Roman Arutyunyan
May 31, 2022 03:08AM
# HG changeset patch
# User Vladimir Homutov <vl@nginx.com>
# Date 1653652352 -14400
# Fri May 27 15:52:32 2022 +0400
# Branch quic
# Node ID 7929cae8d65fd1f41d07365cae93970b29f2d03d
# Parent 41f47332273e0350157258cc40dd0ede4ee86c69
QUIC: removed ngx_quic_keys_new().

The ngx_quic_keys_t structure is now exposed.
This allows to use it in contexts where no pool/connection is available,
i.e. early packet processing.

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t
return NULL;
}

- qc->keys = ngx_quic_keys_new(c->pool);
+ qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
if (qc->keys == NULL) {
return NULL;
}
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t
{
ssize_t len;
ngx_str_t res;
+ ngx_quic_keys_t keys;
ngx_quic_frame_t frame;
ngx_quic_header_t pkt;

@@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t
return NGX_ERROR;
}

- pkt.keys = ngx_quic_keys_new(c->pool);
- if (pkt.keys == NULL) {
- return NGX_ERROR;
- }
+ ngx_memzero(&keys, sizeof(ngx_quic_keys_t));
+
+ pkt.keys = &keys;

if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
!= NGX_OK)
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -10,16 +10,11 @@
#include <ngx_event_quic_connection.h>


-/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
-#define NGX_QUIC_IV_LEN 12
/* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */
#define NGX_QUIC_HP_LEN 5

#define NGX_QUIC_AES_128_KEY_LEN 16

-/* largest hash used in TLS is SHA-384 */
-#define NGX_QUIC_MAX_MD_SIZE 48
-
#define NGX_AES_128_GCM_SHA256 0x1301
#define NGX_AES_256_GCM_SHA384 0x1302
#define NGX_CHACHA20_POLY1305_SHA256 0x1303
@@ -33,45 +28,12 @@


typedef struct {
- size_t len;
- u_char data[NGX_QUIC_MAX_MD_SIZE];
-} ngx_quic_md_t;
-
-
-typedef struct {
- size_t len;
- u_char data[NGX_QUIC_IV_LEN];
-} ngx_quic_iv_t;
-
-
-typedef struct {
const ngx_quic_cipher_t *c;
const EVP_CIPHER *hp;
const EVP_MD *d;
} ngx_quic_ciphers_t;


-typedef struct ngx_quic_secret_s {
- ngx_quic_md_t secret;
- ngx_quic_md_t key;
- ngx_quic_iv_t iv;
- ngx_quic_md_t hp;
-} ngx_quic_secret_t;
-
-
-typedef struct {
- ngx_quic_secret_t client;
- ngx_quic_secret_t server;
-} ngx_quic_secrets_t;
-
-
-struct ngx_quic_keys_s {
- ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
- ngx_quic_secrets_t next_key;
- ngx_uint_t cipher;
-};
-
-
typedef struct {
size_t out_len;
u_char *out;
@@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_
}


-ngx_quic_keys_t *
-ngx_quic_keys_new(ngx_pool_t *pool)
-{
- return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
-}
-
-
ngx_uint_t
ngx_quic_keys_available(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level)
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -16,8 +16,46 @@

#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)

+/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
+#define NGX_QUIC_IV_LEN 12

-ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
+/* largest hash used in TLS is SHA-384 */
+#define NGX_QUIC_MAX_MD_SIZE 48
+
+
+typedef struct {
+ size_t len;
+ u_char data[NGX_QUIC_MAX_MD_SIZE];
+} ngx_quic_md_t;
+
+
+typedef struct {
+ size_t len;
+ u_char data[NGX_QUIC_IV_LEN];
+} ngx_quic_iv_t;
+
+
+typedef struct ngx_quic_secret_s {
+ ngx_quic_md_t secret;
+ ngx_quic_md_t key;
+ ngx_quic_iv_t iv;
+ ngx_quic_md_t hp;
+} ngx_quic_secret_t;
+
+
+typedef struct {
+ ngx_quic_secret_t client;
+ ngx_quic_secret_t server;
+} ngx_quic_secrets_t;
+
+
+struct ngx_quic_keys_s {
+ ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
+ ngx_quic_secrets_t next_key;
+ ngx_uint_t cipher;
+};
+
+
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
ngx_str_t *secret, ngx_log_t *log);
ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH 0 of 4] avoid pool allocations

Roman Arutyunyan 550 May 31, 2022 03:08AM

[PATCH 1 of 4] QUIC: fixed-length buffers for secrets

Roman Arutyunyan 156 May 31, 2022 03:08AM

Re: [PATCH 1 of 4] QUIC: fixed-length buffers for secrets

Sergey Kandaurov 146 July 25, 2022 06:38PM

[PATCH 2 of 4] QUIC: avoided pool usage in ngx_quic_protection.c

Roman Arutyunyan 149 May 31, 2022 03:08AM

[PATCH 4 of 4] QUIC: avoided pool usage in token calculation

Roman Arutyunyan 153 May 31, 2022 03:08AM

[PATCH 3 of 4] QUIC: removed ngx_quic_keys_new()

Roman Arutyunyan 155 May 31, 2022 03:08AM

Re: [PATCH 3 of 4] QUIC: removed ngx_quic_keys_new()

Sergey Kandaurov 208 July 25, 2022 07:02PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 171
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready