Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.c @ 8715:3341e4089c6c quic
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
While here, removed check for encryption level zero, redundant by its nature.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 07 Dec 2021 15:42:10 +0300 |
parents | de7b9af30fc6 |
children | d8865baab732 |
comparison
equal
deleted
inserted
replaced
8714:18d23ed15eef | 8715:3341e4089c6c |
---|---|
647 | 647 |
648 return NGX_ERROR; | 648 return NGX_ERROR; |
649 } | 649 } |
650 | 650 |
651 | 651 |
652 int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, | 652 ngx_int_t |
653 ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, | |
653 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, | 654 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
654 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) | 655 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
655 { | 656 { |
656 ngx_int_t key_len; | 657 ngx_int_t key_len; |
657 ngx_uint_t i; | 658 ngx_uint_t i; |
665 | 666 |
666 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); | 667 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
667 | 668 |
668 if (key_len == NGX_ERROR) { | 669 if (key_len == NGX_ERROR) { |
669 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); | 670 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); |
670 return 0; | 671 return NGX_ERROR; |
671 } | |
672 | |
673 if (level == ssl_encryption_initial) { | |
674 return 0; | |
675 } | 672 } |
676 | 673 |
677 peer_secret->secret.data = ngx_pnalloc(pool, secret_len); | 674 peer_secret->secret.data = ngx_pnalloc(pool, secret_len); |
678 if (peer_secret->secret.data == NULL) { | 675 if (peer_secret->secret.data == NULL) { |
679 return NGX_ERROR; | 676 return NGX_ERROR; |
700 | 697 |
701 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label, | 698 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label, |
702 seq[i].secret, secret_len) | 699 seq[i].secret, secret_len) |
703 != NGX_OK) | 700 != NGX_OK) |
704 { | 701 { |
705 return 0; | 702 return NGX_ERROR; |
706 } | 703 } |
707 } | 704 } |
708 | 705 |
709 return 1; | 706 return NGX_OK; |
710 } | 707 } |
711 | 708 |
712 | 709 |
713 ngx_quic_keys_t * | 710 ngx_quic_keys_t * |
714 ngx_quic_keys_new(ngx_pool_t *pool) | 711 ngx_quic_keys_new(ngx_pool_t *pool) |