Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8171:4daf03d2bd0a quic
OpenSSL compatibility.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:51 +0300 |
parents | 53a5cdbe500c |
children | 640a13fc0f83 |
comparison
equal
deleted
inserted
replaced
8170:53a5cdbe500c | 8171:4daf03d2bd0a |
---|---|
773 } | 773 } |
774 #endif | 774 #endif |
775 | 775 |
776 // initial secret | 776 // initial secret |
777 | 777 |
778 size_t is_len; | 778 size_t is_len; |
779 uint8_t is[SHA256_DIGEST_LENGTH]; | 779 uint8_t is[SHA256_DIGEST_LENGTH]; |
780 const EVP_MD *digest; | 780 const EVP_MD *digest; |
781 #ifdef OPENSSL_IS_BORINGSSL | |
782 const EVP_AEAD *cipher; | |
783 #else | |
784 const EVP_CIPHER *cipher; | |
785 #endif | |
781 static const uint8_t salt[20] = | 786 static const uint8_t salt[20] = |
782 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" | 787 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" |
783 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; | 788 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; |
784 | 789 |
785 digest = EVP_sha256(); | 790 digest = EVP_sha256(); |
786 HKDF_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len, salt, | 791 |
787 sizeof(salt)); | 792 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
793 | |
794 #ifdef OPENSSL_IS_BORINGSSL | |
795 cipher = EVP_aead_aes_128_gcm(); | |
796 #else | |
797 cipher = EVP_aes_128_gcm(); | |
798 #endif | |
799 | |
800 if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len, | |
801 salt, sizeof(salt)) | |
802 != NGX_OK) | |
803 { | |
804 ngx_http_close_connection(c); | |
805 return; | |
806 } | |
788 | 807 |
789 #if (NGX_DEBUG) | 808 #if (NGX_DEBUG) |
790 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 809 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
791 m = ngx_hex_dump(buf, (uint8_t *) salt, sizeof(salt)) - buf; | 810 m = ngx_hex_dump(buf, (uint8_t *) salt, sizeof(salt)) - buf; |
792 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 811 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
810 ngx_http_close_connection(c); | 829 ngx_http_close_connection(c); |
811 return; | 830 return; |
812 } | 831 } |
813 | 832 |
814 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; | 833 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; |
834 bzero(hkdfl, sizeof(hkdfl)); | |
815 hkdfl[0] = 0; | 835 hkdfl[0] = 0; |
816 hkdfl[1] = qc->client_in.len; | 836 hkdfl[1] = qc->client_in.len; |
817 hkdfl[2] = sizeof("tls13 client in") - 1; | 837 hkdfl[2] = sizeof("tls13 client in") - 1; |
818 p = ngx_cpymem(&hkdfl[3], "tls13 client in", | 838 p = ngx_cpymem(&hkdfl[3], "tls13 client in", |
819 sizeof("tls13 client in") - 1); | 839 sizeof("tls13 client in") - 1); |
820 *p = '\0'; | 840 *p = '\0'; |
821 | 841 |
822 if (HKDF_expand(qc->client_in.data, qc->client_in.len, | 842 #if 0 |
823 digest, is, is_len, hkdfl, hkdfl_len) | 843 ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20); |
824 == 0) | 844 |
845 m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf; | |
846 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | |
847 "quic initial secret hkdf: %*s, len: %uz", | |
848 m, buf, sizeof(hkdfl)); | |
849 #endif | |
850 | |
851 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, | |
852 digest, is, is_len, hkdfl, hkdfl_len) | |
853 != NGX_OK) | |
825 { | 854 { |
826 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 855 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
827 "HKDF_expand(client_in) failed"); | 856 "ngx_hkdf_expand(client_in) failed"); |
828 ngx_http_close_connection(c); | 857 ngx_http_close_connection(c); |
829 return; | 858 return; |
830 } | 859 } |
831 | 860 |
861 #ifdef OPENSSL_IS_BORINGSSL | |
832 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 862 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
833 "quic EVP key:%d tag:%d nonce:%d", | 863 "quic EVP key:%d tag:%d nonce:%d", |
834 EVP_AEAD_key_length(EVP_aead_aes_128_gcm()), | 864 EVP_AEAD_key_length(cipher), |
