[PATCH 3 of 4] QUIC: removed ngx_quic_keys_new()
Sergey Kandaurov
pluknet at nginx.com
Mon Jul 25 23:00:37 UTC 2022
> On 31 May 2022, at 11:06, Roman Arutyunyan <arut at nginx.com> wrote:
>
> # HG changeset patch
> # User Vladimir Homutov <vl at nginx.com>
> # Date 1653652352 -14400
> # Fri May 27 15:52:32 2022 +0400
> # Branch quic
> # Node ID 7929cae8d65fd1f41d07365cae93970b29f2d03d
> # Parent 41f47332273e0350157258cc40dd0ede4ee86c69
> QUIC: removed ngx_quic_keys_new().
>
> The ngx_quic_keys_t structure is now exposed.
IMHO, this line suites as the log summary.
> This allows to use it in contexts where no pool/connection is available,
> i.e. early packet processing.
>
> diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
> --- a/src/event/quic/ngx_event_quic.c
> +++ b/src/event/quic/ngx_event_quic.c
> @@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t
> return NULL;
> }
>
> - qc->keys = ngx_quic_keys_new(c->pool);
> + qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
> if (qc->keys == NULL) {
> return NULL;
> }
> diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
> --- a/src/event/quic/ngx_event_quic_output.c
> +++ b/src/event/quic/ngx_event_quic_output.c
> @@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t
> {
> ssize_t len;
> ngx_str_t res;
> + ngx_quic_keys_t keys;
> ngx_quic_frame_t frame;
> ngx_quic_header_t pkt;
>
> @@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t
> return NGX_ERROR;
> }
>
> - pkt.keys = ngx_quic_keys_new(c->pool);
> - if (pkt.keys == NULL) {
> - return NGX_ERROR;
> - }
> + ngx_memzero(&keys, sizeof(ngx_quic_keys_t));
> +
> + pkt.keys = &keys;
>
> if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
> != NGX_OK)
> diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
> --- a/src/event/quic/ngx_event_quic_protection.c
> +++ b/src/event/quic/ngx_event_quic_protection.c
> @@ -10,16 +10,11 @@
> #include <ngx_event_quic_connection.h>
>
>
> -/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
> -#define NGX_QUIC_IV_LEN 12
> /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */
> #define NGX_QUIC_HP_LEN 5
>
> #define NGX_QUIC_AES_128_KEY_LEN 16
>
> -/* largest hash used in TLS is SHA-384 */
> -#define NGX_QUIC_MAX_MD_SIZE 48
> -
> #define NGX_AES_128_GCM_SHA256 0x1301
> #define NGX_AES_256_GCM_SHA384 0x1302
> #define NGX_CHACHA20_POLY1305_SHA256 0x1303
> @@ -33,45 +28,12 @@
>
>
> typedef struct {
> - size_t len;
> - u_char data[NGX_QUIC_MAX_MD_SIZE];
> -} ngx_quic_md_t;
> -
> -
> -typedef struct {
> - size_t len;
> - u_char data[NGX_QUIC_IV_LEN];
> -} ngx_quic_iv_t;
> -
> -
> -typedef struct {
> const ngx_quic_cipher_t *c;
> const EVP_CIPHER *hp;
> const EVP_MD *d;
> } ngx_quic_ciphers_t;
>
>
> -typedef struct ngx_quic_secret_s {
> - ngx_quic_md_t secret;
> - ngx_quic_md_t key;
> - ngx_quic_iv_t iv;
> - ngx_quic_md_t hp;
> -} ngx_quic_secret_t;
> -
> -
> -typedef struct {
> - ngx_quic_secret_t client;
> - ngx_quic_secret_t server;
> -} ngx_quic_secrets_t;
> -
> -
> -struct ngx_quic_keys_s {
> - ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
> - ngx_quic_secrets_t next_key;
> - ngx_uint_t cipher;
> -};
> -
> -
> typedef struct {
> size_t out_len;
> u_char *out;
> @@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_
> }
>
>
> -ngx_quic_keys_t *
> -ngx_quic_keys_new(ngx_pool_t *pool)
> -{
> - return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
> -}
> -
> -
> ngx_uint_t
> ngx_quic_keys_available(ngx_quic_keys_t *keys,
> enum ssl_encryption_level_t level)
> diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
> --- a/src/event/quic/ngx_event_quic_protection.h
> +++ b/src/event/quic/ngx_event_quic_protection.h
> @@ -16,8 +16,46 @@
>
> #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
>
> +/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
> +#define NGX_QUIC_IV_LEN 12
>
> -ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
> +/* largest hash used in TLS is SHA-384 */
> +#define NGX_QUIC_MAX_MD_SIZE 48
> +
> +
> +typedef struct {
> + size_t len;
> + u_char data[NGX_QUIC_MAX_MD_SIZE];
> +} ngx_quic_md_t;
> +
> +
> +typedef struct {
> + size_t len;
> + u_char data[NGX_QUIC_IV_LEN];
> +} ngx_quic_iv_t;
> +
> +
> +typedef struct ngx_quic_secret_s {
The "ngx_quic_secret_s" part can be dropped,
unused since 9c3be23ddbe7.
> + ngx_quic_md_t secret;
> + ngx_quic_md_t key;
> + ngx_quic_iv_t iv;
> + ngx_quic_md_t hp;
> +} ngx_quic_secret_t;
> +
> +
> +typedef struct {
> + ngx_quic_secret_t client;
> + ngx_quic_secret_t server;
> +} ngx_quic_secrets_t;
> +
> +
> +struct ngx_quic_keys_s {
> + ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
> + ngx_quic_secrets_t next_key;
> + ngx_uint_t cipher;
> +};
> +
> +
> ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
> ngx_str_t *secret, ngx_log_t *log);
> ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
>
[ The remaining patches look good. ]
--
Sergey Kandaurov
More information about the nginx-devel
mailing list