[nginx] QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().

Sergey Kandaurov pluknet at nginx.com
Tue Jun 20 15:30:18 UTC 2023 

details:   https://hg.nginx.org/nginx/rev/7379cb29cd72
branches:  
changeset: 9129:7379cb29cd72
user:      Sergey Kandaurov <pluknet at nginx.com>
date:      Tue Jun 20 17:59:01 2023 +0400
description:
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().

diffstat:

 src/event/quic/ngx_event_quic_protection.c |  18 +++++++-----------
 1 files changed, 7 insertions(+), 11 deletions(-)

diffs (64 lines):

diff -r 756ab66de10e -r 7379cb29cd72 src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c	Tue Jun 20 16:10:49 2023 +0400
+++ b/src/event/quic/ngx_event_quic_protection.c	Tue Jun 20 17:59:01 2023 +0400
@@ -378,7 +378,6 @@ ngx_quic_tls_open(const ngx_quic_cipher_
     EVP_AEAD_CTX_free(ctx);
 #else
     int              len;
-    u_char          *tag;
     EVP_CIPHER_CTX  *ctx;
 
     ctx = EVP_CIPHER_CTX_new();
@@ -393,9 +392,10 @@ ngx_quic_tls_open(const ngx_quic_cipher_
         return NGX_ERROR;
     }
 
-    tag = in->data + in->len - NGX_QUIC_TAG_LEN;
+    in->len -= NGX_QUIC_TAG_LEN;
 
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag)
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
+                            in->data + in->len)
         == 0)
     {
         EVP_CIPHER_CTX_free(ctx);
@@ -420,8 +420,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_
     }
 
     if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
-        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len - NGX_QUIC_TAG_LEN)
-           != 1)
+        && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
     {
         EVP_CIPHER_CTX_free(ctx);
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
@@ -434,10 +433,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_
         return NGX_ERROR;
     }
 
-    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
-                          in->len - NGX_QUIC_TAG_LEN)
-        != 1)
-    {
+    if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
         EVP_CIPHER_CTX_free(ctx);
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
         return NGX_ERROR;
@@ -445,7 +441,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_
 
     out->len = len;
 
-    if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
+    if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
         EVP_CIPHER_CTX_free(ctx);
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
         return NGX_ERROR;
@@ -558,7 +554,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_
     out->len += len;
 
     if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
-                            out->data + in->len)
+                            out->data + out->len)
         == 0)
     {
         EVP_CIPHER_CTX_free(ctx);

More information about the nginx-devel mailing list