Initial packets are protected with AEAD_AES_128_GCM.

2020-03-05 19:49:49 +03:00 · 2020-03-05 19:49:49 +03:00 · fe5ad8267a
commit fe5ad8267a
parent 3a354b0ab3
1 changed files with 15 additions and 10 deletions
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@ -634,6 +634,7 @@ ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,

    ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);

+    if (pkt->level != ssl_encryption_initial) {
        switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {

        case NGX_AES_128_GCM_SHA256:
@ -648,6 +649,10 @@ ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
            return NGX_ERROR;
        }

+    } else {
+        cipher = EVP_aes_128_gcm();
+    }
+
    nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);
    if (pkt->level == ssl_encryption_handshake) {
        nonce[11] ^= (*pkt->number - 1);