Mercurial > hg > nginx-quic

comparison src/http/ngx_http_request.c @ 7639:02f331613232 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed indentation.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 640a13fc0f83
children b7bbfea7a6c3
comparison
equal deleted inserted replaced
7638:640a13fc0f83 7639:02f331613232
815 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 815 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
816 "quic initial secret: %*s, len: %uz", m, buf, is_len); 816 "quic initial secret: %*s, len: %uz", m, buf, is_len);
817 } 817 }
818 #endif 818 #endif
819 819
820 size_t hkdfl_len; 820 size_t hkdfl_len;
821 uint8_t hkdfl[20]; 821 uint8_t hkdfl[20];
822 uint8_t *p; 822 uint8_t *p;
823 823
824 /* draft-ietf-quic-tls-23#section-5.2 */ 824 /* draft-ietf-quic-tls-23#section-5.2 */
825 825
826 qc->client_in.len = SHA256_DIGEST_LENGTH; 826 qc->client_in.len = SHA256_DIGEST_LENGTH;
827 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); 827 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len);
828 if (qc->client_in.data == NULL) { 828 if (qc->client_in.data == NULL) {
829 ngx_http_close_connection(c); 829 ngx_http_close_connection(c);
830 return; 830 return;
831 } 831 }
832 832
833 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; 833 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
834 bzero(hkdfl, sizeof(hkdfl)); 834 bzero(hkdfl, sizeof(hkdfl));
835 hkdfl[0] = 0; 835 hkdfl[0] = 0;
836 hkdfl[1] = qc->client_in.len; 836 hkdfl[1] = qc->client_in.len;
837 hkdfl[2] = sizeof("tls13 client in") - 1; 837 hkdfl[2] = sizeof("tls13 client in") - 1;
838 p = ngx_cpymem(&hkdfl[3], "tls13 client in", 838 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1);
839 sizeof("tls13 client in") - 1); 839 *p = '\0';
840 *p = '\0';
841 840
842 #if 0 841 #if 0
843 ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20); 842 ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63"
844 843 "\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20);
845 m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf; 844
846 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 845 m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf;
847 "quic initial secret hkdf: %*s, len: %uz", 846 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
848 m, buf, sizeof(hkdfl)); 847 "quic initial secret hkdf: %*s, len: %uz",
849 #endif 848 m, buf, sizeof(hkdfl));
850 849 #endif
851 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, 850
852 digest, is, is_len, hkdfl, hkdfl_len) 851 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len,
853 != NGX_OK) 852 digest, is, is_len, hkdfl, hkdfl_len)
854 { 853 != NGX_OK)
855 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 854 {
856 "ngx_hkdf_expand(client_in) failed"); 855 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
857 ngx_http_close_connection(c); 856 "ngx_hkdf_expand(client_in) failed");
858 return; 857 ngx_http_close_connection(c);
859 } 858 return;
859 }
860 860
861 #ifdef OPENSSL_IS_BORINGSSL 861 #ifdef OPENSSL_IS_BORINGSSL
862 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 862 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
863 "quic EVP key:%d tag:%d nonce:%d", 863 "quic EVP key:%d tag:%d nonce:%d",
864 EVP_AEAD_key_length(cipher), 864 EVP_AEAD_key_length(cipher),
866 EVP_AEAD_nonce_length(cipher)); 866 EVP_AEAD_nonce_length(cipher));
867 #endif 867 #endif
868 868
869 869
870 #ifdef OPENSSL_IS_BORINGSSL 870 #ifdef OPENSSL_IS_BORINGSSL
871 qc->client_in_key.len = EVP_AEAD_key_length(cipher); 871 qc->client_in_key.len = EVP_AEAD_key_length(cipher);
872 #else 872 #else
873 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); 873 qc->client_in_key.len = EVP_CIPHER_key_length(cipher);
874 #endif 874 #endif
875 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); 875 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len);
876 if (qc->client_in_key.data == NULL) { 876 if (qc->client_in_key.data == NULL) {
877 ngx_http_close_connection(c); 877 ngx_http_close_connection(c);
878 return; 878 return;
879 } 879 }
880 880
881 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; 881 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
882 hkdfl[1] = qc->client_in_key.len; 882 hkdfl[1] = qc->client_in_key.len;
883 hkdfl[2] = sizeof("tls13 quic key") - 1; 883 hkdfl[2] = sizeof("tls13 quic key") - 1;
884 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", 884 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
885 sizeof("tls13 quic key") - 1); 885 *p = '\0';
886 *p = '\0'; 886
887 887 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len,
888 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, 888 digest, qc->client_in.data, qc->client_in.len,
889 digest, qc->client_in.data, qc->client_in.len, 889 hkdfl, hkdfl_len)
