aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_openssl.c166
-rw-r--r--src/event/ngx_event_quic.c208
-rw-r--r--src/event/ngx_event_quic.h16
-rw-r--r--src/http/ngx_http_request.c270
4 files changed, 284 insertions, 376 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 7938ae098..561819e0b 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -452,17 +452,13 @@ static int
quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
{
- u_char buf[2048], *p, *ciphertext, *clear, *ad, *name;
- size_t ad_len, clear_len;
- ngx_int_t m;
- ngx_str_t *server_key, *server_iv, *server_hp;
-#ifdef OPENSSL_IS_BORINGSSL
- const EVP_AEAD *cipher;
-#else
- const EVP_CIPHER *cipher;
-#endif
- ngx_connection_t *c;
- ngx_quic_connection_t *qc;
+ u_char buf[2048], *p, *name;
+ ngx_int_t m;
+ ngx_str_t in, out, ad;
+ ngx_quic_secret_t *secret;
+ ngx_connection_t *c;
+ ngx_quic_connection_t *qc;
+ const ngx_aead_cipher_t *cipher;
static int pn = 0;
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
@@ -474,15 +470,11 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
switch (level) {
case ssl_encryption_initial:
- server_key = &qc->server_in.key;
- server_iv = &qc->server_in.iv;
- server_hp = &qc->server_in.hp;
+ secret = &qc->server_in;
break;
case ssl_encryption_handshake:
- server_key = &qc->server_hs.key;
- server_iv = &qc->server_hs.iv;
- server_hp = &qc->server_hs.hp;
+ secret = &qc->server_hs;
break;
default:
@@ -494,12 +486,12 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
"quic_add_handshake_data: %*s%s, len: %uz, level:%d",
m, buf, len < 2048 ? "" : "...", len, (int) level);
- clear = ngx_alloc(4 + len + 5 /*minimal ACK*/, c->log);
- if (clear == 0) {
+ in.data = ngx_alloc(4 + len + 5 /*minimal ACK*/, c->log);
+ if (in.data == 0) {
return 0;
}
- p = clear;
+ p = in.data;
ngx_quic_build_int(&p, 6); // crypto frame
ngx_quic_build_int(&p, 0);
ngx_quic_build_int(&p, len);
@@ -513,19 +505,19 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
ngx_quic_build_int(&p, 0);
}
- clear_len = p - clear;
- size_t ciphertext_len = clear_len + 16 /*expansion*/;
+ in.len = p - in.data;
+ out.len = in.len + EVP_GCM_TLS_TAG_LEN;
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic_add_handshake_data: clear_len:%uz, ciphertext_len:%uz",
- clear_len, ciphertext_len);
+ in.len, out.len);
- ad = ngx_alloc(346 /*max header*/, c->log);
- if (ad == 0) {
+ ad.data = ngx_alloc(346 /*max header*/, c->log);
+ if (ad.data == 0) {
return 0;
}
- p = ad;
+ p = ad.data;
if (level == ssl_encryption_initial) {
*p++ = 0xc0; // initial, packet number len
} else if (level == ssl_encryption_handshake) {
@@ -542,7 +534,7 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
if (level == ssl_encryption_initial) {
ngx_quic_build_int(&p, 0); // token length
}
- ngx_quic_build_int(&p, ciphertext_len + 1); // length (inc. pnl)
+ ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl)
u_char *pnp = p;
if (level == ssl_encryption_initial) {
@@ -552,12 +544,12 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
*p++ = pn++;
}
- ad_len = p - ad;
+ ad.len = p - ad.data;
- m = ngx_hex_dump(buf, (u_char *) ad, ad_len) - buf;
+ m = ngx_hex_dump(buf, ad.data, ad.len) - buf;
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic_add_handshake_data ad: %*s, len: %uz",
- m, buf, ad_len);
+ m, buf, ad.len);
name = (u_char *) SSL_get_cipher(ssl_conn);
@@ -582,18 +574,12 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
return 0;
}
-
- ciphertext = ngx_alloc(ciphertext_len, c->log);
- if (ciphertext == 0) {
- return 0;
- }
-
- uint8_t *nonce = ngx_pstrdup(c->pool, server_iv);
+ uint8_t *nonce = ngx_pstrdup(c->pool, &secret->iv);
if (level == ssl_encryption_handshake) {
nonce[11] ^= (pn - 1);
}
- m = ngx_hex_dump(buf, (u_char *) server_iv->data, 12) - buf;
+ m = ngx_hex_dump(buf, (u_char *) secret->iv.data, 12) - buf;
