diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index f0cfc1933..7938ae098 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -168,34 +168,34 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, switch (level) { case ssl_encryption_handshake: - rlen = &c->quic->client_hs.len; - rsec = &c->quic->client_hs.data; - wlen = &c->quic->server_hs.len; - wsec = &c->quic->server_hs.data; + rlen = &c->quic->client_hs.secret.len; + rsec = &c->quic->client_hs.secret.data; + wlen = &c->quic->server_hs.secret.len; + wsec = &c->quic->server_hs.secret.data; - client_key = &c->quic->client_hs_key; - client_iv = &c->quic->client_hs_iv; - client_hp = &c->quic->client_hs_hp; + client_key = &c->quic->client_hs.key; + client_iv = &c->quic->client_hs.iv; + client_hp = &c->quic->client_hs.hp; - server_key = &c->quic->server_hs_key; - server_iv = &c->quic->server_hs_iv; - server_hp = &c->quic->server_hs_hp; + server_key = &c->quic->server_hs.key; + server_iv = &c->quic->server_hs.iv; + server_hp = &c->quic->server_hs.hp; break; case ssl_encryption_application: - rlen = &c->quic->client_ad.len; - rsec = &c->quic->client_ad.data; - wlen = &c->quic->server_ad.len; - wsec = &c->quic->server_ad.data; + rlen = &c->quic->client_ad.secret.len; + rsec = &c->quic->client_ad.secret.data; + wlen = &c->quic->server_ad.secret.len; + wsec = &c->quic->server_ad.secret.data; - client_key = &c->quic->client_ad_key; - client_iv = &c->quic->client_ad_iv; - client_hp = &c->quic->client_ad_hp; + client_key = &c->quic->client_ad.key; + client_iv = &c->quic->client_ad.iv; + client_hp = &c->quic->client_ad.hp; - server_key = &c->quic->server_ad_key; - server_iv = &c->quic->server_ad_iv; - server_hp = &c->quic->server_ad_hp; + server_key = &c->quic->server_ad.key; + server_iv = &c->quic->server_ad.iv; + server_hp = &c->quic->server_ad.hp; break; @@ -474,15 +474,15 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, switch (level) { case ssl_encryption_initial: - server_key = &qc->server_in_key; - server_iv = &qc->server_in_iv; - server_hp = &qc->server_in_hp; + server_key = &qc->server_in.key; + server_iv = &qc->server_in.iv; + server_hp = &qc->server_in.hp; break; case ssl_encryption_handshake: - server_key = &qc->server_hs_key; - server_iv = &qc->server_hs_iv; - server_hp = &qc->server_hs_hp; + server_key = &qc->server_hs.key; + server_iv = &qc->server_hs.iv; + server_hp = &qc->server_hs.hp; break; default: diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h index 236439b06..86f2f58bd 100644 --- a/src/event/ngx_event_quic.h +++ b/src/event/ngx_event_quic.h @@ -11,40 +11,25 @@ #include +typedef struct { + ngx_str_t secret; + ngx_str_t key; + ngx_str_t iv; + ngx_str_t hp; +} ngx_quic_secret_t; + + struct ngx_quic_connection_s { - ngx_str_t scid; - ngx_str_t dcid; - ngx_str_t token; + ngx_str_t scid; + ngx_str_t dcid; + ngx_str_t token; - ngx_str_t client_in; - ngx_str_t client_in_key; - ngx_str_t client_in_iv; - ngx_str_t client_in_hp; - - ngx_str_t server_in; - ngx_str_t server_in_key; - ngx_str_t server_in_iv; - ngx_str_t server_in_hp; - - ngx_str_t client_hs; - ngx_str_t client_hs_key; - ngx_str_t client_hs_iv; - ngx_str_t client_hs_hp; - - ngx_str_t server_hs; - ngx_str_t server_hs_key; - ngx_str_t server_hs_iv; - ngx_str_t server_hs_hp; - - ngx_str_t client_ad; - ngx_str_t client_ad_key; - ngx_str_t client_ad_iv; - ngx_str_t client_ad_hp; - - ngx_str_t server_ad; - ngx_str_t server_ad_key; - ngx_str_t server_ad_iv; - ngx_str_t server_ad_hp; + ngx_quic_secret_t client_in; + ngx_quic_secret_t client_hs; + ngx_quic_secret_t client_ad; + ngx_quic_secret_t server_in; + ngx_quic_secret_t server_hs; + ngx_quic_secret_t server_ad; }; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index b8bca5547..7f62643c1 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -831,9 +831,9 @@ ngx_http_quic_handshake(ngx_event_t *rev) /* draft-ietf-quic-tls-23#section-5.2 */ - qc->client_in.len = SHA256_DIGEST_LENGTH; - qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); - if (qc->client_in.data == NULL) { + qc->client_in.secret.len = SHA256_DIGEST_LENGTH; + qc->client_in.secret.data = ngx_pnalloc(c->pool, qc->client_in.secret.len); + if (qc->client_in.secret.data == NULL) { ngx_http_close_connection(c); return; } @@ -841,7 +841,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; bzero(hkdfl, sizeof(hkdfl)); hkdfl[0] = 0; - hkdfl[1] = qc->client_in.len; + hkdfl[1] = qc->client_in.secret.len; hkdfl[2] = sizeof("tls13 client in") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1); *p = '\0'; @@ -856,7 +856,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) m, buf, sizeof(hkdfl)); #endif - if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, + if (ngx_hkdf_expand(qc->client_in.secret.data, qc->client_in.secret.len, digest, is, is_len, hkdfl, hkdfl_len) != NGX_OK) { @@ -876,57 +876,57 @@ ngx_http_quic_handshake(ngx_event_t *rev) #ifdef OPENSSL_IS_BORINGSSL - qc->client_in_key.len = EVP_AEAD_key_length(cipher); + qc->client_in.key.len = EVP_AEAD_key_length(cipher); #else - qc->client_in_key.len = EVP_CIPHER_key_length(cipher); + qc->client_in.key.len = EVP_CIPHER_key_length(cipher); #endif - qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); - if (qc->client_in_key.data == NULL) { + qc->client_in.key.data = ngx_pnalloc(c->pool, qc->client_in.key.len); + if (qc->client_in.key.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; - hkdfl[1] = qc->client_in_key.len; + hkdfl[1] = qc->client_in.key.len; hkdfl[2] = sizeof("tls13 quic key") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, - digest, qc->client_in.data, qc->client_in.len, + if (ngx_hkdf_expand(qc->client_in.key.data, qc->client_in.key.len, + digest, qc->client_in.secret.data, qc->client_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(client_in_key) failed"); + "ngx_hkdf_expand(client_in.key) failed"); ngx_http_close_connection(c); return; } #ifdef OPENSSL_IS_BORINGSSL - qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); + qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher); #else - qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); + qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher); #endif - qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); - if (qc->client_in_iv.data == NULL) { + qc->client_in.iv.data = ngx_pnalloc(c->pool, qc->client_in.iv.len); + if (qc->client_in.iv.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; - hkdfl[1] = qc->client_in_iv.len; + hkdfl[1] = qc->client_in.iv.len; hkdfl[2] = sizeof("tls13 quic iv") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, - digest, qc->client_in.data, qc->client_in.len, + if (ngx_hkdf_expand(qc->client_in.iv.data, qc->client_in.iv.len, + digest, qc->client_in.secret.data, qc->client_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(client_in_iv) failed"); + "ngx_hkdf_expand(client_in.iv) failed"); ngx_http_close_connection(c); return; } @@ -934,57 +934,57 @@ ngx_http_quic_handshake(ngx_event_t *rev) /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ #ifdef OPENSSL_IS_BORINGSSL - qc->client_in_hp.len = EVP_AEAD_key_length(cipher); + qc->client_in.hp.len = EVP_AEAD_key_length(cipher); #else - qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); + qc->client_in.hp.len = EVP_CIPHER_key_length(cipher); #endif - qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); - if (qc->client_in_hp.data == NULL) { + qc->client_in.hp.data = ngx_pnalloc(c->pool, qc->client_in.hp.len); + if (qc->client_in.hp.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; - hkdfl[1] = qc->client_in_hp.len; + hkdfl[1] = qc->client_in.hp.len; hkdfl[2] = sizeof("tls13 quic hp") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, - digest, qc->client_in.data, qc->client_in.len, + if (ngx_hkdf_expand(qc->client_in.hp.data, qc->client_in.hp.len, + digest, qc->client_in.secret.data, qc->client_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(client_in_hp) failed"); + "ngx_hkdf_expand(client_in.hp) failed"); ngx_http_close_connection(c); return; } #if (NGX_DEBUG) if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { - m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; + m = ngx_hex_dump(buf, qc->client_in.secret.data, qc->client_in.secret.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic client initial secret: %*s, len: %uz", - m, buf, qc->client_in.len); + m, buf, qc->client_in.secret.len); - m = ngx_hex_dump(buf, qc->client_in_key.data, qc->client_in_key.len) + m = ngx_hex_dump(buf, qc->client_in.key.data, qc->client_in.key.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic client key: %*s, len: %uz", - m, buf, qc->client_in_key.len); + m, buf, qc->client_in.key.len); - m = ngx_hex_dump(buf, qc->client_in_iv.data, qc->client_in_iv.len) + m = ngx_hex_dump(buf, qc->client_in.iv.data, qc->client_in.iv.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic client iv: %*s, len: %uz", - m, buf, qc->client_in_iv.len); + m, buf, qc->client_in.iv.len); - m = ngx_hex_dump(buf, qc->client_in_hp.data, qc->client_in_hp.len) + m = ngx_hex_dump(buf, qc->client_in.hp.data, qc->client_in.hp.