Mercurial > hg > nginx-quic

annotate src/event/ngx_event_quic.c @ 7643:76e29ff31cd3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 4daf03d2bd0a
children a9ff4392ecde
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7637
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #include <ngx_config.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2 #include <ngx_core.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 #include <ngx_event.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 uint64_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 ngx_quic_parse_int(u_char **pos)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 uint64_t value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 ngx_uint_t len;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 len = 1 << ((*p & 0xc0) >> 6);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 value = *p++ & 0x3f;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 while (--len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 value = (value << 8) + *p++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 return value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 void
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ngx_quic_build_int(u_char **pos, uint64_t value)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 ngx_uint_t len;//, len2;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 len = 0;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 while (value >> ((1 << len) * 8 - 2)) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 len++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 *p = len << 6;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 // len2 =
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 len = (1 << len);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 len--;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 *p |= value >> (len * 8);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 p++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 while (len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 *p++ = value >> ((len-- - 1) * 8);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 // return len2;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 uint64_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 uint64_t value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 value = *p++ ^ *mask++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 while (--len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 value = (value << 8) + (*p++ ^ *mask++);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 return value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ngx_int_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 const u_char *secret, size_t secret_len, const u_char *salt,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 size_t salt_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 #ifdef OPENSSL_IS_BORINGSSL
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 salt_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 == 0)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 #else
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 EVP_PKEY_CTX *pctx;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 if (EVP_PKEY_derive_init(pctx) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 #endif
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 return NGX_OK;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 ngx_int_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 #ifdef OPENSSL_IS_BORINGSSL
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 == 0)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 #else
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 EVP_PKEY_CTX *pctx;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 if (EVP_PKEY_derive_init(pctx) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162 #endif
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164 return NGX_OK;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165 }
7643
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
166
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
167
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
168 ngx_int_t
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
169 ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
170 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
171 ngx_str_t *ad)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
172 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
173 out->len = in->len - EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
174 out->data = ngx_pnalloc(c->pool, out->len);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
175 if (out->data == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
176 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
177 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
178
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
179 #ifdef OPENSSL_IS_BORINGSSL
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
180 EVP_AEAD_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
181
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
182 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
183 EVP_AEAD_DEFAULT_TAG_LENGTH);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
184 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
185 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
186 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
187 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
188
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
189 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
190 in->data, in->len, ad->data, ad->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
191 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
192 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
193 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
194 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_open() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
195 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
196 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
197
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
198 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
199 #else
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
200 int len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
201 u_char *tag;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
202 EVP_CIPHER_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
203
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
204 ctx = EVP_CIPHER_CTX_new();
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
205 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
206 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
207 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
208 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
209
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
210 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
211 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
212 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
213 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
214 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
215
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
216 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
217 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
218 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
219 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
220 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
221 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
222 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
223 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
224
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
225 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
226 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
227 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
228 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
229 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
230
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
231 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
232 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
233 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
234 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
235 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
236
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
237 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
238 in->len - EVP_GCM_TLS_TAG_LEN)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
239 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
240 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
241 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
242 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
243 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
244 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
245
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
246 out->len = len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
247 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
248
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
249 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
250 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
251 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
252 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
253 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
254 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
255 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
256 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
257
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
258 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
259 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
260 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptFinal_ex failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
261 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
262 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
263
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
264 out->len += len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
265
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
266 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
267 #endif
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
268
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
269 return NGX_OK;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
270 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
271
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
272
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
273 ngx_int_t
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
274 ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
275 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
276 ngx_str_t *ad)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
277 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
278 out->len = in->len + EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
279 out->data = ngx_pnalloc(c->pool, out->len);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
280 if (out->data == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
281 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
282 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
283
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
284 #ifdef OPENSSL_IS_BORINGSSL
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
285 EVP_AEAD_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
286
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
287 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
288 EVP_AEAD_DEFAULT_TAG_LENGTH);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
289 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
290 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
291 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
292 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
293
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
294 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
295 in->data, in->len, ad->data, ad->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
296 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
297 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
298 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
299 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_seal() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
300 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
301 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
302
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
303 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
304 #else
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
305 int len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
306 EVP_CIPHER_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
307
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
308 ctx = EVP_CIPHER_CTX_new();
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
309 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
310 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
311 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
312 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
313
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
314 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
315 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
316 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
317 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
318 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
319
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
320 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
321 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
322 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
323 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
324 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
325 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
326 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
327 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
328
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
329 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
330 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
331 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
332 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
333 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
334
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
335 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
336 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
337 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
338 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
339 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
340
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
341 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
342 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
343 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
344 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
345 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
346
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
347 out->len = len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
348
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
349 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
350 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
351 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptFinal_ex failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
352 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
353 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
354
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
355 out->len += len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
356
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
357 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
358 out->data + in->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
359 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
360 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
361 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
362 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
363 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
364 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
365 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
366
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
367 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
368
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
369 out->len += EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
370 #endif
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
371
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
372 return NGX_OK;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7637
diff changeset
373 }