nginx: src/http/ngx_http_request.c comparison

PN-aware AEAD nonce, feeding proper CRYPTO length.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 28 Feb 2020 13:09:52 +0300
parents	4daf03d2bd0a
children	02f331613232

comparison

equal deleted inserted replaced

-:4daf03d2bd0a
+:640a13fc0f83
 "quic packet payload: %*s%s, len: %uz",
 m, buf, m < 512 ? "" : "...", cleartext_len);
 }
 #endif
+if (cleartext[0] != 0x06) {
+ngx_log_error(NGX_LOG_INFO, rev->log, 0,
+"unexpected frame in initial packet");
+ngx_http_close_connection(c);
+return;
+}
+if (cleartext[1] != 0x00) {
+ngx_log_error(NGX_LOG_INFO, rev->log, 0,
+"unexpected CRYPTO offset in initial packet");
+ngx_http_close_connection(c);
+return;
+}
+uint8_t *crypto = &cleartext[2];
+uint64_t crypto_len = ngx_quic_parse_int(&crypto);
+ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
+"quic initial packet CRYPTO length: %uL pp:%p:%p", crypto_len, cleartext, crypto);
 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER)
 != NGX_OK)
 {
 (int) SSL_quic_read_level(c->ssl->connection),
 (int) SSL_quic_write_level(c->ssl->connection));
 if (!SSL_provide_quic_data(c->ssl->connection,
 SSL_quic_read_level(c->ssl->connection),
-&cleartext[4], cleartext_len - 4))
+crypto, crypto_len))
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
 "SSL_provide_quic_data() failed");
 ngx_http_close_connection(c);
 return;

Mercurial > hg > nginx