#define quic_version 0xff000018
+#define NGX_AES_128_GCM_SHA256 0x1301
+#define NGX_AES_256_GCM_SHA384 0x1302
+
#if (NGX_HAVE_NONALIGNED)
enum ssl_encryption_level_t level, const uint8_t *read_secret,
const uint8_t *write_secret, size_t secret_len)
{
- u_char *name;
ngx_uint_t i;
const EVP_MD *digest;
const EVP_CIPHER *cipher;
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
- //ngx_ssl_handshake_log(c); // TODO: enable again
-
ngx_quic_hexdump(c->log, "level:%d read", read_secret, secret_len, level);
ngx_quic_hexdump(c->log, "level:%d read", write_secret, secret_len, level);
- name = (u_char *) SSL_get_cipher(ssl_conn);
+ switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
- if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
- || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
- {
+ case NGX_AES_128_GCM_SHA256:
cipher = EVP_aes_128_gcm();
digest = EVP_sha256();
+ break;
- } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
+ case NGX_AES_256_GCM_SHA384:
cipher = EVP_aes_256_gcm();
digest = EVP_sha384();
+ break;
- } else {
+ default:
ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
return 0;
}
ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
ngx_quic_header_t *pkt, ngx_str_t *payload, ngx_str_t *res)
{
- u_char *p, *pnp, *name, *nonce, *sample, *packet;
+ u_char *p, *pnp, *nonce, *sample, *packet;
ngx_str_t ad, out;
const EVP_CIPHER *cipher;
ngx_quic_connection_t *qc;
ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
- name = (u_char *) SSL_get_cipher(ssl_conn);
+ switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
- if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
- || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
- {
+ case NGX_AES_128_GCM_SHA256:
cipher = EVP_aes_128_gcm();
+ break;
- } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
+ case NGX_AES_256_GCM_SHA384:
cipher = EVP_aes_256_gcm();
+ break;
- } else {
+ default:
return NGX_ERROR;
}
ngx_quic_create_short_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
ngx_quic_header_t *pkt, ngx_str_t *payload, ngx_str_t *res)
{
- u_char *p, *pnp, *name, *nonce, *sample, *packet;
+ u_char *p, *pnp, *nonce, *sample, *packet;
ngx_str_t ad, out;
const EVP_CIPHER *cipher;
ngx_quic_connection_t *qc;
ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
- name = (u_char *) SSL_get_cipher(ssl_conn);
+ switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
- if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
- || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
- {
+ case NGX_AES_128_GCM_SHA256:
cipher = EVP_aes_128_gcm();
+ break;
- } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
+ case NGX_AES_256_GCM_SHA384:
cipher = EVP_aes_256_gcm();
+ break;
- } else {
+ default:
return NGX_ERROR;
}
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
qc = c->quic;
- //ngx_ssl_handshake_log(c); // TODO: enable again
-
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ngx_quic_add_handshake_data");
ngx_quic_hexdump0(c->log, "nonce", nonce, 12);
ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
- u_char *name = (u_char *) SSL_get_cipher(ssl_conn);
- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "quic ssl cipher: %s", name);
+ switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
- if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
- || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
- {
+ case NGX_AES_128_GCM_SHA256:
cipher = EVP_aes_128_gcm();
+ break;
- } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
+ case NGX_AES_256_GCM_SHA384:
cipher = EVP_aes_256_gcm();
+ break;
- } else {
+ default:
ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
return NGX_ERROR;
}
(int) SSL_quic_read_level(ssl_conn),
(int) SSL_quic_write_level(ssl_conn));
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "quic ssl cipher: %s", SSL_get_cipher(ssl_conn));
+
// ACK Client Finished
ngx_quic_frame_t *frame;
projects / nginx.git / commitdiff