diff options
-rw-r--r-- | build/external/Makefile | 2 | ||||
-rw-r--r-- | build/external/packages/quicly.mk | 11 | ||||
-rw-r--r-- | build/external/patches/quicly_0.1.3-vpp/0001-cmake-install.patch | 30 | ||||
-rw-r--r-- | build/external/patches/quicly_0.1.3-vpp/0002-cmake-install-picotls.patch | 30 | ||||
-rw-r--r-- | build/external/patches/quicly_0.1.3-vpp/0003-unused-is-late-ack.patch | 13 | ||||
-rw-r--r-- | src/plugins/quic/CMakeLists.txt | 2 | ||||
-rw-r--r-- | src/plugins/quic/quic_crypto.c | 4 | ||||
-rw-r--r-- | src/plugins/tlspicotls/pico_vpp_crypto.c | 21 |
8 files changed, 101 insertions, 12 deletions
diff --git a/build/external/Makefile b/build/external/Makefile index 852766f8624..65e3dd27add 100644 --- a/build/external/Makefile +++ b/build/external/Makefile @@ -51,7 +51,7 @@ clean: install: $(if $(ARCH_X86_64), nasm-install ipsec-mb-install) dpdk-install rdma-core-install quicly-install libbpf-install .PHONY: config -config: $(if $(ARCH_X86_64), nasm-config ipsec-mb-config) dpdk-config rdma-core-config +config: $(if $(ARCH_X86_64), nasm-config ipsec-mb-config) dpdk-config rdma-core-config quicly-build ############################################################################## # .deb packaging diff --git a/build/external/packages/quicly.mk b/build/external/packages/quicly.mk index d1fffc9650c..e21bc078ce3 100644 --- a/build/external/packages/quicly.mk +++ b/build/external/packages/quicly.mk @@ -11,9 +11,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -quicly_version := 0.1.2-vpp +quicly_version := 0.1.3-vpp quicly_tarball := quicly_$(quicly_version).tar.gz -quicly_tarball_md5sum := 5b184b1733ba027843ab6605d931f752 +quicly_tarball_md5sum := 195f156f311458f1bd4540765e62dd27 quicly_tarball_strip_dirs := 1 quicly_url := https://github.com/vpp-quic/quicly/releases/download/v$(quicly_version)/quicly_$(quicly_version).tar.gz @@ -21,14 +21,17 @@ picotls_build_dir := $(B)/build-picotls define quicly_build_cmds @cd $(quicly_build_dir) && \ - $(CMAKE) -DWITH_DTRACE=OFF -DCMAKE_INSTALL_PREFIX:PATH=$(quicly_install_dir) \ + $(CMAKE) --target=quicly \ + -DWITH_DTRACE=OFF \ + -DCMAKE_INSTALL_PREFIX:PATH=$(quicly_install_dir) \ $(quicly_src_dir) > $(quicly_build_log) - @$(MAKE) $(MAKE_ARGS) -C $(quicly_build_dir) > $(quicly_build_log) + @$(MAKE) quicly $(MAKE_ARGS) -C $(quicly_build_dir) > $(quicly_build_log) @mkdir -p $(picotls_build_dir) @cd $(picotls_build_dir) && \ $(CMAKE) -DWITH_DTRACE=OFF -DCMAKE_INSTALL_PREFIX:PATH=$(quicly_install_dir) \ $(quicly_src_dir)/deps/picotls > $(quicly_build_log) + @$(MAKE) picotls-core picotls-openssl $(MAKE_ARGS) -C $(picotls_build_dir) > $(quicly_build_log) endef define quicly_config_cmds diff --git a/build/external/patches/quicly_0.1.3-vpp/0001-cmake-install.patch b/build/external/patches/quicly_0.1.3-vpp/0001-cmake-install.patch new file mode 100644 index 00000000000..35befd9b88d --- /dev/null +++ b/build/external/patches/quicly_0.1.3-vpp/0001-cmake-install.patch @@ -0,0 +1,30 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 