diff options
author | Sergey Kandaurov <pluknet@nginx.com> | 2020-02-28 13:09:52 +0300 |
---|---|---|
committer | Sergey Kandaurov <pluknet@nginx.com> | 2020-02-28 13:09:52 +0300 |
commit | a3620d469f2378420b52199b5da4fff9fa0b8995 (patch) | |
tree | 5367db25589e0421081c39b0feec5b83e8d20f0a /src/http/ngx_http_request.c | |
parent | 56eead6176d2d63392fc82668b2233dfadbae33e (diff) | |
download | nginx-a3620d469f2378420b52199b5da4fff9fa0b8995.tar.gz nginx-a3620d469f2378420b52199b5da4fff9fa0b8995.zip |
QUIC header protection routines, introduced ngx_quic_tls_hp().
Diffstat (limited to 'src/http/ngx_http_request.c')
-rw-r--r-- | src/http/ngx_http_request.c | 42 |
1 files changed, 4 insertions, 38 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index c9bddc6dd..8fbc20424 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1124,31 +1124,14 @@ ngx_http_quic_handshake(ngx_event_t *rev) // header protection - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); uint8_t mask[16]; - int outlen; - - if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, - qc->client_in.hp.data, NULL) - != 1) + if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_in, mask, sample) + != NGX_OK) { - EVP_CIPHER_CTX_free(ctx); - ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "EVP_EncryptInit_ex() failed"); ngx_http_close_connection(c); return; } - if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { - EVP_CIPHER_CTX_free(ctx); - ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "EVP_EncryptUpdate() failed"); - ngx_http_close_connection(c); - return; - } - - EVP_CIPHER_CTX_free(ctx); - u_char clearflags = flags ^ (mask[0] & 0x0f); ngx_int_t pnl = (clearflags & 0x03) + 1; uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]); @@ -1422,31 +1405,14 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) // header protection - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); uint8_t mask[16]; - int outlen; - - if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, - qc->client_hs.hp.data, NULL) - != 1) + if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_hs, mask, sample) + != NGX_OK) { - EVP_CIPHER_CTX_free(ctx); - ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "EVP_EncryptInit_ex() failed"); ngx_http_close_connection(c); return; } - if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { - EVP_CIPHER_CTX_free(ctx); - ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "EVP_EncryptUpdate() failed"); - ngx_http_close_connection(c); - return; - } - - EVP_CIPHER_CTX_free(ctx); - u_char clearflags = flags ^ (mask[0] & 0x0f); ngx_int_t pnl = (clearflags & 0x03) + 1; uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); |