Re: [PATCH 00 of 11] [quic] reusing crypto contexts, and more #2

Hi, On Wed, Oct 18, 2023 at 07:26:42PM +0400, Sergey Kandaurov wrote: > Updated series to address arut@ comments: > - patches #1, #2, #4 unchanged > - patch #3 replaced with keys check in ngx_quic_ack_packet > - #5 updates ngx_quic_keys_cleanup and ngx_quic_compat_set_encryption_secret > - factore

[PATCH] HTTP/2: fixed buffer management with HTTP/2 auto-detection

# HG changeset patch # User Sergey Kandaurov # Date 1697808142 -14400 # Fri Oct 20 17:22:22 2023 +0400 # Node ID 318c8ace6aa24506004bfbb7d52674f61a3716a5 # Parent 3038bd4d78169a5e8a2624d79cf76f45f0805ddc HTTP/2: fixed buffer management with HTTP/2 auto-detection. As part of normal HTTP/2 pr

Re: [PATCH] HTTP/2: fixed buffer management with HTTP/2 auto-detection

> On 20 Oct 2023, at 17:23, Sergey Kandaurov wrote: > > # HG changeset patch > # User Sergey Kandaurov > # Date 1697808142 -14400 > # Fri Oct 20 17:22:22 2023 +0400 > # Node ID 318c8ace6aa24506004bfbb7d52674f61a3716a5 > # Parent 3038bd4d78169a5e8a2624d79cf76f45f0805ddc > HTTP/2: fixed buf

[nginx] QUIC: split keys availability checks to read and write sides.

details: https://hg.nginx.org/nginx/rev/ff98ae7d261e branches: changeset: 9168:ff98ae7d261e user: Sergey Kandaurov date: Thu Aug 31 19:54:10 2023 +0400 description: QUIC: split keys availability checks to read and write sides. Keys may be released by TLS stack in different times, so

[nginx] QUIC: added safety belt to prevent using discarded keys.

details: https://hg.nginx.org/nginx/rev/60c4e8d3151f branches: changeset: 9169:60c4e8d3151f user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: added safety belt to prevent using discarded keys. In addition to triggering alert, it ensures that such packets

[nginx] QUIC: renamed protection functions.

details: https://hg.nginx.org/nginx/rev/f98636db77ef branches: changeset: 9171:f98636db77ef user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: renamed protection functions. Now these functions have names ngx_quic_crypto_XXX(): - ngx_quic_tls_open() ->

[nginx] QUIC: prevented generating ACK frames with discarded keys.

details: https://hg.nginx.org/nginx/rev/c80d111340dc branches: changeset: 9170:c80d111340dc user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: prevented generating ACK frames with discarded keys. Previously it was possible to generate ACK frames using for

[nginx] QUIC: reusing crypto contexts for packet protection.

details: https://hg.nginx.org/nginx/rev/4ccb0d973206 branches: changeset: 9172:4ccb0d973206 user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: reusing crypto contexts for packet protection. diffstat: src/event/quic/ngx_event_quic.c|3

[nginx] QUIC: common code for crypto open and seal operations.

details: https://hg.nginx.org/nginx/rev/904a54092d5b branches: changeset: 9173:904a54092d5b user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: common code for crypto open and seal operations. diffstat: src/event/quic/ngx_event_quic_protection.c | 143 +

[nginx] QUIC: reusing crypto contexts for header protection.

details: https://hg.nginx.org/nginx/rev/31702c53d2db branches: changeset: 9174:31702c53d2db user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: reusing crypto contexts for header protection. diffstat: src/event/quic/ngx_event_quic_protection.c | 102 +++

[nginx] QUIC: cleaned up now unused ngx_quic_ciphers() calls.

details: https://hg.nginx.org/nginx/rev/f7c9cd726298 branches: changeset: 9175:f7c9cd726298 user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: cleaned up now unused ngx_quic_ciphers() calls. diffstat: src/event/quic/ngx_event_quic_openssl_compat.c | 12

[nginx] QUIC: explicitly zero out unused keying material.

details: https://hg.nginx.org/nginx/rev/b74f891053c7 branches: changeset: 9178:b74f891053c7 user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: explicitly zero out unused keying material. diffstat: src/event/quic/ngx_event_quic_openssl_compat.c | 13 +++

[nginx] QUIC: simplified ngx_quic_ciphers() API.

details: https://hg.nginx.org/nginx/rev/8dacf87e4007 branches: changeset: 9176:8dacf87e4007 user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: simplified ngx_quic_ciphers() API. After conversion to reusable crypto ctx, now there's enough caller context to

[nginx] QUIC: removed key field from ngx_quic_secret_t.

details: https://hg.nginx.org/nginx/rev/22d110af473c branches: changeset: 9177:22d110af473c user: Sergey Kandaurov date: Fri Oct 20 18:05:07 2023 +0400 description: QUIC: removed key field from ngx_quic_secret_t. It is made local as it is only needed now when creating crypto context

[njs] Modules: fixed delete() method of a shared dictionary.

details: https://hg.nginx.org/njs/rev/d83c6616f2b1 branches: changeset: 2223:d83c6616f2b1 user: Dmitry Volyntsev date: Fri Oct 20 08:44:52 2023 -0700 description: Modules: fixed delete() method of a shared dictionary. This fixes #679 issue on Github. diffstat: nginx/ngx_js_shared

Re: [PATCH] HTTP/2: fixed buffer management with HTTP/2 auto-detection

Hello! On Fri, Oct 20, 2023 at 06:04:32PM +0400, Sergey Kandaurov wrote: > > On 20 Oct 2023, at 17:23, Sergey Kandaurov wrote: > > > > # HG changeset patch > > # User Sergey Kandaurov > > # Date 1697808142 -14400 > > # Fri Oct 20 17:22:22 2023 +0400 > > # Node ID 318c8ace6aa24506004bfbb7d