aboutsummaryrefslogtreecommitdiff
path: root/src/http/ngx_http_request.c
diff options
context:
space:
mode:
authorSergey Kandaurov <pluknet@nginx.com>2020-02-28 13:09:52 +0300
committerSergey Kandaurov <pluknet@nginx.com>2020-02-28 13:09:52 +0300
commita3620d469f2378420b52199b5da4fff9fa0b8995 (patch)
tree5367db25589e0421081c39b0feec5b83e8d20f0a /src/http/ngx_http_request.c
parent56eead6176d2d63392fc82668b2233dfadbae33e (diff)
downloadnginx-a3620d469f2378420b52199b5da4fff9fa0b8995.tar.gz
nginx-a3620d469f2378420b52199b5da4fff9fa0b8995.zip
QUIC header protection routines, introduced ngx_quic_tls_hp().
Diffstat (limited to 'src/http/ngx_http_request.c')
-rw-r--r--src/http/ngx_http_request.c42
1 files changed, 4 insertions, 38 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index c9bddc6dd..8fbc20424 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1124,31 +1124,14 @@ ngx_http_quic_handshake(ngx_event_t *rev)
// header protection
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
uint8_t mask[16];
- int outlen;
-
- if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
- qc->client_in.hp.data, NULL)
- != 1)
+ if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_in, mask, sample)
+ != NGX_OK)
{
- EVP_CIPHER_CTX_free(ctx);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_EncryptInit_ex() failed");
ngx_http_close_connection(c);
return;
}
- if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) {
- EVP_CIPHER_CTX_free(ctx);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_EncryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- EVP_CIPHER_CTX_free(ctx);
-
u_char clearflags = flags ^ (mask[0] & 0x0f);
ngx_int_t pnl = (clearflags & 0x03) + 1;
uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]);
@@ -1422,31 +1405,14 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
// header protection
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
uint8_t mask[16];
- int outlen;
-
- if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
- qc->client_hs.hp.data, NULL)
- != 1)
+ if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_hs, mask, sample)
+ != NGX_OK)
{
- EVP_CIPHER_CTX_free(ctx);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_EncryptInit_ex() failed");
ngx_http_close_connection(c);
return;
}
- if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) {
- EVP_CIPHER_CTX_free(ctx);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_EncryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- EVP_CIPHER_CTX_free(ctx);
-
u_char clearflags = flags ^ (mask[0] & 0x0f);
ngx_int_t pnl = (clearflags & 0x03) + 1;
uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]);