Mercurial > hg > nginx
comparison src/event/ngx_event_quic.c @ 8288:ebd5c71b9f02 quic
Got rid of memory allocation in decryption.
Static buffers are used instead in functions where decryption takes place.
The pkt->plaintext points to the beginning of a static buffer.
The pkt->payload.data points to decrypted data actual start.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 26 Mar 2020 16:54:46 +0300 |
| parents | c7185bc5b4d9 |
| children | 949b95e4d504 |
comparison
equal
deleted
inserted
replaced
| 8287:ccb9cc95ad5e | 8288:ebd5c71b9f02 |
|---|---|
| 375 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, | 375 ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp, |
| 376 ngx_quic_header_t *pkt) | 376 ngx_quic_header_t *pkt) |
| 377 { | 377 { |
| 378 ngx_quic_tp_t *ctp; | 378 ngx_quic_tp_t *ctp; |
| 379 ngx_quic_connection_t *qc; | 379 ngx_quic_connection_t *qc; |
| 380 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | |
| 380 | 381 |
| 381 if (ngx_buf_size(pkt->raw) < 1200) { | 382 if (ngx_buf_size(pkt->raw) < 1200) { |
| 382 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); | 383 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); |
| 383 return NGX_ERROR; | 384 return NGX_ERROR; |
| 384 } | 385 } |
| 446 return NGX_ERROR; | 447 return NGX_ERROR; |
| 447 } | 448 } |
| 448 | 449 |
| 449 pkt->secret = &qc->secrets.client.in; | 450 pkt->secret = &qc->secrets.client.in; |
| 450 pkt->level = ssl_encryption_initial; | 451 pkt->level = ssl_encryption_initial; |
| 451 | 452 pkt->plaintext = buf; |
| 452 if (ngx_quic_decrypt(c->pool, NULL, pkt) != NGX_OK) { | 453 |
| 454 if (ngx_quic_decrypt(pkt, NULL) != NGX_OK) { | |
| 453 return NGX_ERROR; | 455 return NGX_ERROR; |
| 454 } | 456 } |
| 455 | 457 |
| 456 if (ngx_quic_init_connection(c) != NGX_OK) { | 458 if (ngx_quic_init_connection(c) != NGX_OK) { |
| 457 return NGX_ERROR; | 459 return NGX_ERROR; |
| 530 { | 532 { |
| 531 ssize_t n; | 533 ssize_t n; |
| 532 ngx_buf_t b; | 534 ngx_buf_t b; |
| 533 ngx_connection_t *c; | 535 ngx_connection_t *c; |
| 534 ngx_quic_connection_t *qc; | 536 ngx_quic_connection_t *qc; |
| 535 | 537 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
| 536 static u_char buf[65535]; | |
| 537 | 538 |
| 538 b.start = buf; | 539 b.start = buf; |
| 539 b.end = buf + sizeof(buf); | 540 b.end = buf + sizeof(buf); |
| 540 b.pos = b.last = b.start; | 541 b.pos = b.last = b.start; |
| 541 | 542 |
| 717 static ngx_int_t | 718 static ngx_int_t |
| 718 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 719 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 719 { | 720 { |
| 720 ngx_ssl_conn_t *ssl_conn; | 721 ngx_ssl_conn_t *ssl_conn; |
| 721 ngx_quic_connection_t *qc; | 722 ngx_quic_connection_t *qc; |
| 723 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | |
| 722 | 724 |
| 723 c->log->action = "processing initial quic packet"; | 725 c->log->action = "processing initial quic packet"; |
| 724 | 726 |
| 725 qc = c->quic; | 727 qc = c->quic; |
| 726 ssl_conn = c->ssl->connection; | 728 ssl_conn = c->ssl->connection; |
| 733 return NGX_ERROR; | 735 return NGX_ERROR; |
| 734 } | 736 } |
| 735 | 737 |
| 736 pkt->secret = &qc->secrets.client.in; | 738 pkt->secret = &qc->secrets.client.in; |
| 737 pkt->level = ssl_encryption_initial; | 739 pkt->level = ssl_encryption_initial; |
| 738 | 740 pkt->plaintext = buf; |
| 739 if (ngx_quic_decrypt(c->pool, ssl_conn, pkt) != NGX_OK) { | 741 |
| 742 if (ngx_quic_decrypt(pkt, ssl_conn) != NGX_OK) { | |
