mirror of
https://github.com/nginx/nginx.git
synced 2024-11-27 15:39:01 +08:00
QUIC: simplified ngx_quic_ciphers() API.
After conversion to reusable crypto ctx, now there's enough caller context to remove the "level" argument from ngx_quic_ciphers().
This commit is contained in:
parent
d15f8f2c85
commit
01bd8caceb
@ -238,7 +238,7 @@ ngx_quic_compat_set_encryption_secret(ngx_connection_t *c,
|
||||
|
||||
keys->cipher = SSL_CIPHER_get_id(cipher);
|
||||
|
||||
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
|
||||
key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
|
||||
|
||||
if (key_len == NGX_ERROR) {
|
||||
ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
|
||||
|
@ -15,6 +15,8 @@
|
||||
|
||||
#define NGX_QUIC_AES_128_KEY_LEN 16
|
||||
|
||||
#define NGX_QUIC_INITIAL_CIPHER TLS1_3_CK_AES_128_GCM_SHA256
|
||||
|
||||
|
||||
static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
|
||||
const EVP_MD *digest, const u_char *prk, size_t prk_len,
|
||||
@ -46,15 +48,10 @@ static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
|
||||
enum ssl_encryption_level_t level)
|
||||
ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
|
||||
{
|
||||
ngx_int_t len;
|
||||
|
||||
if (level == ssl_encryption_initial) {
|
||||
id = TLS1_3_CK_AES_128_GCM_SHA256;
|
||||
}
|
||||
|
||||
switch (id) {
|
||||
|
||||
case TLS1_3_CK_AES_128_GCM_SHA256:
|
||||
@ -188,7 +185,7 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
|
||||
}
|
||||
}
|
||||
|
||||
if (ngx_quic_ciphers(0, &ciphers, ssl_encryption_initial) == NGX_ERROR) {
|
||||
if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
@ -664,7 +661,7 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
|
||||
|
||||
keys->cipher = SSL_CIPHER_get_id(cipher);
|
||||
|
||||
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
|
||||
key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
|
||||
|
||||
if (key_len == NGX_ERROR) {
|
||||
ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
|
||||
@ -780,9 +777,7 @@ ngx_quic_keys_update(ngx_event_t *ev)
|
||||
|
||||
c->log->action = "updating keys";
|
||||
|
||||
if (ngx_quic_ciphers(keys->cipher, &ciphers, ssl_encryption_application)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
if (ngx_quic_ciphers(keys->cipher, &ciphers) == NGX_ERROR) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -927,7 +922,7 @@ ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
|
||||
"quic retry itag len:%uz %xV", ad.len, &ad);
|
||||
#endif
|
||||
|
||||
if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) {
|
||||
if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
|
@ -108,8 +108,7 @@ void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);
|
||||
ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
|
||||
ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
|
||||
void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
|
||||
ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
|
||||
enum ssl_encryption_level_t level);
|
||||
ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers);
|
||||
ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher,
|
||||
ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log);
|
||||
ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out,
|
||||
|
Loading…
Reference in New Issue
Block a user