# HG changeset patch # User Sergey Kandaurov # Date 1582884592 -10800 # Node ID 01dc595de244c012cf2e37fbf48d99d5512d65aa # Parent 7ee1ada04c8a822aa77c3464d5ad1faab7c2d945 Cleanup. diff -r 7ee1ada04c8a -r 01dc595de244 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Feb 26 16:56:47 2020 +0300 +++ b/src/event/ngx_event_openssl.c Fri Feb 28 13:09:52 2020 +0300 @@ -98,15 +98,11 @@ const uint8_t *write_secret, size_t secret_len) { u_char *name; - size_t *rlen, *wlen; - uint8_t **rsec, **wsec; + ngx_uint_t i; const EVP_MD *digest; -#ifdef OPENSSL_IS_BORINGSSL - const EVP_AEAD *evp; -#else - const EVP_CIPHER *evp; -#endif + const EVP_CIPHER *cipher; ngx_connection_t *c; + ngx_quic_secret_t *client, *server; c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); @@ -134,59 +130,29 @@ if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - evp = EVP_aead_aes_128_gcm(); -#else - evp = EVP_aes_128_gcm(); -#endif + cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - evp = EVP_aead_aes_256_gcm(); -#else - evp = EVP_aes_256_gcm(); -#endif + cipher = EVP_aes_256_gcm(); digest = EVP_sha384(); } else { + ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher"); return 0; } - ngx_str_t *client_key, *client_iv, *client_hp; - ngx_str_t *server_key, *server_iv, *server_hp; - switch (level) { case ssl_encryption_handshake: - rlen = &c->quic->client_hs.secret.len; - rsec = &c->quic->client_hs.secret.data; - wlen = &c->quic->server_hs.secret.len; - wsec = &c->quic->server_hs.secret.data; - - client_key = &c->quic->client_hs.key; - client_iv = &c->quic->client_hs.iv; - client_hp = &c->quic->client_hs.hp; - - server_key = &c->quic->server_hs.key; - server_iv = &c->quic->server_hs.iv; - server_hp = &c->quic->server_hs.hp; + client = &c->quic->client_hs; + server = &c->quic->server_hs; break; case ssl_encryption_application: - rlen = &c->quic->client_ad.secret.len; - rsec = &c->quic->client_ad.secret.data; - wlen = &c->quic->server_ad.secret.len; - wsec = &c->quic->server_ad.secret.data; - - client_key = &c->quic->client_ad.key; - client_iv = &c->quic->client_ad.iv; - client_hp = &c->quic->client_ad.hp; - - server_key = &c->quic->server_ad.key; - server_iv = &c->quic->server_ad.iv; - server_hp = &c->quic->server_ad.hp; + client = &c->quic->client_ad; + server = &c->quic->server_ad; break; @@ -194,70 +160,32 @@ return 0; } - *rlen = *wlen = secret_len; - - *rsec = ngx_pnalloc(c->pool, secret_len); - if (*rsec == NULL) { - return 0; - } - - ngx_memcpy(*rsec, read_secret, secret_len); - - *wsec = ngx_pnalloc(c->pool, secret_len); - if (*wsec == NULL) { - return 0; - } - - ngx_memcpy(*wsec, write_secret, secret_len); - -#ifdef OPENSSL_IS_BORINGSSL - client_key->len = EVP_AEAD_key_length(evp); - server_key->len = EVP_AEAD_key_length(evp); - - client_iv->len = EVP_AEAD_nonce_length(evp); - server_iv->len = EVP_AEAD_nonce_length(evp); - - client_hp->len = EVP_AEAD_key_length(evp); - server_hp->len = EVP_AEAD_key_length(evp); -#else - client_key->len = EVP_CIPHER_key_length(evp); - server_key->len = EVP_CIPHER_key_length(evp); - - client_iv->len = EVP_CIPHER_iv_length(evp); - server_iv->len = EVP_CIPHER_iv_length(evp); - - client_hp->len = EVP_CIPHER_key_length(evp); - server_hp->len = EVP_CIPHER_key_length(evp); -#endif - - ngx_str_t rss = { - .data = *rsec, - .len = *rlen - }; - - ngx_str_t wss = { - .data = *wsec, - .len = *wlen - }; + client->key.len = EVP_CIPHER_key_length(cipher); + server->key.len = EVP_CIPHER_key_length(cipher); + + client->iv.len = EVP_CIPHER_iv_length(cipher); + server->iv.len = EVP_CIPHER_iv_length(cipher); + + client->hp.len = EVP_CIPHER_key_length(cipher); + server->hp.len = EVP_CIPHER_key_length(cipher); struct { - ngx_str_t id; - ngx_str_t *in; - ngx_str_t *prk; + ngx_str_t label; + ngx_str_t *key; + const uint8_t *secret; } seq[] = { - { ngx_string("tls13 quic key"), client_key, &rss }, - { ngx_string("tls13 quic iv"), client_iv, &rss }, - { ngx_string("tls13 quic hp"), client_hp, &rss }, - { ngx_string("tls13 quic key"), server_key, &wss }, - { ngx_string("tls13 quic iv"), server_iv, &wss }, - { ngx_string("tls13 quic hp"), server_hp, &wss }, + { ngx_string("tls13 quic key"), &client->key, read_secret }, + { ngx_string("tls13 quic iv"), &client->iv, read_secret }, + { ngx_string("tls13 quic hp"), &client->hp, read_secret }, + { ngx_string("tls13 quic key"), &server->key, write_secret }, + { ngx_string("tls13 quic iv"), &server->iv, write_secret }, + { ngx_string("tls13 quic hp"), &server->hp, write_secret }, }; - ngx_uint_t i; - for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1) + if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label, + seq[i].secret, secret_len) != NGX_OK) { return 0; @@ -272,21 +200,21 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const uint8_t *data, size_t len) { - u_char buf[2048], *p, *name; + u_char *p, *pnp, *name, *nonce, *sample; ngx_int_t m; ngx_str_t in, out, ad; + static int pn; + const EVP_CIPHER *cipher; + ngx_connection_t *c; ngx_quic_secret_t *secret; - ngx_connection_t *c; ngx_quic_connection_t *qc; - const ngx_aead_cipher_t *cipher; - static int pn = 0; + u_char buf[2048], mask[16]; c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); + qc = c->quic; ngx_ssl_handshake_log(c); - qc = c->quic; - switch (level) { case ssl_encryption_initial: @@ -355,7 +283,7 @@ ngx_quic_build_int(&p, 0); // token length } ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl) - u_char *pnp = p; + pnp = p; if (level == ssl_encryption_initial) { *p++ = 0; // packet number 0 @@ -377,24 +305,16 @@ if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - cipher = EVP_aead_aes_128_gcm(); -#else cipher = EVP_aes_128_gcm(); -#endif } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - cipher = EVP_aead_aes_256_gcm(); -#else cipher = EVP_aes_256_gcm(); -#endif } else { return 0; } - uint8_t *nonce = ngx_pstrdup(c->pool, &secret->iv); + nonce = ngx_pstrdup(c->pool, &secret->iv); if (level == ssl_encryption_handshake) { nonce[11] ^= (pn - 1); } @@ -413,8 +333,7 @@ return 0; } - u_char *sample = &out.data[3]; // pnl=0 - uint8_t mask[16]; + sample = &out.data[3]; // pnl=0 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { return 0; } @@ -438,8 +357,6 @@ ad.data[0] ^= mask[0] & 0x0f; *pnp ^= mask[1]; -printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len); - u_char *packet = ngx_alloc(ad.len + out.len, c->log); if (packet == 0) { return 0; @@ -462,7 +379,12 @@ static int quic_flush_flight(ngx_ssl_conn_t *ssl_conn) { - printf("quic_flush_flight()\n"); + ngx_connection_t *c; + + c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); + + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic_flush_flight()"); + return 1; } @@ -471,7 +393,14 @@ quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, uint8_t alert) { - printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert); + ngx_connection_t *c; + + c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); + + ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, + "quic_send_alert(), lvl=%d, alert=%d", + (int) level, (int) alert); + return 1; } @@ -1865,7 +1794,6 @@ #if NGX_OPENSSL_QUIC SSL_CTX_set_quic_method(ssl->ctx, &quic_method); -printf("%s\n", __func__); return NGX_OK; #else diff -r 7ee1ada04c8a -r 01dc595de244 src/event/ngx_event_quic.c --- a/src/event/ngx_event_quic.c Wed Feb 26 16:56:47 2020 +0300 +++ b/src/event/ngx_event_quic.c Fri Feb 28 13:09:52 2020 +0300 @@ -121,11 +121,11 @@ ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out, - ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender) + ngx_str_t *label, const uint8_t *prk, size_t prk_len) { uint8_t *p; - size_t hkdfl_len; - uint8_t hkdfl[20]; + size_t info_len; + uint8_t info[20]; #if (NGX_DEBUG) u_char buf[512]; @@ -137,38 +137,31 @@ return NGX_ERROR; } - hkdfl_len = 2 + 1 + name->len + 1; - - if (sender) { - hkdfl[0] = out->len / 256; - hkdfl[1] = out->len % 256; + info_len = 2 + 1 + label->len + 1; - } else { - hkdfl[0] = 0; - hkdfl[1] = out->len; - } - - hkdfl[2] = name->len; - p = ngx_cpymem(&hkdfl[3], name->data, name->len); + info[0] = 0; + info[1] = out->len; + info[2] = label->len; + p = ngx_cpymem(&info[3], label->data, label->len); *p = '\0'; if (ngx_hkdf_expand(out->data, out->len, digest, - prk->data, prk->len, hkdfl, hkdfl_len) + prk, prk_len, info, info_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, c->log, 0, - "ngx_hkdf_expand(%V) failed", name); + "ngx_hkdf_expand(%V) failed", label); return NGX_ERROR; } if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { + m = ngx_hex_dump(buf, info, info_len) - buf; + ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, + "%V info: %*s, len: %uz", label, m, buf, info_len); + m = ngx_hex_dump(buf, out->data, out->len) - buf; ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, - "%V: %*s, len: %uz", name, m, buf, out->len); - - m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; - ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, - "%V hkdf: %*s, len: %uz", name, m, buf, hkdfl_len); + "%V key: %*s, len: %uz", label, m, buf, out->len); } return NGX_OK; @@ -177,7 +170,7 @@ ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, - const u_char *prk, size_t prk_len, const u_char *info, size_t info_len) + const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) { #ifdef OPENSSL_IS_BORINGSSL if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) @@ -222,7 +215,7 @@ ngx_int_t -ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher, +ngx_quic_tls_open(ngx_connection_t *c, const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad) { @@ -232,7 +225,7 @@ return NGX_ERROR; } -#ifdef OPENSSL_IS_BORINGSSL +#ifdef OPENSSL_IS_BORINGSSLL EVP_AEAD_CTX *ctx; ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, @@ -327,7 +320,7 @@ ngx_int_t -ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher, +ngx_quic_tls_seal(ngx_connection_t *c, const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad) { @@ -337,7 +330,7 @@ return NGX_ERROR; } -#ifdef OPENSSL_IS_BORINGSSL +#ifdef OPENSSL_IS_BORINGSSLL EVP_AEAD_CTX *ctx; ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, diff -r 7ee1ada04c8a -r 01dc595de244 src/event/ngx_event_quic.h --- a/src/event/ngx_event_quic.h Wed Feb 26 16:56:47 2020 +0300 +++ b/src/event/ngx_event_quic.h Fri Feb 28 13:09:52 2020 +0300 @@ -11,15 +11,6 @@ #include -#ifdef OPENSSL_IS_BORINGSSL -#define ngx_aead_cipher_t EVP_AEAD -#define NGX_QUIC_INITIAL_CIPHER EVP_aead_aes_128_gcm() -#else -#define ngx_aead_cipher_t EVP_CIPHER -#define NGX_QUIC_INITIAL_CIPHER EVP_aes_128_gcm() -#endif - - typedef struct { ngx_str_t secret; ngx_str_t key; @@ -54,13 +45,13 @@ const u_char *info, size_t info_len); ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, - ngx_str_t *out, ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender); + ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); ngx_int_t ngx_quic_tls_open(ngx_connection_t *c, - const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out, + const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad); ngx_int_t ngx_quic_tls_seal(ngx_connection_t *c, - const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out, + const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad); ngx_int_t diff -r 7ee1ada04c8a -r 01dc595de244 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Wed Feb 26 16:56:47 2020 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Fri Feb 28 13:09:52 2020 +0300 @@ -706,7 +706,6 @@ } } -printf("ngx_ssl_create\n"); if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { return NGX_CONF_ERROR; } @@ -1156,7 +1155,6 @@ addr = port[p].addrs.elts; for (a = 0; a < port[p].addrs.nelts; a++) { -printf("ssl %d http3 %d\n", addr[a].opt.ssl, addr[a].opt.http3); if (!addr[a].opt.ssl && !addr[a].opt.http3) { continue; @@ -1164,7 +1162,6 @@ cscf = addr[a].default_server; sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; -printf("sscf->protocols %lx\n", sscf->protocols); if (sscf->certificates == NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, diff -r 7ee1ada04c8a -r 01dc595de244 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Wed Feb 26 16:56:47 2020 +0300 +++ b/src/http/ngx_http_request.c Fri Feb 28 13:09:52 2020 +0300 @@ -678,16 +678,6 @@ hc = c->data; b = c->buffer; - qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); - if (qc == NULL) { - ngx_http_close_connection(c); - return; - } - - c->quic = qc; - - printf("buffer %p %p:%p:%p:%p \n", b, b->start, b->pos, b->last, b->end); - if ((b->pos[0] & 0xf0) != 0xc0) { ngx_log_error(NGX_LOG_INFO, rev->log, 0, "invalid initial packet"); ngx_http_close_connection(c); @@ -713,6 +703,14 @@ return; } + qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t)); + if (qc == NULL) { + ngx_http_close_connection(c); + return; + } + + c->quic = qc; + qc->dcid.len = *b->pos++; qc->dcid.data = ngx_pnalloc(c->pool, qc->dcid.len); if (qc->dcid.data == NULL) { @@ -787,14 +785,14 @@ uint8_t is[SHA256_DIGEST_LENGTH]; ngx_uint_t i; const EVP_MD *digest; - const ngx_aead_cipher_t *cipher; + const EVP_CIPHER *cipher; static const uint8_t salt[20] = "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ - cipher = NGX_QUIC_INITIAL_CIPHER; + cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len, @@ -826,16 +824,6 @@ qc->client_in.secret.len = SHA256_DIGEST_LENGTH; qc->server_in.secret.len = SHA256_DIGEST_LENGTH; -#ifdef OPENSSL_IS_BORINGSSL - qc->client_in.key.len = EVP_AEAD_key_length(cipher); - qc->server_in.key.len = EVP_AEAD_key_length(cipher); - - qc->client_in.hp.len = EVP_AEAD_key_length(cipher); - qc->server_in.hp.len = EVP_AEAD_key_length(cipher); - - qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher); - qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher); -#else qc->client_in.key.len = EVP_CIPHER_key_length(cipher); qc->server_in.key.len = EVP_CIPHER_key_length(cipher); @@ -844,19 +832,10 @@ qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher); qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher); -#endif - -#ifdef OPENSSL_IS_BORINGSSL - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, - "quic EVP key:%d tag:%d nonce:%d", - EVP_AEAD_key_length(cipher), - EVP_AEAD_max_tag_len(cipher), - EVP_AEAD_nonce_length(cipher)); -#endif struct { - ngx_str_t id; - ngx_str_t *in; + ngx_str_t label; + ngx_str_t *key; ngx_str_t *prk; } seq[] = { @@ -894,14 +873,15 @@ /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ ngx_string("tls13 quic hp"), &qc->server_in.hp, - &qc->server_in.secret + &qc->server_in.secret, }, }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 0) + if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label, + seq[i].prk->data, seq[i].prk->len) != NGX_OK) { ngx_http_close_connection(c); @@ -973,7 +953,8 @@ ngx_str_t out; - if (ngx_quic_tls_open(c, cipher, &qc->client_in, &out, nonce, &in, &ad) + if (ngx_quic_tls_open(c, EVP_aes_128_gcm(), &qc->client_in, &out, nonce, + &in, &ad) != NGX_OK) { ngx_http_close_connection(c); @@ -1090,7 +1071,9 @@ { size_t m; ssize_t n; + ngx_str_t out; ngx_connection_t *c; + const EVP_CIPHER *cipher; ngx_quic_connection_t *qc; u_char buf[4096], b[512], *p; @@ -1249,8 +1232,6 @@ } #endif - const ngx_aead_cipher_t *cipher; - u_char *name = (u_char *) SSL_get_cipher(c->ssl->connection); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic ssl cipher: %s", name); @@ -1258,18 +1239,10 @@ if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - cipher = EVP_aead_aes_128_gcm(); -#else cipher = EVP_aes_128_gcm(); -#endif } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { -#ifdef OPENSSL_IS_BORINGSSL - cipher = EVP_aead_aes_256_gcm(); -#else cipher = EVP_aes_256_gcm(); -#endif } else { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "unexpected cipher"); @@ -1277,8 +1250,6 @@ return; } - ngx_str_t out; - if (ngx_quic_tls_open(c, cipher, &qc->client_hs, &out, nonce, &in, &ad) != NGX_OK) {