# HG changeset patch # User Sergey Kandaurov # Date 1638880930 -10800 # Node ID 3341e4089c6c846d1997e53bd07b0fd4a9b86f68 # Parent 18d23ed15eef92b5ece40f76026c4477771760e4 QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. While here, removed check for encryption level zero, redundant by its nature. diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -649,7 +649,8 @@ failed: } -int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, +ngx_int_t +ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) { @@ -667,11 +668,7 @@ int ngx_quic_keys_set_encryption_secret( if (key_len == NGX_ERROR) { ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); - return 0; - } - - if (level == ssl_encryption_initial) { - return 0; + return NGX_ERROR; } peer_secret->secret.data = ngx_pnalloc(pool, secret_len); @@ -702,11 +699,11 @@ int ngx_quic_keys_set_encryption_secret( seq[i].secret, secret_len) != NGX_OK) { - return 0; + return NGX_ERROR; } } - return 1; + return NGX_OK; } diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -20,9 +20,10 @@ ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, ngx_str_t *secret, uint32_t version); -int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, - ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, - const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); +ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, + ngx_uint_t is_write, ngx_quic_keys_t *keys, + enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, + const uint8_t *secret, size_t secret_len); ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, enum ssl_encryption_level_t level); void ngx_quic_keys_discard(ngx_quic_keys_t *keys, diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -75,7 +75,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, cipher, rsecret, secret_len) - != 1) + != NGX_OK) { return 0; } @@ -109,8 +109,14 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t secret_len, wsecret); #endif - return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, - cipher, wsecret, secret_len); + if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + cipher, wsecret, secret_len) + != NGX_OK) + { + return 0; + } + + return 1; } #else @@ -139,7 +145,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, cipher, rsecret, secret_len) - != 1) + != NGX_OK) { return 0; } @@ -158,8 +164,14 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ secret_len, wsecret); #endif - return ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, - cipher, wsecret, secret_len); + if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + cipher, wsecret, secret_len) + != NGX_OK) + { + return 0; + } + + return 1; } #endif