comparison src/event/ngx_event_openssl.c @ 8178:a9ff4392ecde quic

QUIC header protection routines, introduced ngx_quic_tls_hp().
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 76e29ff31cd3
children 7ee1ada04c8a
comparison
equal deleted inserted replaced
8177:76e29ff31cd3 8178:a9ff4392ecde
591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) 591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK)
592 { 592 {
593 return 0; 593 return 0;
594 } 594 }
595 595
596 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
597 u_char *sample = &out.data[3]; // pnl=0 596 u_char *sample = &out.data[3]; // pnl=0
598 uint8_t mask[16]; 597 uint8_t mask[16];
599 int outlen; 598 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) {
600
601 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, secret->hp.data, NULL)
602 != 1)
603 {
604 EVP_CIPHER_CTX_free(ctx);
605 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
606 "EVP_EncryptInit_ex() failed");
607 return 0; 599 return 0;
608 } 600 }
609
610 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) {
611 EVP_CIPHER_CTX_free(ctx);
612 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
613 "EVP_EncryptUpdate() failed");
614 return 0;
615 }
616
617 EVP_CIPHER_CTX_free(ctx);
618 601
619 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; 602 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf;
620 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, 603 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
621 "quic_add_handshake_data sample: %*s, len: %uz", 604 "quic_add_handshake_data sample: %*s, len: %uz",
622 m, buf, 16); 605 m, buf, 16);