|
|
@@ -18,6 +18,7 @@ |
|
|
|
// Enforce this protocol version |
|
|
|
#define TLS_PROT_VERSION TLS1_3_VERSION |
|
|
|
static const int Curves[3] = {NID_CECPQ2, NID_CECPQ2b, NID_X25519}; |
|
|
|
int ssl_data_idx_def_cb = -1; |
|
|
|
|
|
|
|
static const struct CertDesc_t { |
|
|
|
const char* arg; |
|
|
@@ -104,7 +105,8 @@ static int accept_once(void) { |
|
|
|
} |
|
|
|
|
|
|
|
struct st_t { |
|
|
|
uint64_t duration; |
|
|
|
uint64_t start; |
|
|
|
uint64_t stop; |
|
|
|
}; |
|
|
|
|
|
|
|
static uint64_t time_now() { |
|
|
@@ -122,7 +124,7 @@ static void chained_cb(const SSL *ssl, int type, int value) { |
|
|
|
//printf("CHAINED > \n"); |
|
|
|
ngx_default_info_cb_t cb = |
|
|
|
SSL_CTX_get_ex_data( |
|
|
|
SSL_get_SSL_CTX(ssl), SSL_DEF_CB); |
|
|
|
SSL_get_SSL_CTX(ssl), ssl_data_idx_def_cb); |
|
|
|
|
|
|
|
if (cb) { |
|
|
|
cb(ssl,type,value); |
|
|
@@ -131,24 +133,35 @@ static void chained_cb(const SSL *ssl, int type, int value) { |
|
|
|
|
|
|
|
static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { |
|
|
|
|
|
|
|
static const char* ss_exp = "send_server_hello"; |
|
|
|
static const size_t ss_exp_len = 17; |
|
|
|
static const char ss1_exp[] = "send_server_hello"; |
|
|
|
static const char rr1_exp[] = "read_second_client_flight"; |
|
|
|
static const char rr2_exp[] = "read_client_finished"; |
|
|
|
|
|
|
|
#define IS_STATE(exp) ( \ |
|
|
|
(ss_len >= (ARRAY_SIZE(exp)-1)) \ |
|
|
|
&& (!memcmp(exp, &ss[ss_len - (ARRAY_SIZE(exp) - 1)], ARRAY_SIZE(exp)-1))) |
|
|
|
|
|
|
|
struct st_t *data = |
|
|
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); |
|
|
|
if (!data) { |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
switch (type) { |
|
|
|
case SSL_CB_ACCEPT_LOOP: { |
|
|
|
const char* ss = SSL_state_string_long(ssl); |
|
|
|
size_t ss_len = strlen(ss); |
|
|
|
// OZAPTF: jak to zrobic to porzadnie? |
|
|
|
if ((ss_len >= strlen(ss_exp)) && |
|
|
|
!memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) { |
|
|
|
|
|
|
|
|
|
|
|
if (IS_STATE(ss1_exp)) { |
|
|
|
struct st_t *data = |
|
|
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); |
|
|
|
if (!data) { |
|
|
|
data->start = time_now(); |
|
|
|
} else if (!data->stop && (IS_STATE(rr1_exp) || IS_STATE(rr2_exp))) { |
|
|
|
if (!data->start) { |
|
|
|
// if initial time not set, then do not report |
|
|
|
assert(0); |
|
|
|
return; |
|
|
|
} |
|
|
|
data->duration = time_now(); |
|
|
|
data->stop = time_now(); |
|
|
|
} |
|
|
|
break; |
|
|
|
} |
|
|
@@ -156,17 +169,16 @@ static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { |
|
|
|
struct st_t *data = |
|
|
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); |
|
|
|
|
|
|
|
if (!data->duration) { |
|
|
|
if (!data->start || !data->stop) { |
|
|
|
// if initial time not set, then do not report |
|
|
|
assert(0); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
printf("SH to FIN duration [%s]> %lu\n", |
|
|
|
SSL_get_curve_name(SSL_get_curve_id(ssl)), |
|
|
|
time_now() - data->duration); |
|
|
|
printf("SH to FIN duration; %lu\n", data->stop - data->start); |
|
|
|
} |
|
|
|
default: ;; |
|
|
|
} |
|
|
|
#undef IS_STATE |
|
|
|
} |
|
|
|
|
|
|
|
static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
@@ -185,7 +197,7 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
|
ERR("Error setting cipher list"); |
|
|
|
} |
|
|
|
|
|
|
|
if (!SSL_CTX_set1_curves(ctx, c->curves, 3)) { |
|
|
|
if (!SSL_CTX_set1_curves(ctx, c->curves, ARRAY_SIZE(Curves))) { |
|
|
|
ERR("Enforcing curve"); |
|
|
|
} |
|
|
|
|
|
|
@@ -194,9 +206,11 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
|
ERR("Enforcing protocol to TLSv1.2"); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
ssl_data_idx_def_cb = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
|
|
|
SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); |
|
|
|
ngx_default_info_cb_t cb = SSL_CTX_get_info_callback(ctx); |
|
|
|
SSL_CTX_set_ex_data(ctx, SSL_DEF_CB, (void*)cb); |
|
|
|
SSL_CTX_set_ex_data(ctx, ssl_data_idx_def_cb, (void*)cb); |
|
|
|
SSL_CTX_set_info_callback(ctx, chained_cb); |
|
|
|
return ctx; |
|
|
|
} |
|
|
|