Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7669:ec0c44aa2881 quic
Chacha20 header protection support with BoringSSL.
BoringSSL lacks EVP for Chacha20. Here we use CRYPTO_chacha_20() instead.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 10 Mar 2020 19:15:12 +0300 |
| parents | a4ed2305ad2c |
| children | 9e0c30e1f7fb |
comparison
equal
deleted
inserted
replaced
| 7668:a4ed2305ad2c | 7669:ec0c44aa2881 |
|---|---|
| 2051 { | 2051 { |
| 2052 int outlen; | 2052 int outlen; |
| 2053 EVP_CIPHER_CTX *ctx; | 2053 EVP_CIPHER_CTX *ctx; |
| 2054 u_char zero[5] = {0}; | 2054 u_char zero[5] = {0}; |
| 2055 | 2055 |
| 2056 #ifdef OPENSSL_IS_BORINGSSL | |
| 2057 uint32_t counter; | |
| 2058 | |
| 2059 ngx_memcpy(&counter, in, sizeof(uint32_t)); | |
| 2060 | |
| 2061 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { | |
| 2062 CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter); | |
| 2063 return NGX_OK; | |
| 2064 } | |
| 2065 #endif | |
| 2066 | |
| 2056 ctx = EVP_CIPHER_CTX_new(); | 2067 ctx = EVP_CIPHER_CTX_new(); |
| 2057 if (ctx == NULL) { | 2068 if (ctx == NULL) { |
| 2058 return NGX_ERROR; | 2069 return NGX_ERROR; |
| 2059 } | 2070 } |
| 2060 | 2071 |
| 2127 #ifdef OPENSSL_IS_BORINGSSL | 2138 #ifdef OPENSSL_IS_BORINGSSL |
| 2128 ciphers->c = EVP_aead_chacha20_poly1305(); | 2139 ciphers->c = EVP_aead_chacha20_poly1305(); |
| 2129 #else | 2140 #else |
| 2130 ciphers->c = EVP_chacha20_poly1305(); | 2141 ciphers->c = EVP_chacha20_poly1305(); |
| 2131 #endif | 2142 #endif |
| 2132 #ifndef OPENSSL_IS_BORINGSSL | 2143 #ifdef OPENSSL_IS_BORINGSSL |
| 2144 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); | |
| 2145 #else | |
| 2133 ciphers->hp = EVP_chacha20(); | 2146 ciphers->hp = EVP_chacha20(); |
| 2134 #endif | 2147 #endif |
| 2135 ciphers->d = EVP_sha256(); | 2148 ciphers->d = EVP_sha256(); |
| 2136 len = 32; | 2149 len = 32; |
| 2137 break; | 2150 break; |