Compatibility with BoringSSL master branch.

Recently BoringSSL introduced SSL_set_quic_early_data_context() that serves as an additional constrain to enable 0-RTT in QUIC. Relevant changes: * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/ * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
author: Sergey Kandaurov <pluknet@nginx.com> 2020-06-01 19:53:13 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2020-06-01 19:53:13 +0300
commit: 0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5 (patch)
tree: 41c8f85d9aa4213b1e8581e93c4391636cc79719 /src
parent: 59782257222b7a08cace201456cf2886b2a98067 (diff)
download: nginx-0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5.tar.gz
nginx-0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5.zip
3 files changed, 25 insertions, 11 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index cd5b530c9..2b226a3eb 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -1040,6 +1040,7 @@ static ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
     u_char                 *p;
+    size_t                  clen;
     ssize_t                 len;
     ngx_ssl_conn_t         *ssl_conn;
     ngx_quic_connection_t  *qc;
@@ -1064,7 +1065,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
     }
 #endif
 
-    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp);
+    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
     /* always succeeds */
 
     p = ngx_pnalloc(c->pool, len);
@@ -1072,7 +1073,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
-    len = ngx_quic_create_transport_params(p, p + len, &qc->tp);
+    len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
     if (len < 0) {
         return NGX_ERROR;
     }
@@ -1087,6 +1088,14 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
+#if NGX_OPENSSL_QUIC_ZRTT_CTX
+    if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic SSL_set_quic_early_data_context() failed");
+        return NGX_ERROR;
+    }
+#endif
+
     qc->max_streams = qc->tp.initial_max_streams_bidi;
     qc->state = ssl_encryption_handshake;
 
diff --git a/src/event/ngx_event_quic_transport.c b/src/event/ngx_event_quic_transport.c
index 3b64aef6d..e056e23de 100644
--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@@ -1616,7 +1616,8 @@ ngx_quic_create_max_data(u_char *p, ngx_quic_max_data_frame_t *md)
 
 
 ssize_t
-ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
+ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp,
+    size_t *clen)
 {
     u_char  *p;
     size_t   len;
@@ -1647,10 +1648,7 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
 
     p = pos;
 
-    len = ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                          tp->active_connection_id_limit);
-
-    len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA,tp->initial_max_data);
+    len = ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_DATA, tp->initial_max_data);
 
     len += ngx_quic_tp_len(NGX_QUIC_TP_INITIAL_MAX_STREAMS_UNI,
                            tp->initial_max_streams_uni);
@@ -1670,6 +1668,13 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
     len += ngx_quic_tp_len(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                            tp->max_idle_timeout);
 
+    if (clen) {
+        *clen = len;
+    }
+
+    len += ngx_quic_tp_len(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                           tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
     len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
     len += ngx_quic_tp_strlen(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
@@ -1687,9 +1692,6 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
         return len;
     }
 
-    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
-                     tp->active_connection_id_limit);
-
     ngx_quic_tp_vint(NGX_QUIC_TP_INITIAL_MAX_DATA,
                      tp->initial_max_data);
 
@@ -1711,6 +1713,9 @@ ngx_quic_create_transport_params(u_char *pos, u_char *end, ngx_quic_tp_t *tp)
     ngx_quic_tp_vint(NGX_QUIC_TP_MAX_IDLE_TIMEOUT,
                      tp->max_idle_timeout);
 
+    ngx_quic_tp_vint(NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT,
+                     tp->active_connection_id_limit);
+
 #if (NGX_QUIC_DRAFT_VERSION >= 28)
     ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
     ngx_quic_tp_str(NGX_QUIC_TP_INITIAL_SCID, tp->initial_scid);
diff --git a/src/event/ngx_event_quic_transport.h b/src/event/ngx_event_quic_transport.h
index 322fc78cf..e70317177 100644
--- a/src/event/ngx_event_quic_transport.h
+++ b/src/event/ngx_event_quic_transport.h
@@ -335,6 +335,6 @@ ssize_t ngx_quic_parse_ack_range(ngx_quic_header_t *pkt, u_char *start,
 ngx_int_t ngx_quic_parse_transport_params(u_char *p, u_char *end,
     ngx_quic_tp_t *tp, ngx_log_t *log);
 ssize_t ngx_quic_create_transport_params(u_char *p, u_char *end,
-    ngx_quic_tp_t *tp);
+    ngx_quic_tp_t *tp, size_t *clen);
 
 #endif /* _NGX_EVENT_QUIC_WIRE_H_INCLUDED_ */
author	Sergey Kandaurov <pluknet@nginx.com>	2020-06-01 19:53:13 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2020-06-01 19:53:13 +0300
commit	0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5 (patch)
tree	41c8f85d9aa4213b1e8581e93c4391636cc79719 /src
parent	59782257222b7a08cace201456cf2886b2a98067 (diff)
download	nginx-0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5.tar.gz nginx-0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5.zip