Compatibility with BoringSSL master branch.

Recently BoringSSL introduced SSL_set_quic_early_data_context() that serves as an additional constrain to enable 0-RTT in QUIC. Relevant changes: * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/ * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
2025-02-25 18:55:26 -06:00 · 2020-06-01 19:53:13 +03:00 · 2020-06-01 19:53:13 +03:00 · 0a11fdbb28
commit 0a11fdbb28
parent 5978225722
4 changed files with 37 additions and 11 deletions
--- a/auto/lib/openssl/conf
+++ b/auto/lib/openssl/conf
@ -167,3 +167,15 @@ END
    fi

 fi
+
+
+if [ $USE_OPENSSL_QUIC = YES ]; then
+    ngx_feature="OpenSSL QUIC 0-RTT context"
+    ngx_feature_name="NGX_OPENSSL_QUIC_ZRTT_CTX"
+    ngx_feature_run=no
+    ngx_feature_incs="#include <openssl/ssl.h>"
+    ngx_feature_path=
+    ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD"
+    ngx_feature_test="SSL_set_quic_early_data_context(NULL, NULL, 0)"
+    . auto/feature
+fi
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@ -1040,6 +1040,7 @@ static ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
    u_char                 *p;
+    size_t                  clen;
    ssize_t                 len;
    ngx_ssl_conn_t         *ssl_conn;
    ngx_quic_connection_t  *qc;
@ -1064,7 +1065,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
    }
 #endif

-    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp);
+    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
    /* always succeeds */

    p = ngx_pnalloc(c->pool, len);
@ -1072,7 +1073,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
        return NGX_ERROR;
    }

-    len = ngx_quic_create_transport_params(p, p + len, &qc->tp);
+    len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
    if (len < 0) {
        return NGX_ERROR;
    }
@ -1087,6 +1088,14 @@ ngx_quic_init_connection(ngx_connection_t *c)
        return NGX_ERROR;
    }

+#if NGX_OPENSSL_QUIC_ZRTT_CTX
+    if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic SSL_set_quic_early_data_context() failed");
+        return NGX_ERROR;
+    }
+#endif
+
    qc->max_streams = qc->tp.initial_max_streams_bidi;
    qc->state = ssl_encryption_handshake;

--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@ -1616,7 +1616,8 @@ ngx_quic_create_max_data(u_char *p, ngx_quic_max_data_frame_t *md)


 ssize_t
-ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
+ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp,
+    size_t *clen)
 {
    u_char  *p;
    size_t   len;
@ -1647,10 +1648,7 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)

    p = pos;

-    len = ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                          tp->active_connection_id_limit);
-
-    len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA,tp->initial_max_data);
+    len = ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA, tp->initial_max_data);

    len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_STREAMS_UNI,
                           tp->initial_max_streams_uni);
@ -1670,6 +1668,13 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
    len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                           tp->max_idle_timeout);

+    if (clen) {
+        *clen = len;
+    }
+
+    len += ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                           tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
    len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
    len += ngx_quic_tp_strlen(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
@ -1687,9 +1692,6 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
        return len;
    }

-    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                     tp->active_connection_id_limit);
-
    ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA,
                     tp->initial_max_data);

@ -1711,6 +1713,9 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
    ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                     tp->max_idle_timeout);

+    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                     tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
    ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
    ngx_quic_tp_str(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
--- a/src/event/ngx_event_quic_transport.h
+++ b/src/event/ngx_event_quic_transport.h
@ -335,6 +335,6 @@ ssize_t ngx_quic_parse_ack_range(ngx_quic_header_t *pkt, u_char *start,
 ngx_int_t ngx_quic_parse_transport_params(u_char *p, u_char *end,
    ngx_quic_tp_t *tp, ngx_log_t *log);
 ssize_t ngx_quic_create_transport_params(u_char *p, u_char *end,
-    ngx_quic_tp_t *tp);
+    ngx_quic_tp_t *tp, size_t *clen);

 #endif /* _NGX_EVENT_QUIC_WIRE_H_INCLUDED_ */