Mercurial > hg > nginx

annotate src/event/ngx_event_quic.c @ 8180:01dc595de244 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanup.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 7ee1ada04c8a
children b28ea685a56e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8171
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #include <ngx_config.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2 #include <ngx_core.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 #include <ngx_event.h>
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 uint64_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 ngx_quic_parse_int(u_char **pos)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 uint64_t value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 ngx_uint_t len;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 len = 1 << ((*p & 0xc0) >> 6);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 value = *p++ & 0x3f;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 while (--len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 value = (value << 8) + *p++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 return value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 void
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ngx_quic_build_int(u_char **pos, uint64_t value)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 ngx_uint_t len;//, len2;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 len = 0;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 while (value >> ((1 << len) * 8 - 2)) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 len++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 *p = len << 6;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 // len2 =
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 len = (1 << len);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 len--;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 *p |= value >> (len * 8);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 p++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 while (len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 *p++ = value >> ((len-- - 1) * 8);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 // return len2;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 uint64_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 u_char *p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 uint64_t value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 p = *pos;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 value = *p++ ^ *mask++;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 while (--len) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 value = (value << 8) + (*p++ ^ *mask++);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 *pos = p;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 return value;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ngx_int_t
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 const u_char *secret, size_t secret_len, const u_char *salt,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 size_t salt_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 #ifdef OPENSSL_IS_BORINGSSL
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 salt_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 == 0)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 #else
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 EVP_PKEY_CTX *pctx;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 if (EVP_PKEY_derive_init(pctx) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 #endif
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 return NGX_OK;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 ngx_int_t
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
123 ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
124 ngx_str_t *label, const uint8_t *prk, size_t prk_len)
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
125 {
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
126 uint8_t *p;
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
127 size_t info_len;
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
128 uint8_t info[20];
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
129
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
130 #if (NGX_DEBUG)
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
131 u_char buf[512];
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
132 size_t m;
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
133 #endif
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
134
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
135 out->data = ngx_pnalloc(c->pool, out->len);
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
136 if (out->data == NULL) {
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
137 return NGX_ERROR;
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
138 }
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
139
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
140 info_len = 2 + 1 + label->len + 1;
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
141
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
142 info[0] = 0;
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
143 info[1] = out->len;
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
144 info[2] = label->len;
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
145 p = ngx_cpymem(&info[3], label->data, label->len);
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
146 *p = '\0';
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
147
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
148 if (ngx_hkdf_expand(out->data, out->len, digest,
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
149 prk, prk_len, info, info_len)
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
150 != NGX_OK)
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
151 {
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
152 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
153 "ngx_hkdf_expand(%V) failed", label);
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
154 return NGX_ERROR;
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
155 }
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
156
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
157 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
158 m = ngx_hex_dump(buf, info, info_len) - buf;
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
159 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
160 "%V info: %*s, len: %uz", label, m, buf, info_len);
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
161
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
162 m = ngx_hex_dump(buf, out->data, out->len) - buf;
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
163 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
164 "%V key: %*s, len: %uz", label, m, buf, out->len);
8179
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
165 }
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
166
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
167 return NGX_OK;
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
168 }
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
169
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
170
7ee1ada04c8a Generic function for HKDF expansion.
