diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2023-06-20 17:59:01 +0400 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2023-06-20 17:59:01 +0400 |
| commit | 68690b034580f6ec04fafdbbcb6a4e817f8a330b (patch) | |
| tree | b55ffd252052fdcaab4377f6ed5c58758f4ffeb3 /src | |
| parent | 69826dd4f766e5e7748f8dbdd14e6c3073250d5a (diff) | |
| download | nginx-68690b034580f6ec04fafdbbcb6a4e817f8a330b.tar.gz nginx-68690b034580f6ec04fafdbbcb6a4e817f8a330b.zip | |
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/quic/ngx_event_quic_protection.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c index e4b21fe4d..9aa1c3580 100644 --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -378,7 +378,6 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, EVP_AEAD_CTX_free(ctx); #else int len; - u_char *tag; EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); @@ -393,9 +392,10 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, return NGX_ERROR; } - tag = in->data + in->len - NGX_QUIC_TAG_LEN; + in->len -= NGX_QUIC_TAG_LEN; - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, + in->data + in->len) == 0) { EVP_CIPHER_CTX_free(ctx); @@ -420,8 +420,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, } if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE - && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN) - != 1) + && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) { EVP_CIPHER_CTX_free(ctx); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); @@ -434,10 +433,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, return NGX_ERROR; } - if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, - in->len - NGX_QUIC_TAG_LEN) - != 1) - { + if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { EVP_CIPHER_CTX_free(ctx); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); return NGX_ERROR; @@ -445,7 +441,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, out->len = len; - if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { + if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { EVP_CIPHER_CTX_free(ctx); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); return NGX_ERROR; @@ -558,7 +554,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, out->len += len; if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, - out->data + in->len) + out->data + out->len) == 0) { EVP_CIPHER_CTX_free(ctx); |