Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.c @ 9127:a7b850a5d98d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: common cipher control constants instead of GCM-related. The constants are used for both GCM and CHACHAPOLY.
author Roman Arutyunyan <arut@nginx.com>
date Fri, 09 Jun 2023 10:23:22 +0400
parents 29a6c0e11f75
children 756ab66de10e
comparison
equal deleted inserted replaced
9126:29a6c0e11f75 9127:a7b850a5d98d
382 EVP_CIPHER_CTX_free(ctx); 382 EVP_CIPHER_CTX_free(ctx);
383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); 383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
384 return NGX_ERROR; 384 return NGX_ERROR;
385 } 385 }
386 386
387 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) 387 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL)
388 == 0) 388 == 0)
389 { 389 {
390 EVP_CIPHER_CTX_free(ctx); 390 EVP_CIPHER_CTX_free(ctx);
391 ngx_ssl_error(NGX_LOG_INFO, log, 0, 391 ngx_ssl_error(NGX_LOG_INFO, log, 0,
392 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); 392 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed");
393 return NGX_ERROR; 393 return NGX_ERROR;
394 } 394 }
395 395
396 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { 396 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
397 EVP_CIPHER_CTX_free(ctx); 397 EVP_CIPHER_CTX_free(ctx);
415 } 415 }
416 416
417 out->len = len; 417 out->len = len;
418 tag = in->data + in->len - NGX_QUIC_TAG_LEN; 418 tag = in->data + in->len - NGX_QUIC_TAG_LEN;
419 419
420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag) 420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, tag)
421 == 0) 421 == 0)
422 { 422 {
423 EVP_CIPHER_CTX_free(ctx); 423 EVP_CIPHER_CTX_free(ctx);
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, 424 ngx_ssl_error(NGX_LOG_INFO, log, 0,
425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); 425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
426 return NGX_ERROR; 426 return NGX_ERROR;
427 } 427 }
428 428
429 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { 429 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
430 EVP_CIPHER_CTX_free(ctx); 430 EVP_CIPHER_CTX_free(ctx);
480 EVP_CIPHER_CTX_free(ctx); 480 EVP_CIPHER_CTX_free(ctx);
481 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); 481 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
482 return NGX_ERROR; 482 return NGX_ERROR;
483 } 483 }
484 484
485 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) 485 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL)
486 == 0) 486 == 0)
487 { 487 {
488 EVP_CIPHER_CTX_free(ctx); 488 EVP_CIPHER_CTX_free(ctx);
489 ngx_ssl_error(NGX_LOG_INFO, log, 0, 489 ngx_ssl_error(NGX_LOG_INFO, log, 0,
490 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); 490 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed");
491 return NGX_ERROR; 491 return NGX_ERROR;
492 } 492 }
493 493
494 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { 494 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
495 EVP_CIPHER_CTX_free(ctx); 495 EVP_CIPHER_CTX_free(ctx);
517 return NGX_ERROR; 517 return NGX_ERROR;
518 } 518 }
519 519
520 out->len += len; 520 out->len += len;
521 521
522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN, 522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
523 out->data + in->len) 523 out->data + in->len)
524 == 0) 524 == 0)
525 { 525 {
526 EVP_CIPHER_CTX_free(ctx); 526 EVP_CIPHER_CTX_free(ctx);
527 ngx_ssl_error(NGX_LOG_INFO, log, 0, 527 ngx_ssl_error(NGX_LOG_INFO, log, 0,
528 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed"); 528 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed");
529 return NGX_ERROR; 529 return NGX_ERROR;
530 } 530 }
531 531
532 EVP_CIPHER_CTX_free(ctx); 532 EVP_CIPHER_CTX_free(ctx);
533 533