Vladimir Homutov <vl@nginx.com>
parents: 8178
diff changeset
171 ngx_int_t
8171
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
173 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len)
8171
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 #ifdef OPENSSL_IS_BORINGSSL
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177 == 0)
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 #else
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
182
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183 EVP_PKEY_CTX *pctx;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
184
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
185 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
186
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
187 if (EVP_PKEY_derive_init(pctx) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
188 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
189 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
190
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
191 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
192 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
193 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
194
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
195 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
196 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
197 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
198
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
199 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
200 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
201 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
202
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
203 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
204 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
205 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
206
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
207 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
208 return NGX_ERROR;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
209 }
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
210
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
211 #endif
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
212
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
213 return NGX_OK;
4daf03d2bd0a OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
214 }
8177
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
215
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
216
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
217 ngx_int_t
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
218 ngx_quic_tls_open(ngx_connection_t *c, const EVP_CIPHER *cipher,
8177
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
219 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
220 ngx_str_t *ad)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
221 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
222 out->len = in->len - EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
223 out->data = ngx_pnalloc(c->pool, out->len);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
224 if (out->data == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
225 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
226 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
227
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
228 #ifdef OPENSSL_IS_BORINGSSLL
8177
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
229 EVP_AEAD_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
230
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
231 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
232 EVP_AEAD_DEFAULT_TAG_LENGTH);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
233 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
234 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
235 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
236 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
237
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
238 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
239 in->data, in->len, ad->data, ad->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
240 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
241 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
242 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
243 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_open() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
244 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
245 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
246
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
247 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
248 #else
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
249 int len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
250 u_char *tag;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
251 EVP_CIPHER_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
252
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
253 ctx = EVP_CIPHER_CTX_new();
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
254 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
255 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
256 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
257 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
258
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
259 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
260 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
261 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
262 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
263 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
264
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
265 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
266 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
267 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
268 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
269 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
270 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
271 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
272 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
273
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
274 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
275 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
276 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
277 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
278 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
279
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
280 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
281 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
282 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
283 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
284 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
285
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
286 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
287 in->len - EVP_GCM_TLS_TAG_LEN)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
288 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
289 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
290 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
291 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
292 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
293 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
294
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
295 out->len = len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
296 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
297
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
298 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
299 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
300 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
301 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
302 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
303 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
304 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
305 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
306
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
307 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
308 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
309 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptFinal_ex failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
310 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
311 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
312
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
313 out->len += len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
314
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
315 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
316 #endif
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
317
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
318 return NGX_OK;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
319 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
320
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
321
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
322 ngx_int_t
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
323 ngx_quic_tls_seal(ngx_connection_t *c, const EVP_CIPHER *cipher,
8177
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
324 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
325 ngx_str_t *ad)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
326 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
327 out->len = in->len + EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
328 out->data = ngx_pnalloc(c->pool, out->len);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
329 if (out->data == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
330 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
331 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
332
8180
01dc595de244 Cleanup.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8179
diff changeset
333 #ifdef OPENSSL_IS_BORINGSSLL
8177
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
334 EVP_AEAD_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
335
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
336 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
337 EVP_AEAD_DEFAULT_TAG_LENGTH);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
338 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
339 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
340 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
341 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
342
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
343 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
344 in->data, in->len, ad->data, ad->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
345 != 1)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
346 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
347 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
348 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_seal() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
349 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
350 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
351
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
352 EVP_AEAD_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
353 #else
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
354 int len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
355 EVP_CIPHER_CTX *ctx;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
356
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
357 ctx = EVP_CIPHER_CTX_new();
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
358 if (ctx == NULL) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
359 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
360 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
361 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
362
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
363 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
364 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
365 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
366 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
367 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
368
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
369 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
370 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
371 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
372 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
373 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
374 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
375 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
376 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
377
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
378 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
379 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
380 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
381 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
382 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
383
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
384 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
385 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
386 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
387 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
388 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
389
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
390 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
391 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
392 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
393 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
394 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
395
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
396 out->len = len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
397
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
398 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
399 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
400 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptFinal_ex failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
401 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
402 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
403
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
404 out->len += len;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
405
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
406 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
407 out->data + in->len)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
408 == 0)
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
409 {
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
410 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
411 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
412 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
413 return NGX_ERROR;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
414 }
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
415
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
416 EVP_CIPHER_CTX_free(ctx);
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
417
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
418 out->len += EVP_GCM_TLS_TAG_LEN;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
419 #endif
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
420
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
421 return NGX_OK;
76e29ff31cd3 AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8171
diff changeset
422 }
8178
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
423
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
424
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
425 ngx_int_t
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
426 ngx_quic_tls_hp(ngx_connection_t *c, const EVP_CIPHER *cipher,
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
427 ngx_quic_secret_t *s, u_char *out, u_char *in)
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
428 {
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
429 int outlen;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
430 EVP_CIPHER_CTX *ctx;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
431
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
432 ctx = EVP_CIPHER_CTX_new();
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
433 if (ctx == NULL) {
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
434 return NGX_ERROR;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
435 }
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
436
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
437 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, NULL) != 1) {
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
438 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
439 goto failed;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
440 }
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
441
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
442 if (!EVP_EncryptUpdate(ctx, out, &outlen, in, 16)) {
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
443 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
444 goto failed;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
445 }
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
446
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
447 EVP_CIPHER_CTX_free(ctx);
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
448
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
449 return NGX_OK;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
450
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
451 failed:
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
452
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
453 EVP_CIPHER_CTX_free(ctx);
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
454
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
455 return NGX_ERROR;
a9ff4392ecde QUIC header protection routines, introduced ngx_quic_tls_hp().
Sergey Kandaurov <pluknet@nginx.com>
parents: 8177
diff changeset
456 }