diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 0c9e9e84012..861d3bfd0fa 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -27,7 +27,7 @@ #endif #include #if (NGX_QUIC) -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) #include #include #else diff --git a/src/event/quic/ngx_event_quic.h b/src/event/quic/ngx_event_quic.h index bab085f4626..4f899ec0a58 100644 --- a/src/event/quic/ngx_event_quic.h +++ b/src/event/quic/ngx_event_quic.h @@ -18,7 +18,8 @@ #elif (defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION) #define NGX_QUIC_QUICTLS_API 1 -#elif (defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER) +#elif (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC \ + || defined LIBRESSL_VERSION_NUMBER) #define NGX_QUIC_BORINGSSL_API 1 #else diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c index 885843d72d8..fdc4760e66d 100644 --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -33,7 +33,7 @@ static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); -#ifndef OPENSSL_IS_BORINGSSL +#if !(defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); #endif @@ -58,7 +58,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) switch (id) { case TLS1_3_CK_AES_128_GCM_SHA256: -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) ciphers->c = EVP_aead_aes_128_gcm(); #else ciphers->c = EVP_aes_128_gcm(); @@ -69,7 +69,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) break; case TLS1_3_CK_AES_256_GCM_SHA384: -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) ciphers->c = EVP_aead_aes_256_gcm(); #else ciphers->c = EVP_aes_256_gcm(); @@ -80,12 +80,12 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) break; case TLS1_3_CK_CHACHA20_POLY1305_SHA256: -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) ciphers->c = EVP_aead_chacha20_poly1305(); #else ciphers->c = EVP_chacha20_poly1305(); #endif -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); #else ciphers->hp = EVP_chacha20(); @@ -94,7 +94,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) len = 32; break; -#ifndef OPENSSL_IS_BORINGSSL +#if !(defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) case TLS1_3_CK_AES_128_CCM_SHA256: ciphers->c = EVP_aes_128_ccm(); ciphers->hp = EVP_aes_128_ctr(); @@ -388,7 +388,7 @@ ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) EVP_AEAD_CTX *ctx; ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len, @@ -448,7 +448,7 @@ static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) @@ -468,7 +468,7 @@ ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) @@ -484,7 +484,7 @@ ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, } -#ifndef OPENSSL_IS_BORINGSSL +#if !(defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, @@ -563,7 +563,7 @@ void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s) { if (s->ctx) { -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) EVP_AEAD_CTX_free(s->ctx); #else EVP_CIPHER_CTX_free(s->ctx); @@ -579,7 +579,7 @@ ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, ngx_quic_secret_t *s, { EVP_CIPHER_CTX *ctx; -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { /* no EVP interface */ s->hp_ctx = NULL; @@ -615,7 +615,7 @@ ngx_quic_crypto_hp(ngx_quic_secret_t *s, u_char *out, u_char *in, ctx = s->hp_ctx; -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) uint32_t cnt; if (ctx == NULL) { diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h index fddc6083a32..e8eb19f9e0c 100644 --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -22,7 +22,7 @@ #define NGX_QUIC_MAX_MD_SIZE 48 -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) #define ngx_quic_cipher_t EVP_AEAD #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX #else diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c index e961c80cd60..61bae5a281a 100644 --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -968,7 +968,7 @@ ngx_quic_init_connection(ngx_connection_t *c) } #endif -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC) if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "quic SSL_set_quic_early_data_context() failed"); diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index ceac8d307ef..c1ea40f7f7d 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -935,7 +935,8 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module); #if (defined TLS1_3_VERSION \ - && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL) + && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL \ + && !defined OPENSSL_IS_AWSLC) /* * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+, diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 2f1b996246f..844aa90e746 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -592,7 +592,8 @@ ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) sscf = ngx_stream_get_module_srv_conf(cscf->ctx, ngx_stream_ssl_module); #if (defined TLS1_3_VERSION \ - && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL) + && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL \ + && !defined OPENSSL_IS_AWSLC) /* * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+,