Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8172:640a13fc0f83 quic
PN-aware AEAD nonce, feeding proper CRYPTO length.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | 4daf03d2bd0a |
children | 02f331613232 |
comparison
equal
deleted
inserted
replaced
8171:4daf03d2bd0a | 8172:640a13fc0f83 |
---|---|
1322 "quic packet payload: %*s%s, len: %uz", | 1322 "quic packet payload: %*s%s, len: %uz", |
1323 m, buf, m < 512 ? "" : "...", cleartext_len); | 1323 m, buf, m < 512 ? "" : "...", cleartext_len); |
1324 } | 1324 } |
1325 #endif | 1325 #endif |
1326 | 1326 |
1327 if (cleartext[0] != 0x06) { | |
1328 ngx_log_error(NGX_LOG_INFO, rev->log, 0, | |
1329 "unexpected frame in initial packet"); | |
1330 ngx_http_close_connection(c); | |
1331 return; | |
1332 } | |
1333 | |
1334 if (cleartext[1] != 0x00) { | |
1335 ngx_log_error(NGX_LOG_INFO, rev->log, 0, | |
1336 "unexpected CRYPTO offset in initial packet"); | |
1337 ngx_http_close_connection(c); | |
1338 return; | |
1339 } | |
1340 | |
1341 uint8_t *crypto = &cleartext[2]; | |
1342 uint64_t crypto_len = ngx_quic_parse_int(&crypto); | |
1343 | |
1344 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | |
1345 "quic initial packet CRYPTO length: %uL pp:%p:%p", crypto_len, cleartext, crypto); | |
1346 | |
1327 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 1347 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
1328 | 1348 |
1329 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) | 1349 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |
1330 != NGX_OK) | 1350 != NGX_OK) |
1331 { | 1351 { |
1349 (int) SSL_quic_read_level(c->ssl->connection), | 1369 (int) SSL_quic_read_level(c->ssl->connection), |
1350 (int) SSL_quic_write_level(c->ssl->connection)); | 1370 (int) SSL_quic_write_level(c->ssl->connection)); |
1351 | 1371 |
1352 if (!SSL_provide_quic_data(c->ssl->connection, | 1372 if (!SSL_provide_quic_data(c->ssl->connection, |
1353 SSL_quic_read_level(c->ssl->connection), | 1373 SSL_quic_read_level(c->ssl->connection), |
1354 &cleartext[4], cleartext_len - 4)) | 1374 crypto, crypto_len)) |
1355 { | 1375 { |
1356 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1376 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1357 "SSL_provide_quic_data() failed"); | 1377 "SSL_provide_quic_data() failed"); |
1358 ngx_http_close_connection(c); | 1378 ngx_http_close_connection(c); |
1359 return; | 1379 return; |