Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8178:a9ff4392ecde quic
QUIC header protection routines, introduced ngx_quic_tls_hp().
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 28 Feb 2020 13:09:52 +0300 |
| parents | 76e29ff31cd3 |
| children | 7ee1ada04c8a |
comparison
equal
deleted
inserted
replaced
| 8177:76e29ff31cd3 | 8178:a9ff4392ecde |
|---|---|
| 591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) | 591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) |
| 592 { | 592 { |
| 593 return 0; | 593 return 0; |
| 594 } | 594 } |
| 595 | 595 |
| 596 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | |
| 597 u_char *sample = &out.data[3]; // pnl=0 | 596 u_char *sample = &out.data[3]; // pnl=0 |
| 598 uint8_t mask[16]; | 597 uint8_t mask[16]; |
| 599 int outlen; | 598 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { |
| 600 | |
| 601 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, secret->hp.data, NULL) | |
| 602 != 1) | |
| 603 { | |
| 604 EVP_CIPHER_CTX_free(ctx); | |
| 605 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
| 606 "EVP_EncryptInit_ex() failed"); | |
| 607 return 0; | 599 return 0; |
| 608 } | 600 } |
| 609 | |
| 610 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { | |
| 611 EVP_CIPHER_CTX_free(ctx); | |
| 612 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
| 613 "EVP_EncryptUpdate() failed"); | |
| 614 return 0; | |
| 615 } | |
| 616 | |
| 617 EVP_CIPHER_CTX_free(ctx); | |
| 618 | 601 |
| 619 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; | 602 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; |
| 620 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 603 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 621 "quic_add_handshake_data sample: %*s, len: %uz", | 604 "quic_add_handshake_data sample: %*s, len: %uz", |
| 622 m, buf, 16); | 605 m, buf, 16); |