diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2025-07-30 16:23:43 +0400 |
|---|---|---|
| committer | pluknet <pluknet@nginx.com> | 2025-09-25 19:28:36 +0400 |
| commit | af436c58ca388b9926b17f8c3929ae2b343e4019 (patch) | |
| tree | 4ee9b9d9be1e3967821566864d8802108b4d99b8 /src/event | |
| parent | 4c9ae11dff0da5ae76c0e4b6571ce30f7f8024bc (diff) | |
| download | nginx-af436c58ca388b9926b17f8c3929ae2b343e4019.tar.gz nginx-af436c58ca388b9926b17f8c3929ae2b343e4019.tar.bz2 | |
QUIC: a new macro to differentiate BoringSSL specific EVP API.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/quic/ngx_event_quic_protection.c | 32 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_protection.h | 2 |
2 files changed, 18 insertions, 16 deletions
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c index c94d6ea31..2f28737a2 100644 --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -8,7 +8,7 @@ #include <ngx_core.h> #include <ngx_event.h> #include <ngx_event_quic_connection.h> -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) #include <openssl/hkdf.h> #include <openssl/chacha.h> #else @@ -39,7 +39,7 @@ static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); -#ifndef OPENSSL_IS_BORINGSSL +#if !(NGX_QUIC_BORINGSSL_EVP_API) static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); #endif @@ -64,7 +64,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) switch (id) { case TLS1_3_CK_AES_128_GCM_SHA256: -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) ciphers->c = EVP_aead_aes_128_gcm(); #else ciphers->c = EVP_aes_128_gcm(); @@ -75,7 +75,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) break; case TLS1_3_CK_AES_256_GCM_SHA384: -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) ciphers->c = EVP_aead_aes_256_gcm(); #else ciphers->c = EVP_aes_256_gcm(); @@ -86,12 +86,12 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) break; case TLS1_3_CK_CHACHA20_POLY1305_SHA256: -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) ciphers->c = EVP_aead_chacha20_poly1305(); #else ciphers->c = EVP_chacha20_poly1305(); #endif -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); #else ciphers->hp = EVP_chacha20(); @@ -100,7 +100,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) len = 32; break; -#ifndef OPENSSL_IS_BORINGSSL +#if !(NGX_QUIC_BORINGSSL_EVP_API) case TLS1_3_CK_AES_128_CCM_SHA256: ciphers->c = EVP_aes_128_ccm(); ciphers->hp = EVP_aes_128_ctr(); @@ -269,7 +269,7 @@ static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) == 0) @@ -331,7 +331,7 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, const u_char *secret, size_t secret_len, const u_char *salt, size_t salt_len) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, salt_len) @@ -394,7 +394,7 @@ ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) EVP_AEAD_CTX *ctx; ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len, @@ -454,7 +454,7 @@ static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) @@ -474,7 +474,7 @@ ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) @@ -490,7 +490,7 @@ ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, } -#ifndef OPENSSL_IS_BORINGSSL +#if !(NGX_QUIC_BORINGSSL_EVP_API) static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, @@ -569,7 +569,7 @@ void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s) { if (s->ctx) { -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) EVP_AEAD_CTX_free(s->ctx); #else EVP_CIPHER_CTX_free(s->ctx); @@ -585,7 +585,7 @@ ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, ngx_quic_secret_t *s, { EVP_CIPHER_CTX *ctx; -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { /* no EVP interface */ s->hp_ctx = NULL; @@ -621,7 +621,7 @@ ngx_quic_crypto_hp(ngx_quic_secret_t *s, u_char *out, u_char *in, ctx = s->hp_ctx; -#ifdef OPENSSL_IS_BORINGSSL +#if (NGX_QUIC_BORINGSSL_EVP_API) uint32_t cnt; if (ctx == NULL) { diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h index fddc6083a..b8914ddf4 100644 --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -23,9 +23,11 @@ #ifdef OPENSSL_IS_BORINGSSL +#define NGX_QUIC_BORINGSSL_EVP_API 1 #define ngx_quic_cipher_t EVP_AEAD #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX #else +#define NGX_QUIC_BORINGSSL_EVP_API 0 #define ngx_quic_cipher_t EVP_CIPHER #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX #endif |