summaryrefslogtreecommitdiffhomepage
path: root/src/event
diff options
context:
space:
mode:
Diffstat (limited to 'src/event')
-rw-r--r--src/event/ngx_event_openssl.c143
-rw-r--r--src/event/ngx_event_openssl.h3
-rw-r--r--src/event/ngx_event_quic.h31
3 files changed, 177 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 91b415caa..baf28ecfd 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -89,6 +89,126 @@ static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static void ngx_openssl_exit(ngx_cycle_t *cycle);
+#if NGX_OPENSSL_QUIC
+
+static int
+quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
+ enum ssl_encryption_level_t level, const uint8_t *read_secret,
+ const uint8_t *write_secret, size_t secret_len)
+{
+ size_t *len;
+ uint8_t **rsec, **wsec;
+ ngx_connection_t *c;
+
+ c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+
+ ngx_ssl_handshake_log(c);
+
+#if (NGX_DEBUG)
+ if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
+ u_char buf[64];
+ size_t m;
+
+ m = ngx_hex_dump(buf, (u_char *) read_secret, secret_len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "set_encryption_secrets: %*s, len: %uz, level:%d",
+ m, buf, secret_len, (int) level);
+
+ m = ngx_hex_dump(buf, (u_char *) write_secret, secret_len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "set_encryption_secrets: %*s, len: %uz, level:%d",
+ m, buf, secret_len, (int) level);
+ }
+#endif
+
+ switch (level) {
+
+ case ssl_encryption_handshake:
+ len = &c->quic->handshake_secret_len;
+ rsec = &c->quic->handshake_read_secret;
+ wsec = &c->quic->handshake_write_secret;
+ break;
+
+ case ssl_encryption_application:
+ len = &c->quic->application_secret_len;
+ rsec = &c->quic->application_read_secret;
+ wsec = &c->quic->application_write_secret;
+ break;
+
+ default:
+ return 0;
+ }
+
+ *len = secret_len;
+
+ *rsec = ngx_pnalloc(c->pool, secret_len);
+ if (*rsec == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*rsec, read_secret, secret_len);
+
+ *wsec = ngx_pnalloc(c->pool, secret_len);
+ if (*wsec == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*wsec, write_secret, secret_len);
+
+ return 1;
+}
+
+
+static int
+quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
+ enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
+{
+ u_char buf[512];
+ ngx_int_t m;
+ ngx_connection_t *c;
+
+ c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+
+ m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 256)) - buf;
+ ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic_add_handshake_data: %*s%s, len: %uz, level:%d",
+ m, buf, len < 512 ? "" : "...", len, (int) level);
+
+ if (!(SSL_provide_quic_data(ssl_conn, level, data, len))) {
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
+
+ return 1;
+}
+
+
+static int
+quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
+{
+ printf("quic_flush_flight()\n");
+ return 1;
+}
+
+
+static int
+quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
+ uint8_t alert)
+{
+ printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert);
+ return 1;
+}
+
+
+static SSL_QUIC_METHOD quic_method = {
+ quic_set_encryption_secrets,
+ quic_add_handshake_data,
+ quic_flush_flight,
+ quic_send_alert,
+};
+
+#endif
+
static ngx_command_t ngx_openssl_commands[] = {
@@ -1460,6 +1580,29 @@ ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
ngx_int_t
+ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
+{
+ if (!enable) {
+ return NGX_OK;
+ }
+
+#if NGX_OPENSSL_QUIC
+
+ SSL_CTX_set_quic_method(ssl->ctx, &quic_method);
+printf("%s\n", __func__);
+ return NGX_OK;
+
+#else
+
+ ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
+ "\"ssl_quic\" is not supported on this platform");
+ return NGX_ERROR;
+
+#endif
+}
+
+
+ngx_int_t
ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
{
if (!enable) {
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 61da0c5db..c6124275f 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -14,6 +14,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#include <openssl/aes.h>
#include <openssl/bn.h>
#include <openssl/conf.h>
#include <openssl/crypto.h>
@@ -22,6 +23,7 @@
#include <openssl/engine.h>
#endif
#include <openssl/evp.h>
+#include <openssl/hkdf.h>
#include <openssl/hmac.h>
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
@@ -189,6 +191,7 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_uint_t enable);
+ngx_int_t ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable);
ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_uint_t enable);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
new file mode 100644
index 000000000..6b7d32427
--- /dev/null
+++ b/src/event/ngx_event_quic.h
@@ -0,0 +1,31 @@
+
+/*
+ *
+ */
+
+
+#ifndef _NGX_EVENT_QUIC_H_INCLUDED_
+#define _NGX_EVENT_QUIC_H_INCLUDED_
+
+
+struct ngx_quic_connection_s {
+ ngx_str_t scid;
+ ngx_str_t dcid;
+ ngx_str_t token;
+
+ ngx_str_t client_in;
+ ngx_str_t client_in_key;
+ ngx_str_t client_in_iv;
+ ngx_str_t client_in_hp;
+
+ size_t handshake_secret_len;
+ uint8_t *handshake_read_secret;
+ uint8_t *handshake_write_secret;
+
+ size_t application_secret_len;
+ uint8_t *application_read_secret;
+ uint8_t *application_write_secret;
+};
+
+
+#endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
generated by cgit (git 2.34.1) at 2025-12-30 08:32:26 +0000