890 hkdfl, hkdfl_len) 890 != NGX_OK)
891 != NGX_OK) 891 {
892 { 892 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
893 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 893 "ngx_hkdf_expand(client_in_key) failed");
894 "ngx_hkdf_expand(client_in_key) failed"); 894 ngx_http_close_connection(c);
895 ngx_http_close_connection(c); 895 return;
896 return; 896 }
897 }
898 897
899 #ifdef OPENSSL_IS_BORINGSSL 898 #ifdef OPENSSL_IS_BORINGSSL
900 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); 899 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher);
901 #else 900 #else
902 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); 901 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher);
903 #endif 902 #endif
904 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); 903 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len);
905 if (qc->client_in_iv.data == NULL) { 904 if (qc->client_in_iv.data == NULL) {
906 ngx_http_close_connection(c); 905 ngx_http_close_connection(c);
907 return; 906 return;
908 } 907 }
909 908
910 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; 909 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
911 hkdfl[1] = qc->client_in_iv.len; 910 hkdfl[1] = qc->client_in_iv.len;
912 hkdfl[2] = sizeof("tls13 quic iv") - 1; 911 hkdfl[2] = sizeof("tls13 quic iv") - 1;
913 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); 912 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
914 *p = '\0'; 913 *p = '\0';
915 914
916 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, 915 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len,
917 digest, qc->client_in.data, qc->client_in.len, 916 digest, qc->client_in.data, qc->client_in.len,
918 hkdfl, hkdfl_len) 917 hkdfl, hkdfl_len)
919 != NGX_OK) 918 != NGX_OK)
920 { 919 {
921 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 920 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
922 "ngx_hkdf_expand(client_in_iv) failed"); 921 "ngx_hkdf_expand(client_in_iv) failed");
923 ngx_http_close_connection(c); 922 ngx_http_close_connection(c);
924 return; 923 return;
925 } 924 }
926 925
927 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ 926 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
928 927
929 #ifdef OPENSSL_IS_BORINGSSL 928 #ifdef OPENSSL_IS_BORINGSSL
930 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); 929 qc->client_in_hp.len = EVP_AEAD_key_length(cipher);
931 #else 930 #else
932 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); 931 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher);
933 #endif 932 #endif
934 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); 933 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len);
935 if (qc->client_in_hp.data == NULL) { 934 if (qc->client_in_hp.data == NULL) {
936 ngx_http_close_connection(c); 935 ngx_http_close_connection(c);
937 return; 936 return;
938 } 937 }
939 938
940 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; 939 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
941 hkdfl[1] = qc->client_in_hp.len; 940 hkdfl[1] = qc->client_in_hp.len;
942 hkdfl[2] = sizeof("tls13 quic hp") - 1; 941 hkdfl[2] = sizeof("tls13 quic hp") - 1;
943 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); 942 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
944 *p = '\0'; 943 *p = '\0';
945 944
946 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, 945 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len,
947 digest, qc->client_in.data, qc->client_in.len, 946 digest, qc->client_in.data, qc->client_in.len,
948 hkdfl, hkdfl_len) 947 hkdfl, hkdfl_len)
949 != NGX_OK) 948 != NGX_OK)
950 { 949 {
951 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 950 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
952 "ngx_hkdf_expand(client_in_hp) failed"); 951 "ngx_hkdf_expand(client_in_hp) failed");
953 ngx_http_close_connection(c); 952 ngx_http_close_connection(c);
954 return; 953 return;
955 } 954 }
956 955
957 #if (NGX_DEBUG) 956 #if (NGX_DEBUG)
958 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 957 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
959 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; 958 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf;
960 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 959 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
981 } 980 }
982 #endif 981 #endif
983 982
984 // server initial 983 // server initial
985 984
986 /* draft-ietf-quic-tls-23#section-5.2 */ 985 /* draft-ietf-quic-tls-23#section-5.2 */
987 986
988 qc->server_in.len = SHA256_DIGEST_LENGTH; 987 qc->server_in.len = SHA256_DIGEST_LENGTH;
989 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); 988 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len);
990 if (qc->server_in.data == NULL) { 989 if (qc->server_in.data == NULL) {
