[PATCH 2 of 4] QUIC: avoided pool usage in ngx_quic_protection.c
Roman Arutyunyan
arut at nginx.com
Tue May 31 07:06:32 UTC 2022
# HG changeset patch
# User Vladimir Homutov <vl at nginx.com>
# Date 1653644250 -14400
# Fri May 27 13:37:30 2022 +0400
# Branch quic
# Node ID 41f47332273e0350157258cc40dd0ede4ee86c69
# Parent a881ff28070262f3810517d5d3cb4ff67a4b7121
QUIC: avoided pool usage in ngx_quic_protection.c.
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -325,7 +325,7 @@ ngx_quic_new_connection(ngx_connection_t
}
}
- if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid)
+ if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log)
!= NGX_OK)
{
return NULL;
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -961,7 +961,7 @@ ngx_quic_send_early_cc(ngx_connection_t
return NGX_ERROR;
}
- if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid)
+ if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
!= NGX_OK)
{
return NGX_ERROR;
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -113,7 +113,7 @@ static ngx_int_t ngx_quic_tls_seal(const
static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in);
static ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf,
- const EVP_MD *digest, ngx_pool_t *pool);
+ const EVP_MD *digest, ngx_log_t *log);
static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
ngx_str_t *res);
@@ -179,8 +179,8 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
ngx_int_t
-ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
- ngx_str_t *secret)
+ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
+ ngx_log_t *log)
{
size_t is_len;
uint8_t is[SHA256_DIGEST_LENGTH];
@@ -217,12 +217,12 @@ ngx_quic_keys_set_initial_secret(ngx_poo
.len = is_len
};
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
"quic ngx_quic_set_initial_secret");
#ifdef NGX_QUIC_DEBUG_CRYPTO
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
"quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt);
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
"quic initial secret len:%uz %*xs", is_len, is_len, is);
#endif
@@ -251,7 +251,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], digest, pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
return NGX_ERROR;
}
}
@@ -261,19 +261,12 @@ ngx_quic_keys_set_initial_secret(ngx_poo
static ngx_int_t
-ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool)
+ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log)
{
size_t info_len;
uint8_t *p;
uint8_t info[20];
- if (h->out == NULL) {
- h->out = ngx_pnalloc(pool, h->out_len);
- if (h->out == NULL) {
- return NGX_ERROR;
- }
- }
-
info_len = 2 + 1 + h->label_len + 1;
info[0] = 0;
@@ -287,13 +280,13 @@ ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h,
h->prk, h->prk_len, info, info_len)
!= NGX_OK)
{
- ngx_ssl_error(NGX_LOG_INFO, pool->log, 0,
+ ngx_ssl_error(NGX_LOG_INFO, log, 0,
"ngx_hkdf_expand(%*s) failed", h->label_len, h->label);
return NGX_ERROR;
}
#ifdef NGX_QUIC_DEBUG_CRYPTO
- ngx_log_debug5(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0,
"quic expand \"%*s\" key len:%uz %*xs",
h->label_len, h->label, h->out_len, h->out_len, h->out);
#endif
@@ -674,7 +667,7 @@ failed:
ngx_int_t
-ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
+ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
{
@@ -692,12 +685,12 @@ ngx_quic_keys_set_encryption_secret(ngx_
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
if (key_len == NGX_ERROR) {
- ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher");
+ ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
return NGX_ERROR;
}
if (sizeof(peer_secret->secret.data) < secret_len) {
- ngx_log_error(NGX_LOG_ALERT, pool->log, 0,
+ ngx_log_error(NGX_LOG_ALERT, log, 0,
"unexpected secret len: %uz", secret_len);
return NGX_ERROR;
}
@@ -719,7 +712,7 @@ ngx_quic_keys_set_encryption_secret(ngx_
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
return NGX_ERROR;
}
}
@@ -809,7 +802,7 @@ ngx_quic_keys_update(ngx_connection_t *c
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
return NGX_ERROR;
}
}
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -18,9 +18,9 @@
ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
-ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool,
- ngx_quic_keys_t *keys, ngx_str_t *secret);
-ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool,
+ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
+ ngx_str_t *secret, ngx_log_t *log);
+ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
ngx_uint_t is_write, ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -73,7 +73,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t
secret_len, rsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
cipher, rsecret, secret_len)
!= NGX_OK)
{
@@ -109,7 +109,7 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t
secret_len, wsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
cipher, wsecret, secret_len)
!= NGX_OK)
{
@@ -143,7 +143,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
cipher = SSL_get_current_cipher(ssl_conn);
- if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
cipher, rsecret, secret_len)
!= NGX_OK)
{
@@ -164,7 +164,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
secret_len, wsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
cipher, wsecret, secret_len)
!= NGX_OK)
{
More information about the nginx-devel
mailing list