summaryrefslogtreecommitdiffstats
path: root/src/tls.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls.cc')
-rw-r--r--src/tls.cc56
1 files changed, 56 insertions, 0 deletions
diff --git a/src/tls.cc b/src/tls.cc
index e88dc56..9babf2a 100644
--- a/src/tls.cc
+++ b/src/tls.cc
@@ -32,6 +32,11 @@
#include <openssl/crypto.h>
#include <openssl/conf.h>
+#ifdef HAVE_LIBBROTLI
+# include <brotli/encode.h>
+# include <brotli/decode.h>
+#endif // HAVE_LIBBROTLI
+
#include "ssl_compat.h"
namespace nghttp2 {
@@ -120,6 +125,57 @@ int ssl_ctx_set_proto_versions(SSL_CTX *ssl_ctx, int min, int max) {
return 0;
}
+#if defined(NGHTTP2_OPENSSL_IS_BORINGSSL) && defined(HAVE_LIBBROTLI)
+int cert_compress(SSL *ssl, CBB *out, const uint8_t *in, size_t in_len) {
+ uint8_t *dest;
+
+ auto compressed_size = BrotliEncoderMaxCompressedSize(in_len);
+ if (compressed_size == 0) {
+ return 0;
+ }
+
+ if (!CBB_reserve(out, &dest, compressed_size)) {
+ return 0;
+ }
+
+ if (BrotliEncoderCompress(BROTLI_MAX_QUALITY, BROTLI_DEFAULT_WINDOW,
+ BROTLI_MODE_GENERIC, in_len, in, &compressed_size,
+ dest) != BROTLI_TRUE) {
+ return 0;
+ }
+
+ if (!CBB_did_write(out, compressed_size)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+int cert_decompress(SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
+ const uint8_t *in, size_t in_len) {
+ uint8_t *dest;
+ auto buf = CRYPTO_BUFFER_alloc(&dest, uncompressed_len);
+ auto len = uncompressed_len;
+
+ if (BrotliDecoderDecompress(in_len, in, &len, dest) !=
+ BROTLI_DECODER_RESULT_SUCCESS) {
+ CRYPTO_BUFFER_free(buf);
+
+ return 0;
+ }
+
+ if (uncompressed_len != len) {
+ CRYPTO_BUFFER_free(buf);
+
+ return 0;
+ }
+
+ *out = buf;
+
+ return 1;
+}
+#endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
+
} // namespace tls
} // namespace nghttp2