Mercurial > hg > nginx
view src/event/ngx_event_quic_protection.h @ 8240:1f002206a59b quic
Added boundaries checks into frame parser.
The ngx_quic_parse_frame() functions now has new 'pkt' argument: the packet
header of a currently processed frame. This allows to log errors/debug
closer to reasons and perform additional checks regarding possible frame
types. The handler only performs processing of good frames.
A number of functions like read_uint32(), parse_int[_multi] probably should
be implemented as a macro, but currently it is better to have them as
functions for simpler debugging.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 19 Mar 2020 17:07:12 +0300 |
parents | ae35ccba7aa6 |
children | f85749b60e58 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ typedef struct ngx_quic_secret_s { ngx_str_t secret; ngx_str_t key; ngx_str_t iv; ngx_str_t hp; } ngx_quic_secret_t; typedef struct { ngx_quic_secret_t in; ngx_quic_secret_t hs; ngx_quic_secret_t ad; } ngx_quic_peer_secrets_t; typedef struct { ngx_quic_peer_secrets_t client; ngx_quic_peer_secrets_t server; } ngx_quic_secrets_t; ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secrets_t *secrets, ngx_str_t *secret); int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, ngx_quic_peer_secrets_t *qsec); ngx_int_t ngx_quic_encrypt(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, ngx_quic_header_t *pkt, ngx_str_t *payload, ngx_str_t *res); ngx_int_t ngx_quic_decrypt(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, ngx_quic_header_t *pkt); #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */