 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
120 p = (u_char *) line; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
121 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
122 for (start = p; *p && *p != ' '; p++); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
123 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
124 n = p - start; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
125 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
126 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
127 "quic compat secret %*s", n, start); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
128 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
129 if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_HANDSHAKE) - 1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
130 && ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_HANDSHAKE, n) == 0) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
131 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
132 level = ssl_encryption_handshake; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
133 write = 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
134 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
135 } else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_HANDSHAKE) - 1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
136 && ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_HANDSHAKE, n) == 0) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
137 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
138 level = ssl_encryption_handshake; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
139 write = 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
140 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
141 } else if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_APPLICATION) - 1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
142 && ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_APPLICATION, n) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
143 == 0) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
144 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
145 level = ssl_encryption_application; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
146 write = 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
147 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
148 } else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_APPLICATION) - 1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
149 && ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_APPLICATION, n) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
150 == 0) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
151 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
152 level = ssl_encryption_application; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
153 write = 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
154 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
155 } else { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
156 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
157 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
158 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
159 if (*p++ == '\0') { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
160 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
161 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
162 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
163 for ( /* void */ ; *p && *p != ' '; p++); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
164 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
165 if (*p++ == '\0') { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
166 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
167 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
168 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
169 for (n = 0, start = p; *p; p++) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
170 ch = *p; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
171 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
172 if (ch >= '0' && ch <= '9') { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
173 value = ch - '0'; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
174 goto next; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
175 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
176 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
177 ch = (u_char) (ch | 0x20); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
178 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
179 if (ch >= 'a' && ch <= 'f') { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
180 value = ch - 'a' + 10; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
181 goto next; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
182 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
183 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
184 ngx_log_error(NGX_LOG_EMERG, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
185 "invalid OpenSSL QUIC secret format"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
186 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
187 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
188 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
189 next: |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
190 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
191 if ((p - start) % 2) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
192 secret[n++] += value; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
193 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
194 } else { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
195 if (n >= EVP_MAX_MD_SIZE) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
196 ngx_log_error(NGX_LOG_EMERG, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
197 "too big OpenSSL QUIC secret"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
198 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
199 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
200 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
201 secret[n] = (value << 4); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
202 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
203 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
204 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
205 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
206 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
207 cipher = SSL_get_current_cipher(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
208 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
209 if (write) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
210 com->method->set_write_secret((SSL *) ssl, level, cipher, secret, n); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
211 com->write_level = level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
212 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
213 } else { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
214 com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
215 com->read_record = 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
216 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
217 (void) ngx_quic_compat_set_encryption_secret(c->log, &com->keys, level, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
218 cipher, secret, n); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
219 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
220 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
221 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
222 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
223 static ngx_int_t |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
224 ngx_quic_compat_set_encryption_secret(ngx_log_t *log, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
225 ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
226 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
227 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
228 ngx_int_t key_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
229 ngx_str_t secret_str; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
230 ngx_uint_t i; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
231 ngx_quic_hkdf_t seq[2]; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
232 ngx_quic_secret_t *peer_secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
233 ngx_quic_ciphers_t ciphers; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
234 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
235 peer_secret = &keys->secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
236 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
237 keys->cipher = SSL_CIPHER_get_id(cipher); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
238 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
239 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
240 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
241 if (key_len == NGX_ERROR) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
242 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
243 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
244 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
245 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
246 if (sizeof(peer_secret->secret.data) < secret_len) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
247 ngx_log_error(NGX_LOG_ALERT, log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
248 "unexpected secret len: %uz", secret_len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
249 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
250 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
251 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
252 peer_secret->secret.len = secret_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
253 ngx_memcpy(peer_secret->secret.data, secret, secret_len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
254 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
255 peer_secret->key.len = key_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
256 peer_secret->iv.len = NGX_QUIC_IV_LEN; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
257 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
258 secret_str.len = secret_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
259 secret_str.data = (u_char *) secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
260 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
261 ngx_quic_hkdf_set(&seq[0], "tls13 key", &peer_secret->key, &secret_str); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
262 ngx_quic_hkdf_set(&seq[1], "tls13 iv", &peer_secret->iv, &secret_str); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
263 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
264 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
265 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
266 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
267 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
268 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
269 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
270 return NGX_OK; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
271 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
272 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
273 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
274 static int |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
275 ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
276 unsigned int context, const unsigned char **out, size_t *outlen, X509 *x, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
277 size_t chainidx, int *al, void *add_arg) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
278 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
279 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
280 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
281 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
282 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
283 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
284 if (c->type != SOCK_DGRAM) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
285 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
286 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
287 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
288 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
289 "quic compat add transport params"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
290 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
291 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
292 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
293 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
