Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.c @ 8715:3341e4089c6c quic
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
While here, removed check for encryption level zero, redundant by its nature.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 07 Dec 2021 15:42:10 +0300 |
| parents | de7b9af30fc6 |
| children | d8865baab732 |
comparison
equal
deleted
inserted
replaced
| 8714:18d23ed15eef | 8715:3341e4089c6c |
|---|---|
| 647 | 647 |
| 648 return NGX_ERROR; | 648 return NGX_ERROR; |
| 649 } | 649 } |
| 650 | 650 |
| 651 | 651 |
| 652 int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, | 652 ngx_int_t |
| 653 ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, | |
| 653 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, | 654 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
| 654 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) | 655 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
| 655 { | 656 { |
| 656 ngx_int_t key_len; | 657 ngx_int_t key_len; |
| 657 ngx_uint_t i; | 658 ngx_uint_t i; |
| 665 | 666 |
| 666 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); | 667 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
| 667 | 668 |
| 668 if (key_len == NGX_ERROR) { | 669 if (key_len == NGX_ERROR) { |
| 669 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); | 670 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); |
| 670 return 0; | 671 return NGX_ERROR; |
| 671 } | |
| 672 | |
| 673 if (level == ssl_encryption_initial) { | |
| 674 return 0; | |
| 675 } | 672 } |
| 676 | 673 |
| 677 peer_secret->secret.data = ngx_pnalloc(pool, secret_len); | 674 peer_secret->secret.data = ngx_pnalloc(pool, secret_len); |
| 678 if (peer_secret->secret.data == NULL) { | 675 if (peer_secret->secret.data == NULL) { |
| 679 return NGX_ERROR; | 676 return NGX_ERROR; |
| 700 | 697 |
| 701 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label, | 698 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label, |
| 702 seq[i].secret, secret_len) | 699 seq[i].secret, secret_len) |
| 703 != NGX_OK) | 700 != NGX_OK) |
| 704 { | 701 { |
| 705 return 0; | 702 return NGX_ERROR; |
| 706 } | 703 } |
| 707 } | 704 } |
| 708 | 705 |
| 709 return 1; | 706 return NGX_OK; |
| 710 } | 707 } |
| 711 | 708 |
| 712 | 709 |
| 713 ngx_quic_keys_t * | 710 ngx_quic_keys_t * |
| 714 ngx_quic_keys_new(ngx_pool_t *pool) | 711 ngx_quic_keys_new(ngx_pool_t *pool) |