IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: removed ngx_quic_keys_new().

Browse Source 
The ngx_quic_keys_t structure is now exposed.
This commit is contained in:
Vladimir Homutov 2022-07-27 17:31:16 +04:00
parent 93c21be4d6
commit 664cb29f52
4 changed files with 44 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/quic/ngx_event_quic.c
View File

@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
return NULL; return NULL;
} }
qc->keys = ngx_quic_keys_new(c->pool); qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
if (qc->keys == NULL) { if (qc->keys == NULL) {
return NULL; return NULL;
} }

8
src/event/quic/ngx_event_quic_output.c
View File

@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
{ {
ssize_t len; ssize_t len;
ngx_str_t res; ngx_str_t res;
ngx_quic_keys_t keys;
ngx_quic_frame_t frame; ngx_quic_frame_t frame;
ngx_quic_header_t pkt; ngx_quic_header_t pkt;
@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
return NGX_ERROR; return NGX_ERROR;
} }
pkt.keys = ngx_quic_keys_new(c->pool); ngx_memzero(&keys, sizeof(ngx_quic_keys_t));
if (pkt.keys == NULL) {
return NGX_ERROR; pkt.keys = &keys;
}
if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log) if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
!= NGX_OK) != NGX_OK)

45
src/event/quic/ngx_event_quic_protection.c
View File

@ -10,16 +10,11 @@
#include <ngx_event_quic_connection.h> #include <ngx_event_quic_connection.h>
/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
#define NGX_QUIC_IV_LEN 12
/* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */
#define NGX_QUIC_HP_LEN 5 #define NGX_QUIC_HP_LEN 5
#define NGX_QUIC_AES_128_KEY_LEN 16 #define NGX_QUIC_AES_128_KEY_LEN 16
/* largest hash used in TLS is SHA-384 */
#define NGX_QUIC_MAX_MD_SIZE 48
#define NGX_AES_128_GCM_SHA256 0x1301 #define NGX_AES_128_GCM_SHA256 0x1301
#define NGX_AES_256_GCM_SHA384 0x1302 #define NGX_AES_256_GCM_SHA384 0x1302
#define NGX_CHACHA20_POLY1305_SHA256 0x1303 #define NGX_CHACHA20_POLY1305_SHA256 0x1303
@ -32,18 +27,6 @@
#endif #endif
typedef struct {
size_t len;
u_char data[NGX_QUIC_MAX_MD_SIZE];
} ngx_quic_md_t;
typedef struct {
size_t len;
u_char data[NGX_QUIC_IV_LEN];
} ngx_quic_iv_t;
typedef struct { typedef struct {
const ngx_quic_cipher_t *c; const ngx_quic_cipher_t *c;
const EVP_CIPHER *hp; const EVP_CIPHER *hp;
@ -51,27 +34,6 @@ typedef struct {
} ngx_quic_ciphers_t; } ngx_quic_ciphers_t;
typedef struct ngx_quic_secret_s {
ngx_quic_md_t secret;
ngx_quic_md_t key;
ngx_quic_iv_t iv;
ngx_quic_md_t hp;
} ngx_quic_secret_t;
typedef struct {
ngx_quic_secret_t client;
ngx_quic_secret_t server;
} ngx_quic_secrets_t;
struct ngx_quic_keys_s {
ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
ngx_quic_secrets_t next_key;
ngx_uint_t cipher;
};
typedef struct { typedef struct {
size_t out_len; size_t out_len;
u_char *out; u_char *out;
@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
} }
ngx_quic_keys_t *
ngx_quic_keys_new(ngx_pool_t *pool)
{
return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
}
ngx_uint_t ngx_uint_t
ngx_quic_keys_available(ngx_quic_keys_t *keys, ngx_quic_keys_available(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level) enum ssl_encryption_level_t level)

40
src/event/quic/ngx_event_quic_protection.h
View File

@ -16,8 +16,46 @@
#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
#define NGX_QUIC_IV_LEN 12
/* largest hash used in TLS is SHA-384 */
#define NGX_QUIC_MAX_MD_SIZE 48
typedef struct {
size_t len;
u_char data[NGX_QUIC_MAX_MD_SIZE];
} ngx_quic_md_t;
typedef struct {
size_t len;
u_char data[NGX_QUIC_IV_LEN];
} ngx_quic_iv_t;
typedef struct {
ngx_quic_md_t secret;
ngx_quic_md_t key;
ngx_quic_iv_t iv;
ngx_quic_md_t hp;
} ngx_quic_secret_t;
typedef struct {
ngx_quic_secret_t client;
ngx_quic_secret_t server;
} ngx_quic_secrets_t;
struct ngx_quic_keys_s {
ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
ngx_quic_secrets_t next_key;
ngx_uint_t cipher;
};
ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
ngx_str_t *secret, ngx_log_t *log); ngx_str_t *secret, ngx_log_t *log);
ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,