294 *out = com->tp.data; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
295 *outlen = com->tp.len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
296 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
297 return 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
298 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
299 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
300 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
301 static int |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
302 ngx_quic_compat_parse_transport_params_callback(SSL *ssl, unsigned int ext_type, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
303 unsigned int context, const unsigned char *in, size_t inlen, X509 *x, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
304 size_t chainidx, int *al, void *parse_arg) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
305 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
306 u_char *p; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
307 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
308 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
309 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
310 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
311 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
312 if (c->type != SOCK_DGRAM) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
313 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
314 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
315 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
316 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
317 "quic compat parse transport params"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
318 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
319 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
320 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
321 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
322 p = ngx_pnalloc(c->pool, inlen); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
323 if (p == NULL) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
324 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
325 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
326 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
327 ngx_memcpy(p, in, inlen); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
328 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
329 com->ctp.data = p; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
330 com->ctp.len = inlen; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
331 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
332 return 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
333 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
334 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
335 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
336 int |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
337 SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
338 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
339 BIO *rbio, *wbio; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
340 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
341 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
342 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
343 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
344 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
345 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
346 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat set method"); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
347 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
348 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
349 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
350 qc->compat = ngx_pcalloc(c->pool, sizeof(ngx_quic_compat_t)); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
351 if (qc->compat == NULL) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
352 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
353 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
354 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
355 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
356 com->method = quic_method; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
357 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
358 rbio = BIO_new(BIO_s_mem()); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
359 if (rbio == NULL) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
360 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
361 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
362 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
363 wbio = BIO_new(BIO_s_null()); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
364 if (wbio == NULL) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
365 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
366 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
367 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
368 SSL_set_bio(ssl, rbio, wbio); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
369 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
370 SSL_set_msg_callback(ssl, ngx_quic_compat_message_callback); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
371 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
372 /* early data is not supported */ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
373 SSL_set_max_early_data(ssl, 0); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
374 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
375 return 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
376 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
377 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
378 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
379 static void |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
380 ngx_quic_compat_message_callback(int write_p, int version, int content_type, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
381 const void *buf, size_t len, SSL *ssl, void *arg) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
382 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
383 ngx_uint_t alert; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
384 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
385 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
386 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
387 enum ssl_encryption_level_t level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
388 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
389 if (!write_p) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
390 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
391 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
392 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
393 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
394 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
395 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
396 if (qc == NULL) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
397 /* closing */ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
398 return; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
399 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
400 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
401 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
402 level = com->write_level; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
403 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
404 switch (content_type) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
405 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
406 case SSL3_RT_HANDSHAKE: |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
407 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
408 "quic compat tx %s len:%uz ", |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
409 ngx_quic_level_name(level), len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
410 |
9164
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
411 if (com->method->add_handshake_data(ssl, level, buf, len) != 1) { |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
412 goto failed; |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
413 } |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
414 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
415 break; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
416 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
417 case SSL3_RT_ALERT: |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
418 if (len >= 2) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
419 alert = ((u_char *) buf)[1]; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
420 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
421 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
422 "quic compat %s alert:%ui len:%uz ", |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
423 ngx_quic_level_name(level), alert, len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
424 |
9164
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
425 if (com->method->send_alert(ssl, level, alert) != 1) { |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
426 goto failed; |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
427 } |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
428 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
429 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
430 break; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
431 } |
9164
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
432 |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
433 return; |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
434 |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
435 failed: |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
436 |
3db945fda515
QUIC: handle callback errors in compat.
Vladimir Khomutov <vl@inspert.ru>
parents:
9157
diff
changeset
|
437 ngx_post_event(&qc->close, &ngx_posted_events); |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
438 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
439 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
440 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
441 int |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
442 SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
443 const uint8_t *data, size_t len) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
444 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
445 BIO *rbio; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
446 size_t n; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
447 u_char *p; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
448 ngx_str_t res; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
449 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
450 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
451 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
452 ngx_quic_compat_record_t rec; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
453 u_char in[NGX_QUIC_COMPAT_RECORD_SIZE + 1]; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
454 u_char out[NGX_QUIC_COMPAT_RECORD_SIZE + 1 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
455 + SSL3_RT_HEADER_LENGTH |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9118
diff
changeset
|
456 + NGX_QUIC_TAG_LEN]; |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
457 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
458 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
459 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
460 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz", |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
461 ngx_quic_level_name(level), len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
462 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
463 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
464 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
465 rbio = SSL_get_rbio(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
466 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
467 while (len) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
468 ngx_memzero(&rec, sizeof(ngx_quic_compat_record_t)); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
469 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
470 rec.type = SSL3_RT_HANDSHAKE; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
471 rec.log = c->log; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
472 rec.number = com->read_record++; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
473 rec.keys = &com->keys; |
9118
b4a57278bf24
QUIC: fixed compat with ciphers other than AES128 (ticket #2500).
