Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_tokens.c @ 9026:3550b00d9dc8 quic
QUIC: avoided pool usage in token calculation.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Tue, 31 May 2022 11:05:22 +0400 |
parents | a2fbae359828 |
children | 5b49f8bac1b4 |
comparison
equal
deleted
inserted
replaced
9025:e50f77a2d0b0 | 9026:3550b00d9dc8 |
---|---|
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 #include <ngx_sha1.h> | 10 #include <ngx_sha1.h> |
11 #include <ngx_event_quic_connection.h> | 11 #include <ngx_event_quic_connection.h> |
12 | 12 |
13 | 13 |
14 #define NGX_QUIC_MAX_TOKEN_SIZE 64 | |
15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ | |
16 | |
17 /* RFC 3602, 2.1 and 2.4 for AES-CBC block size and IV length */ | |
18 #define NGX_QUIC_AES_256_CBC_IV_LEN 16 | |
19 #define NGX_QUIC_AES_256_CBC_BLOCK_SIZE 16 | |
20 | |
21 | |
22 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, | 14 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, |
23 ngx_uint_t no_port, u_char buf[20]); | 15 ngx_uint_t no_port, u_char buf[20]); |
24 | 16 |
25 | 17 |
26 ngx_int_t | 18 ngx_int_t |
46 return NGX_OK; | 38 return NGX_OK; |
47 } | 39 } |
48 | 40 |
49 | 41 |
50 ngx_int_t | 42 ngx_int_t |
51 ngx_quic_new_token(ngx_connection_t *c, struct sockaddr *sockaddr, | 43 ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr, |
52 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid, | 44 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid, |
53 time_t exp, ngx_uint_t is_retry) | 45 time_t exp, ngx_uint_t is_retry) |
54 { | 46 { |
55 int len, iv_len; | 47 int len, iv_len; |
56 u_char *p, *iv; | 48 u_char *p, *iv; |
78 len = p - in; | 70 len = p - in; |
79 | 71 |
80 cipher = EVP_aes_256_cbc(); | 72 cipher = EVP_aes_256_cbc(); |
81 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; | 73 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; |
82 | 74 |
83 token->len = iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE; | 75 if ((size_t) (iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) > token->len) |
84 token->data = ngx_pnalloc(c->pool, token->len); | 76 { |
85 if (token->data == NULL) { | 77 ngx_log_error(NGX_LOG_ALERT, log, 0, "quic token buffer is too small"); |
86 return NGX_ERROR; | 78 return NGX_ERROR; |
87 } | 79 } |
88 | 80 |
89 ctx = EVP_CIPHER_CTX_new(); | 81 ctx = EVP_CIPHER_CTX_new(); |
90 if (ctx == NULL) { | 82 if (ctx == NULL) { |
117 token->len += len; | 109 token->len += len; |
118 | 110 |
119 EVP_CIPHER_CTX_free(ctx); | 111 EVP_CIPHER_CTX_free(ctx); |
120 | 112 |
121 #ifdef NGX_QUIC_DEBUG_PACKETS | 113 #ifdef NGX_QUIC_DEBUG_PACKETS |
122 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 114 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, |
123 "quic new token len:%uz %xV", token->len, token); | 115 "quic new token len:%uz %xV", token->len, token); |
124 #endif | 116 #endif |
125 | 117 |
126 return NGX_OK; | 118 return NGX_OK; |
127 } | 119 } |
266 return NGX_DECLINED; | 258 return NGX_DECLINED; |
267 } | 259 } |
268 | 260 |
269 if (odcid.len) { | 261 if (odcid.len) { |
270 pkt->odcid.len = odcid.len; | 262 pkt->odcid.len = odcid.len; |
271 pkt->odcid.data = ngx_pstrdup(c->pool, &odcid); | 263 pkt->odcid.data = pkt->odcid_buf; |
272 if (pkt->odcid.data == NULL) { | 264 ngx_memcpy(pkt->odcid.data, odcid.data, odcid.len); |
273 return NGX_ERROR; | |
274 } | |
275 | 265 |
276 } else { | 266 } else { |
277 pkt->odcid = pkt->dcid; | 267 pkt->odcid = pkt->dcid; |
278 } | 268 } |
279 | 269 |