Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9127:a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
The constants are used for both GCM and CHACHAPOLY.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 09 Jun 2023 10:23:22 +0400 |
parents | 29a6c0e11f75 |
children | 756ab66de10e |
comparison
equal
deleted
inserted
replaced
9126:29a6c0e11f75 | 9127:a7b850a5d98d |
---|---|
382 EVP_CIPHER_CTX_free(ctx); | 382 EVP_CIPHER_CTX_free(ctx); |
383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); | 383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
384 return NGX_ERROR; | 384 return NGX_ERROR; |
385 } | 385 } |
386 | 386 |
387 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) | 387 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL) |
388 == 0) | 388 == 0) |
389 { | 389 { |
390 EVP_CIPHER_CTX_free(ctx); | 390 EVP_CIPHER_CTX_free(ctx); |
391 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 391 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
392 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); | 392 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed"); |
393 return NGX_ERROR; | 393 return NGX_ERROR; |
394 } | 394 } |
395 | 395 |
396 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { | 396 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
397 EVP_CIPHER_CTX_free(ctx); | 397 EVP_CIPHER_CTX_free(ctx); |
415 } | 415 } |
416 | 416 |
417 out->len = len; | 417 out->len = len; |
418 tag = in->data + in->len - NGX_QUIC_TAG_LEN; | 418 tag = in->data + in->len - NGX_QUIC_TAG_LEN; |
419 | 419 |
420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag) | 420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag) |
421 == 0) | 421 == 0) |
422 { | 422 { |
423 EVP_CIPHER_CTX_free(ctx); | 423 EVP_CIPHER_CTX_free(ctx); |
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 424 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); | 425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
426 return NGX_ERROR; | 426 return NGX_ERROR; |
427 } | 427 } |
428 | 428 |
429 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { | 429 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { |
430 EVP_CIPHER_CTX_free(ctx); | 430 EVP_CIPHER_CTX_free(ctx); |
480 EVP_CIPHER_CTX_free(ctx); | 480 EVP_CIPHER_CTX_free(ctx); |
481 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); | 481 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
482 return NGX_ERROR; | 482 return NGX_ERROR; |
483 } | 483 } |
484 | 484 |
485 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) | 485 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL) |
486 == 0) | 486 == 0) |
487 { | 487 { |
488 EVP_CIPHER_CTX_free(ctx); | 488 EVP_CIPHER_CTX_free(ctx); |
489 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 489 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
490 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); | 490 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed"); |
491 return NGX_ERROR; | 491 return NGX_ERROR; |
492 } | 492 } |
493 | 493 |
494 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { | 494 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
495 EVP_CIPHER_CTX_free(ctx); | 495 EVP_CIPHER_CTX_free(ctx); |
517 return NGX_ERROR; | 517 return NGX_ERROR; |
518 } | 518 } |
519 | 519 |
520 out->len += len; | 520 out->len += len; |
521 | 521 |
522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN, | 522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, |
523 out->data + in->len) | 523 out->data + in->len) |
524 == 0) | 524 == 0) |
525 { | 525 { |
526 EVP_CIPHER_CTX_free(ctx); | 526 EVP_CIPHER_CTX_free(ctx); |
527 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 527 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
528 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed"); | 528 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); |
529 return NGX_ERROR; | 529 return NGX_ERROR; |
530 } | 530 } |
531 | 531 |
532 EVP_CIPHER_CTX_free(ctx); | 532 EVP_CIPHER_CTX_free(ctx); |
533 | 533 |