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
474 rec.level = level; |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
475 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
476 if (level == ssl_encryption_initial) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
477 n = ngx_min(len, 65535); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
478 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
479 rec.payload.len = n; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
480 rec.payload.data = (u_char *) data; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
481 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
482 ngx_quic_compat_create_header(&rec, out, 1); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
483 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
484 BIO_write(rbio, out, SSL3_RT_HEADER_LENGTH); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
485 BIO_write(rbio, data, n); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
486 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
487 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
488 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
489 "quic compat record len:%uz %*xs%*xs", |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
490 n + SSL3_RT_HEADER_LENGTH, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
491 (size_t) SSL3_RT_HEADER_LENGTH, out, n, data); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
492 #endif |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
493 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
494 } else { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
495 n = ngx_min(len, NGX_QUIC_COMPAT_RECORD_SIZE); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
496 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
497 p = ngx_cpymem(in, data, n); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
498 *p++ = SSL3_RT_HANDSHAKE; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
499 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
500 rec.payload.len = p - in; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
501 rec.payload.data = in; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
502 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
503 res.data = out; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
504 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
505 if (ngx_quic_compat_create_record(&rec, &res) != NGX_OK) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
506 return 0; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
507 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
508 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
509 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
510 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
511 "quic compat record len:%uz %xV", res.len, &res); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
512 #endif |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
513 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
514 BIO_write(rbio, res.data, res.len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
515 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
516 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
517 data += n; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
518 len -= n; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
519 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
520 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
521 return 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
522 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
523 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
524 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
525 static size_t |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
526 ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, u_char *out, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
527 ngx_uint_t plain) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
528 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
529 u_char type; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
530 size_t len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
531 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
532 len = rec->payload.len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
533 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
534 if (plain) { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
535 type = rec->type; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
536 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
537 } else { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
538 type = SSL3_RT_APPLICATION_DATA; |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9118
diff
changeset
|
539 len += NGX_QUIC_TAG_LEN; |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
540 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
541 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
542 out[0] = type; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
543 out[1] = 0x03; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
544 out[2] = 0x03; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
545 out[3] = (len >> 8); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
546 out[4] = len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
547 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
548 return 5; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
549 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
550 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
551 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
552 static ngx_int_t |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
553 ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
554 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
555 ngx_str_t ad, out; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
556 ngx_quic_secret_t *secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
557 ngx_quic_ciphers_t ciphers; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
558 u_char nonce[NGX_QUIC_IV_LEN]; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
559 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
560 ad.data = res->data; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
561 ad.len = ngx_quic_compat_create_header(rec, ad.data, 0); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
562 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9118
diff
changeset
|
563 out.len = rec->payload.len + NGX_QUIC_TAG_LEN; |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
564 out.data = res->data + ad.len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
565 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
566 #ifdef NGX_QUIC_DEBUG_CRYPTO |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
567 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, rec->log, 0, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
568 "quic compat ad len:%uz %xV", ad.len, &ad); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
569 #endif |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
570 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
571 if (ngx_quic_ciphers(rec->keys->cipher, &ciphers, rec->level) == NGX_ERROR) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
572 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
573 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
574 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
575 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
576 secret = &rec->keys->secret; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
577 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
578 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
579 ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
580 |
9171
f98636db77ef
QUIC: renamed protection functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9164
diff
changeset
|
581 if (ngx_quic_crypto_seal(ciphers.c, secret, &out, |
f98636db77ef
QUIC: renamed protection functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9164
diff
changeset
|
582 nonce, &rec->payload, &ad, rec->log) |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
583 != NGX_OK) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
584 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
585 return NGX_ERROR; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
586 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
587 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
588 res->len = ad.len + out.len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
589 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
590 return NGX_OK; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
591 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
592 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
593 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
594 int |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
595 SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
596 size_t params_len) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
597 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
598 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
599 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
600 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
601 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
602 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
603 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
604 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
605 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
606 com->tp.len = params_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
607 com->tp.data = (u_char *) params; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
608 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
609 return 1; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
610 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
611 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
612 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
613 void |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
614 SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
615 size_t *out_params_len) |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
616 { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
617 ngx_connection_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
618 ngx_quic_compat_t *com; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
619 ngx_quic_connection_t *qc; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
620 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
621 c = ngx_ssl_get_connection(ssl); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
622 qc = ngx_quic_get_connection(c); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
623 com = qc->compat; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
624 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
625 *out_params = com->ctp.data; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
626 *out_params_len = com->ctp.len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
627 } |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
628 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
629 #endif /* NGX_QUIC_OPENSSL_COMPAT */ |