git.kaiwu.me - haproxy.git/commit

]> git.kaiwu.me - haproxy.git/commit

projects / haproxy.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: a6d40e0) | patch

author	William Lallemand <wlallemand@haproxy.com>
	Wed, 10 Jul 2024 08:28:27 +0000 (10:28 +0200)
committer	William Lallemand <wlallemand@haproxy.com>
	Thu, 25 Jul 2024 11:45:38 +0000 (13:45 +0200)
commit	31c831e29b432f0a9958be63948e8f4cb278e9f8
tree	ff082b6697b5bc9889bb707a510cda933d1f38e0	tree \| snapshot
parent	a6d40e09f7c9ebb99d5f08630a6482fbb7d04d26	commit \| diff

MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD

The QUIC crypto is using the EVP_CIPHER API in order to achieve
authenticated encryption, this was the API which was used with OpenSSL.
With libraries that inspires from BoringSSL (libreSSL and AWS-LC), the
AEAD algorithms are implemented using the EVP_AEAD API.

This patch converts the call to the EVP_CIPHER API when called in the
contex of AEAD cryptography for QUIC.

The patch defines some QUIC_AEAD macros that can be either EVP_CIPHER or
EVP_AEAD depending on the library.

This was mainly done for AWS-LC but this could be useful for other
libraries. This should finally allow to use CHACHA20_POLY1305 with
AWS-LC.

This patch allows to use the following ciphers with the EVP_AEAD API:
- TLS1_3_CK_AES_128_GCM_SHA256
- TLS1_3_CK_AES_256_GCM_SHA384

AWS-LC does not implement TLS1_3_CK_AES_128_CCM_SHA256 and
TLS1_3_CK_CHACHA20_POLY1305_SHA256 requires some hack for headers
protection which will come in another patch.

include/haproxy/quic_tls-t.h		diff \| blob \| history
include/haproxy/quic_tls.h		diff \| blob \| history
src/quic_retry.c		diff \| blob \| history
src/quic_rx.c		diff \| blob \| history
src/quic_tls.c		diff \| blob \| history

haproxy upstream