From 569da72e4b46d6701cfc8f2e4eb985c55cffb44e Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Fri, 3 Apr 2020 13:49:40 +0300 Subject: [PATCH] Fixed computing nonce again, by properly shifting packet number. --- src/event/ngx_event_quic_protection.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c index cdab7fcd4..b4c6ef3f3 100644 --- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -787,10 +787,10 @@ ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask) static void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn) { - nonce[len - 4] ^= pn & 0xff000000; - nonce[len - 3] ^= pn & 0x00ff0000; - nonce[len - 2] ^= pn & 0x0000ff00; - nonce[len - 1] ^= pn & 0x000000ff; + nonce[len - 4] ^= (pn & 0xff000000) >> 24; + nonce[len - 3] ^= (pn & 0x00ff0000) >> 16; + nonce[len - 2] ^= (pn & 0x0000ff00) >> 8; + nonce[len - 1] ^= (pn & 0x000000ff); }