991 ngx_http_close_connection(c); 990 ngx_http_close_connection(c);
992 return; 991 return;
993 } 992 }
994 993
995 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; 994 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1;
996 hkdfl[0] = 0; 995 hkdfl[0] = 0;
997 hkdfl[1] = qc->server_in.len; 996 hkdfl[1] = qc->server_in.len;
998 hkdfl[2] = sizeof("tls13 server in") - 1; 997 hkdfl[2] = sizeof("tls13 server in") - 1;
999 p = ngx_cpymem(&hkdfl[3], "tls13 server in", 998 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1);
1000 sizeof("tls13 server in") - 1); 999 *p = '\0';
1001 *p = '\0'; 1000
1002 1001 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len,
1003 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, 1002 digest, is, is_len, hkdfl, hkdfl_len)
1004 digest, is, is_len, hkdfl, hkdfl_len) 1003 != NGX_OK)
1005 != NGX_OK) 1004 {
1006 { 1005 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1007 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1006 "ngx_hkdf_expand(server_in) failed");
1008 "ngx_hkdf_expand(server_in) failed"); 1007 ngx_http_close_connection(c);
1009 ngx_http_close_connection(c); 1008 return;
1010 return; 1009 }
1011 } 1010
1012 1011 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
1013 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
1014 1012
1015 #ifdef OPENSSL_IS_BORINGSSL 1013 #ifdef OPENSSL_IS_BORINGSSL
1016 qc->server_in_key.len = EVP_AEAD_key_length(cipher); 1014 qc->server_in_key.len = EVP_AEAD_key_length(cipher);
1017 #else 1015 #else
1018 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); 1016 qc->server_in_key.len = EVP_CIPHER_key_length(cipher);
1019 #endif 1017 #endif
1020 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); 1018 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len);
1021 if (qc->server_in_key.data == NULL) { 1019 if (qc->server_in_key.data == NULL) {
1022 ngx_http_close_connection(c); 1020 ngx_http_close_connection(c);
1023 return; 1021 return;
1024 } 1022 }
1025 1023
1026 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; 1024 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
1027 hkdfl[1] = qc->server_in_key.len; 1025 hkdfl[1] = qc->server_in_key.len;
1028 hkdfl[2] = sizeof("tls13 quic key") - 1; 1026 hkdfl[2] = sizeof("tls13 quic key") - 1;
1029 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", 1027 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
1030 sizeof("tls13 quic key") - 1); 1028 *p = '\0';
1031 *p = '\0'; 1029
1032 1030 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len,
1033 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, 1031 digest, qc->server_in.data, qc->server_in.len,
1034 digest, qc->server_in.data, qc->server_in.len, 1032 hkdfl, hkdfl_len)
1035 hkdfl, hkdfl_len) 1033 != NGX_OK)
1036 != NGX_OK) 1034 {
1037 { 1035 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1038 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1036 "ngx_hkdf_expand(server_in_key) failed");
1039 "ngx_hkdf_expand(server_in_key) failed"); 1037 ngx_http_close_connection(c);
1040 ngx_http_close_connection(c); 1038 return;
1041 return; 1039 }
1042 }
1043 1040
1044 #ifdef OPENSSL_IS_BORINGSSL 1041 #ifdef OPENSSL_IS_BORINGSSL
1045 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); 1042 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher);
1046 #else 1043 #else
1047 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); 1044 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher);
1048 #endif 1045 #endif
1049 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); 1046 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len);
1050 if (qc->server_in_iv.data == NULL) { 1047 if (qc->server_in_iv.data == NULL) {
1051 ngx_http_close_connection(c); 1048 ngx_http_close_connection(c);
1052 return; 1049 return;
1053 } 1050 }
1054 1051
1055 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; 1052 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
1056 hkdfl[1] = qc->server_in_iv.len; 1053 hkdfl[1] = qc->server_in_iv.len;
1057 hkdfl[2] = sizeof("tls13 quic iv") - 1; 1054 hkdfl[2] = sizeof("tls13 quic iv") - 1;
1058 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); 1055 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
1059 *p = '\0'; 1056 *p = '\0';
1060 1057
1061 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, 1058 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len,
1062 digest, qc->server_in.data, qc->server_in.len, 1059 digest, qc->server_in.data, qc->server_in.len,
1063 hkdfl, hkdfl_len) 1060 hkdfl, hkdfl_len)
1064 != NGX_OK) 1061 != NGX_OK)
1065 { 1062 {
1066 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1063 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1067 "ngx_hkdf_expand(server_in_iv) failed"); 1064 "ngx_hkdf_expand(server_in_iv) failed");