835 EVP_AEAD_max_tag_len(EVP_aead_aes_128_gcm()), | 865 EVP_AEAD_max_tag_len(cipher), |
836 EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm())); | 866 EVP_AEAD_nonce_length(cipher)); |
837 | 867 #endif |
838 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 868 |
839 | 869 |
840 qc->client_in_key.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm()); | 870 #ifdef OPENSSL_IS_BORINGSSL |
871 qc->client_in_key.len = EVP_AEAD_key_length(cipher); | |
872 #else | |
873 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); | |
874 #endif | |
841 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); | 875 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); |
842 if (qc->client_in_key.data == NULL) { | 876 if (qc->client_in_key.data == NULL) { |
843 ngx_http_close_connection(c); | 877 ngx_http_close_connection(c); |
844 return; | 878 return; |
845 } | 879 } |
849 hkdfl[2] = sizeof("tls13 quic key") - 1; | 883 hkdfl[2] = sizeof("tls13 quic key") - 1; |
850 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", | 884 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", |
851 sizeof("tls13 quic key") - 1); | 885 sizeof("tls13 quic key") - 1); |
852 *p = '\0'; | 886 *p = '\0'; |
853 | 887 |
854 if (HKDF_expand(qc->client_in_key.data, qc->client_in_key.len, | 888 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, |
855 digest, qc->client_in.data, qc->client_in.len, | 889 digest, qc->client_in.data, qc->client_in.len, |
856 hkdfl, hkdfl_len) | 890 hkdfl, hkdfl_len) |
857 == 0) | 891 != NGX_OK) |
858 { | 892 { |
859 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 893 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
860 "HKDF_expand(client_in_key) failed"); | 894 "ngx_hkdf_expand(client_in_key) failed"); |
861 ngx_http_close_connection(c); | 895 ngx_http_close_connection(c); |
862 return; | 896 return; |
863 } | 897 } |
864 | 898 |
865 qc->client_in_iv.len = EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()); | 899 #ifdef OPENSSL_IS_BORINGSSL |
900 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); | |
901 #else | |
902 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); | |
903 #endif | |
866 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); | 904 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); |
867 if (qc->client_in_iv.data == NULL) { | 905 if (qc->client_in_iv.data == NULL) { |
868 ngx_http_close_connection(c); | 906 ngx_http_close_connection(c); |
869 return; | 907 return; |
870 } | 908 } |
873 hkdfl[1] = qc->client_in_iv.len; | 911 hkdfl[1] = qc->client_in_iv.len; |
874 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 912 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
875 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 913 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
876 *p = '\0'; | 914 *p = '\0'; |
877 | 915 |
878 if (HKDF_expand(qc->client_in_iv.data, qc->client_in_iv.len, digest, | 916 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, |
879 qc->client_in.data, qc->client_in.len, hkdfl, hkdfl_len) | 917 digest, qc->client_in.data, qc->client_in.len, |
880 == 0) | 918 hkdfl, hkdfl_len) |
919 != NGX_OK) | |
881 { | 920 { |
882 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 921 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
883 "HKDF_expand(client_in_iv) failed"); | 922 "ngx_hkdf_expand(client_in_iv) failed"); |
884 ngx_http_close_connection(c); | 923 ngx_http_close_connection(c); |
885 return; | 924 return; |
886 } | 925 } |
887 | 926 |
888 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 927 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
889 | 928 |
890 qc->client_in_hp.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm()); | 929 #ifdef OPENSSL_IS_BORINGSSL |
930 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); | |
931 #else | |
932 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); | |
933 #endif | |
891 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); | 934 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); |
