Commit 1a63c02c authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Compile with the latest ngtcp2 and ngtcp2_crypto_openssl

parent e45b10ca
...@@ -1027,13 +1027,10 @@ int Client::connection_made() { ...@@ -1027,13 +1027,10 @@ int Client::connection_made() {
if (next_proto) { if (next_proto) {
auto proto = StringRef{next_proto, next_proto_len}; auto proto = StringRef{next_proto, next_proto_len};
if (config.is_quic()) { if (config.is_quic()) {
if (util::streq(StringRef{&NGTCP2_ALPN_H3[1]}, proto)) { assert(session);
auto s = std::make_unique<Http3Session>(this); if (!util::streq(StringRef{&NGTCP2_ALPN_H3[1]}, proto)) {
if (s->init_conn() == -1) {
return -1; return -1;
} }
session = std::move(s);
}
} else if (util::check_h2_is_selected(proto)) { } else if (util::check_h2_is_selected(proto)) {
session = std::make_unique<Http2Session>(this); session = std::make_unique<Http2Session>(this);
} else if (util::streq(NGHTTP2_H1_1, proto)) { } else if (util::streq(NGHTTP2_H1_1, proto)) {
...@@ -1043,6 +1040,9 @@ int Client::connection_made() { ...@@ -1043,6 +1040,9 @@ int Client::connection_made() {
// Just assign next_proto to selected_proto anyway to show the // Just assign next_proto to selected_proto anyway to show the
// negotiation result. // negotiation result.
selected_proto = proto.str(); selected_proto = proto.str();
} else if (config.is_quic()) {
std::cerr << "QUIC requires ALPN negotiation" << std::endl;
return -1;
} else { } else {
std::cout << "No protocol negotiated. Fallback behaviour may be activated" std::cout << "No protocol negotiated. Fallback behaviour may be activated"
<< std::endl; << std::endl;
...@@ -1778,79 +1778,6 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, ...@@ -1778,79 +1778,6 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
namespace {
int quic_transport_params_add_cb(SSL *ssl, unsigned int ext_type,
unsigned int content,
const unsigned char **out, size_t *outlen,
X509 *x, size_t chainidx, int *al,
void *add_arg) {
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
auto conn = c->quic.conn;
ngtcp2_transport_params params;
ngtcp2_conn_get_local_transport_params(conn, &params);
constexpr size_t bufsize = 128;
auto buf = std::make_unique<uint8_t[]>(bufsize);
auto nwrite = ngtcp2_encode_transport_params(
buf.get(), bufsize, NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO, &params);
if (nwrite < 0) {
std::cerr << "ngtcp2_encode_transport_params: " << ngtcp2_strerror(nwrite)
<< std::endl;
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
*out = buf.release();
*outlen = static_cast<size_t>(nwrite);
return 1;
}
} // namespace
namespace {
void quic_transport_params_free_cb(SSL *ssl, unsigned int ext_type,
unsigned int context,
const unsigned char *out, void *add_arg) {
delete[] const_cast<unsigned char *>(out);
}
} // namespace
namespace {
int quic_transport_params_parse_cb(SSL *ssl, unsigned int ext_type,
unsigned int context,
const unsigned char *in, size_t inlen,
X509 *x, size_t chainidx, int *al,
void *parse_arg) {
auto c = static_cast<Client *>(SSL_get_app_data(ssl));
auto conn = c->quic.conn;
int rv;
ngtcp2_transport_params params;
rv = ngtcp2_decode_transport_params(
&params, NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS, in, inlen);
if (rv != 0) {
std::cerr << "ngtcp2_decode_transport_params: " << ngtcp2_strerror(rv)
<< std::endl;
*al = SSL_AD_ILLEGAL_PARAMETER;
return -1;
}
rv = ngtcp2_conn_set_remote_transport_params(conn, &params);
if (rv != 0) {
std::cerr << "ngtcp2_conn_set_remote_transport_params: "
<< ngtcp2_strerror(rv) << std::endl;
*al = SSL_AD_ILLEGAL_PARAMETER;
return -1;
}
return 1;
}
} // namespace
namespace { namespace {
constexpr char UNIX_PATH_PREFIX[] = "unix:"; constexpr char UNIX_PATH_PREFIX[] = "unix:";
} // namespace } // namespace
...@@ -2250,8 +2177,6 @@ Options: ...@@ -2250,8 +2177,6 @@ Options:
} }
} // namespace } // namespace
extern ngtcp2_crypto_ctx in_crypto_ctx;
int main(int argc, char **argv) { int main(int argc, char **argv) {
tls::libssl_init(); tls::libssl_init();
...@@ -2753,20 +2678,6 @@ int main(int argc, char **argv) { ...@@ -2753,20 +2678,6 @@ int main(int argc, char **argv) {
if (config.is_quic()) { if (config.is_quic()) {
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_QUIC_HACK);
if (SSL_CTX_add_custom_ext(
ssl_ctx, NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
quic_transport_params_add_cb, quic_transport_params_free_cb,
nullptr, quic_transport_params_parse_cb, nullptr) != 1) {
std::cerr << "SSL_CTX_add_custom_ext(NGTCP2_TLSEXT_QUIC_TRANSPORT_"
"PARAMETERS) failed: "
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
exit(EXIT_FAILURE);
}
} else if (nghttp2::tls::ssl_ctx_set_proto_versions( } else if (nghttp2::tls::ssl_ctx_set_proto_versions(
ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION, ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION,
nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) { nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) {
...@@ -2909,8 +2820,6 @@ int main(int argc, char **argv) { ...@@ -2909,8 +2820,6 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
ngtcp2_crypto_ctx_initial(&in_crypto_ctx);
resolve_host(); resolve_host();
std::cout << "starting benchmark..." << std::endl; std::cout << "starting benchmark..." << std::endl;
......
