Patch subject is complete summary.
src/event/quic/ngx_event_quic.c | 2 +- src/event/quic/ngx_event_quic_output.c | 2 +- src/event/quic/ngx_event_quic_protection.c | 37 ++++++++++++----------------- src/event/quic/ngx_event_quic_protection.h | 6 ++-- src/event/quic/ngx_event_quic_ssl.c | 8 +++--- 5 files changed, 24 insertions(+), 31 deletions(-)
# HG changeset patch # User Vladimir Homutov <v...@nginx.com> # Date 1645440574 -10800 # Mon Feb 21 13:49:34 2022 +0300 # Branch quic # Node ID 950a45270e862b02f43ed1df02a9146e8686b8e5 # Parent 1a0a12bef7f00b5422d449b2d4642fff39e0a47e QUIC: avoided pool usage in ngx_quic_protection.c. diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -325,7 +325,7 @@ ngx_quic_new_connection(ngx_connection_t } } - if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid) + if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log) != NGX_OK) { return NULL; diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c --- a/src/event/quic/ngx_event_quic_output.c +++ b/src/event/quic/ngx_event_quic_output.c @@ -961,7 +961,7 @@ ngx_quic_send_early_cc(ngx_connection_t return NGX_ERROR; } - if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid) + if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log) != NGX_OK) { return NGX_ERROR; diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -125,7 +125,7 @@ static ngx_int_t ngx_quic_tls_seal(const static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, ngx_quic_secret_t *s, u_char *out, u_char *in); static ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, - const EVP_MD *digest, ngx_pool_t *pool); + const EVP_MD *digest, ngx_log_t *log); static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res); @@ -191,8 +191,8 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic ngx_int_t -ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, - ngx_str_t *secret) +ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, + ngx_log_t *log) { size_t is_len; uint8_t is[SHA256_DIGEST_LENGTH]; @@ -229,12 +229,12 @@ ngx_quic_keys_set_initial_secret(ngx_poo .len = is_len }; - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, "quic ngx_quic_set_initial_secret"); #ifdef NGX_QUIC_DEBUG_CRYPTO - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "quic initial secret len:%uz %*xs", is_len, is_len, is); #endif @@ -263,7 +263,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], digest, pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) { return NGX_ERROR; } } @@ -273,17 +273,10 @@ ngx_quic_keys_set_initial_secret(ngx_poo static ngx_int_t -ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool) +ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log) { uint8_t *p; - if (h->out == NULL) { - h->out = ngx_pnalloc(pool, h->out_len); - if (h->out == NULL) { - return NGX_ERROR; - } - } - h->info_len = 2 + 1 + h->label_len + 1; h->info[0] = 0; @@ -297,13 +290,13 @@ ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, h->prk, h->prk_len, h->info, h->info_len) != NGX_OK) { - ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, + ngx_ssl_error(NGX_LOG_INFO, log, 0, "ngx_hkdf_expand(%*s) failed", h->label_len, h->label); return NGX_ERROR; } #ifdef NGX_QUIC_DEBUG_CRYPTO - ngx_log_debug5(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0, "quic expand \"%*s\" key len:%uz %*xs", h->label_len, h->label, h->out_len, h->out_len, h->out); #endif @@ -684,7 +677,7 @@ failed: ngx_int_t -ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, +ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) { @@ -702,12 +695,12 @@ ngx_quic_keys_set_encryption_secret(ngx_ key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); if (key_len == NGX_ERROR) { - ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); + ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); return NGX_ERROR; } if (sizeof(peer_secret->secret.data) < secret_len) { - ngx_log_error(NGX_LOG_ERR, pool->log, 0, + ngx_log_error(NGX_LOG_ERR, log, 0, "unexpected secret len: %uz", secret_len); return NGX_ERROR; } @@ -729,7 +722,7 @@ ngx_quic_keys_set_encryption_secret(ngx_ }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { return NGX_ERROR; } } @@ -819,7 +812,7 @@ ngx_quic_keys_update(ngx_connection_t *c }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) { return NGX_ERROR; } } diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -18,9 +18,9 @@ ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); -ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, - ngx_quic_keys_t *keys, ngx_str_t *secret); -ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, +ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, + ngx_str_t *secret, ngx_log_t *log); +ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -73,7 +73,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t secret_len, rsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, cipher, rsecret, secret_len) != NGX_OK) { @@ -109,7 +109,7 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t secret_len, wsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, cipher, wsecret, secret_len) != NGX_OK) { @@ -143,7 +143,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ cipher = SSL_get_current_cipher(ssl_conn); - if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, cipher, rsecret, secret_len) != NGX_OK) { @@ -164,7 +164,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ secret_len, wsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, cipher, wsecret, secret_len) != NGX_OK) {
_______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org