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic_add_handshake_data sample: server_iv %*s",
m, buf);
@@ -602,102 +588,17 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
"quic_add_handshake_data sample: n=%d nonce %*s",
pn - 1, m, buf);
-
-#ifdef OPENSSL_IS_BORINGSSL
- size_t out_len;
- EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
- server_key->data,
- server_key->len,
- EVP_AEAD_DEFAULT_TAG_LENGTH);
-
- if (EVP_AEAD_CTX_seal(aead, ciphertext, &out_len, ciphertext_len,
- nonce, server_iv->len,
- clear, clear_len, ad, ad_len)
- != 1)
- {
- EVP_AEAD_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "EVP_AEAD_CTX_seal() failed");
- return 0;
- }
-
- EVP_AEAD_CTX_free(aead);
-#else
- int out_len;
- EVP_CIPHER_CTX *aead;
-
- aead = EVP_CIPHER_CTX_new();
- if (aead == NULL) {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
- return 0;
- }
-
- if (EVP_EncryptInit_ex(aead, cipher, NULL, NULL, NULL) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
- return 0;
- }
-
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, server_iv->len, NULL)
- == 0)
+ if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK)
{
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
return 0;
}
- if (EVP_EncryptInit_ex(aead, NULL, NULL, server_key->data, nonce)
- != 1)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
- return 0;
- }
-
- if (EVP_EncryptUpdate(aead, NULL, &out_len, ad, ad_len) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
- return 0;
- }
-
- if (EVP_EncryptUpdate(aead, ciphertext, &out_len, clear, clear_len) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
- return 0;
- }
-
- ciphertext_len = out_len;
-
- if (EVP_EncryptFinal_ex(aead, ciphertext + out_len, &out_len) <= 0) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptFinal_ex failed");
- return 0;
- }
-
- ciphertext_len += out_len;
-
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
- ciphertext + clear_len)
- == 0)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
- return 0;
- }
-
- EVP_CIPHER_CTX_free(aead);
-
- out_len = ciphertext_len + EVP_GCM_TLS_TAG_LEN;
-#endif
-
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
- u_char *sample = ciphertext + 3; // pnl=0
+ u_char *sample = &out.data[3]; // pnl=0
uint8_t mask[16];
int outlen;
- if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, server_hp->data, NULL)
+ if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, secret->hp.data, NULL)
!= 1)
{
EVP_CIPHER_CTX_free(ctx);
@@ -725,25 +626,24 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
"quic_add_handshake_data mask: %*s, len: %uz",
m, buf, 16);
- m = ngx_hex_dump(buf, (u_char *) server_hp->data, 16) - buf;
+ m = ngx_hex_dump(buf, (u_char *) secret->hp.data, 16) - buf;
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic_add_handshake_data hp_key: %*s, len: %uz",
m, buf, 16);
// header protection, pnl = 0
- ad[0] ^= mask[0] & 0x0f;
+ ad.data[0] ^= mask[0] & 0x0f;
*pnp ^= mask[1];
-printf("clear_len %ld ciphertext_len %ld out_len %ld ad_len %ld\n",
-clear_len, ciphertext_len, (size_t) out_len, ad_len);
+printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len);
- u_char *packet = ngx_alloc(ad_len + out_len, c->log);
+ u_char *packet = ngx_alloc(ad.len + out.len, c->log);
if (packet == 0) {
return 0;
}
- p = ngx_cpymem(packet, ad, ad_len);
- p = ngx_cpymem(p, ciphertext, out_len);
+ p = ngx_cpymem(packet, ad.data, ad.len);
+ p = ngx_cpymem(p, out.data, out.len);
m = ngx_hex_dump(buf, (u_char *) packet, ngx_min(1024, p - packet)) - buf;
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index a655e7ddc..106ca0d34 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -163,3 +163,211 @@ ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
return NGX_OK;
}
+
+
+ngx_int_t
+ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
+ ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