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic client hp: %*s, len: %uz", - m, buf, qc->client_in_hp.len); + m, buf, qc->client_in.hp.len); } #endif @@ -992,21 +992,21 @@ ngx_http_quic_handshake(ngx_event_t *rev) /* draft-ietf-quic-tls-23#section-5.2 */ - qc->server_in.len = SHA256_DIGEST_LENGTH; - qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); - if (qc->server_in.data == NULL) { + qc->server_in.secret.len = SHA256_DIGEST_LENGTH; + qc->server_in.secret.data = ngx_pnalloc(c->pool, qc->server_in.secret.len); + if (qc->server_in.secret.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; hkdfl[0] = 0; - hkdfl[1] = qc->server_in.len; + hkdfl[1] = qc->server_in.secret.len; hkdfl[2] = sizeof("tls13 server in") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, + if (ngx_hkdf_expand(qc->server_in.secret.data, qc->server_in.secret.len, digest, is, is_len, hkdfl, hkdfl_len) != NGX_OK) { @@ -1019,57 +1019,57 @@ ngx_http_quic_handshake(ngx_event_t *rev) /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ #ifdef OPENSSL_IS_BORINGSSL - qc->server_in_key.len = EVP_AEAD_key_length(cipher); + qc->server_in.key.len = EVP_AEAD_key_length(cipher); #else - qc->server_in_key.len = EVP_CIPHER_key_length(cipher); + qc->server_in.key.len = EVP_CIPHER_key_length(cipher); #endif - qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); - if (qc->server_in_key.data == NULL) { + qc->server_in.key.data = ngx_pnalloc(c->pool, qc->server_in.key.len); + if (qc->server_in.key.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; - hkdfl[1] = qc->server_in_key.len; + hkdfl[1] = qc->server_in.key.len; hkdfl[2] = sizeof("tls13 quic key") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, - digest, qc->server_in.data, qc->server_in.len, + if (ngx_hkdf_expand(qc->server_in.key.data, qc->server_in.key.len, + digest, qc->server_in.secret.data, qc->server_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(server_in_key) failed"); + "ngx_hkdf_expand(server_in.key) failed"); ngx_http_close_connection(c); return; } #ifdef OPENSSL_IS_BORINGSSL - qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); + qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher); #else - qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); + qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher); #endif - qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); - if (qc->server_in_iv.data == NULL) { + qc->server_in.iv.data = ngx_pnalloc(c->pool, qc->server_in.iv.len); + if (qc->server_in.iv.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; - hkdfl[1] = qc->server_in_iv.len; + hkdfl[1] = qc->server_in.iv.len; hkdfl[2] = sizeof("tls13 quic iv") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, - digest, qc->server_in.data, qc->server_in.len, + if (ngx_hkdf_expand(qc->server_in.iv.data, qc->server_in.iv.len, + digest, qc->server_in.secret.data, qc->server_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(server_in_iv) failed"); + "ngx_hkdf_expand(server_in.iv) failed"); ngx_http_close_connection(c); return; } @@ -1077,57 +1077,57 @@ ngx_http_quic_handshake(ngx_event_t *rev) /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ #ifdef OPENSSL_IS_BORINGSSL - qc->server_in_hp.len = EVP_AEAD_key_length(cipher); + qc->server_in.hp.len = EVP_AEAD_key_length(cipher); #else - qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); + qc->server_in.hp.len = EVP_CIPHER_key_length(cipher); #endif - qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); - if (qc->server_in_hp.data == NULL) { + qc->server_in.hp.data = ngx_pnalloc(c->pool, qc->server_in.hp.len); + if (qc->server_in.hp.data == NULL) { ngx_http_close_connection(c); return; } hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; - hkdfl[1] = qc->server_in_hp.len; + hkdfl[1] = qc->server_in.hp.len; hkdfl[2] = sizeof("tls13 quic hp") - 1; p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); *p = '\0'; - if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, - digest, qc->server_in.data, qc->server_in.len, + if (ngx_hkdf_expand(qc->server_in.hp.data, qc->server_in.hp.len, + digest, qc->server_in.secret.data, qc->server_in.secret.len, hkdfl, hkdfl_len) != NGX_OK) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, - "ngx_hkdf_expand(server_in_hp) failed"); + "ngx_hkdf_expand(server_in.hp) failed"); ngx_http_close_connection(c); return; } #if (NGX_DEBUG) if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { - m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; + m = ngx_hex_dump(buf, qc->server_in.secret.data, qc->server_in.secret.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic server initial secret: %*s, len: %uz", - m, buf, qc->server_in.len); + m, buf, qc->server_in.secret.len); - m = ngx_hex_dump(buf, qc->server_in_key.data, qc->server_in_key.len) + m = ngx_hex_dump(buf, qc->server_in.key.data, qc->server_in.key.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic server key: %*s, len: %uz", - m, buf, qc->server_in_key.len); + m, buf, qc->server_in.key.len); - m = ngx_hex_dump(buf, qc->server_in_iv.data, qc->server_in_iv.len) + m = ngx_hex_dump(buf, qc->server_in.iv.data, qc->server_in.iv.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic server iv: %*s, len: %uz", - m, buf, qc->server_in_iv.len); + m, buf, qc->server_in.iv.len); - m = ngx_hex_dump(buf, qc->server_in_hp.data, qc->server_in_hp.len) + m = ngx_hex_dump(buf, qc->server_in.hp.data, qc->server_in.hp.len) - buf; ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic server hp: %*s, len: %uz", - m, buf, qc->server_in_hp.len); + m, buf, qc->server_in.hp.len); } #endif @@ -1138,7 +1138,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) int outlen; if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, - qc->client_in_hp.data, NULL) + qc->client_in.hp.data, NULL) != 1) { EVP_CIPHER_CTX_free(ctx); @@ -1195,7 +1195,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) ad.data[0] = clearflags; ad.data[ad.len - pnl] = (u_char)pn; - uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in_iv); + uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in.iv); nonce[11] ^= pn; #if (NGX_DEBUG) @@ -1215,8 +1215,8 @@ ngx_http_quic_handshake(ngx_event_t *rev) #ifdef OPENSSL_IS_BORINGSSL EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, - qc->client_in_key.data, - qc->client_in_key.len, + qc->client_in.key.data, + qc->client_in.key.len, EVP_AEAD_DEFAULT_TAG_LENGTH); if (aead == NULL) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); @@ -1225,7 +1225,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) } if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), - nonce, qc->client_in_iv.len, ciphertext.data, + nonce, qc->client_in.iv.len, ciphertext.data, ciphertext.len, ad.data, ad.len) != 1) { @@ -1256,7 +1256,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) return; } - if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len, + if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in.iv.len, NULL) == 0) { @@ -1267,7 +1267,7 @@ ngx_http_quic_handshake(ngx_event_t *rev) return; } - if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce) + if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in.key.data, nonce) != 1) { EVP_CIPHER_CTX_free(aead); @@ -1527,7 +1527,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) int outlen; if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, - qc->client_hs_hp.data, NULL) + qc->client_hs.hp.data, NULL) != 1) { EVP_CIPHER_CTX_free(ctx); @@ -1581,7 +1581,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) ad.data[0] = clearflags; ad.data[ad.len - pnl] = (u_char)pn; - uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs_iv); + uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs.iv); nonce[11] ^= pn; #if (NGX_DEBUG) @@ -1634,8 +1634,8 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) #ifdef OPENSSL_IS_BORINGSSL EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, - qc->client_hs_key.data, - qc->client_hs_key.len, + qc->client_hs.key.data, + qc->client_hs.key.len, EVP_AEAD_DEFAULT_TAG_LENGTH); if (aead == NULL) { ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); @@ -1644,7 +1644,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) } if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), - nonce, qc->client_hs_iv.len, ciphertext.data, + nonce, qc->client_hs.iv.len, ciphertext.data, ciphertext.len, ad.data, ad.len) != 1) { @@ -1675,7 +1675,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) return; } - if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs_iv.len, + if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs.iv.len, NULL) == 0) { @@ -1686,7 +1686,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev) return; } - if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs_key.data, nonce) + if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs.key.data, nonce) != 1) { EVP_CIPHER_CTX_free(aead);