| 740 return NGX_ERROR; | 743 return NGX_ERROR; |
| 741 } | 744 } |
| 742 | 745 |
| 743 return ngx_quic_payload_handler(c, pkt); | 746 return ngx_quic_payload_handler(c, pkt); |
| 744 } | 747 } |
| 746 | 749 |
| 747 static ngx_int_t | 750 static ngx_int_t |
| 748 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 751 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 749 { | 752 { |
| 750 ngx_quic_connection_t *qc; | 753 ngx_quic_connection_t *qc; |
| 754 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | |
| 751 | 755 |
| 752 c->log->action = "processing handshake quic packet"; | 756 c->log->action = "processing handshake quic packet"; |
| 753 | 757 |
| 754 qc = c->quic; | 758 qc = c->quic; |
| 755 | 759 |
| 788 return NGX_ERROR; | 792 return NGX_ERROR; |
| 789 } | 793 } |
| 790 | 794 |
| 791 pkt->secret = &qc->secrets.client.hs; | 795 pkt->secret = &qc->secrets.client.hs; |
| 792 pkt->level = ssl_encryption_handshake; | 796 pkt->level = ssl_encryption_handshake; |
| 793 | 797 pkt->plaintext = buf; |
| 794 if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) { | 798 |
| 799 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { | |
| 795 return NGX_ERROR; | 800 return NGX_ERROR; |
| 796 } | 801 } |
| 797 | 802 |
| 798 return ngx_quic_payload_handler(c, pkt); | 803 return ngx_quic_payload_handler(c, pkt); |
| 799 } | 804 } |
| 801 | 806 |
| 802 static ngx_int_t | 807 static ngx_int_t |
| 803 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 808 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
| 804 { | 809 { |
| 805 ngx_quic_connection_t *qc; | 810 ngx_quic_connection_t *qc; |
| 811 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | |
| 806 | 812 |
| 807 c->log->action = "processing application data quic packet"; | 813 c->log->action = "processing application data quic packet"; |
| 808 | 814 |
| 809 qc = c->quic; | 815 qc = c->quic; |
| 810 | 816 |
| 818 return NGX_ERROR; | 824 return NGX_ERROR; |
| 819 } | 825 } |
| 820 | 826 |
| 821 pkt->secret = &qc->secrets.client.ad; | 827 pkt->secret = &qc->secrets.client.ad; |
| 822 pkt->level = ssl_encryption_application; | 828 pkt->level = ssl_encryption_application; |
| 823 | 829 pkt->plaintext = buf; |
| 824 if (ngx_quic_decrypt(c->pool, c->ssl->connection, pkt) != NGX_OK) { | 830 |
| 831 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { | |
| 825 return NGX_ERROR; | 832 return NGX_ERROR; |
| 826 } | 833 } |
| 827 | 834 |
| 828 return ngx_quic_payload_handler(c, pkt); | 835 return ngx_quic_payload_handler(c, pkt); |
| 829 } | 836 } |
| 1372 ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, | 1379 ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, |
| 1373 enum ssl_encryption_level_t level, ngx_str_t *payload) | 1380 enum ssl_encryption_level_t level, ngx_str_t *payload) |
| 1374 { | 1381 { |
| 1375 ngx_str_t res; | 1382 ngx_str_t res; |
| 1376 ngx_quic_header_t pkt; | 1383 ngx_quic_header_t pkt; |
| 1377 static u_char buf[65535]; | 1384 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
| 1378 | 1385 |
| 1379 static ngx_str_t initial_token = ngx_null_string; | 1386 static ngx_str_t initial_token = ngx_null_string; |
| 1380 | 1387 |
| 1381 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); | 1388 ngx_memzero(&pkt, sizeof(ngx_quic_header_t)); |
| 1382 ngx_quic_hexdump0(c->log, "payload", payload->data, payload->len); | 1389 ngx_quic_hexdump0(c->log, "payload", payload->data, payload->len); |