# HG changeset patch # User Sergey Kandaurov # Date 1623855357 -10800 # Node ID e617d0ba387a7b0e5ad46ecc87f9f51ee1e90953 # Parent ef8276c8ccff4d64f7d62c4b983dc88e3727ca94 QUIC: optimized initial secrets key length computation. AES-128 key length is known in compile time. diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -15,6 +15,8 @@ /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ #define NGX_QUIC_HP_LEN 5 +#define NGX_QUIC_AES_128_KEY_LEN 16 + #define NGX_AES_128_GCM_SHA256 0x1301 #define NGX_AES_256_GCM_SHA384 0x1302 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 @@ -150,7 +152,6 @@ ngx_quic_keys_set_initial_secret(ngx_poo uint8_t is[SHA256_DIGEST_LENGTH]; ngx_uint_t i; const EVP_MD *digest; - const EVP_CIPHER *cipher; ngx_quic_secret_t *client, *server; static const uint8_t salt[20] = @@ -170,7 +171,6 @@ ngx_quic_keys_set_initial_secret(ngx_poo * for HKDF when deriving initial secrets and keys is SHA-256. */ - cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); is_len = SHA256_DIGEST_LENGTH; @@ -198,11 +198,11 @@ ngx_quic_keys_set_initial_secret(ngx_poo client->secret.len = SHA256_DIGEST_LENGTH; server->secret.len = SHA256_DIGEST_LENGTH; - client->key.len = EVP_CIPHER_key_length(cipher); - server->key.len = EVP_CIPHER_key_length(cipher); + client->key.len = NGX_QUIC_AES_128_KEY_LEN; + server->key.len = NGX_QUIC_AES_128_KEY_LEN; - client->hp.len = EVP_CIPHER_key_length(cipher); - server->hp.len = EVP_CIPHER_key_length(cipher); + client->hp.len = NGX_QUIC_AES_128_KEY_LEN; + server->hp.len = NGX_QUIC_AES_128_KEY_LEN; client->iv.len = NGX_QUIC_IV_LEN; server->iv.len = NGX_QUIC_IV_LEN;