892 if (qc->client_in_hp.data == NULL) { | 935 if (qc->client_in_hp.data == NULL) { |
893 ngx_http_close_connection(c); | 936 ngx_http_close_connection(c); |
894 return; | 937 return; |
895 } | 938 } |
898 hkdfl[1] = qc->client_in_hp.len; | 941 hkdfl[1] = qc->client_in_hp.len; |
899 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 942 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
900 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 943 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
901 *p = '\0'; | 944 *p = '\0'; |
902 | 945 |
903 if (HKDF_expand(qc->client_in_hp.data, qc->client_in_hp.len, digest, | 946 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, |
904 qc->client_in.data, qc->client_in.len, hkdfl, hkdfl_len) | 947 digest, qc->client_in.data, qc->client_in.len, |
905 == 0) | 948 hkdfl, hkdfl_len) |
949 != NGX_OK) | |
906 { | 950 { |
907 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 951 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
908 "HKDF_expand(client_in_hp) failed"); | 952 "ngx_hkdf_expand(client_in_hp) failed"); |
909 ngx_http_close_connection(c); | 953 ngx_http_close_connection(c); |
910 return; | 954 return; |
911 } | 955 } |
912 | 956 |
913 #if (NGX_DEBUG) | 957 #if (NGX_DEBUG) |
954 hkdfl[2] = sizeof("tls13 server in") - 1; | 998 hkdfl[2] = sizeof("tls13 server in") - 1; |
955 p = ngx_cpymem(&hkdfl[3], "tls13 server in", | 999 p = ngx_cpymem(&hkdfl[3], "tls13 server in", |
956 sizeof("tls13 server in") - 1); | 1000 sizeof("tls13 server in") - 1); |
957 *p = '\0'; | 1001 *p = '\0'; |
958 | 1002 |
959 if (HKDF_expand(qc->server_in.data, qc->server_in.len, | 1003 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, |
960 digest, is, is_len, hkdfl, hkdfl_len) | 1004 digest, is, is_len, hkdfl, hkdfl_len) |
961 == 0) | 1005 != NGX_OK) |
962 { | 1006 { |
963 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1007 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
964 "HKDF_expand(server_in) failed"); | 1008 "ngx_hkdf_expand(server_in) failed"); |
965 ngx_http_close_connection(c); | 1009 ngx_http_close_connection(c); |
966 return; | 1010 return; |
967 } | 1011 } |
968 | 1012 |
969 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 1013 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
970 | 1014 |
971 qc->server_in_key.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm()); | 1015 #ifdef OPENSSL_IS_BORINGSSL |
1016 qc->server_in_key.len = EVP_AEAD_key_length(cipher); | |
1017 #else | |
1018 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); | |
1019 #endif | |
972 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); | 1020 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); |
973 if (qc->server_in_key.data == NULL) { | 1021 if (qc->server_in_key.data == NULL) { |
974 ngx_http_close_connection(c); | 1022 ngx_http_close_connection(c); |
975 return; | 1023 return; |
976 } | 1024 } |
980 hkdfl[2] = sizeof("tls13 quic key") - 1; | 1028 hkdfl[2] = sizeof("tls13 quic key") - 1; |
981 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", | 1029 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", |
982 sizeof("tls13 quic key") - 1); | 1030 sizeof("tls13 quic key") - 1); |
983 *p = '\0'; | 1031 *p = '\0'; |
984 | 1032 |
985 if (HKDF_expand(qc->server_in_key.data, qc->server_in_key.len, | 1033 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, |
986 digest, qc->server_in.data, qc->server_in.len, | 1034 digest, qc->server_in.data, qc->server_in.len, |
987 hkdfl, hkdfl_len) | 1035 hkdfl, hkdfl_len) |
988 == 0) | 1036 != NGX_OK) |
989 { | 1037 { |
990 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1038 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
991 "HKDF_expand(server_in_key) failed"); | 1039 "ngx_hkdf_expand(server_in_key) failed"); |
992 ngx_http_close_connection(c); | 1040 ngx_http_close_connection(c); |
993 return; | 1041 return; |
994 } | 1042 } |
995 | 1043 |
996 qc->server_in_iv.len = EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()); | 1044 #ifdef OPENSSL_IS_BORINGSSL |
1045 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); | |
1046 #else | |
1047 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); | |
1048 #endif | |
997 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); | 1049 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); |
998 if (qc->server_in_iv.data == NULL) { | 1050 if (qc->server_in_iv.data == NULL) { |
999 ngx_http_close_connection(c); | 1051 ngx_http_close_connection(c); |
1000 return; | 1052 return; |
1001 } | 1053 } |
1004 hkdfl[1] = qc->server_in_iv.len; | 1056 hkdfl[1] = qc->server_in_iv.len; |
1005 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 1057 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
1006 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 1058 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
1007 *p = '\0'; | 1059 *p = '\0'; |
1008 | 1060 |
1009 if (HKDF_expand(qc->server_in_iv.data, qc->server_in_iv.len, digest, | 1061 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, |
1010 qc->server_in.data, qc->server_in.len, hkdfl, hkdfl_len) | 1062 digest, qc->server_in.data, qc->server_in.len, |
1011 == 0) | 1063 hkdfl, hkdfl_len) |
1064 != NGX_OK) | |
1012 { | 1065 { |
1013 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1066 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1014 "HKDF_expand(server_in_iv) failed"); | 1067 "ngx_hkdf_expand(server_in_iv) failed"); |
1015 ngx_http_close_connection(c); | 1068 ngx_http_close_connection(c); |
1016 return; | 1069 return; |
1017 } | 1070 } |
1018 | 1071 |
1019 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 1072 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
1020 | 1073 |
1021 qc->server_in_hp.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm()); | 1074 #ifdef OPENSSL_IS_BORINGSSL |
1075 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); | |
1076 #else | |
1077 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); | |
1078 #endif | |
1022 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); | 1079 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); |
1023 if (qc->server_in_hp.data == NULL) { | 1080 if (qc->server_in_hp.data == NULL) { |
1024 ngx_http_close_connection(c); | 1081 ngx_http_close_connection(c); |
1025 return; | 1082 return; |
1026 } | 1083 } |
1029 hkdfl[1] = qc->server_in_hp.len; | 1086 hkdfl[1] = qc->server_in_hp.len; |
1030 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 1087 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
1031 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 1088 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
1032 *p = '\0'; | 1089 *p = '\0'; |
1033 | 1090 |
1034 if (HKDF_expand(qc->server_in_hp.data, qc->server_in_hp.len, digest, | 1091 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, |
1035 qc->server_in.data, qc->server_in.len, hkdfl, hkdfl_len) | 1092 digest, qc->server_in.data, qc->server_in.len, |
1036 == 0) | 1093 hkdfl, hkdfl_len) |
1094 != NGX_OK) | |
1037 { | 1095 { |
1038 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1096 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1039 "HKDF_expand(server_in_hp) failed"); | 1097 "ngx_hkdf_expand(server_in_hp) failed"); |
1040 ngx_http_close_connection(c); | 1098 ngx_http_close_connection(c); |
1041 return; | 1099 return; |
1042 } | 1100 } |
1043 | 1101 |
1044 #if (NGX_DEBUG) | 1102 #if (NGX_DEBUG) |
1145 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1203 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1146 "quic ad: %*s, len: %uz", m, buf, ad.len); | 1204 "quic ad: %*s, len: %uz", m, buf, ad.len); |
1147 } | 1205 } |
1148 #endif | 1206 #endif |
1149 | 1207 |
1150 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(EVP_aead_aes_128_gcm(), | 1208 uint8_t cleartext[1600]; |
1209 size_t cleartext_len; | |
1210 | |
1211 #ifdef OPENSSL_IS_BORINGSSL | |
1212 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, | |
1151 qc->client_in_key.data, | 1213 qc->client_in_key.data, |
