QUIC: consistent use of 5-byte buffers for header protection.

The output buffer is now also of 5 bytes. Header protection uses stream ciphers, which don't produce extra output nor PKCS padding.
2025-02-25 18:55:26 -06:00 · 2021-06-16 17:53:18 +03:00 · 2021-06-16 17:53:18 +03:00 · b5e4f1f4f0
commit b5e4f1f4f0
parent ae58d87c01
1 changed files with 11 additions and 8 deletions
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@ -10,7 +10,10 @@
 #include <ngx_event_quic_connection.h>


+/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
 #define NGX_QUIC_IV_LEN               12
+/* RFC 9001, 5.4.1.  Header Protection Application: 5-byte mask */
+#define NGX_QUIC_HP_LEN               5

 #define NGX_AES_128_GCM_SHA256        0x1301
 #define NGX_AES_256_GCM_SHA384        0x1302
@ -627,15 +630,15 @@ ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
 {
    int              outlen;
    EVP_CIPHER_CTX  *ctx;
-    u_char           zero[5] = {0};
+    u_char           zero[NGX_QUIC_HP_LEN] = {0};

 #ifdef OPENSSL_IS_BORINGSSL
-    uint32_t counter;
+    uint32_t         cnt;

-    ngx_memcpy(&counter, in, sizeof(uint32_t));
+    ngx_memcpy(&cnt, in, sizeof(uint32_t));

    if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
-        CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
+        CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt);
        return NGX_OK;
    }
 #endif
@ -650,12 +653,12 @@ ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
        goto failed;
    }

-    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, 5)) {
+    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) {
        ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
        goto failed;
    }

-    if (!EVP_EncryptFinal_ex(ctx, out + 5, &outlen)) {
+    if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) {
        ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
        goto failed;
    }
@ -857,7 +860,7 @@ ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
    ngx_uint_t           i;
    ngx_quic_secret_t   *secret;
    ngx_quic_ciphers_t   ciphers;
-    u_char               nonce[12], mask[16];
+    u_char               nonce[12], mask[NGX_QUIC_HP_LEN];

    out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;

@ -1084,7 +1087,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
    ngx_str_t            in, ad;
    ngx_quic_secret_t   *secret;
    ngx_quic_ciphers_t   ciphers;
-    uint8_t              mask[16], nonce[12];
+    uint8_t              nonce[12], mask[NGX_QUIC_HP_LEN];

    if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
    {