From df544ee47d3fe3590e5d37ef399332b74166c9b7 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 10 Mar 2020 19:15:12 +0300
Subject: [PATCH] Chacha20 header protection support with BoringSSL.

BoringSSL lacks EVP for Chacha20.  Here we use CRYPTO_chacha_20() instead.
---
 src/event/ngx_event_openssl.h |  1 +
 src/event/ngx_event_quic.c    | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index b562f0f17..620a216ef 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -25,6 +25,7 @@
 #include <openssl/evp.h>
 #ifdef OPENSSL_IS_BORINGSSL
 #include <openssl/hkdf.h>
+#include <openssl/chacha.h>
 #else
 #include <openssl/kdf.h>
 #endif
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index b7595e8bf..c4012687e 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -2053,6 +2053,17 @@ ngx_quic_tls_hp(ngx_connection_t *c, const EVP_CIPHER *cipher,
     EVP_CIPHER_CTX  *ctx;
     u_char           zero[5] = {0};
 
+#ifdef OPENSSL_IS_BORINGSSL
+    uint32_t counter;
+
+    ngx_memcpy(&counter, in, sizeof(uint32_t));
+
+    if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
+        CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
+        return NGX_OK;
+    }
+#endif
+
     ctx = EVP_CIPHER_CTX_new();
     if (ctx == NULL) {
         return NGX_ERROR;
@@ -2129,7 +2140,9 @@ ngx_quic_ciphers(ngx_connection_t *c, ngx_quic_ciphers_t *ciphers,
 #else
         ciphers->c = EVP_chacha20_poly1305();
 #endif
-#ifndef OPENSSL_IS_BORINGSSL
+#ifdef OPENSSL_IS_BORINGSSL
+        ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
+#else
         ciphers->hp = EVP_chacha20();
 #endif
         ciphers->d = EVP_sha256();