QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().

author Sergey Kandaurov <pluknet@nginx.com>

Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)

committer Sergey Kandaurov <pluknet@nginx.com>

Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)
author Sergey Kandaurov <pluknet@nginx.com>
Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)
committer Sergey Kandaurov <pluknet@nginx.com>
Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c

index e4b21fe4d6daff74927a3912c3a0f8ec948780ce..9aa1c3580c443bb0face93feb48ea19054e5e846 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -378,7 +378,6 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
      EVP_AEAD_CTX_free(ctx);
  #else
      int              len;
-    u_char          *tag;
      EVP_CIPHER_CTX  *ctx;
  
      ctx = EVP_CIPHER_CTX_new();
@@ -393,9 +392,10 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
          return NGX_ERROR;
      }
  
-    tag = in->data + in->len - NGX_QUIC_TAG_LEN;
+    in->len -= NGX_QUIC_TAG_LEN;
  
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag)
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
+                            in->data + in->len)
          == 0)
      {
          EVP_CIPHER_CTX_free(ctx);
@@ -420,8 +420,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
      }
  
      if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
-        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN)
-           != 1)
+        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
      {
          EVP_CIPHER_CTX_free(ctx);
          ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
@@ -434,10 +433,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
          return NGX_ERROR;
      }
  
-    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
-                          in->len - NGX_QUIC_TAG_LEN)
-        != 1)
-    {
+    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
          EVP_CIPHER_CTX_free(ctx);
          ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
          return NGX_ERROR;
@@ -445,7 +441,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
  
      out->len = len;
  
-    if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
+    if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
          EVP_CIPHER_CTX_free(ctx);
          ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
          return NGX_ERROR;
@@ -558,7 +554,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
      out->len += len;
  
      if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
-                            out->data + in->len)
+                            out->data + out->len)
          == 0)
      {
          EVP_CIPHER_CTX_free(ctx);
author	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 20 Jun 2023 13:59:01 +0000 (17:59 +0400)