Unity-Technologies
/
curl
зеркало из https://github.com/Unity-Technologies/curl.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

ngtcp2: support boringssl crypto backend 

Closes #8789
This commit is contained in:
vvb2060 on github 2022-05-04 05:14:38 +08:00 коммит произвёл Daniel Stenberg
Родитель 6fcd3e6f51
Коммит adde9f0e8c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 5CC908FDB71E12C2
1 изменённых файлов: 73 добавлений и 2 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

75
lib/vquic/ngtcp2.c
Просмотреть файл

@ -28,7 +28,11 @@
#include <nghttp3/nghttp3.h> #include <nghttp3/nghttp3.h>
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
#include <openssl/err.h> #include <openssl/err.h>
#ifdef OPENSSL_IS_BORINGSSL
#include <ngtcp2/ngtcp2_crypto_boringssl.h>
#else
#include <ngtcp2/ngtcp2_crypto_openssl.h> #include <ngtcp2/ngtcp2_crypto_openssl.h>
#endif
#include "vtls/openssl.h" #include "vtls/openssl.h"
#elif defined(USE_GNUTLS) #elif defined(USE_GNUTLS)
#include <ngtcp2/ngtcp2_crypto_gnutls.h> #include <ngtcp2/ngtcp2_crypto_gnutls.h>
@ -207,6 +211,58 @@ static int write_client_handshake(struct quicsocket *qs,
} }
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
#ifdef OPENSSL_IS_BORINGSSL
static int quic_set_read_secret(SSL *ssl,
enum ssl_encryption_level_t ssl_level,
const SSL_CIPHER *cipher UNUSED_PARAM,
const uint8_t *secret,
size_t secretlen)
{
struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl);
ngtcp2_crypto_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level);
if(ngtcp2_crypto_derive_and_install_rx_key(
qs->qconn, NULL, NULL, NULL, level, secret, secretlen) != 0)
return 0;
if(level == NGTCP2_CRYPTO_LEVEL_APPLICATION) {
if(init_ngh3_conn(qs) != CURLE_OK)
return 0;
}
return 1;
}
static int quic_set_write_secret(SSL *ssl,
enum ssl_encryption_level_t ssl_level,
const SSL_CIPHER *cipher UNUSED_PARAM,
const uint8_t *secret,
size_t secretlen)
{
struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl);
ngtcp2_crypto_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level);
if(ngtcp2_crypto_derive_and_install_tx_key(
qs->qconn, NULL, NULL, NULL, level, secret, secretlen) != 0)
return 0;
return 1;
}
static int quic_add_handshake_data(SSL *ssl,
enum ssl_encryption_level_t ssl_level,
const uint8_t *data,
size_t len)
{
struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl);
ngtcp2_crypto_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(ssl_level);
return write_client_handshake(qs, level, data, len);
}
#else
static int quic_set_encryption_secrets(SSL *ssl, static int quic_set_encryption_secrets(SSL *ssl,
OSSL_ENCRYPTION_LEVEL ossl_level, OSSL_ENCRYPTION_LEVEL ossl_level,
const uint8_t *rx_secret, const uint8_t *rx_secret,
@ -214,7 +270,8 @@ static int quic_set_encryption_secrets(SSL *ssl,
size_t secretlen) size_t secretlen)
{ {
struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl); struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl);
int level = ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level); ngtcp2_crypto_level level =
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
if(ngtcp2_crypto_derive_and_install_rx_key( if(ngtcp2_crypto_derive_and_install_rx_key(
qs->qconn, NULL, NULL, NULL, level, rx_secret, secretlen) != 0) qs->qconn, NULL, NULL, NULL, level, rx_secret, secretlen) != 0)
@ -241,6 +298,7 @@ static int quic_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
return write_client_handshake(qs, level, data, len); return write_client_handshake(qs, level, data, len);
} }
#endif
static int quic_flush_flight(SSL *ssl) static int quic_flush_flight(SSL *ssl)
{ {
@ -258,7 +316,13 @@ static int quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level,
return 1; return 1;
} }
static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets, static SSL_QUIC_METHOD quic_method = {
#ifdef OPENSSL_IS_BORINGSSL
quic_set_read_secret,
quic_set_write_secret,
#else
quic_set_encryption_secrets,
#endif
quic_add_handshake_data, quic_add_handshake_data,
quic_flush_flight, quic_send_alert}; quic_flush_flight, quic_send_alert};
@ -272,6 +336,12 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
SSL_CTX_set_default_verify_paths(ssl_ctx); SSL_CTX_set_default_verify_paths(ssl_ctx);
#ifdef OPENSSL_IS_BORINGSSL
if(SSL_CTX_set1_curves_list(ssl_ctx, QUIC_GROUPS) != 1) {
failf(data, "SSL_CTX_set1_curves_list failed");
return NULL;
}
#else
if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) { if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) {
char error_buffer[256]; char error_buffer[256];
ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
@ -283,6 +353,7 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
failf(data, "SSL_CTX_set1_groups_list failed"); failf(data, "SSL_CTX_set1_groups_list failed");
return NULL; return NULL;
} }
#endif
SSL_CTX_set_quic_method(ssl_ctx, &quic_method); SSL_CTX_set_quic_method(ssl_ctx, &quic_method);