Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8178:a9ff4392ecde quic
QUIC header protection routines, introduced ngx_quic_tls_hp().
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | 76e29ff31cd3 |
children | 7ee1ada04c8a |
comparison
equal
deleted
inserted
replaced
8177:76e29ff31cd3 | 8178:a9ff4392ecde |
---|---|
591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) | 591 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) |
592 { | 592 { |
593 return 0; | 593 return 0; |
594 } | 594 } |
595 | 595 |
596 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | |
597 u_char *sample = &out.data[3]; // pnl=0 | 596 u_char *sample = &out.data[3]; // pnl=0 |
598 uint8_t mask[16]; | 597 uint8_t mask[16]; |
599 int outlen; | 598 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { |
600 | |
601 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, secret->hp.data, NULL) | |
602 != 1) | |
603 { | |
604 EVP_CIPHER_CTX_free(ctx); | |
605 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
606 "EVP_EncryptInit_ex() failed"); | |
607 return 0; | 599 return 0; |
608 } | 600 } |
609 | |
610 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { | |
611 EVP_CIPHER_CTX_free(ctx); | |
612 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
613 "EVP_EncryptUpdate() failed"); | |
614 return 0; | |
615 } | |
616 | |
617 EVP_CIPHER_CTX_free(ctx); | |
618 | 601 |
619 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; | 602 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; |
620 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 603 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
621 "quic_add_handshake_data sample: %*s, len: %uz", | 604 "quic_add_handshake_data sample: %*s, len: %uz", |
622 m, buf, 16); | 605 m, buf, 16); |