mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

QUIC: a new macro to differentiate BoringSSL specific EVP API.

This commit is contained in:
Sergey Kandaurov 2025-07-30 16:23:43 +04:00 committed by pluknet
parent 4c9ae11dff
commit af436c58ca
2 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/event/quic/ngx_event_quic_protection.c
View File

@ -8,7 +8,7 @@
#include <ngx_core.h> #include <ngx_core.h>
#include <ngx_event.h> #include <ngx_event.h>
#include <ngx_event_quic_connection.h> #include <ngx_event_quic_connection.h>
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
#include <openssl/hkdf.h> #include <openssl/hkdf.h>
#include <openssl/chacha.h> #include <openssl/chacha.h>
#else #else
@ -39,7 +39,7 @@ static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask,
static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out,
const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
#ifndef OPENSSL_IS_BORINGSSL #if !(NGX_QUIC_BORINGSSL_EVP_API)
static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out,
const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
#endif #endif
@ -64,7 +64,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
switch (id) { switch (id) {
case TLS1_3_CK_AES_128_GCM_SHA256: case TLS1_3_CK_AES_128_GCM_SHA256:
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
ciphers->c = EVP_aead_aes_128_gcm(); ciphers->c = EVP_aead_aes_128_gcm();
#else #else
ciphers->c = EVP_aes_128_gcm(); ciphers->c = EVP_aes_128_gcm();
@ -75,7 +75,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
break; break;
case TLS1_3_CK_AES_256_GCM_SHA384: case TLS1_3_CK_AES_256_GCM_SHA384:
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
ciphers->c = EVP_aead_aes_256_gcm(); ciphers->c = EVP_aead_aes_256_gcm();
#else #else
ciphers->c = EVP_aes_256_gcm(); ciphers->c = EVP_aes_256_gcm();
@ -86,12 +86,12 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
break; break;
case TLS1_3_CK_CHACHA20_POLY1305_SHA256: case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
ciphers->c = EVP_aead_chacha20_poly1305(); ciphers->c = EVP_aead_chacha20_poly1305();
#else #else
ciphers->c = EVP_chacha20_poly1305(); ciphers->c = EVP_chacha20_poly1305();
#endif #endif
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
#else #else
ciphers->hp = EVP_chacha20(); ciphers->hp = EVP_chacha20();
@ -100,7 +100,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
len = 32; len = 32;
break; break;
#ifndef OPENSSL_IS_BORINGSSL #if !(NGX_QUIC_BORINGSSL_EVP_API)
case TLS1_3_CK_AES_128_CCM_SHA256: case TLS1_3_CK_AES_128_CCM_SHA256:
ciphers->c = EVP_aes_128_ccm(); ciphers->c = EVP_aes_128_ccm();
ciphers->hp = EVP_aes_128_ctr(); ciphers->hp = EVP_aes_128_ctr();
@ -269,7 +269,7 @@ static ngx_int_t
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len)
{ {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
== 0) == 0)
@ -331,7 +331,7 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
const u_char *secret, size_t secret_len, const u_char *salt, const u_char *secret, size_t secret_len, const u_char *salt,
size_t salt_len) size_t salt_len)
{ {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
salt_len) salt_len)
@ -394,7 +394,7 @@ ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log) ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log)
{ {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
EVP_AEAD_CTX *ctx; EVP_AEAD_CTX *ctx;
ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len, ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len,
@ -454,7 +454,7 @@ static ngx_int_t
ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce,
ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{ {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce, if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce,
s->iv.len, in->data, in->len, ad->data, ad->len) s->iv.len, in->data, in->len, ad->data, ad->len)
!= 1) != 1)
@ -474,7 +474,7 @@ ngx_int_t
ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce,
ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{ {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce, if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce,
s->iv.len, in->data, in->len, ad->data, ad->len) s->iv.len, in->data, in->len, ad->data, ad->len)
!= 1) != 1)
@ -490,7 +490,7 @@ ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce,
} }
#ifndef OPENSSL_IS_BORINGSSL #if !(NGX_QUIC_BORINGSSL_EVP_API)
static ngx_int_t static ngx_int_t
ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out,
@ -569,7 +569,7 @@ void
ngx_quic_crypto_cleanup(ngx_quic_secret_t *s) ngx_quic_crypto_cleanup(ngx_quic_secret_t *s)
{ {
if (s->ctx) { if (s->ctx) {
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
EVP_AEAD_CTX_free(s->ctx); EVP_AEAD_CTX_free(s->ctx);
#else #else
EVP_CIPHER_CTX_free(s->ctx); EVP_CIPHER_CTX_free(s->ctx);
@ -585,7 +585,7 @@ ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, ngx_quic_secret_t *s,
{ {
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx;
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
/* no EVP interface */ /* no EVP interface */
s->hp_ctx = NULL; s->hp_ctx = NULL;
@ -621,7 +621,7 @@ ngx_quic_crypto_hp(ngx_quic_secret_t *s, u_char *out, u_char *in,
ctx = s->hp_ctx; ctx = s->hp_ctx;
#ifdef OPENSSL_IS_BORINGSSL #if (NGX_QUIC_BORINGSSL_EVP_API)
uint32_t cnt; uint32_t cnt;
if (ctx == NULL) { if (ctx == NULL) {

2
src/event/quic/ngx_event_quic_protection.h
View File

@ -23,9 +23,11 @@
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
#define NGX_QUIC_BORINGSSL_EVP_API 1
#define ngx_quic_cipher_t EVP_AEAD #define ngx_quic_cipher_t EVP_AEAD
#define ngx_quic_crypto_ctx_t EVP_AEAD_CTX #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX
#else #else
#define NGX_QUIC_BORINGSSL_EVP_API 0
#define ngx_quic_cipher_t EVP_CIPHER #define ngx_quic_cipher_t EVP_CIPHER
#define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX
#endif #endif