# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1643195740 -10800
# Node ID d8865baab7323d9c6137e795a42be5f09e6f1ca1
# Parent  3d0fc72d409e4f359f074bdbbf98025d1c97e7f9
QUIC: removed draft versions support.

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -329,8 +329,7 @@ ngx_quic_new_connection(ngx_connection_t
         }
     }
 
-    if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid,
-                                         qc->version)
+    if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid)
         != NGX_OK)
     {
         return NULL;
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -950,8 +950,7 @@ ngx_quic_send_early_cc(ngx_connection_t 
         return NGX_ERROR;
     }
 
-    if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid,
-                                         inpkt->version)
+    if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid)
         != NGX_OK)
     {
         return NGX_ERROR;
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -146,7 +146,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic
 
 ngx_int_t
 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
-    ngx_str_t *secret, uint32_t version)
+    ngx_str_t *secret)
 {
     size_t              is_len;
     uint8_t             is[SHA256_DIGEST_LENGTH];
@@ -157,9 +157,6 @@ ngx_quic_keys_set_initial_secret(ngx_poo
     static const uint8_t salt[20] =
         "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
         "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
-    static const uint8_t salt29[20] =
-        "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97"
-        "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99";
 
     client = &keys->secrets[ssl_encryption_initial].client;
     server = &keys->secrets[ssl_encryption_initial].server;
@@ -175,7 +172,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo
     is_len = SHA256_DIGEST_LENGTH;
 
     if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
-                         (version & 0xff000000) ? salt29 : salt, sizeof(salt))
+                         salt, sizeof(salt))
         != NGX_OK)
     {
         return NGX_ERROR;
@@ -892,12 +889,8 @@ ngx_quic_create_retry_packet(ngx_quic_he
     /* 5.8.  Retry Packet Integrity */
     static u_char     key[16] =
         "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
-    static u_char     key29[16] =
-        "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1";
     static u_char     nonce[NGX_QUIC_IV_LEN] =
         "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
-    static u_char     nonce29[NGX_QUIC_IV_LEN] =
-        "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c";
     static ngx_str_t  in = ngx_string("");
 
     ad.data = res->data;
@@ -916,12 +909,10 @@ ngx_quic_create_retry_packet(ngx_quic_he
     }
 
     secret.key.len = sizeof(key);
-    secret.key.data = (pkt->version & 0xff000000) ? key29 : key;
+    secret.key.data = key;
     secret.iv.len = NGX_QUIC_IV_LEN;
 
-    if (ngx_quic_tls_seal(ciphers.c, &secret, &itag,
-                          (pkt->version & 0xff000000) ? nonce29 : nonce,
-                          &in, &ad, pkt->log)
+    if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log)
         != NGX_OK)
     {
         return NGX_ERROR;
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -19,7 +19,7 @@
 
 ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool,
-    ngx_quic_keys_t *keys, ngx_str_t *secret, uint32_t version);
+    ngx_quic_keys_t *keys, ngx_str_t *secret);
 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool,
     ngx_uint_t is_write, ngx_quic_keys_t *keys,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -73,8 +73,6 @@
 #define ngx_quic_build_int_set(p, value, len, bits)                           \
     (*(p)++ = ((value >> ((len) * 8)) & 0xff) | ((bits) << 6))
 
-#define NGX_QUIC_VERSION(c)       (0xff000000 + (c))
-
 
 static u_char *ngx_quic_parse_int(u_char *pos, u_char *end, uint64_t *out);
 static ngx_uint_t ngx_quic_varint_len(uint64_t value);
@@ -137,10 +135,6 @@ static ngx_int_t ngx_quic_parse_transpor
 uint32_t  ngx_quic_versions[] = {
     /* QUICv1 */
     0x00000001,
-    NGX_QUIC_VERSION(29),
-    NGX_QUIC_VERSION(30),
-    NGX_QUIC_VERSION(31),
-    NGX_QUIC_VERSION(32),
 };
 
 #define NGX_QUIC_NVERSIONS \