Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_protection.h @ 9300:5be23505292b default tip
SSI: fixed incorrect or duplicate stub output.
Following 3518:eb3aaf8bd2a9 (0.8.37), r->request_output is only set
if there are data in the first buffer sent in the subrequest. As a
result, following the change mentioned this flag cannot be used to
prevent duplicate ngx_http_ssi_stub_output() calls, since it is not
set if there was already some output, but the first buffer was empty.
Still, when there are multiple subrequests, even an empty subrequest
response might be delayed by the postpone filter, leading to a second
call of ngx_http_ssi_stub_output() during finalization from
ngx_http_writer() the subreqest buffers are released by the postpone
filter. Since r->request_output is not set after the first call, this
resulted in duplicate stub output.
Additionally, checking only the first buffer might be wrong in some
unusual cases. For example, the first buffer might be empty if
$r->flush() is called before printing any data in the embedded Perl
module.
Depending on the postpone_output value and corresponding sizes, this
issue can result in either duplicate or unexpected stub output, or
"zero size buf in writer" alerts.
Following 8124:f5515e727656 (1.23.4), it became slightly easier to
reproduce the issue, as empty static files and empty cache items now
result in a response with an empty buffer. Before the change, an empty
proxied response can be used to reproduce the issue.
Fix is check all buffers and set r->request_output if any non-empty
buffers are sent. This ensures that all unusual cases of non-empty
responses are covered, and also that r->request_output will be set
after the first stub output, preventing duplicate output.
Reported by Jan Gassen.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 04 Jul 2024 17:41:28 +0300 |
parents | 22d110af473c |
children |
rev | line source |
---|---|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
11 #include <ngx_config.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
12 #include <ngx_core.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
13 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8673
diff
changeset
|
14 #include <ngx_event_quic_transport.h> |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8673
diff
changeset
|
15 |
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
16 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
17 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
18 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
19 /* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */ |
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
20 #define NGX_QUIC_IV_LEN 12 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
21 #define NGX_QUIC_TAG_LEN 16 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
22 |
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
23 /* largest hash used in TLS is SHA-384 */ |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
24 #define NGX_QUIC_MAX_MD_SIZE 48 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
25 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
26 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
27 #ifdef OPENSSL_IS_BORINGSSL |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
28 #define ngx_quic_cipher_t EVP_AEAD |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
29 #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
30 #else |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
31 #define ngx_quic_cipher_t EVP_CIPHER |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
32 #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
33 #endif |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
34 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
35 |
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
36 typedef struct { |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
37 size_t len; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
38 u_char data[NGX_QUIC_MAX_MD_SIZE]; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
39 } ngx_quic_md_t; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
40 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
41 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
42 typedef struct { |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
43 size_t len; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
44 u_char data[NGX_QUIC_IV_LEN]; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
45 } ngx_quic_iv_t; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
46 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
47 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
48 typedef struct { |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
49 ngx_quic_md_t secret; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
50 ngx_quic_iv_t iv; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
51 ngx_quic_md_t hp; |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
52 ngx_quic_crypto_ctx_t *ctx; |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
53 EVP_CIPHER_CTX *hp_ctx; |
9025
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
54 } ngx_quic_secret_t; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
55 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
56 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
57 typedef struct { |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
58 ngx_quic_secret_t client; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
59 ngx_quic_secret_t server; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
60 } ngx_quic_secrets_t; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
61 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
62 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
63 struct ngx_quic_keys_s { |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
64 ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST]; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
65 ngx_quic_secrets_t next_key; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
66 ngx_uint_t cipher; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
67 }; |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
68 |
e50f77a2d0b0
QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents:
9024
diff
changeset
|
69 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
70 typedef struct { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
71 const ngx_quic_cipher_t *c; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
72 const EVP_CIPHER *hp; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
73 const EVP_MD *d; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
74 } ngx_quic_ciphers_t; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
75 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
76 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
77 typedef struct { |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
78 size_t out_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
79 u_char *out; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
80 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
81 size_t prk_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
82 const uint8_t *prk; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
83 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
84 size_t label_len; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
85 const u_char *label; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
86 } ngx_quic_hkdf_t; |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
87 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
88 #define ngx_quic_hkdf_set(seq, _label, _out, _prk) \ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
89 (seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
90 (seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \ |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
91 (seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label); |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
92 |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
93 |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
94 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, |
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
95 ngx_str_t *secret, ngx_log_t *log); |
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
96 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
97 ngx_uint_t is_write, ngx_quic_keys_t *keys, |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
98 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
99 const uint8_t *secret, size_t secret_len); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
100 ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, |
9168
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
101 enum ssl_encryption_level_t level, ngx_uint_t is_write); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
102 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
103 enum ssl_encryption_level_t level); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
104 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
105 void ngx_quic_keys_update(ngx_event_t *ev); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
106 void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
111 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
112 ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
113 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
114 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
115 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
116 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, |
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9025
diff
changeset
|
117 ngx_log_t *log); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |