# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1623855198 -10800
# Node ID fc5719637aff8b2429941592cc70fc8b469bbd54
# Parent  4715f3e669f13f060810b3d15bf572410badfcc6
QUIC: consistent use of 5-byte buffers for header protection.

The output buffer is now also of 5 bytes.  Header protection uses
stream ciphers, which don't produce extra output nor PKCS padding.

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -10,7 +10,10 @@
 #include <ngx_event_quic_connection.h>
 
 
+/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
 #define NGX_QUIC_IV_LEN               12
+/* RFC 9001, 5.4.1.  Header Protection Application: 5-byte mask */
+#define NGX_QUIC_HP_LEN               5
 
 #define NGX_AES_128_GCM_SHA256        0x1301
 #define NGX_AES_256_GCM_SHA384        0x1302
@@ -627,15 +630,15 @@ ngx_quic_tls_hp(ngx_log_t *log, const EV
 {
     int              outlen;
     EVP_CIPHER_CTX  *ctx;
-    u_char           zero[5] = {0};
+    u_char           zero[NGX_QUIC_HP_LEN] = {0};
 
 #ifdef OPENSSL_IS_BORINGSSL
-    uint32_t counter;
+    uint32_t         cnt;
 
-    ngx_memcpy(&counter, in, sizeof(uint32_t));
+    ngx_memcpy(&cnt, in, sizeof(uint32_t));
 
     if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
-        CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
+        CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt);
         return NGX_OK;
     }
 #endif
@@ -650,12 +653,12 @@ ngx_quic_tls_hp(ngx_log_t *log, const EV
         goto failed;
     }
 
-    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, 5)) {
+    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) {
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
         goto failed;
     }
 
-    if (!EVP_EncryptFinal_ex(ctx, out + 5, &outlen)) {
+    if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) {
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
         goto failed;
     }
@@ -857,7 +860,7 @@ ngx_quic_create_packet(ngx_quic_header_t
     ngx_uint_t           i;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    u_char               nonce[12], mask[16];
+    u_char               nonce[12], mask[NGX_QUIC_HP_LEN];
 
     out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
 
@@ -1084,7 +1087,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     ngx_str_t            in, ad;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    uint8_t              mask[16], nonce[12];
+    uint8_t              nonce[12], mask[NGX_QUIC_HP_LEN];
 
     if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
     {