1152 qc->client_in_key.len, | 1214 qc->client_in_key.len, |
1153 EVP_AEAD_DEFAULT_TAG_LENGTH); | 1215 EVP_AEAD_DEFAULT_TAG_LENGTH); |
1154 uint8_t cleartext[1600]; | 1216 if (aead == NULL) { |
1155 size_t cleartext_len = sizeof(cleartext); | 1217 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1218 "EVP_AEAD_CTX_new() failed"); | |
1219 ngx_http_close_connection(c); | |
1220 return; | |
1221 } | |
1156 | 1222 |
1157 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), | 1223 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), |
1158 nonce, qc->client_in_iv.len, ciphertext.data, | 1224 nonce, qc->client_in_iv.len, ciphertext.data, |
1159 ciphertext.len, ad.data, ad.len) | 1225 ciphertext.len, ad.data, ad.len) |
1160 != 1) | 1226 != 1) |
1165 ngx_http_close_connection(c); | 1231 ngx_http_close_connection(c); |
1166 return; | 1232 return; |
1167 } | 1233 } |
1168 | 1234 |
1169 EVP_AEAD_CTX_free(aead); | 1235 EVP_AEAD_CTX_free(aead); |
1236 #else | |
1237 int len; | |
1238 u_char *tag; | |
1239 EVP_CIPHER_CTX *aead; | |
1240 | |
1241 aead = EVP_CIPHER_CTX_new(); | |
1242 if (aead == NULL) { | |
1243 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_CIPHER_CTX_new() failed"); | |
1244 ngx_http_close_connection(c); | |
1245 return; | |
1246 } | |
1247 | |
1248 if (EVP_DecryptInit_ex(aead, cipher, NULL, NULL, NULL) != 1) { | |
1249 EVP_CIPHER_CTX_free(aead); | |
1250 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | |
1251 ngx_http_close_connection(c); | |
1252 return; | |
1253 } | |
1254 | |
1255 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len, | |
1256 NULL) | |
1257 == 0) | |
1258 { | |
1259 EVP_CIPHER_CTX_free(aead); | |
1260 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | |
1261 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); | |
1262 ngx_http_close_connection(c); | |
1263 return; | |
1264 } | |
1265 | |
1266 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce) | |
1267 != 1) | |
1268 { | |
1269 EVP_CIPHER_CTX_free(aead); | |
1270 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | |
1271 ngx_http_close_connection(c); | |
1272 return; | |
1273 } | |
1274 | |
1275 if (EVP_DecryptUpdate(aead, NULL, &len, ad.data, ad.len) != 1) { | |
1276 EVP_CIPHER_CTX_free(aead); | |
1277 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed"); | |
1278 ngx_http_close_connection(c); | |
1279 return; | |
1280 } | |
1281 | |
1282 if (EVP_DecryptUpdate(aead, cleartext, &len, ciphertext.data, | |
1283 ciphertext.len - EVP_GCM_TLS_TAG_LEN) | |
1284 != 1) | |
1285 { | |
1286 EVP_CIPHER_CTX_free(aead); | |
1287 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed"); | |
1288 ngx_http_close_connection(c); | |
1289 return; | |
1290 } | |
1291 | |
1292 cleartext_len = len; | |
1293 tag = ciphertext.data + ciphertext.len - EVP_GCM_TLS_TAG_LEN; | |
1294 | |
1295 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, | |
1296 tag) | |
1297 == 0) | |
1298 { | |
1299 EVP_CIPHER_CTX_free(aead); | |
1300 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | |
1301 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); | |
1302 ngx_http_close_connection(c); | |
1303 return; | |
1304 } | |
1305 | |
1306 if (EVP_DecryptFinal_ex(aead, cleartext + len, &len) <= 0) { | |
1307 EVP_CIPHER_CTX_free(aead); | |
1308 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptFinal_ex failed"); | |
1309 ngx_http_close_connection(c); | |
1310 return; | |
1311 } | |
1312 | |
1313 cleartext_len += len; | |
1314 | |
1315 EVP_CIPHER_CTX_free(aead); | |
1316 #endif | |
1170 | 1317 |
1171 #if (NGX_DEBUG) | 1318 #if (NGX_DEBUG) |
1172 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 1319 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
1173 m = ngx_hex_dump(buf, cleartext, ngx_min(cleartext_len, 256)) - buf; | 1320 m = ngx_hex_dump(buf, cleartext, ngx_min(cleartext_len, 256)) - buf; |
1174 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1321 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, rev->log, 0, |