nginx.git - nginx

Age	Commit message (Collapse)	Author	Files	Lines
2020-03-16	Fixed a typo with OpenSSL.	Vladimir Homutov	1	-1/+1

2020-03-16	Split transport and crypto parts into separate files.	Vladimir Homutov	4	-1218/+1202
	New files: src/event/ngx_event_quic_protection.h src/event/ngx_event_quic_protection.c The protection.h header provides interface to the crypto part of the QUIC: 2 functions to initialize corresponding secrets: ngx_quic_set_initial_secret() ngx_quic_set_encryption_secret() and 2 functions to deal with packet processing: ngx_quic_encrypt() ngx_quic_decrypt() Also, structures representing secrets are defined there. All functions require SSL connection and a pool, only crypto operations inside, no access to nginx connections or events. Currently pool->log is used for the logging (instead of original c->log).
2020-03-16	Added processing of CONNECTION CLOSE frames.	Vladimir Homutov	1	-5/+71
	Contents is parsed and debug is output. No actions are taken.
2020-03-14	Fixed header protection application with pn length > 1.	Sergey Kandaurov	1	-1/+4

2020-03-13	Fixed sanitizer errors.	Roman Arutyunyan	1	-4/+5

2020-03-13	Added check for initialized c->ssl before calling SSL shutdown.	Vladimir Homutov	1	-1/+3

2020-03-13	HTTP/3.	Roman Arutyunyan	3	-4/+56

2020-03-13	Fixed infinite loop in ngx_quic_stream_send_chain().	Roman Arutyunyan	1	-3/+1

2020-03-13	Implemented tracking offset in STREAM frames.	Roman Arutyunyan	1	-2/+4

2020-03-13	Implemented ngx_quic_stream_send_chain() method.	Roman Arutyunyan	1	-1/+35
	- just call send in a loop
2020-03-13	Stream "connection" read/write methods.	Vladimir Homutov	1	-9/+225

2020-03-12	Removed hardcoded CRYPTO and ACK frame sizes.	Vladimir Homutov	1	-2/+18

2020-03-12	HTTP/QUIC interface reworked.	Vladimir Homutov	2	-9/+273
	- events handling moved into src/event/ngx_event_quic.c - http invokes once ngx_quic_run() and passes stream callback (diff to original http_request.c is now minimal) - streams are stored in rbtree using ID as a key - when a new stream is registered, appropriate callback is called - ngx_quic_stream_t type represents STREAM and stored in c->qs
2020-03-11	Initial parsing of STREAM frames.	Vladimir Homutov	1	-1/+68

2020-03-12	Added support of multiple QUIC packets in single datagram.	Vladimir Homutov	1	-99/+170
	- now NEW_CONNECTION_ID frames can be received and parsed The packet structure is created in ngx_quic_input() and passed to all handlers (initial, handshake and application data). The UDP datagram buffer is saved as pkt->raw; The QUIC packet is stored as pkt->data and pkt->len (instead of pkt->buf) (pkt->len is adjusted after parsing headers to actual length) The pkt->pos is removed, pkt->raw->pos is used instead.
2020-03-11	Added more transport parameters.	Vladimir Homutov	1	-3/+10
	Needed for client to start sending streams.
2020-03-11	Compatibility with BoringSSL revised QUIC encryption secret APIs.	Sergey Kandaurov	1	-0/+147
	See for details: https://boringssl.googlesource.com/boringssl/+/1e85905%5E!/
2020-03-10	Chacha20 header protection support with BoringSSL.	Sergey Kandaurov	2	-1/+15
	BoringSSL lacks EVP for Chacha20. Here we use CRYPTO_chacha_20() instead.
2020-03-10	ChaCha20 / Poly1305 initial support.	Sergey Kandaurov	1	-0/+14

2020-03-10	Using SSL cipher suite id to obtain cipher/digest, part 2.	Sergey Kandaurov	1	-107/+114
	Ciphers negotiation handling refactored into ngx_quic_ciphers().
2020-03-10	Fixed nonce in short packet protection.	Sergey Kandaurov	1	-1/+3

2020-03-10	Generic payload handler for quic packets.	Vladimir Homutov	1	-184/+367
	- added basic parsing of ACK, PING and PADDING frames on input - added preliminary parsing of SHORT headers The ngx_quic_output() is now called after processing of each input packet. Frames are added into output queue according to their level: inital packets go ahead of handshake and application data, so they can be merged properly. The payload handler is called from both new, handshake and applicataion data handlers (latter is a stub).
2020-03-05	Fixed header protection with negotiated cipher suite.	Sergey Kandaurov	1	-29/+33

2020-03-05	Initial packets are protected with AEAD_AES_128_GCM.	Sergey Kandaurov	1	-9/+14

2020-03-05	Fixed write secret logging in set_encryption_secrets callback.	Sergey Kandaurov	1	-1/+1

2020-03-05	Fixed format specifiers.	Vladimir Homutov	1	-2/+2

2020-03-05	Style.	Vladimir Homutov	1	-8/+10

2020-03-05	Added functions to decrypt long packets.	Vladimir Homutov	1	-179/+264

2020-03-05	Fixed ngx_quic_varint_len misuse in the previous change.	Sergey Kandaurov	1	-1/+1

2020-03-04	Macro for calculating size of varint.	Vladimir Homutov	1	-6/+3

2020-03-05	Fixed packet "input" debug log message.	Sergey Kandaurov	1	-1/+1

2020-03-05	Using SSL cipher suite id to obtain cipher/digest, part 1.	Sergey Kandaurov	1	-33/+32
	While here, log the negotiated cipher just once, - after handshake.
2020-03-05	Using cached ssl_conn in ngx_quic_handshake_input(), NFC.	Sergey Kandaurov	1	-10/+11

2020-03-04	Adjusted transport parameters stub for active_connection_id_limit.	Sergey Kandaurov	1	-1/+2
	As was objserved with ngtcp2 client, Finished CRYPTO frame within Handshake packet may not be sent for some reason if there's nothing to append on 1-RTT. This results in unnecessary retransmit. To avoid this edge case, a non-zero active_connection_id_limit transport parameter is now used to append datagram with NEW_CONNECTION_ID 1-RTT frames.
2020-03-04	Implemented improved version of quic_output().	Vladimir Homutov	1	-95/+276
	Now handshake generates frames, and they are queued in c->quic->frames. The ngx_quic_output() is called from ngx_quic_flush_flight() or manually, processes the queue and encrypts all frames according to required encryption level.
2020-03-03	QUIC handshake final bits.	Sergey Kandaurov	1	-9/+207
	Added handling of client Finished, both feeding and acknowledgement. This includes sending NST in 1-RTT triggered by a handshake process.
2020-03-03	Split frame and packet generation into separate steps.	Vladimir Homutov	1	-90/+181
	While there, a number of QUIC constants from spec defined and magic numbers were replaced.
2020-03-02	Aded the "ngx_quic_hexdump" macro.	Vladimir Homutov	1	-176/+69
	ngx_quic_hexdump0(log, format, buffer, buffer_size); - logs hexdump of buffer to specified error log ngx_quic_hexdump0(c->log, "this is foo:", foo.data, foo.len); ngx_quic_hexdump(log, format, buffer, buffer_size, ...) - same as hexdump0, but more format/args possible: ngx_quic_hexdump(c->log, "a=%d b=%d, foo is:", foo.data, foo.len, a, b);
2020-02-28	Moved all QUIC code into ngx_event_quic.c	Vladimir Homutov	3	-420/+1039
	Introduced ngx_quic_input() and ngx_quic_output() as interface between nginx and protocol. They are the only functions that are exported. While there, added copyrights.
2020-02-28	Introduced quic_version macro, uint16/uint32 routines ported.	Sergey Kandaurov	2	-4/+44

2020-02-28	Cleanup.	Sergey Kandaurov	3	-160/+72

2020-02-26	Generic function for HKDF expansion.	Vladimir Homutov	3	-218/+97

2020-02-28	QUIC header protection routines, introduced ngx_quic_tls_hp().	Sergey Kandaurov	3	-18/+38

2020-02-28	AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().	Sergey Kandaurov	3	-133/+257

2020-02-28	Introduced ngx_quic_secret_t.	Sergey Kandaurov	2	-59/+44

2020-02-28	QUIC handshake handler, draft 24 bump.	Sergey Kandaurov	1	-1/+1

2020-02-28	PN-aware AEAD nonce, feeding proper CRYPTO length.	Sergey Kandaurov	1	-13/+41

2020-02-28	OpenSSL compatibility.	Sergey Kandaurov	4	-80/+465

2020-02-28	QUIC add_handshake_data callback, varint routines.	Sergey Kandaurov	2	-5/+150

2020-02-28	QUIC set_encryption_secrets callback.	Sergey Kandaurov	2	-19/+230