#define NGX_QUIC_INITIAL_CIPHER TLS1_3_CK_AES_128_GCM_SHA256
+#define ngx_quic_md(str) { sizeof(str) - 1, str }
+
+
static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
const EVP_MD *digest, const u_char *prk, size_t prk_len,
const u_char *info, size_t info_len);
{
int outlen;
EVP_CIPHER_CTX *ctx;
- u_char zero[NGX_QUIC_HP_LEN] = {0};
+
+ static const u_char zero[NGX_QUIC_HP_LEN];
ctx = s->hp_ctx;
{
u_char *start;
ngx_str_t ad, itag;
- ngx_quic_md_t key;
ngx_quic_secret_t secret;
ngx_quic_ciphers_t ciphers;
/* 5.8. Retry Packet Integrity */
- static u_char key_data[16] =
- "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
- static u_char nonce[NGX_QUIC_IV_LEN] =
+ static ngx_quic_md_t key = ngx_quic_md(
+ "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e");
+ static const u_char nonce[NGX_QUIC_IV_LEN] =
"\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
- static ngx_str_t in = ngx_string("");
+ static ngx_str_t in = ngx_string("");
ad.data = res->data;
ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
return NGX_ERROR;
}
- key.len = sizeof(key_data);
- ngx_memcpy(key.data, key_data, sizeof(key_data));
secret.iv.len = NGX_QUIC_IV_LEN;
if (ngx_quic_crypto_init(ciphers.c, &secret, &key, 1, pkt->log)
projects / nginx.git / commitdiff