Compile with BoringSSL

Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
This commit is contained in:
Tatsuhiro Tsujikawa 2015-09-29 23:31:50 +09:00
parent 49ef571ecf
commit f0d2c9f94b
15 changed files with 54 additions and 80 deletions

View File

@ -36,7 +36,8 @@ AM_CPPFLAGS = \
LDADD = $(top_builddir)/lib/libnghttp2.la \ LDADD = $(top_builddir)/lib/libnghttp2.la \
$(top_builddir)/third-party/libhttp-parser.la \ $(top_builddir)/third-party/libhttp-parser.la \
@LIBEVENT_OPENSSL_LIBS@ \ @LIBEVENT_OPENSSL_LIBS@ \
@OPENSSL_LIBS@ @OPENSSL_LIBS@ \
@APPLDFLAGS@
noinst_PROGRAMS = client libevent-client libevent-server deflate noinst_PROGRAMS = client libevent-client libevent-server deflate

View File

@ -53,6 +53,8 @@
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <assert.h>
#include <string.h>
#include <errno.h>
#include <nghttp2/nghttp2.h> #include <nghttp2/nghttp2.h>
@ -692,10 +694,11 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, 0); sigaction(SIGPIPE, &act, 0);
#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(NULL);
#endif /* OPENSSL_IS_BORINGSSL */
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
rv = parse_uri(&uri, argv[1]); rv = parse_uri(&uri, argv[1]);
if (rv != 0) { if (rv != 0) {

View File

@ -52,6 +52,7 @@ char *strndup(const char *s, size_t size);
#include <err.h> #include <err.h>
#endif #endif
#include <signal.h> #include <signal.h>
#include <string.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -568,10 +569,11 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL); sigaction(SIGPIPE, &act, NULL);
#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(NULL);
#endif /* OPENSSL_IS_BORINGSSL */
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
run(argv[1]); run(argv[1]);
return 0; return 0;

View File

@ -59,6 +59,8 @@
#ifndef __sgi #ifndef __sgi
#include <err.h> #include <err.h>
#endif #endif
#include <string.h>
#include <errno.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -738,10 +740,11 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL); sigaction(SIGPIPE, &act, NULL);
#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(NULL);
#endif /* OPENSSL_IS_BORINGSSL */
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
run(argv[1], argv[2], argv[3]); run(argv[1], argv[2], argv[3]);
return 0; return 0;

View File

@ -539,11 +539,7 @@ int Http2Handler::tls_handshake() {
auto rv = SSL_do_handshake(ssl_); auto rv = SSL_do_handshake(ssl_);
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl_, rv); auto err = SSL_get_error(ssl_, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -588,11 +584,7 @@ int Http2Handler::read_tls() {
for (;;) { for (;;) {
auto rv = SSL_read(ssl_, buf.data(), buf.size()); auto rv = SSL_read(ssl_, buf.data(), buf.size());
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl_, rv); auto err = SSL_get_error(ssl_, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -634,11 +626,7 @@ int Http2Handler::write_tls() {
if (wb_.rleft() > 0) { if (wb_.rleft() > 0) {
auto rv = SSL_write(ssl_, wb_.pos, wb_.rleft()); auto rv = SSL_write(ssl_, wb_.pos, wb_.rleft());
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl_, rv); auto err = SSL_get_error(ssl_, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:

View File

@ -810,11 +810,7 @@ int Client::tls_handshake() {
auto rv = SSL_do_handshake(ssl); auto rv = SSL_do_handshake(ssl);
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -848,11 +844,7 @@ int Client::read_tls() {
for (;;) { for (;;) {
auto rv = SSL_read(ssl, buf, sizeof(buf)); auto rv = SSL_read(ssl, buf, sizeof(buf));
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -878,11 +870,7 @@ int Client::write_tls() {
if (wb.rleft() > 0) { if (wb.rleft() > 0) {
auto rv = SSL_write(ssl, wb.pos, wb.rleft()); auto rv = SSL_write(ssl, wb.pos, wb.rleft());
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -1423,13 +1411,11 @@ Options:
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {
ssl::libssl_init();
#ifndef NOTHREADS #ifndef NOTHREADS
ssl::LibsslGlobalLock lock; ssl::LibsslGlobalLock lock;
#endif // NOTHREADS #endif // NOTHREADS
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(nullptr);
std::string datafile; std::string datafile;
bool nreqs_set_manually = false; bool nreqs_set_manually = false;

View File

@ -1110,11 +1110,7 @@ int HttpClient::tls_handshake() {
auto rv = SSL_do_handshake(ssl); auto rv = SSL_do_handshake(ssl);
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -1152,11 +1148,7 @@ int HttpClient::read_tls() {
for (;;) { for (;;) {
auto rv = SSL_read(ssl, buf.data(), buf.size()); auto rv = SSL_read(ssl, buf.data(), buf.size());
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -1184,11 +1176,7 @@ int HttpClient::write_tls() {
if (wb.rleft() > 0) { if (wb.rleft() > 0) {
auto rv = SSL_write(ssl, wb.pos, wb.rleft()); auto rv = SSL_write(ssl, wb.pos, wb.rleft());
if (rv == 0) { if (rv <= 0) {
return -1;
}
if (rv < 0) {
auto err = SSL_get_error(ssl, rv); auto err = SSL_get_error(ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
@ -2475,10 +2463,7 @@ Options:
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {
SSL_load_error_strings(); ssl::libssl_init();
SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(nullptr);
bool color = false; bool color = false;
while (1) { while (1) {

View File

@ -172,13 +172,11 @@ Options:
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {
ssl::libssl_init();
#ifndef NOTHREADS #ifndef NOTHREADS
ssl::LibsslGlobalLock lock; ssl::LibsslGlobalLock lock;
#endif // NOTHREADS #endif // NOTHREADS
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(nullptr);
Config config; Config config;
bool color = false; bool color = false;

View File

@ -29,8 +29,6 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <CUnit/Basic.h> #include <CUnit/Basic.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
// include test cases' include files here // include test cases' include files here
#include "shrpx_ssl_test.h" #include "shrpx_ssl_test.h"
#include "shrpx_downstream_test.h" #include "shrpx_downstream_test.h"
@ -41,6 +39,7 @@
#include "buffer_test.h" #include "buffer_test.h"
#include "memchunk_test.h" #include "memchunk_test.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "ssl.h"
static int init_suite1(void) { return 0; } static int init_suite1(void) { return 0; }
@ -50,9 +49,7 @@ int main(int argc, char *argv[]) {
CU_pSuite pSuite = NULL; CU_pSuite pSuite = NULL;
unsigned int num_tests_failed; unsigned int num_tests_failed;
OpenSSL_add_all_algorithms(); nghttp2::ssl::libssl_init();
SSL_load_error_strings();
SSL_library_init();
shrpx::create_config(); shrpx::create_config();

View File

@ -1633,15 +1633,11 @@ Misc:
} // namespace } // namespace
int main(int argc, char **argv) { int main(int argc, char **argv) {
nghttp2::ssl::libssl_init();
#ifndef NOTHREADS #ifndef NOTHREADS
nghttp2::ssl::LibsslGlobalLock lock; nghttp2::ssl::LibsslGlobalLock lock;
#endif // NOTHREADS #endif // NOTHREADS
// Initialize OpenSSL before parsing options because we create
// SSL_CTX there.
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(nullptr);
Log::set_severity_level(NOTICE); Log::set_severity_level(NOTICE);
create_config(); create_config();

View File

@ -538,11 +538,7 @@ ssize_t Connection::write_tls(const void *data, size_t len) {
auto rv = SSL_write(tls.ssl, data, len); auto rv = SSL_write(tls.ssl, data, len);
if (rv == 0) { if (rv <= 0) {
return SHRPX_ERR_NETWORK;
}
if (rv < 0) {
auto err = SSL_get_error(tls.ssl, rv); auto err = SSL_get_error(tls.ssl, rv);
switch (err) { switch (err) {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:

View File

@ -599,11 +599,15 @@ void ConnectionHandler::handle_ocsp_complete() {
<< " finished successfully"; << " finished successfully";
} }
#ifndef OPENSSL_IS_BORINGSSL
{ {
std::lock_guard<std::mutex> g(tls_ctx_data->mu); std::lock_guard<std::mutex> g(tls_ctx_data->mu);
tls_ctx_data->ocsp_data = tls_ctx_data->ocsp_data =
std::make_shared<std::vector<uint8_t>>(std::move(ocsp_.resp)); std::make_shared<std::vector<uint8_t>>(std::move(ocsp_.resp));
} }
#else // OPENSSL_IS_BORINGSSL
SSL_CTX_set_ocsp_response(ssl_ctx, ocsp_.resp.data(), ocsp_.resp.size());
#endif // OPENSSL_IS_BORINGSSL
++ocsp_.next; ++ocsp_.next;
proceed_next_cert_ocsp(); proceed_next_cert_ocsp();

View File

@ -153,6 +153,7 @@ int servername_callback(SSL *ssl, int *al, void *arg) {
} }
} // namespace } // namespace
#ifndef OPENSSL_IS_BORINGSSL
namespace { namespace {
std::shared_ptr<std::vector<uint8_t>> std::shared_ptr<std::vector<uint8_t>>
get_ocsp_data(TLSContextData *tls_ctx_data) { get_ocsp_data(TLSContextData *tls_ctx_data) {
@ -187,6 +188,7 @@ int ocsp_resp_cb(SSL *ssl, void *arg) {
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // OPENSSL_IS_BORINGSSL
constexpr char MEMCACHED_SESSION_CACHE_KEY_PREFIX[] = constexpr char MEMCACHED_SESSION_CACHE_KEY_PREFIX[] =
"nghttpx:tls-session-cache:"; "nghttpx:tls-session-cache:";
@ -604,7 +606,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
} }
SSL_CTX_set_tlsext_servername_callback(ssl_ctx, servername_callback); SSL_CTX_set_tlsext_servername_callback(ssl_ctx, servername_callback);
SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx, ticket_key_cb); SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx, ticket_key_cb);
#ifndef OPENSSL_IS_BORINGSSL
SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
#endif // OPENSSL_IS_BORINGSSL
SSL_CTX_set_info_callback(ssl_ctx, info_callback); SSL_CTX_set_info_callback(ssl_ctx, info_callback);
// NPN advertisement // NPN advertisement

View File

@ -695,6 +695,14 @@ bool check_http2_requirement(SSL *ssl) {
return true; return true;
} }
void libssl_init() {
#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(nullptr);
#endif // OPENSSL_IS_BORINGSSL
SSL_load_error_strings();
SSL_library_init();
}
} // namespace ssl } // namespace ssl
} // namespace nghttp2 } // namespace nghttp2

View File

@ -67,6 +67,9 @@ TLSSessionInfo *get_tls_session_info(TLSSessionInfo *tls_info, SSL *ssl);
// described in RFC 7540. // described in RFC 7540.
bool check_http2_requirement(SSL *ssl); bool check_http2_requirement(SSL *ssl);
// Initializes OpenSSL library
void libssl_init();
} // namespace ssl } // namespace ssl
} // namespace nghttp2 } // namespace nghttp2