+ ngx_str_t *ad)
+{
+ out->len = in->len - EVP_GCM_TLS_TAG_LEN;
+ out->data = ngx_pnalloc(c->pool, out->len);
+ if (out->data == NULL) {
+ return NGX_ERROR;
+ }
+
+#ifdef OPENSSL_IS_BORINGSSL
+ EVP_AEAD_CTX *ctx;
+
+ ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
+ EVP_AEAD_DEFAULT_TAG_LENGTH);
+ if (ctx == NULL) {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
+ in->data, in->len, ad->data, ad->len)
+ != 1)
+ {
+ EVP_AEAD_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_open() failed");
+ return NGX_ERROR;
+ }
+
+ EVP_AEAD_CTX_free(ctx);
+#else
+ int len;
+ u_char *tag;
+ EVP_CIPHER_CTX *ctx;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
+ == 0)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptInit_ex() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
+ in->len - EVP_GCM_TLS_TAG_LEN)
+ != 1)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptUpdate() failed");
+ return NGX_ERROR;
+ }
+
+ out->len = len;
+ tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
+ == 0)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_DecryptFinal_ex failed");
+ return NGX_ERROR;
+ }
+
+ out->len += len;
+
+ EVP_CIPHER_CTX_free(ctx);
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
+ ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
+ ngx_str_t *ad)
+{
+ out->len = in->len + EVP_GCM_TLS_TAG_LEN;
+ out->data = ngx_pnalloc(c->pool, out->len);
+ if (out->data == NULL) {
+ return NGX_ERROR;
+ }
+
+#ifdef OPENSSL_IS_BORINGSSL
+ EVP_AEAD_CTX *ctx;
+
+ ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
+ EVP_AEAD_DEFAULT_TAG_LENGTH);
+ if (ctx == NULL) {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_new() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
+ in->data, in->len, ad->data, ad->len)
+ != 1)
+ {
+ EVP_AEAD_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_AEAD_CTX_seal() failed");
+ return NGX_ERROR;
+ }
+
+ EVP_AEAD_CTX_free(ctx);
+#else
+ int len;
+ EVP_CIPHER_CTX *ctx;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_CIPHER_CTX_new() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
+ == 0)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
+ return NGX_ERROR;
+ }
+
+ if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptUpdate() failed");
+ return NGX_ERROR;
+ }
+
+ out->len = len;
+
+ if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptFinal_ex failed");
+ return NGX_ERROR;
+ }
+
+ out->len += len;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
+ out->data + in->len)
+ == 0)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
+ return NGX_ERROR;
+ }
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ out->len += EVP_GCM_TLS_TAG_LEN;
+#endif
+
+ return NGX_OK;
+}
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index 86f2f58bd..c1b20f65b 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -11,6 +11,15 @@
#include <ngx_event_openssl.h>
+#ifdef OPENSSL_IS_BORINGSSL
+#define ngx_aead_cipher_t EVP_AEAD
+#define NGX_QUIC_INITIAL_CIPHER EVP_aead_aes_128_gcm()
+#else
+#define ngx_aead_cipher_t EVP_CIPHER
+#define NGX_QUIC_INITIAL_CIPHER EVP_aes_128_gcm()
+#endif
+
+
typedef struct {
ngx_str_t secret;
ngx_str_t key;
@@ -44,5 +53,12 @@ ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
const EVP_MD *digest, const u_char *prk, size_t prk_len,
const u_char *info, size_t info_len);
+ngx_int_t ngx_quic_tls_open(ngx_connection_t *c,
+ const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
+ u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
+ngx_int_t ngx_quic_tls_seal(ngx_connection_t *c,
+ const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
+ u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
+
#endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 318933a40..c9bddc6dd 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -783,27 +783,18 @@ ngx_http_quic_handshake(ngx_event_t *rev)
// initial secret
- size_t is_len;
- uint8_t is[SHA256_DIGEST_LENGTH];
- const EVP_MD *digest;
-#ifdef OPENSSL_IS_BORINGSSL
- const EVP_AEAD *cipher;
-#else
- const EVP_CIPHER *cipher;
-#endif
+ size_t is_len;
+ uint8_t is[SHA256_DIGEST_LENGTH];
+ const EVP_MD *digest;
+ const ngx_aead_cipher_t *cipher;
static const uint8_t salt[20] =
"\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
"\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
- digest = EVP_sha256();
-
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
-#ifdef OPENSSL_IS_BORINGSSL
- cipher = EVP_aead_aes_128_gcm();
-#else
- cipher = EVP_aes_128_gcm();
-#endif
+ cipher = NGX_QUIC_INITIAL_CIPHER;
+ digest = EVP_sha256();
if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len,
salt, sizeof(salt))
@@ -1179,9 +1170,9 @@ ngx_http_quic_handshake(ngx_event_t *rev)
// packet protection
- ngx_str_t ciphertext;
- ciphertext.data = b->pos;
- ciphertext.len = plen - pnl;
+ ngx_str_t in;
+ in.data = b->pos;
+ in.len = plen - pnl;
ngx_str_t ad;
ad.len = b->pos - b->start;
@@ -1210,144 +1201,44 @@ ngx_http_quic_handshake(ngx_event_t *rev)
}
#endif
- uint8_t cleartext[1600];
- size_t cleartext_len;
-
-#ifdef OPENSSL_IS_BORINGSSL
- EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
- qc->client_in.key.data,
- qc->client_in.key.len,
- EVP_AEAD_DEFAULT_TAG_LENGTH);
- if (aead == NULL) {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
- nonce, qc->client_in.iv.len, ciphertext.data,
- ciphertext.len, ad.data, ad.len)
- != 1)
- {
- EVP_AEAD_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_AEAD_CTX_open() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- EVP_AEAD_CTX_free(aead);
-#else
- int len;
- u_char *tag;
- EVP_CIPHER_CTX *aead;
-
- aead = EVP_CIPHER_CTX_new();
- if (aead == NULL) {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_CIPHER_CTX_new() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptInit_ex(aead, cipher, NULL, NULL, NULL) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
- ngx_http_close_connection(c);
- return;
- }
+ ngx_str_t out;
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in.iv.len,
- NULL)
- == 0)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in.key.data, nonce)
- != 1)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptUpdate(aead, NULL, &len, ad.data, ad.len) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptUpdate(aead, cleartext, &len, ciphertext.data,
- ciphertext.len - EVP_GCM_TLS_TAG_LEN)
- != 1)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- cleartext_len = len;
- tag = ciphertext.data + ciphertext.len - EVP_GCM_TLS_TAG_LEN;
-
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN,
- tag)
- == 0)
+ if (ngx_quic_tls_open(c, cipher, &qc->client_in, &out, nonce, &in, &ad)
+ != NGX_OK)
{
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
ngx_http_close_connection(c);
return;
}
- if (EVP_DecryptFinal_ex(aead, cleartext + len, &len) <= 0) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptFinal_ex failed");
- ngx_http_close_connection(c);
- return;
- }
-
- cleartext_len += len;
-
- EVP_CIPHER_CTX_free(aead);
-#endif
-
#if (NGX_DEBUG)
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
- m = ngx_hex_dump(buf, cleartext, ngx_min(cleartext_len, 256)) - buf;
+ m = ngx_hex_dump(buf, out.data, ngx_min(out.len, 256)) - buf;
ngx_log_debug4(NGX_LOG_DEBUG_HTTP, rev->log, 0,
"quic packet payload: %*s%s, len: %uz",
- m, buf, m < 512 ? "" : "...", cleartext_len);
+ m, buf, m < 512 ? "" : "...", out.len);
}
#endif
- if (cleartext[0] != 0x06) {
+ if (out.data[0] != 0x06) {
ngx_log_error(NGX_LOG_INFO, rev->log, 0,
"unexpected frame in initial packet");
ngx_http_close_connection(c);
return;
}
- if (cleartext[1] != 0x00) {
+ if (out.data[1] != 0x00) {
ngx_log_error(NGX_LOG_INFO, rev->log, 0,
"unexpected CRYPTO offset in initial packet");
ngx_http_close_connection(c);
return;
}
- uint8_t *crypto = &cleartext[2];
+ uint8_t *crypto = &out.data[2];
uint64_t crypto_len = ngx_quic_parse_int(&crypto);
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
"quic initial packet CRYPTO length: %uL pp:%p:%p",
- crypto_len, cleartext, crypto);
+ crypto_len, out.data, crypto);
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
@@ -1466,8 +1357,6 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
"quic handshake handler: %*s, len: %uz", m, buf, n);
- /* XXX bug-for-bug compat - assuming initial ack in handshake pkt */
-
if ((p[0] & 0xf0) != 0xe0) {
ngx_log_error(NGX_LOG_INFO, rev->log, 0, "invalid packet type");
ngx_http_close_connection(c);
@@ -1576,9 +1465,9 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
// packet protection
- ngx_str_t ciphertext;
- ciphertext.data = p;
- ciphertext.len = plen - pnl;
+ ngx_str_t in;
+ in.data = p;
+ in.len = plen - pnl;
ngx_str_t ad;
ad.len = p - b;
@@ -1607,11 +1496,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
}
#endif
-#ifdef OPENSSL_IS_BORINGSSL
- const EVP_AEAD *cipher;
-#else
- const EVP_CIPHER *cipher;
-#endif
+ const ngx_aead_cipher_t *cipher;
u_char *name = (u_char *) SSL_get_cipher(c->ssl->connection);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0,
@@ -1639,122 +1524,21 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
return;
}
+ ngx_str_t out;
- uint8_t cleartext[1600];
- size_t cleartext_len;
-
-#ifdef OPENSSL_IS_BORINGSSL
- EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
- qc->client_hs.key.data,
- qc->client_hs.key.len,
- EVP_AEAD_DEFAULT_TAG_LENGTH);
- if (aead == NULL) {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
- nonce, qc->client_hs.iv.len, ciphertext.data,
- ciphertext.len, ad.data, ad.len)
- != 1)
- {
- EVP_AEAD_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_AEAD_CTX_open() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- EVP_AEAD_CTX_free(aead);
-#else
- int len;
- u_char *tag;
- EVP_CIPHER_CTX *aead;
-
- aead = EVP_CIPHER_CTX_new();
- if (aead == NULL) {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_CIPHER_CTX_new() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptInit_ex(aead, cipher, NULL, NULL, NULL) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs.iv.len,
- NULL)
- == 0)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs.key.data, nonce)
- != 1)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptUpdate(aead, NULL, &len, ad.data, ad.len) != 1) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- if (EVP_DecryptUpdate(aead, cleartext, &len, ciphertext.data,
- ciphertext.len - EVP_GCM_TLS_TAG_LEN)
- != 1)
- {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
- ngx_http_close_connection(c);
- return;
- }
-
- cleartext_len = len;
- tag = ciphertext.data + ciphertext.len - EVP_GCM_TLS_TAG_LEN;
-
- if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN,
- tag)
- == 0)
+ if (ngx_quic_tls_open(c, cipher, &qc->client_hs, &out, nonce, &in, &ad)
+ != NGX_OK)
{
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
ngx_http_close_connection(c);
return;
}
- if (EVP_DecryptFinal_ex(aead, cleartext + len, &len) <= 0) {
- EVP_CIPHER_CTX_free(aead);
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptFinal_ex failed");
- ngx_http_close_connection(c);
- return;
- }
-
- cleartext_len += len;
-
- EVP_CIPHER_CTX_free(aead);
-#endif
-
#if (NGX_DEBUG)
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
- m = ngx_hex_dump(buf, cleartext, ngx_min(cleartext_len, 256)) - buf;
+ m = ngx_hex_dump(buf, out.data, ngx_min(out.len, 256)) - buf;
ngx_log_debug4(NGX_LOG_DEBUG_HTTP, rev->log, 0,
"quic packet payload: %*s%s, len: %uz",
- m, buf, m < 512 ? "" : "...", cleartext_len);
+ m, buf, m < 512 ? "" : "...", out.len);
}
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-02 01:53:21 +0000