mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-22 22:10:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Initial packets are protected with AEAD_AES_128_GCM.

Browse Source
This commit is contained in:
Sergey Kandaurov 2020-03-05 19:49:49 +03:00
parent b0f1302e7d
commit ed0533c2c2
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/ngx_event_quic.c
View File

@ -634,6 +634,7 @@ ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
if (pkt->level != ssl_encryption_initial) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
case NGX_AES_128_GCM_SHA256:
@ -648,6 +649,10 @@ ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
return NGX_ERROR;
}
} else {
cipher = EVP_aes_128_gcm();
}
nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);
if (pkt->level == ssl_encryption_handshake) {
nonce[11] ^= (*pkt->number - 1);