Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8203:ec0c44aa2881 quic
Chacha20 header protection support with BoringSSL.
BoringSSL lacks EVP for Chacha20. Here we use CRYPTO_chacha_20() instead.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 10 Mar 2020 19:15:12 +0300 |
parents | a4ed2305ad2c |
children | 9e0c30e1f7fb |
comparison
equal
deleted
inserted
replaced
8202:a4ed2305ad2c | 8203:ec0c44aa2881 |
---|---|
2051 { | 2051 { |
2052 int outlen; | 2052 int outlen; |
2053 EVP_CIPHER_CTX *ctx; | 2053 EVP_CIPHER_CTX *ctx; |
2054 u_char zero[5] = {0}; | 2054 u_char zero[5] = {0}; |
2055 | 2055 |
2056 #ifdef OPENSSL_IS_BORINGSSL | |
2057 uint32_t counter; | |
2058 | |
2059 ngx_memcpy(&counter, in, sizeof(uint32_t)); | |
2060 | |
2061 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { | |
2062 CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter); | |
2063 return NGX_OK; | |
2064 } | |
2065 #endif | |
2066 | |
2056 ctx = EVP_CIPHER_CTX_new(); | 2067 ctx = EVP_CIPHER_CTX_new(); |
2057 if (ctx == NULL) { | 2068 if (ctx == NULL) { |
2058 return NGX_ERROR; | 2069 return NGX_ERROR; |
2059 } | 2070 } |
2060 | 2071 |
2127 #ifdef OPENSSL_IS_BORINGSSL | 2138 #ifdef OPENSSL_IS_BORINGSSL |
2128 ciphers->c = EVP_aead_chacha20_poly1305(); | 2139 ciphers->c = EVP_aead_chacha20_poly1305(); |
2129 #else | 2140 #else |
2130 ciphers->c = EVP_chacha20_poly1305(); | 2141 ciphers->c = EVP_chacha20_poly1305(); |
2131 #endif | 2142 #endif |
2132 #ifndef OPENSSL_IS_BORINGSSL | 2143 #ifdef OPENSSL_IS_BORINGSSL |
2144 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); | |
2145 #else | |
2133 ciphers->hp = EVP_chacha20(); | 2146 ciphers->hp = EVP_chacha20(); |
2134 #endif | 2147 #endif |
2135 ciphers->d = EVP_sha256(); | 2148 ciphers->d = EVP_sha256(); |
2136 len = 32; | 2149 len = 32; |
2137 break; | 2150 break; |