From: Sergey Kandaurov Date: Tue, 10 Mar 2020 16:15:12 +0000 (+0300) Subject: Chacha20 header protection support with BoringSSL. X-Git-Tag: release-1.25.0~4^2~906 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/postgres_fdw.c?a=commitdiff_plain;h=df544ee47d3fe3590e5d37ef399332b74166c9b7;p=nginx.git Chacha20 header protection support with BoringSSL. BoringSSL lacks EVP for Chacha20. Here we use CRYPTO_chacha_20() instead. --- diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index b562f0f17..620a216ef 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -25,6 +25,7 @@ #include #ifdef OPENSSL_IS_BORINGSSL #include +#include #else #include #endif diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index b7595e8bf..c4012687e 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -2053,6 +2053,17 @@ ngx_quic_tls_hp(ngx_connection_t *c, const EVP_CIPHER *cipher, EVP_CIPHER_CTX *ctx; u_char zero[5] = {0}; +#ifdef OPENSSL_IS_BORINGSSL + uint32_t counter; + + ngx_memcpy(&counter, in, sizeof(uint32_t)); + + if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { + CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter); + return NGX_OK; + } +#endif + ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) { return NGX_ERROR; @@ -2129,7 +2140,9 @@ ngx_quic_ciphers(ngx_connection_t *c, ngx_quic_ciphers_t *ciphers, #else ciphers->c = EVP_chacha20_poly1305(); #endif -#ifndef OPENSSL_IS_BORINGSSL +#ifdef OPENSSL_IS_BORINGSSL + ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); +#else ciphers->hp = EVP_chacha20(); #endif ciphers->d = EVP_sha256();