Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9129:7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 20 Jun 2023 17:59:01 +0400 |
parents | 756ab66de10e |
children | 0f23488a9f5a |
comparison
equal
deleted
inserted
replaced
9128:756ab66de10e | 9129:7379cb29cd72 |
---|---|
376 } | 376 } |
377 | 377 |
378 EVP_AEAD_CTX_free(ctx); | 378 EVP_AEAD_CTX_free(ctx); |
379 #else | 379 #else |
380 int len; | 380 int len; |
381 u_char *tag; | |
382 EVP_CIPHER_CTX *ctx; | 381 EVP_CIPHER_CTX *ctx; |
383 | 382 |
384 ctx = EVP_CIPHER_CTX_new(); | 383 ctx = EVP_CIPHER_CTX_new(); |
385 if (ctx == NULL) { | 384 if (ctx == NULL) { |
386 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); | 385 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
391 EVP_CIPHER_CTX_free(ctx); | 390 EVP_CIPHER_CTX_free(ctx); |
392 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); | 391 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
393 return NGX_ERROR; | 392 return NGX_ERROR; |
394 } | 393 } |
395 | 394 |
396 tag = in->data + in->len - NGX_QUIC_TAG_LEN; | 395 in->len -= NGX_QUIC_TAG_LEN; |
397 | 396 |
398 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag) | 397 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
398 in->data + in->len) | |
399 == 0) | 399 == 0) |
400 { | 400 { |
401 EVP_CIPHER_CTX_free(ctx); | 401 EVP_CIPHER_CTX_free(ctx); |
402 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 402 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
403 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); | 403 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); | 418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
419 return NGX_ERROR; | 419 return NGX_ERROR; |
420 } | 420 } |
421 | 421 |
422 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE | 422 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
423 && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN) | 423 && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) |
424 != 1) | |
425 { | 424 { |
426 EVP_CIPHER_CTX_free(ctx); | 425 EVP_CIPHER_CTX_free(ctx); |
427 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 426 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
428 return NGX_ERROR; | 427 return NGX_ERROR; |
429 } | 428 } |
432 EVP_CIPHER_CTX_free(ctx); | 431 EVP_CIPHER_CTX_free(ctx); |
433 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 432 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
434 return NGX_ERROR; | 433 return NGX_ERROR; |
435 } | 434 } |
436 | 435 |
437 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, | 436 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
438 in->len - NGX_QUIC_TAG_LEN) | |
439 != 1) | |
440 { | |
441 EVP_CIPHER_CTX_free(ctx); | 437 EVP_CIPHER_CTX_free(ctx); |
442 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 438 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
443 return NGX_ERROR; | 439 return NGX_ERROR; |
444 } | 440 } |
445 | 441 |
446 out->len = len; | 442 out->len = len; |
447 | 443 |
448 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { | 444 if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
449 EVP_CIPHER_CTX_free(ctx); | 445 EVP_CIPHER_CTX_free(ctx); |
450 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); | 446 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); |
451 return NGX_ERROR; | 447 return NGX_ERROR; |
452 } | 448 } |
453 | 449 |
556 } | 552 } |
557 | 553 |
558 out->len += len; | 554 out->len += len; |
559 | 555 |
560 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, | 556 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, |
561 out->data + in->len) | 557 out->data + out->len) |
562 == 0) | 558 == 0) |
563 { | 559 { |
564 EVP_CIPHER_CTX_free(ctx); | 560 EVP_CIPHER_CTX_free(ctx); |
565 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 561 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
566 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); | 562 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); |