diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c index e82fe129ac9..a1abd267db4 100644 --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -238,7 +238,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf, return NULL; } - qc->keys = ngx_quic_keys_new(c->pool); + qc->keys = ngx_pcalloc(c->pool, sizeof(ngx_quic_keys_t)); if (qc->keys == NULL) { return NULL; } diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c index 720b8fccc23..c656c527ee2 100644 --- a/src/event/quic/ngx_event_quic_output.c +++ b/src/event/quic/ngx_event_quic_output.c @@ -928,6 +928,7 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt, { ssize_t len; ngx_str_t res; + ngx_quic_keys_t keys; ngx_quic_frame_t frame; ngx_quic_header_t pkt; @@ -956,10 +957,9 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt, return NGX_ERROR; } - pkt.keys = ngx_quic_keys_new(c->pool); - if (pkt.keys == NULL) { - return NGX_ERROR; - } + ngx_memzero(&keys, sizeof(ngx_quic_keys_t)); + + pkt.keys = &keys; if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log) != NGX_OK) diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c index 03f7b5c2b83..2b68349884b 100644 --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -10,16 +10,11 @@ #include -/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ -#define NGX_QUIC_IV_LEN 12 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ #define NGX_QUIC_HP_LEN 5 #define NGX_QUIC_AES_128_KEY_LEN 16 -/* largest hash used in TLS is SHA-384 */ -#define NGX_QUIC_MAX_MD_SIZE 48 - #define NGX_AES_128_GCM_SHA256 0x1301 #define NGX_AES_256_GCM_SHA384 0x1302 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 @@ -32,18 +27,6 @@ #endif -typedef struct { - size_t len; - u_char data[NGX_QUIC_MAX_MD_SIZE]; -} ngx_quic_md_t; - - -typedef struct { - size_t len; - u_char data[NGX_QUIC_IV_LEN]; -} ngx_quic_iv_t; - - typedef struct { const ngx_quic_cipher_t *c; const EVP_CIPHER *hp; @@ -51,27 +34,6 @@ typedef struct { } ngx_quic_ciphers_t; -typedef struct ngx_quic_secret_s { - ngx_quic_md_t secret; - ngx_quic_md_t key; - ngx_quic_iv_t iv; - ngx_quic_md_t hp; -} ngx_quic_secret_t; - - -typedef struct { - ngx_quic_secret_t client; - ngx_quic_secret_t server; -} ngx_quic_secrets_t; - - -struct ngx_quic_keys_s { - ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST]; - ngx_quic_secrets_t next_key; - ngx_uint_t cipher; -}; - - typedef struct { size_t out_len; u_char *out; @@ -721,13 +683,6 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, } -ngx_quic_keys_t * -ngx_quic_keys_new(ngx_pool_t *pool) -{ - return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t)); -} - - ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, enum ssl_encryption_level_t level) diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h index a9d72127496..c8dc26bd199 100644 --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -16,8 +16,46 @@ #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) +/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ +#define NGX_QUIC_IV_LEN 12 + +/* largest hash used in TLS is SHA-384 */ +#define NGX_QUIC_MAX_MD_SIZE 48 + + +typedef struct { + size_t len; + u_char data[NGX_QUIC_MAX_MD_SIZE]; +} ngx_quic_md_t; + + +typedef struct { + size_t len; + u_char data[NGX_QUIC_IV_LEN]; +} ngx_quic_iv_t; + + +typedef struct { + ngx_quic_md_t secret; + ngx_quic_md_t key; + ngx_quic_iv_t iv; + ngx_quic_md_t hp; +} ngx_quic_secret_t; + + +typedef struct { + ngx_quic_secret_t client; + ngx_quic_secret_t server; +} ngx_quic_secrets_t; + + +struct ngx_quic_keys_s { + ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST]; + ngx_quic_secrets_t next_key; + ngx_uint_t cipher; +}; + -ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, ngx_log_t *log); ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,