QUIC: removed ngx_quic_keys_new().

The ngx_quic_keys_t structure is now exposed.
RekGRpth · Jul 27, 2022 · 664cb29 · 664cb29
1 parent 93c21be
commit 664cb29
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 51 deletions.
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
@@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
         return NULL;
     }
 
-    qc->keys = ngx_quic_keys_new(c->pool);
+    qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t));
     if (qc->keys == NULL) {
         return NULL;
     }

diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
@@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
 {
     ssize_t            len;
     ngx_str_t          res;
+    ngx_quic_keys_t    keys;
     ngx_quic_frame_t   frame;
     ngx_quic_header_t  pkt;
 
@@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
         return NGX_ERROR;
     }
 
-    pkt.keys = ngx_quic_keys_new(c->pool);
-    if (pkt.keys == NULL) {
-        return NGX_ERROR;
-    }
+    ngx_memzero(&keys, sizeof(ngx_quic_keys_t));
+
+    pkt.keys = &keys;
 
     if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
         != NGX_OK)

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
@@ -10,16 +10,11 @@
 #include <ngx_event_quic_connection.h>
 
 
-/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
-#define NGX_QUIC_IV_LEN               12
 /* RFC 9001, 5.4.1.  Header Protection Application: 5-byte mask */
 #define NGX_QUIC_HP_LEN               5
 
 #define NGX_QUIC_AES_128_KEY_LEN      16
 
-/* largest hash used in TLS is SHA-384 */
-#define NGX_QUIC_MAX_MD_SIZE          48
-
 #define NGX_AES_128_GCM_SHA256        0x1301
 #define NGX_AES_256_GCM_SHA384        0x1302
 #define NGX_CHACHA20_POLY1305_SHA256  0x1303
@@ -32,46 +27,13 @@
 #endif
 
 
-typedef struct {
-    size_t                    len;
-    u_char                    data[NGX_QUIC_MAX_MD_SIZE];
-} ngx_quic_md_t;
-
-
-typedef struct {
-    size_t                    len;
-    u_char                    data[NGX_QUIC_IV_LEN];
-} ngx_quic_iv_t;
-
-
 typedef struct {
     const ngx_quic_cipher_t  *c;
     const EVP_CIPHER         *hp;
     const EVP_MD             *d;
 } ngx_quic_ciphers_t;
 
 
-typedef struct ngx_quic_secret_s {
-    ngx_quic_md_t             secret;
-    ngx_quic_md_t             key;
-    ngx_quic_iv_t             iv;
-    ngx_quic_md_t             hp;
-} ngx_quic_secret_t;
-
-
-typedef struct {
-    ngx_quic_secret_t         client;
-    ngx_quic_secret_t         server;
-} ngx_quic_secrets_t;
-
-
-struct ngx_quic_keys_s {
-    ngx_quic_secrets_t        secrets[NGX_QUIC_ENCRYPTION_LAST];
-    ngx_quic_secrets_t        next_key;
-    ngx_uint_t                cipher;
-};
-
-
 typedef struct {
     size_t                    out_len;
     u_char                   *out;
@@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
 }
 
 
-ngx_quic_keys_t *
-ngx_quic_keys_new(ngx_pool_t *pool)
-{
-    return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
-}
-
-
 ngx_uint_t
 ngx_quic_keys_available(ngx_quic_keys_t *keys,
     enum ssl_encryption_level_t level)

diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
@@ -16,8 +16,46 @@
 
 #define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)
 
+/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
+#define NGX_QUIC_IV_LEN               12
+
+/* largest hash used in TLS is SHA-384 */
+#define NGX_QUIC_MAX_MD_SIZE          48
+
+
+typedef struct {
+    size_t                    len;
+    u_char                    data[NGX_QUIC_MAX_MD_SIZE];
+} ngx_quic_md_t;
+
+
+typedef struct {
+    size_t                    len;
+    u_char                    data[NGX_QUIC_IV_LEN];
+} ngx_quic_iv_t;
+
+
+typedef struct {
+    ngx_quic_md_t             secret;
+    ngx_quic_md_t             key;
+    ngx_quic_iv_t             iv;
+    ngx_quic_md_t             hp;
+} ngx_quic_secret_t;
+
+
+typedef struct {
+    ngx_quic_secret_t         client;
+    ngx_quic_secret_t         server;
+} ngx_quic_secrets_t;
+
+
+struct ngx_quic_keys_s {
+    ngx_quic_secrets_t        secrets[NGX_QUIC_ENCRYPTION_LAST];
+    ngx_quic_secrets_t        next_key;
+    ngx_uint_t                cipher;
+};
+
 
-ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
     ngx_str_t *secret, ngx_log_t *log);
 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,