[PATCH 3 of 4] QUIC: removed ngx_quic_keys_new()

Sergey Kandaurov pluknet at nginx.com
Mon Jul 25 23:00:37 UTC 2022


> On 31 May 2022, at 11:06, Roman Arutyunyan <arut at nginx.com> wrote:
> 
> # HG changeset patch
> # User Vladimir Homutov <vl at nginx.com>
> # Date 1653652352 -14400
> #      Fri May 27 15:52:32 2022 +0400
> # Branch quic
> # Node ID 7929cae8d65fd1f41d07365cae93970b29f2d03d
> # Parent  41f47332273e0350157258cc40dd0ede4ee86c69
> QUIC: removed ngx_quic_keys_new().
> 
> The ngx_quic_keys_t structure is now exposed.

IMHO, this line suites as the log summary.

> This allows to use it in contexts where no pool/connection is available,
> i.e. early packet processing.
> 
> diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
> --- a/src/event/quic/ngx_event_quic.c
> +++ b/src/event/quic/ngx_event_quic.c
> @@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t
>         return NULL;
>     }
> 
> -    qc->keys = ngx_quic_keys_new(c->pool);
> +    qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
>     if (qc->keys == NULL) {
>         return NULL;
>     }
> diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
> --- a/src/event/quic/ngx_event_quic_output.c
> +++ b/src/event/quic/ngx_event_quic_output.c
> @@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t 
> {
>     ssize_t            len;
>     ngx_str_t          res;
> +    ngx_quic_keys_t    keys;
>     ngx_quic_frame_t   frame;
>     ngx_quic_header_t  pkt;
> 
> @@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t 
>         return NGX_ERROR;
>     }
> 
> -    pkt.keys = ngx_quic_keys_new(c->pool);
> -    if (pkt.keys == NULL) {
> -        return NGX_ERROR;
> -    }
> +    ngx_memzero(&keys, sizeof(ngx_quic_keys_t));
> +
> +    pkt.keys = &keys;
> 
>     if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
>         != NGX_OK)
> diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
> --- a/src/event/quic/ngx_event_quic_protection.c
> +++ b/src/event/quic/ngx_event_quic_protection.c
> @@ -10,16 +10,11 @@
> #include <ngx_event_quic_connection.h>
> 
> 
> -/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
> -#define NGX_QUIC_IV_LEN               12
> /* RFC 9001, 5.4.1.  Header Protection Application: 5-byte mask */
> #define NGX_QUIC_HP_LEN               5
> 
> #define NGX_QUIC_AES_128_KEY_LEN      16
> 
> -/* largest hash used in TLS is SHA-384 */
> -#define NGX_QUIC_MAX_MD_SIZE          48
> -
> #define NGX_AES_128_GCM_SHA256        0x1301
> #define NGX_AES_256_GCM_SHA384        0x1302
> #define NGX_CHACHA20_POLY1305_SHA256  0x1303
> @@ -33,45 +28,12 @@
> 
> 
> typedef struct {
> -    size_t                    len;
> -    u_char                    data[NGX_QUIC_MAX_MD_SIZE];
> -} ngx_quic_md_t;
> -
> -
> -typedef struct {
> -    size_t                    len;
> -    u_char                    data[NGX_QUIC_IV_LEN];
> -} ngx_quic_iv_t;
> -
> -
> -typedef struct {
>     const ngx_quic_cipher_t  *c;
>     const EVP_CIPHER         *hp;
>     const EVP_MD             *d;
> } ngx_quic_ciphers_t;
> 
> 
> -typedef struct ngx_quic_secret_s {
> -    ngx_quic_md_t             secret;
> -    ngx_quic_md_t             key;
> -    ngx_quic_iv_t             iv;
> -    ngx_quic_md_t             hp;
> -} ngx_quic_secret_t;
> -
> -
> -typedef struct {
> -    ngx_quic_secret_t         client;
> -    ngx_quic_secret_t         server;
> -} ngx_quic_secrets_t;
> -
> -
> -struct ngx_quic_keys_s {
> -    ngx_quic_secrets_t        secrets[NGX_QUIC_ENCRYPTION_LAST];
> -    ngx_quic_secrets_t        next_key;
> -    ngx_uint_t                cipher;
> -};
> -
> -
> typedef struct {
>     size_t                    out_len;
>     u_char                   *out;
> @@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_
> }
> 
> 
> -ngx_quic_keys_t *
> -ngx_quic_keys_new(ngx_pool_t *pool)
> -{
> -    return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
> -}
> -
> -
> ngx_uint_t
> ngx_quic_keys_available(ngx_quic_keys_t *keys,
>     enum ssl_encryption_level_t level)
> diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
> --- a/src/event/quic/ngx_event_quic_protection.h
> +++ b/src/event/quic/ngx_event_quic_protection.h
> @@ -16,8 +16,46 @@
> 
> #define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)
> 
> +/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
> +#define NGX_QUIC_IV_LEN               12
> 
> -ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
> +/* largest hash used in TLS is SHA-384 */
> +#define NGX_QUIC_MAX_MD_SIZE          48
> +
> +
> +typedef struct {
> +    size_t                    len;
> +    u_char                    data[NGX_QUIC_MAX_MD_SIZE];
> +} ngx_quic_md_t;
> +
> +
> +typedef struct {
> +    size_t                    len;
> +    u_char                    data[NGX_QUIC_IV_LEN];
> +} ngx_quic_iv_t;
> +
> +
> +typedef struct ngx_quic_secret_s {

The "ngx_quic_secret_s" part can be dropped,
unused since 9c3be23ddbe7.

> +    ngx_quic_md_t             secret;
> +    ngx_quic_md_t             key;
> +    ngx_quic_iv_t             iv;
> +    ngx_quic_md_t             hp;
> +} ngx_quic_secret_t;
> +
> +
> +typedef struct {
> +    ngx_quic_secret_t         client;
> +    ngx_quic_secret_t         server;
> +} ngx_quic_secrets_t;
> +
> +
> +struct ngx_quic_keys_s {
> +    ngx_quic_secrets_t        secrets[NGX_QUIC_ENCRYPTION_LAST];
> +    ngx_quic_secrets_t        next_key;
> +    ngx_uint_t                cipher;
> +};
> +
> +
> ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
>     ngx_str_t *secret, ngx_log_t *log);
> ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
> 

[ The remaining patches look good. ]

-- 
Sergey Kandaurov



More information about the nginx-devel mailing list