Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9129:7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 20 Jun 2023 17:59:01 +0400 |
| parents | 756ab66de10e |
| children | 0f23488a9f5a |
comparison
equal
deleted
inserted
replaced
| 9128:756ab66de10e | 9129:7379cb29cd72 |
|---|---|
| 376 } | 376 } |
| 377 | 377 |
| 378 EVP_AEAD_CTX_free(ctx); | 378 EVP_AEAD_CTX_free(ctx); |
| 379 #else | 379 #else |
| 380 int len; | 380 int len; |
| 381 u_char *tag; | |
| 382 EVP_CIPHER_CTX *ctx; | 381 EVP_CIPHER_CTX *ctx; |
| 383 | 382 |
| 384 ctx = EVP_CIPHER_CTX_new(); | 383 ctx = EVP_CIPHER_CTX_new(); |
| 385 if (ctx == NULL) { | 384 if (ctx == NULL) { |
| 386 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); | 385 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
| 391 EVP_CIPHER_CTX_free(ctx); | 390 EVP_CIPHER_CTX_free(ctx); |
| 392 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); | 391 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
| 393 return NGX_ERROR; | 392 return NGX_ERROR; |
| 394 } | 393 } |
| 395 | 394 |
| 396 tag = in->data + in->len - NGX_QUIC_TAG_LEN; | 395 in->len -= NGX_QUIC_TAG_LEN; |
| 397 | 396 |
| 398 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag) | 397 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
| 398 in->data + in->len) | |
| 399 == 0) | 399 == 0) |
| 400 { | 400 { |
| 401 EVP_CIPHER_CTX_free(ctx); | 401 EVP_CIPHER_CTX_free(ctx); |
| 402 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 402 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
| 403 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); | 403 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
| 418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); | 418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
| 419 return NGX_ERROR; | 419 return NGX_ERROR; |
| 420 } | 420 } |
| 421 | 421 |
| 422 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE | 422 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
| 423 && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN) | 423 && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) |
| 424 != 1) | |
| 425 { | 424 { |
| 426 EVP_CIPHER_CTX_free(ctx); | 425 EVP_CIPHER_CTX_free(ctx); |
| 427 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 426 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
| 428 return NGX_ERROR; | 427 return NGX_ERROR; |
| 429 } | 428 } |
| 432 EVP_CIPHER_CTX_free(ctx); | 431 EVP_CIPHER_CTX_free(ctx); |
| 433 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 432 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
| 434 return NGX_ERROR; | 433 return NGX_ERROR; |
| 435 } | 434 } |
| 436 | 435 |
| 437 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, | 436 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
| 438 in->len - NGX_QUIC_TAG_LEN) | |
| 439 != 1) | |
| 440 { | |
| 441 EVP_CIPHER_CTX_free(ctx); | 437 EVP_CIPHER_CTX_free(ctx); |
| 442 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 438 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
| 443 return NGX_ERROR; | 439 return NGX_ERROR; |
| 444 } | 440 } |
| 445 | 441 |
| 446 out->len = len; | 442 out->len = len; |
| 447 | 443 |
| 448 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { | 444 if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
| 449 EVP_CIPHER_CTX_free(ctx); | 445 EVP_CIPHER_CTX_free(ctx); |
| 450 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); | 446 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); |
| 451 return NGX_ERROR; | 447 return NGX_ERROR; |
| 452 } | 448 } |
| 453 | 449 |
| 556 } | 552 } |
| 557 | 553 |
| 558 out->len += len; | 554 out->len += len; |
| 559 | 555 |
| 560 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, | 556 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, |
| 561 out->data + in->len) | 557 out->data + out->len) |
| 562 == 0) | 558 == 0) |
| 563 { | 559 { |
| 564 EVP_CIPHER_CTX_free(ctx); | 560 EVP_CIPHER_CTX_free(ctx); |
| 565 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 561 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
| 566 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); | 562 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); |