1068 ngx_http_close_connection(c); 1065 ngx_http_close_connection(c);
1069 return; 1066 return;
1070 } 1067 }
1071 1068
1072 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ 1069 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
1073 1070
1074 #ifdef OPENSSL_IS_BORINGSSL 1071 #ifdef OPENSSL_IS_BORINGSSL
1075 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); 1072 qc->server_in_hp.len = EVP_AEAD_key_length(cipher);
1076 #else 1073 #else
1077 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); 1074 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher);
1078 #endif 1075 #endif
1079 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); 1076 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len);
1080 if (qc->server_in_hp.data == NULL) { 1077 if (qc->server_in_hp.data == NULL) {
1081 ngx_http_close_connection(c); 1078 ngx_http_close_connection(c);
1082 return; 1079 return;
1083 } 1080 }
1084 1081
1085 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; 1082 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
1086 hkdfl[1] = qc->server_in_hp.len; 1083 hkdfl[1] = qc->server_in_hp.len;
1087 hkdfl[2] = sizeof("tls13 quic hp") - 1; 1084 hkdfl[2] = sizeof("tls13 quic hp") - 1;
1088 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); 1085 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
1089 *p = '\0'; 1086 *p = '\0';
1090 1087
1091 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, 1088 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len,
1092 digest, qc->server_in.data, qc->server_in.len, 1089 digest, qc->server_in.data, qc->server_in.len,
1093 hkdfl, hkdfl_len) 1090 hkdfl, hkdfl_len)
1094 != NGX_OK) 1091 != NGX_OK)
1095 { 1092 {
1096 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1093 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1097 "ngx_hkdf_expand(server_in_hp) failed"); 1094 "ngx_hkdf_expand(server_in_hp) failed");
1098 ngx_http_close_connection(c); 1095 ngx_http_close_connection(c);
1099 return; 1096 return;
1100 } 1097 }
1101 1098
1102 #if (NGX_DEBUG) 1099 #if (NGX_DEBUG)
1103 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 1100 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
1104 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; 1101 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf;
1105 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1102 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1212 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, 1209 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
1213 qc->client_in_key.data, 1210 qc->client_in_key.data,
1214 qc->client_in_key.len, 1211 qc->client_in_key.len,
1215 EVP_AEAD_DEFAULT_TAG_LENGTH); 1212 EVP_AEAD_DEFAULT_TAG_LENGTH);
1216 if (aead == NULL) { 1213 if (aead == NULL) {
1217 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1214 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
1218 "EVP_AEAD_CTX_new() failed");
1219 ngx_http_close_connection(c); 1215 ngx_http_close_connection(c);
1220 return; 1216 return;
1221 } 1217 }
1222 1218
1223 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), 1219 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
1340 1336
1341 uint8_t *crypto = &cleartext[2]; 1337 uint8_t *crypto = &cleartext[2];
1342 uint64_t crypto_len = ngx_quic_parse_int(&crypto); 1338 uint64_t crypto_len = ngx_quic_parse_int(&crypto);
1343 1339
1344 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1340 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1345 "quic initial packet CRYPTO length: %uL pp:%p:%p", crypto_len, cleartext, crypto); 1341 "quic initial packet CRYPTO length: %uL pp:%p:%p",
1342 crypto_len, cleartext, crypto);
1346 1343
1347 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); 1344 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
1348 1345
1349 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) 1346 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER)
1350 != NGX_OK) 1347 != NGX_OK)
1371 1368
1372 if (!SSL_provide_quic_data(c->ssl->connection, 1369 if (!SSL_provide_quic_data(c->ssl->connection,
1373 SSL_quic_read_level(c->ssl->connection), 1370 SSL_quic_read_level(c->ssl->connection),
1374 crypto, crypto_len)) 1371 crypto, crypto_len))
1375 { 1372 {
1376 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1373 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1377 "SSL_provide_quic_data() failed"); 1374 "SSL_provide_quic_data() failed");
1378 ngx_http_close_connection(c); 1375 ngx_http_close_connection(c);
1379 return; 1376 return;
1380 } 1377 }
1381 1378
1382 n = SSL_do_handshake(c->ssl->connection); 1379 n = SSL_do_handshake(c->ssl->connection);
1383 1380
1384 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); 1381 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);