Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7663:75a2817808bf quic
Initial packets are protected with AEAD_AES_128_GCM.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 05 Mar 2020 19:49:49 +0300 |
parents | d447168ed13f |
children | ff14b0fe9731 |
comparison
equal
deleted
inserted
replaced
7662:d447168ed13f | 7663:75a2817808bf |
---|---|
632 | 632 |
633 ad.len = p - ad.data; | 633 ad.len = p - ad.data; |
634 | 634 |
635 ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len); | 635 ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len); |
636 | 636 |
637 switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) { | 637 if (pkt->level != ssl_encryption_initial) { |
638 | 638 switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) { |
639 case NGX_AES_128_GCM_SHA256: | 639 |
640 case NGX_AES_128_GCM_SHA256: | |
641 cipher = EVP_aes_128_gcm(); | |
642 break; | |
643 | |
644 case NGX_AES_256_GCM_SHA384: | |
645 cipher = EVP_aes_256_gcm(); | |
646 break; | |
647 | |
648 default: | |
649 return NGX_ERROR; | |
650 } | |
651 | |
652 } else { | |
640 cipher = EVP_aes_128_gcm(); | 653 cipher = EVP_aes_128_gcm(); |
641 break; | |
642 | |
643 case NGX_AES_256_GCM_SHA384: | |
644 cipher = EVP_aes_256_gcm(); | |
645 break; | |
646 | |
647 default: | |
648 return NGX_ERROR; | |
649 } | 654 } |
650 | 655 |
651 nonce = ngx_pstrdup(c->pool, &pkt->secret->iv); | 656 nonce = ngx_pstrdup(c->pool, &pkt->secret->iv); |
652 if (pkt->level == ssl_encryption_handshake) { | 657 if (pkt->level == ssl_encryption_handshake) { |
653 nonce[11] ^= (*pkt->number - 1); | 658 nonce[11] ^= (*pkt->number - 1); |