Welcome! Log In Create A New Profile

[PATCH 1 of 4] QUIC: using native TLSv1.3 cipher suite constants

Forum List Message List New Topic Print View

Sergey Kandaurov

October 11, 2022 06:44AM

# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1665442920 -14400
# Tue Oct 11 03:02:00 2022 +0400
# Branch quic
# Node ID 82b03006a7bd93c3b5c962a3afac89e0639b0c12
# Parent 28fc35b71d7566d5a7e04968c70291a239f05b6f
QUIC: using native TLSv1.3 cipher suite constants.

After BoringSSL aligned[1] with OpenSSL on TLS1_3_CK_* macros, and
LibreSSL uses OpenSSL naming, our own variants can be dropped now.
Compatibility is preserved with libraries that lack these macros.

Additionally, transition to SSL_CIPHER_get_id() fixes build error
with LibreSSL that doesn't implement SSL_CIPHER_get_protocol_id().

[1] https://boringssl.googlesource.com/boringssl/+/dfddbc4ded

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -15,9 +15,12 @@

#define NGX_QUIC_AES_128_KEY_LEN 16

-#define NGX_AES_128_GCM_SHA256 0x1301
-#define NGX_AES_256_GCM_SHA384 0x1302
-#define NGX_CHACHA20_POLY1305_SHA256 0x1303
+#ifndef TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 \
+ 0x03001303
+#endif

#ifdef OPENSSL_IS_BORINGSSL
@@ -90,12 +93,12 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
ngx_int_t len;

if (level == ssl_encryption_initial) {
- id = NGX_AES_128_GCM_SHA256;
+ id = TLS1_3_CK_AES_128_GCM_SHA256;
}

switch (id) {

- case NGX_AES_128_GCM_SHA256:
+ case TLS1_3_CK_AES_128_GCM_SHA256:
#ifdef OPENSSL_IS_BORINGSSL
ciphers->c = EVP_aead_aes_128_gcm();
#else
@@ -106,7 +109,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
len = 16;
break;

- case NGX_AES_256_GCM_SHA384:
+ case TLS1_3_CK_AES_256_GCM_SHA384:
#ifdef OPENSSL_IS_BORINGSSL
ciphers->c = EVP_aead_aes_256_gcm();
#else
@@ -117,7 +120,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
len = 32;
break;

- case NGX_CHACHA20_POLY1305_SHA256:
+ case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
#ifdef OPENSSL_IS_BORINGSSL
ciphers->c = EVP_aead_chacha20_poly1305();
#else
@@ -642,7 +645,7 @@ ngx_quic_keys_set_encryption_secret(ngx_
peer_secret = is_write ? &keys->secrets[level].server
: &keys->secrets[level].client;

- keys->cipher = SSL_CIPHER_get_protocol_id(cipher);
+ keys->cipher = SSL_CIPHER_get_id(cipher);

key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 4] quic libressl support	Sergey Kandaurov	735	October 06, 2022 06:54PM
[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API	Sergey Kandaurov	159	October 06, 2022 06:54PM
[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	134	October 06, 2022 06:54PM
[PATCH 1 of 4] QUIC: using native TLSv1.3 cipher suite constants	Sergey Kandaurov	163	October 06, 2022 06:54PM
[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	175	October 06, 2022 06:54PM
[PATCH 0 of 4] quic libressl support #2	Sergey Kandaurov	147	October 11, 2022 06:44AM
[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	121	October 11, 2022 06:44AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Roman Arutyunyan	107	October 17, 2022 07:10AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	106	October 17, 2022 10:06AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Roman Arutyunyan	136	October 18, 2022 07:48AM
[PATCH 1 of 4] QUIC: using native TLSv1.3 cipher suite constants	Sergey Kandaurov	124	October 11, 2022 06:44AM
[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	133	October 11, 2022 06:44AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Roman Arutyunyan	143	October 17, 2022 09:32AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	145	October 17, 2022 10:28AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Maxim Dounin	120	October 20, 2022 08:12PM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	111	November 15, 2022 07:30AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Maxim Dounin	103	November 17, 2022 11:00PM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	115	November 21, 2022 06:28AM
[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API	Sergey Kandaurov	202	October 11, 2022 06:44AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 237

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018