Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_protection.h @ 9196:6c8595b77e66
QUIC: path aware in-flight bytes accounting.
On-packet acknowledgement is made path aware, as per RFC 9000, Section 9.4:
Packets sent on the old path MUST NOT contribute to congestion control
or RTT estimation for the new path.
To make this possible in a single congestion control context, the first packet
to be sent after the new path has been validated, which includes resetting the
congestion controller and RTT estimator, is now remembered in the connection.
Packets sent previously, such as on the old path, are not taken into account.
Note that although the packet number is saved per-connection, the added checks
affect application level packets only. For non-application level packets,
which are only processed prior to the handshake is complete, the remembered
packet number remains set to zero.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 12 Dec 2023 20:21:12 +0400 |
| parents | 22d110af473c |
| children |
| rev | line source |
|---|---|
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
|
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
11 #include <ngx_config.h> |
|
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
12 #include <ngx_core.h> |
|
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
13 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8673
diff
changeset
|
14 #include <ngx_event_quic_transport.h> |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8673
diff
changeset
|
15 |
|
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
16 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
17 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
18 |
|
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
19 /* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */ |
|
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
20 #define NGX_QUIC_IV_LEN 12 |
|
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
21 #define NGX_QUIC_TAG_LEN 16 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
22 |
|
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
23 /* largest hash used in TLS is SHA-384 */ |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
24 #define NGX_QUIC_MAX_MD_SIZE 48 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
25 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
26 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
27 #ifdef OPENSSL_IS_BORINGSSL |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
28 #define ngx_quic_cipher_t EVP_AEAD |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
29 #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
30 #else |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
31 #define ngx_quic_cipher_t EVP_CIPHER |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
32 #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
33 #endif |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
34 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
35 |
|
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
36 typedef struct { |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
37 size_t len; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
38 u_char data[NGX_QUIC_MAX_MD_SIZE]; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
39 } ngx_quic_md_t; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
40 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
41 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
42 typedef struct { |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
43 size_t len; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
44 u_char data[NGX_QUIC_IV_LEN]; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
45 } ngx_quic_iv_t; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
46 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
47 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
48 typedef struct { |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
49 ngx_quic_md_t secret; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
50 ngx_quic_iv_t iv; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
51 ngx_quic_md_t hp; |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
52 ngx_quic_crypto_ctx_t *ctx; |
|
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
53 EVP_CIPHER_CTX *hp_ctx; |
|
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
54 } ngx_quic_secret_t; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
55 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
56 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
57 typedef struct { |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
58 ngx_quic_secret_t client; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
59 ngx_quic_secret_t server; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
60 } ngx_quic_secrets_t; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
61 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
62 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
63 struct ngx_quic_keys_s { |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
64 ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST]; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
65 ngx_quic_secrets_t next_key; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
66 ngx_uint_t cipher; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
67 }; |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
68 |
|
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
69 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
70 typedef struct { |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
71 const ngx_quic_cipher_t *c; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
72 const EVP_CIPHER *hp; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
73 const EVP_MD *d; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
74 } ngx_quic_ciphers_t; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
75 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
76 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
77 typedef struct { |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
78 size_t out_len; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
79 u_char *out; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
80 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
81 size_t prk_len; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
82 const uint8_t *prk; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
83 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
84 size_t label_len; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
85 const u_char *label; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
86 } ngx_quic_hkdf_t; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
87 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
88 #define ngx_quic_hkdf_set(seq, _label, _out, _prk) \ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
89 (seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
90 (seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
91 (seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
92 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
93 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
94 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, |
|
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
95 ngx_str_t *secret, ngx_log_t *log); |
|
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
96 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
97 ngx_uint_t is_write, ngx_quic_keys_t *keys, |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
98 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
|
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
99 const uint8_t *secret, size_t secret_len); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
100 ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, |
|
9168
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
101 enum ssl_encryption_level_t level, ngx_uint_t is_write); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
102 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
103 enum ssl_encryption_level_t level); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
104 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
|
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
105 void ngx_quic_keys_update(ngx_event_t *ev); |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
106 void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
|
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers); |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
111 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, |
|
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
112 ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log); |
|
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
113 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, |
|
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
114 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); |
|
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
115 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
116 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
117 ngx_log_t *log); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |