QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().

2024-11-23 20:19:02 +08:00 · 2023-06-20 17:59:01 +04:00 · 2023-06-20 17:59:01 +04:00 · 68690b0345
commit 68690b0345
parent 69826dd4f7
1 changed files with 7 additions and 11 deletions
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@ -378,7 +378,6 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
    EVP_AEAD_CTX_free(ctx);
 #else
    int              len;
-    u_char          *tag;
    EVP_CIPHER_CTX  *ctx;

    ctx = EVP_CIPHER_CTX_new();
@ -393,9 +392,10 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
        return NGX_ERROR;
    }

-    tag = in->data + in->len - NGX_QUIC_TAG_LEN;
+    in->len -= NGX_QUIC_TAG_LEN;

-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag)
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
+                            in->data + in->len)
        == 0)
    {
        EVP_CIPHER_CTX_free(ctx);
@ -420,8 +420,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
    }

    if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
-        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN)
-           != 1)
+        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
    {
        EVP_CIPHER_CTX_free(ctx);
        ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
@ -434,10 +433,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
        return NGX_ERROR;
    }

-    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
-                          in->len - NGX_QUIC_TAG_LEN)
-        != 1)
-    {
+    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
        EVP_CIPHER_CTX_free(ctx);
        ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
        return NGX_ERROR;
@ -445,7 +441,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,

    out->len = len;

-    if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
+    if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
        EVP_CIPHER_CTX_free(ctx);
        ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
        return NGX_ERROR;
@ -558,7 +554,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
    out->len += len;

    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
-                            out->data + in->len)
+                            out->data + out->len)
        == 0)
    {
        EVP_CIPHER_CTX_free(ctx);