5142bac..7b95f74 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -33,6 +33,8 @@ ENDIF(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_C_FLAGS "-std=c99 -Wall -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}") + SET(CMAKE_C_FLAGS_DEBUG "-O0") + SET(CMAKE_C_FLAGS_RELEASE "-O2") ++SET(CMAKE_POSITION_INDEPENDENT_CODE ON) ++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true) + + INCLUDE_DIRECTORIES( + ${OPENSSL_INCLUDE_DIR} +@@ -118,6 +120,16 @@ TARGET_LINK_LIBRARIES(examples-echo quicly ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS} + + ADD_EXECUTABLE(udpfw t/udpfw.c) + ++INSTALL ( ++ DIRECTORY ${CMAKE_SOURCE_DIR}/include/ ++ DESTINATION include ++ FILES_MATCHING PATTERN "*.h") ++ ++INSTALL(TARGETS quicly ++ RUNTIME DESTINATION bin ++ LIBRARY DESTINATION lib ++ ARCHIVE DESTINATION lib) ++ + ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} WITH_DTRACE=${WITH_DTRACE} prove --exec "sh -c" -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + DEPENDS cli test.t) diff --git a/build/external/patches/quicly_0.1.3-vpp/0002-cmake-install-picotls.patch b/build/external/patches/quicly_0.1.3-vpp/0002-cmake-install-picotls.patch new file mode 100644 index 00000000000..56897e8a5d4 --- /dev/null +++ b/build/external/patches/quicly_0.1.3-vpp/0002-cmake-install-picotls.patch @@ -0,0 +1,30 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index d1d6c09..90d7221 100644 +--- a/deps/picotls/CMakeLists.txt ++++ b/deps/picotls/CMakeLists.txt +@@ -13,6 +13,9 @@ IF (WITH_DTRACE) + ENDIF () + + SET(CMAKE_C_FLAGS "-std=c99 -Wall -O2 -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}") ++SET(CMAKE_POSITION_INDEPENDENT_CODE ON) ++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true) ++ + INCLUDE_DIRECTORIES( + deps/cifra/src/ext + deps/cifra/src +@@ -161,6 +164,15 @@ TARGET_LINK_LIBRARIES(ptlsbench ${PTLSBENCH_LIBS}) + + ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove --exec '' -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} DEPENDS ${TEST_EXES} cli) + ++INSTALL (DIRECTORY ${CMAKE_SOURCE_DIR}/include/ ++ DESTINATION include ++ FILES_MATCHING PATTERN "*.h") ++ ++INSTALL(TARGETS picotls-core picotls-openssl ++ RUNTIME DESTINATION bin ++ LIBRARY DESTINATION lib ++ ARCHIVE DESTINATION lib) ++ + IF (CMAKE_SYSTEM_NAME STREQUAL "Linux") + SET(CMAKE_C_FLAGS "-D_GNU_SOURCE -pthread ${CMAKE_C_FLAGS}") + ELSEIF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS") diff --git a/build/external/patches/quicly_0.1.3-vpp/0003-unused-is-late-ack.patch b/build/external/patches/quicly_0.1.3-vpp/0003-unused-is-late-ack.patch new file mode 100644 index 00000000000..10c14dab86b --- /dev/null +++ b/build/external/patches/quicly_0.1.3-vpp/0003-unused-is-late-ack.patch @@ -0,0 +1,13 @@ +diff --git a/lib/quicly.c b/lib/quicly.c +index 82ba627..8c0163e 100644 +--- a/lib/quicly.c ++++ b/lib/quicly.c +@@ -4713,7 +4713,7 @@ static int handle_ack_frame(quicly_conn_t *conn, struct st_quicly_handle_payload + /* process newly acked packet */ + if (state->epoch != sent->ack_epoch) + return QUICLY_TRANSPORT_ERROR_PROTOCOL_VIOLATION; +- int is_late_ack = 0; ++ int __attribute__((unused)) is_late_ack = 0; + if (sent->ack_eliciting) { + includes_ack_eliciting = 1; + if (sent->cc_bytes_in_flight == 0) { diff --git a/src/plugins/quic/CMakeLists.txt b/src/plugins/quic/CMakeLists.txt index 35d72c21685..044186b3ae6 100644 --- a/src/plugins/quic/CMakeLists.txt +++ b/src/plugins/quic/CMakeLists.txt @@ -13,7 +13,7 @@ # limitations under the License. unset(QUIC_LINK_LIBRARIES) -set(EXPECTED_QUICLY_VERSION "0.1.2-vpp") +set(EXPECTED_QUICLY_VERSION "0.1.3-vpp") find_path(QUICLY_INCLUDE_DIR NAMES quicly.h) find_path(PICOTLS_INCLUDE_DIR NAMES picotls.h) diff --git a/src/plugins/quic/quic_crypto.c b/src/plugins/quic/quic_crypto.c index 15e5f0d52fb..05211cd310d 100644 --- a/src/plugins/quic/quic_crypto.c +++ b/src/plugins/quic/quic_crypto.c @@ -470,6 +470,8 @@ ptls_cipher_algorithm_t quic_crypto_aes256ctr = { ptls_aead_algorithm_t quic_crypto_aes128gcm = { "AES128-GCM", + PTLS_AESGCM_CONFIDENTIALITY_LIMIT, + PTLS_AESGCM_INTEGRITY_LIMIT, &quic_crypto_aes128ctr, &ptls_openssl_aes128ecb, PTLS_AES128_KEY_SIZE, @@ -481,6 +483,8 @@ ptls_aead_algorithm_t quic_crypto_aes128gcm = { ptls_aead_algorithm_t quic_crypto_aes256gcm = { "AES256-GCM", + PTLS_AESGCM_CONFIDENTIALITY_LIMIT, + PTLS_AESGCM_INTEGRITY_LIMIT, &quic_crypto_aes256ctr, &ptls_openssl_aes256ecb, PTLS_AES256_KEY_SIZE, diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c index 3805ff3c981..049b05139d8 100644 --- a/src/plugins/tlspicotls/pico_vpp_crypto.c +++ b/src/plugins/tlspicotls/pico_vpp_crypto.c @@ -290,22 +290,28 @@ ptls_vpp_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t *ctx, VNET_CRYPTO_ALG_AES_256_GCM); } -ptls_cipher_algorithm_t ptls_vpp_crypto_aes128ctr = { "AES128-CTR", +ptls_cipher_algorithm_t ptls_vpp_crypto_aes128ctr = { + "AES128-CTR", PTLS_AES128_KEY_SIZE, - 1, PTLS_AES_IV_SIZE, + 1, + PTLS_AES_IV_SIZE, sizeof (struct vpp_aead_context_t), ptls_vpp_crypto_aes128ctr_setup_crypto }; -ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = { "AES256-CTR", +ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = { + "AES256-CTR", PTLS_AES256_KEY_SIZE, - 1 /* block size */ , + 1 /* block size */, PTLS_AES_IV_SIZE, sizeof (struct vpp_aead_context_t), ptls_vpp_crypto_aes256ctr_setup_crypto }; -ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { "AES128-GCM", +ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { + "AES128-GCM", + PTLS_AESGCM_CONFIDENTIALITY_LIMIT, + PTLS_AESGCM_INTEGRITY_LIMIT, &ptls_vpp_crypto_aes128ctr, NULL, PTLS_AES128_KEY_SIZE, @@ -315,7 +321,10 @@ ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { "AES128-GCM", ptls_vpp_crypto_aead_aes128gcm_setup_crypto }; -ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = { "AES256-GCM", +ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = { + "AES256-GCM", + PTLS_AESGCM_CONFIDENTIALITY_LIMIT, + PTLS_AESGCM_INTEGRITY_LIMIT, &ptls_vpp_crypto_aes256ctr, NULL, PTLS_AES256_KEY_SIZE, |