...@@ -328,11 +328,6 @@ struct Client { ...@@ -328,11 +328,6 @@ struct Client {
ev_timer pkt_timer; ev_timer pkt_timer;
ngtcp2_conn *conn; ngtcp2_conn *conn;
quic::Error last_error; quic::Error last_error;
ngtcp2_crypto_level tx_crypto_level;
ngtcp2_crypto_level rx_crypto_level;
std::vector<uint8_t> server_handshake;
size_t server_handshake_nread;
ngtcp2_crypto_ctx crypto_ctx;
// Client never send CRYPTO in Short packet. // Client never send CRYPTO in Short packet.
std::array<Crypto, 2> crypto; std::array<Crypto, 2> crypto;
size_t max_pktlen; size_t max_pktlen;
...@@ -461,45 +456,21 @@ struct Client { ...@@ -461,45 +456,21 @@ struct Client {
void quic_close_connection(); void quic_close_connection();
int quic_setup_initial_crypto(); int quic_setup_initial_crypto();
int quic_client_initial();
int quic_recv_crypto_data(ngtcp2_crypto_level crypto_level, int quic_recv_crypto_data(ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen); const uint8_t *data, size_t datalen);
int quic_handshake_completed(); int quic_handshake_completed();
int quic_in_encrypt(uint8_t *dest, const uint8_t *plaintext,
size_t plaintextlen, const uint8_t *key,
const uint8_t *nonce, size_t noncelen, const uint8_t *ad,
size_t adlen);
int quic_in_decrypt(uint8_t *dest, const uint8_t *ciphertext,
size_t ciphertextlen, const uint8_t *key,
const uint8_t *nonce, size_t noncelen, const uint8_t *ad,
size_t adlen);
int quic_encrypt(uint8_t *dest, const uint8_t *plaintext, size_t plaintextlen,
const uint8_t *key, const uint8_t *nonce, size_t noncelen,
const uint8_t *ad, size_t adlen);
int quic_decrypt(uint8_t *dest, const uint8_t *ciphertext,
size_t ciphertextlen, const uint8_t *key,
const uint8_t *nonce, size_t noncelen, const uint8_t *ad,
size_t adlen);
int quic_in_hp_mask(uint8_t *dest, const uint8_t *key, const uint8_t *sample);
int quic_hp_mask(uint8_t *dest, const uint8_t *key, const uint8_t *sample);
int quic_recv_stream_data(int64_t stream_id, int fin, const uint8_t *data, int quic_recv_stream_data(int64_t stream_id, int fin, const uint8_t *data,
size_t datalen); size_t datalen);
int quic_stream_close(int64_t stream_id, uint64_t app_error_code); int quic_stream_close(int64_t stream_id, uint64_t app_error_code);
int quic_stream_reset(int64_t stream_id, uint64_t app_error_code); int quic_stream_reset(int64_t stream_id, uint64_t app_error_code);
int quic_extend_max_local_streams(); int quic_extend_max_local_streams();
int quic_tls_handshake(bool initial = false); int quic_on_key(ngtcp2_crypto_level level, const uint8_t *rx_secret,
int quic_read_tls(); const uint8_t *tx_secret, size_t secretlen);
int quic_on_key(int name, const uint8_t *secret, size_t secretlen);
void quic_set_tls_alert(uint8_t alert); void quic_set_tls_alert(uint8_t alert);
size_t quic_read_server_handshake(uint8_t *buf, size_t buflen); void quic_write_client_handshake(ngtcp2_crypto_level level,
int quic_write_server_handshake(ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen); const uint8_t *data, size_t datalen);
void quic_write_client_handshake(const uint8_t *data, size_t datalen);
void quic_write_client_handshake(Crypto &crypto, const uint8_t *data,
size_t datalen);
int quic_pkt_timeout(); int quic_pkt_timeout();
void quic_restart_pkt_timer(); void quic_restart_pkt_timer();
}; };
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment