Piotr Sikora via nginx-devel
February 27, 2024 08:24PM
# HG changeset patch
# User Piotr Sikora <piotr@aviatrix.com>
# Date 1708977632 0
# Mon Feb 26 20:00:32 2024 +0000
# Branch patch009
# Node ID dfffc67d286b788204f60701ef4179566d933a1b
# Parent 5e923992006199748e79b08b1e65c4ef41f07495
SSL: add $ssl_curve when using AWS-LC.

Signed-off-by: Piotr Sikora <piotr@aviatrix.com>

diff -r 5e9239920061 -r dfffc67d286b src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Mon Feb 26 20:00:30 2024 +0000
+++ b/src/event/ngx_event_openssl.c Mon Feb 26 20:00:32 2024 +0000
@@ -5163,6 +5163,72 @@
return NGX_OK;
}

+#elif defined(OPENSSL_IS_AWSLC)
+
+ uint16_t curve_id;
+
+ curve_id = SSL_get_curve_id(c->ssl->connection);
+
+ /*
+ * Hardcoded table with ANSI / SECG curve names (e.g. "prime256v1"),
+ * which is the same format that OpenSSL returns for $ssl_curve.
+ *
+ * Without this table, we'd need to make 3 additional library calls
+ * to convert from curve_id to ANSI / SECG curve name:
+ *
+ * nist_name = SSL_get_curve_name(curve_id);
+ * nid = EC_curve_nist2nid(nist_name);
+ * ansi_name = OBJ_nid2sn(nid);
+ */
+
+ switch (curve_id) {
+
+#ifdef SSL_CURVE_SECP224R1
+ case SSL_CURVE_SECP224R1:
+ ngx_str_set(s, "secp224r1");
+ return NGX_OK;
+#endif
+
+#ifdef SSL_CURVE_SECP256R1
+ case SSL_CURVE_SECP256R1:
+ ngx_str_set(s, "prime256v1");
+ return NGX_OK;
+#endif
+
+#ifdef SSL_CURVE_SECP384R1
+ case SSL_CURVE_SECP384R1:
+ ngx_str_set(s, "secp384r1");
+ return NGX_OK;
+#endif
+
+#ifdef SSL_CURVE_SECP521R1
+ case SSL_CURVE_SECP521R1:
+ ngx_str_set(s, "secp521r1");
+ return NGX_OK;
+#endif
+
+#ifdef SSL_CURVE_X25519
+ case SSL_CURVE_X25519:
+ ngx_str_set(s, "x25519");
+ return NGX_OK;
+#endif
+
+ case 0:
+ break;
+
+ default:
+ s->len = sizeof("0x0000") - 1;
+
+ s->data = ngx_pnalloc(pool, s->len);
+ if (s->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_sprintf(s->data, "0x%04xd", curve_id);
+
+ return NGX_OK;
+ }
+
#endif

ngx_str_null(s);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 2 of 2] SSL: add $ssl_curve when using AWS-LC

Piotr Sikora via nginx-devel 401 February 27, 2024 08:24PM

Re: [PATCH 2 of 2] SSL: add $ssl_curve when using AWS-LC

Sergey Kandaurov 73 March 25, 2024 11:46AM

Re: [PATCH 2 of 2] SSL: add $ssl_curve when using AWS-LC

Piotr Sikora via nginx-devel 109 March 25, 2024 09:16PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 153
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready