Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8173:02f331613232 quic
Fixed indentation.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | 640a13fc0f83 |
children | b7bbfea7a6c3 |
comparison
equal
deleted
inserted
replaced
8172:640a13fc0f83 | 8173:02f331613232 |
---|---|
815 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 815 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
816 "quic initial secret: %*s, len: %uz", m, buf, is_len); | 816 "quic initial secret: %*s, len: %uz", m, buf, is_len); |
817 } | 817 } |
818 #endif | 818 #endif |
819 | 819 |
820 size_t hkdfl_len; | 820 size_t hkdfl_len; |
821 uint8_t hkdfl[20]; | 821 uint8_t hkdfl[20]; |
822 uint8_t *p; | 822 uint8_t *p; |
823 | 823 |
824 /* draft-ietf-quic-tls-23#section-5.2 */ | 824 /* draft-ietf-quic-tls-23#section-5.2 */ |
825 | 825 |
826 qc->client_in.len = SHA256_DIGEST_LENGTH; | 826 qc->client_in.len = SHA256_DIGEST_LENGTH; |
827 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); | 827 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); |
828 if (qc->client_in.data == NULL) { | 828 if (qc->client_in.data == NULL) { |
829 ngx_http_close_connection(c); | 829 ngx_http_close_connection(c); |
830 return; | 830 return; |
831 } | 831 } |
832 | 832 |
833 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; | 833 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; |
834 bzero(hkdfl, sizeof(hkdfl)); | 834 bzero(hkdfl, sizeof(hkdfl)); |
835 hkdfl[0] = 0; | 835 hkdfl[0] = 0; |
836 hkdfl[1] = qc->client_in.len; | 836 hkdfl[1] = qc->client_in.len; |
837 hkdfl[2] = sizeof("tls13 client in") - 1; | 837 hkdfl[2] = sizeof("tls13 client in") - 1; |
838 p = ngx_cpymem(&hkdfl[3], "tls13 client in", | 838 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1); |
839 sizeof("tls13 client in") - 1); | 839 *p = '\0'; |
840 *p = '\0'; | |
841 | 840 |
842 #if 0 | 841 #if 0 |
843 ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20); | 842 ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63" |
844 | 843 "\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20); |
845 m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf; | 844 |
846 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 845 m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf; |
847 "quic initial secret hkdf: %*s, len: %uz", | 846 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
848 m, buf, sizeof(hkdfl)); | 847 "quic initial secret hkdf: %*s, len: %uz", |
849 #endif | 848 m, buf, sizeof(hkdfl)); |
850 | 849 #endif |
851 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, | 850 |
852 digest, is, is_len, hkdfl, hkdfl_len) | 851 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, |
853 != NGX_OK) | 852 digest, is, is_len, hkdfl, hkdfl_len) |
854 { | 853 != NGX_OK) |
855 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 854 { |
856 "ngx_hkdf_expand(client_in) failed"); | 855 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
857 ngx_http_close_connection(c); | 856 "ngx_hkdf_expand(client_in) failed"); |
858 return; | 857 ngx_http_close_connection(c); |
859 } | 858 return; |
859 } | |
860 | 860 |
861 #ifdef OPENSSL_IS_BORINGSSL | 861 #ifdef OPENSSL_IS_BORINGSSL |
862 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 862 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
863 "quic EVP key:%d tag:%d nonce:%d", | 863 "quic EVP key:%d tag:%d nonce:%d", |
864 EVP_AEAD_key_length(cipher), | 864 EVP_AEAD_key_length(cipher), |
866 EVP_AEAD_nonce_length(cipher)); | 866 EVP_AEAD_nonce_length(cipher)); |
867 #endif | 867 #endif |
868 | 868 |
869 | 869 |
870 #ifdef OPENSSL_IS_BORINGSSL | 870 #ifdef OPENSSL_IS_BORINGSSL |
871 qc->client_in_key.len = EVP_AEAD_key_length(cipher); | 871 qc->client_in_key.len = EVP_AEAD_key_length(cipher); |
872 #else | 872 #else |
873 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); | 873 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); |
874 #endif | 874 #endif |
875 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); | 875 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); |
876 if (qc->client_in_key.data == NULL) { | 876 if (qc->client_in_key.data == NULL) { |
877 ngx_http_close_connection(c); | 877 ngx_http_close_connection(c); |
878 return; | 878 return; |
879 } | 879 } |
880 | 880 |
881 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; | 881 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; |
882 hkdfl[1] = qc->client_in_key.len; | 882 hkdfl[1] = qc->client_in_key.len; |
883 hkdfl[2] = sizeof("tls13 quic key") - 1; | 883 hkdfl[2] = sizeof("tls13 quic key") - 1; |
884 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", | 884 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); |
885 sizeof("tls13 quic key") - 1); | 885 *p = '\0'; |
886 *p = '\0'; | 886 |
887 | 887 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, |
888 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, | 888 digest, qc->client_in.data, qc->client_in.len, |
889 digest, qc->client_in.data, qc->client_in.len, | 889 hkdfl, hkdfl_len) |
890 hkdfl, hkdfl_len) | 890 != NGX_OK) |
891 != NGX_OK) | 891 { |
892 { | 892 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
893 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 893 "ngx_hkdf_expand(client_in_key) failed"); |
894 "ngx_hkdf_expand(client_in_key) failed"); | 894 ngx_http_close_connection(c); |
895 ngx_http_close_connection(c); | 895 return; |
896 return; | 896 } |
897 } | |
898 | 897 |
899 #ifdef OPENSSL_IS_BORINGSSL | 898 #ifdef OPENSSL_IS_BORINGSSL |
900 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); | 899 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); |
901 #else | 900 #else |
902 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); | 901 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); |
903 #endif | 902 #endif |
904 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); | 903 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); |
905 if (qc->client_in_iv.data == NULL) { | 904 if (qc->client_in_iv.data == NULL) { |
906 ngx_http_close_connection(c); | 905 ngx_http_close_connection(c); |
907 return; | 906 return; |
908 } | 907 } |
909 | 908 |
910 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; | 909 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; |
911 hkdfl[1] = qc->client_in_iv.len; | 910 hkdfl[1] = qc->client_in_iv.len; |
912 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 911 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
913 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 912 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
914 *p = '\0'; | 913 *p = '\0'; |
915 | 914 |
916 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, | 915 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, |
917 digest, qc->client_in.data, qc->client_in.len, | 916 digest, qc->client_in.data, qc->client_in.len, |
918 hkdfl, hkdfl_len) | 917 hkdfl, hkdfl_len) |
919 != NGX_OK) | 918 != NGX_OK) |
920 { | 919 { |
921 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 920 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
922 "ngx_hkdf_expand(client_in_iv) failed"); | 921 "ngx_hkdf_expand(client_in_iv) failed"); |
923 ngx_http_close_connection(c); | 922 ngx_http_close_connection(c); |
924 return; | 923 return; |
925 } | 924 } |
926 | 925 |
927 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 926 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
928 | 927 |
929 #ifdef OPENSSL_IS_BORINGSSL | 928 #ifdef OPENSSL_IS_BORINGSSL |
930 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); | 929 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); |
931 #else | 930 #else |
932 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); | 931 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); |
933 #endif | 932 #endif |
934 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); | 933 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); |
935 if (qc->client_in_hp.data == NULL) { | 934 if (qc->client_in_hp.data == NULL) { |
936 ngx_http_close_connection(c); | 935 ngx_http_close_connection(c); |
937 return; | 936 return; |
938 } | 937 } |
939 | 938 |
940 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; | 939 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; |
941 hkdfl[1] = qc->client_in_hp.len; | 940 hkdfl[1] = qc->client_in_hp.len; |
942 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 941 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
943 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 942 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
944 *p = '\0'; | 943 *p = '\0'; |
945 | 944 |
946 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, | 945 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, |
947 digest, qc->client_in.data, qc->client_in.len, | 946 digest, qc->client_in.data, qc->client_in.len, |
948 hkdfl, hkdfl_len) | 947 hkdfl, hkdfl_len) |
949 != NGX_OK) | 948 != NGX_OK) |
950 { | 949 { |
951 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 950 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
952 "ngx_hkdf_expand(client_in_hp) failed"); | 951 "ngx_hkdf_expand(client_in_hp) failed"); |
953 ngx_http_close_connection(c); | 952 ngx_http_close_connection(c); |
954 return; | 953 return; |
955 } | 954 } |
956 | 955 |
957 #if (NGX_DEBUG) | 956 #if (NGX_DEBUG) |
958 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 957 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
959 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; | 958 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; |
960 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 959 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
981 } | 980 } |
982 #endif | 981 #endif |
983 | 982 |
984 // server initial | 983 // server initial |
985 | 984 |
986 /* draft-ietf-quic-tls-23#section-5.2 */ | 985 /* draft-ietf-quic-tls-23#section-5.2 */ |
987 | 986 |
988 qc->server_in.len = SHA256_DIGEST_LENGTH; | 987 qc->server_in.len = SHA256_DIGEST_LENGTH; |
989 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); | 988 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); |
990 if (qc->server_in.data == NULL) { | 989 if (qc->server_in.data == NULL) { |
991 ngx_http_close_connection(c); | 990 ngx_http_close_connection(c); |
992 return; | 991 return; |
993 } | 992 } |
994 | 993 |
995 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; | 994 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; |
996 hkdfl[0] = 0; | 995 hkdfl[0] = 0; |
997 hkdfl[1] = qc->server_in.len; | 996 hkdfl[1] = qc->server_in.len; |
998 hkdfl[2] = sizeof("tls13 server in") - 1; | 997 hkdfl[2] = sizeof("tls13 server in") - 1; |
999 p = ngx_cpymem(&hkdfl[3], "tls13 server in", | 998 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1); |
1000 sizeof("tls13 server in") - 1); | 999 *p = '\0'; |
1001 *p = '\0'; | 1000 |
1002 | 1001 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, |
1003 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, | 1002 digest, is, is_len, hkdfl, hkdfl_len) |
1004 digest, is, is_len, hkdfl, hkdfl_len) | 1003 != NGX_OK) |
1005 != NGX_OK) | 1004 { |
1006 { | 1005 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1007 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1006 "ngx_hkdf_expand(server_in) failed"); |
1008 "ngx_hkdf_expand(server_in) failed"); | 1007 ngx_http_close_connection(c); |
1009 ngx_http_close_connection(c); | 1008 return; |
1010 return; | 1009 } |
1011 } | 1010 |
1012 | 1011 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
1013 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | |
1014 | 1012 |
1015 #ifdef OPENSSL_IS_BORINGSSL | 1013 #ifdef OPENSSL_IS_BORINGSSL |
1016 qc->server_in_key.len = EVP_AEAD_key_length(cipher); | 1014 qc->server_in_key.len = EVP_AEAD_key_length(cipher); |
1017 #else | 1015 #else |
1018 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); | 1016 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); |
1019 #endif | 1017 #endif |
1020 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); | 1018 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); |
1021 if (qc->server_in_key.data == NULL) { | 1019 if (qc->server_in_key.data == NULL) { |
1022 ngx_http_close_connection(c); | 1020 ngx_http_close_connection(c); |
1023 return; | 1021 return; |
1024 } | 1022 } |
1025 | 1023 |
1026 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; | 1024 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; |
1027 hkdfl[1] = qc->server_in_key.len; | 1025 hkdfl[1] = qc->server_in_key.len; |
1028 hkdfl[2] = sizeof("tls13 quic key") - 1; | 1026 hkdfl[2] = sizeof("tls13 quic key") - 1; |
1029 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", | 1027 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); |
1030 sizeof("tls13 quic key") - 1); | 1028 *p = '\0'; |
1031 *p = '\0'; | 1029 |
1032 | 1030 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, |
1033 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, | 1031 digest, qc->server_in.data, qc->server_in.len, |
1034 digest, qc->server_in.data, qc->server_in.len, | 1032 hkdfl, hkdfl_len) |
1035 hkdfl, hkdfl_len) | 1033 != NGX_OK) |
1036 != NGX_OK) | 1034 { |
1037 { | 1035 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1038 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1036 "ngx_hkdf_expand(server_in_key) failed"); |
1039 "ngx_hkdf_expand(server_in_key) failed"); | 1037 ngx_http_close_connection(c); |
1040 ngx_http_close_connection(c); | 1038 return; |
1041 return; | 1039 } |
1042 } | |
1043 | 1040 |
1044 #ifdef OPENSSL_IS_BORINGSSL | 1041 #ifdef OPENSSL_IS_BORINGSSL |
1045 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); | 1042 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); |
1046 #else | 1043 #else |
1047 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); | 1044 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); |
1048 #endif | 1045 #endif |
1049 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); | 1046 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); |
1050 if (qc->server_in_iv.data == NULL) { | 1047 if (qc->server_in_iv.data == NULL) { |
1051 ngx_http_close_connection(c); | 1048 ngx_http_close_connection(c); |
1052 return; | 1049 return; |
1053 } | 1050 } |
1054 | 1051 |
1055 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; | 1052 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; |
1056 hkdfl[1] = qc->server_in_iv.len; | 1053 hkdfl[1] = qc->server_in_iv.len; |
1057 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 1054 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
1058 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 1055 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
1059 *p = '\0'; | 1056 *p = '\0'; |
1060 | 1057 |
1061 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, | 1058 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, |
1062 digest, qc->server_in.data, qc->server_in.len, | 1059 digest, qc->server_in.data, qc->server_in.len, |
1063 hkdfl, hkdfl_len) | 1060 hkdfl, hkdfl_len) |
1064 != NGX_OK) | 1061 != NGX_OK) |
1065 { | 1062 { |
1066 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1063 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1067 "ngx_hkdf_expand(server_in_iv) failed"); | 1064 "ngx_hkdf_expand(server_in_iv) failed"); |
1068 ngx_http_close_connection(c); | 1065 ngx_http_close_connection(c); |
1069 return; | 1066 return; |
1070 } | 1067 } |
1071 | 1068 |
1072 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 1069 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
1073 | 1070 |
1074 #ifdef OPENSSL_IS_BORINGSSL | 1071 #ifdef OPENSSL_IS_BORINGSSL |
1075 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); | 1072 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); |
1076 #else | 1073 #else |
1077 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); | 1074 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); |
1078 #endif | 1075 #endif |
1079 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); | 1076 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); |
1080 if (qc->server_in_hp.data == NULL) { | 1077 if (qc->server_in_hp.data == NULL) { |
1081 ngx_http_close_connection(c); | 1078 ngx_http_close_connection(c); |
1082 return; | 1079 return; |
1083 } | 1080 } |
1084 | 1081 |
1085 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; | 1082 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; |
1086 hkdfl[1] = qc->server_in_hp.len; | 1083 hkdfl[1] = qc->server_in_hp.len; |
1087 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 1084 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
1088 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 1085 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
1089 *p = '\0'; | 1086 *p = '\0'; |
1090 | 1087 |
1091 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, | 1088 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, |
1092 digest, qc->server_in.data, qc->server_in.len, | 1089 digest, qc->server_in.data, qc->server_in.len, |
1093 hkdfl, hkdfl_len) | 1090 hkdfl, hkdfl_len) |
1094 != NGX_OK) | 1091 != NGX_OK) |
1095 { | 1092 { |
1096 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1093 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1097 "ngx_hkdf_expand(server_in_hp) failed"); | 1094 "ngx_hkdf_expand(server_in_hp) failed"); |
1098 ngx_http_close_connection(c); | 1095 ngx_http_close_connection(c); |
1099 return; | 1096 return; |
1100 } | 1097 } |
1101 | 1098 |
1102 #if (NGX_DEBUG) | 1099 #if (NGX_DEBUG) |
1103 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 1100 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
1104 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; | 1101 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; |
1105 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1102 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1212 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, | 1209 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, |
1213 qc->client_in_key.data, | 1210 qc->client_in_key.data, |
1214 qc->client_in_key.len, | 1211 qc->client_in_key.len, |
1215 EVP_AEAD_DEFAULT_TAG_LENGTH); | 1212 EVP_AEAD_DEFAULT_TAG_LENGTH); |
1216 if (aead == NULL) { | 1213 if (aead == NULL) { |
1217 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1214 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); |
1218 "EVP_AEAD_CTX_new() failed"); | |
1219 ngx_http_close_connection(c); | 1215 ngx_http_close_connection(c); |
1220 return; | 1216 return; |
1221 } | 1217 } |
1222 | 1218 |
1223 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), | 1219 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), |
1340 | 1336 |
1341 uint8_t *crypto = &cleartext[2]; | 1337 uint8_t *crypto = &cleartext[2]; |
1342 uint64_t crypto_len = ngx_quic_parse_int(&crypto); | 1338 uint64_t crypto_len = ngx_quic_parse_int(&crypto); |
1343 | 1339 |
1344 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1340 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1345 "quic initial packet CRYPTO length: %uL pp:%p:%p", crypto_len, cleartext, crypto); | 1341 "quic initial packet CRYPTO length: %uL pp:%p:%p", |
1342 crypto_len, cleartext, crypto); | |
1346 | 1343 |
1347 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 1344 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
1348 | 1345 |
1349 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) | 1346 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |
1350 != NGX_OK) | 1347 != NGX_OK) |
1371 | 1368 |
1372 if (!SSL_provide_quic_data(c->ssl->connection, | 1369 if (!SSL_provide_quic_data(c->ssl->connection, |
1373 SSL_quic_read_level(c->ssl->connection), | 1370 SSL_quic_read_level(c->ssl->connection), |
1374 crypto, crypto_len)) | 1371 crypto, crypto_len)) |
1375 { | 1372 { |
1376 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1373 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1377 "SSL_provide_quic_data() failed"); | 1374 "SSL_provide_quic_data() failed"); |
1378 ngx_http_close_connection(c); | 1375 ngx_http_close_connection(c); |
1379 return; | 1376 return; |
1380 } | 1377 } |
1381 | 1378 |
1382 n = SSL_do_handshake(c->ssl->connection); | 1379 n = SSL_do_handshake(c->ssl->connection); |
1383 | 1380 |
1384 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | 1381 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |