Patch subject is complete summary.
src/event/quic/ngx_event_quic.c | 2 +-
src/event/quic/ngx_event_quic_output.c | 2 +-
src/event/quic/ngx_event_quic_protection.c | 37 ++++++++++++-----------------
src/event/quic/ngx_event_quic_protection.h | 6 ++--
src/event/quic/ngx_event_quic_ssl.c | 8 +++---
5 files changed, 24 insertions(+), 31 deletions(-)
# HG changeset patch
# User Vladimir Homutov <v...@nginx.com>
# Date 1645440574 -10800
# Mon Feb 21 13:49:34 2022 +0300
# Branch quic
# Node ID 950a45270e862b02f43ed1df02a9146e8686b8e5
# Parent 1a0a12bef7f00b5422d449b2d4642fff39e0a47e
QUIC: avoided pool usage in ngx_quic_protection.c.
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -325,7 +325,7 @@ ngx_quic_new_connection(ngx_connection_t
}
}
- if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid)
+ if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log)
!= NGX_OK)
{
return NULL;
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -961,7 +961,7 @@ ngx_quic_send_early_cc(ngx_connection_t
return NGX_ERROR;
}
- if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid)
+ if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
!= NGX_OK)
{
return NGX_ERROR;
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -125,7 +125,7 @@ static ngx_int_t ngx_quic_tls_seal(const
static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in);
static ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf,
- const EVP_MD *digest, ngx_pool_t *pool);
+ const EVP_MD *digest, ngx_log_t *log);
static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
ngx_str_t *res);
@@ -191,8 +191,8 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
ngx_int_t
-ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
- ngx_str_t *secret)
+ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
+ ngx_log_t *log)
{
size_t is_len;
uint8_t is[SHA256_DIGEST_LENGTH];
@@ -229,12 +229,12 @@ ngx_quic_keys_set_initial_secret(ngx_poo
.len = is_len
};
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
"quic ngx_quic_set_initial_secret");
#ifdef NGX_QUIC_DEBUG_CRYPTO
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
"quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt);
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
"quic initial secret len:%uz %*xs", is_len, is_len, is);
#endif
@@ -263,7 +263,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], digest, pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
return NGX_ERROR;
}
}
@@ -273,17 +273,10 @@ ngx_quic_keys_set_initial_secret(ngx_poo
static ngx_int_t
-ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool)
+ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log)
{
uint8_t *p;
- if (h->out == NULL) {
- h->out = ngx_pnalloc(pool, h->out_len);
- if (h->out == NULL) {
- return NGX_ERROR;
- }
- }
-
h->info_len = 2 + 1 + h->label_len + 1;
h->info[0] = 0;
@@ -297,13 +290,13 @@ ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h,
h->prk, h->prk_len, h->info, h->info_len)
!= NGX_OK)
{
- ngx_ssl_error(NGX_LOG_INFO, pool->log, 0,
+ ngx_ssl_error(NGX_LOG_INFO, log, 0,
"ngx_hkdf_expand(%*s) failed", h->label_len, h->label);
return NGX_ERROR;
}
#ifdef NGX_QUIC_DEBUG_CRYPTO
- ngx_log_debug5(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+ ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0,
"quic expand \"%*s\" key len:%uz %*xs",
h->label_len, h->label, h->out_len, h->out_len, h->out);
#endif
@@ -684,7 +677,7 @@ failed:
ngx_int_t
-ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
+ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
{
@@ -702,12 +695,12 @@ ngx_quic_keys_set_encryption_secret(ngx_
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
if (key_len == NGX_ERROR) {
- ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher");
+ ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
return NGX_ERROR;
}
if (sizeof(peer_secret->secret.data) < secret_len) {
- ngx_log_error(NGX_LOG_ERR, pool->log, 0,
+ ngx_log_error(NGX_LOG_ERR, log, 0,
"unexpected secret len: %uz", secret_len);
return NGX_ERROR;
}
@@ -729,7 +722,7 @@ ngx_quic_keys_set_encryption_secret(ngx_
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
return NGX_ERROR;
}
}
@@ -819,7 +812,7 @@ ngx_quic_keys_update(ngx_connection_t *c
};
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->pool) != NGX_OK) {
+ if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
return NGX_ERROR;
}
}
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -18,9 +18,9 @@
ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
-ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool,
- ngx_quic_keys_t *keys, ngx_str_t *secret);
-ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool,
+ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
+ ngx_str_t *secret, ngx_log_t *log);
+ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
ngx_uint_t is_write, ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -73,7 +73,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t
secret_len, rsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
cipher, rsecret, secret_len)
!= NGX_OK)
{
@@ -109,7 +109,7 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t
secret_len, wsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
cipher, wsecret, secret_len)
!= NGX_OK)
{
@@ -143,7 +143,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
cipher = SSL_get_current_cipher(ssl_conn);
- if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
cipher, rsecret, secret_len)
!= NGX_OK)
{
@@ -164,7 +164,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
secret_len, wsecret);
#endif
- if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+ if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
cipher, wsecret, secret_len)
!= NGX_OK)
{
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org
