Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_tokens.c @ 9026:3550b00d9dc8 quic
QUIC: avoided pool usage in token calculation.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Tue, 31 May 2022 11:05:22 +0400 |
| parents | a2fbae359828 |
| children | 5b49f8bac1b4 |
comparison
equal
deleted
inserted
replaced
| 9025:e50f77a2d0b0 | 9026:3550b00d9dc8 |
|---|---|
| 9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
| 10 #include <ngx_sha1.h> | 10 #include <ngx_sha1.h> |
| 11 #include <ngx_event_quic_connection.h> | 11 #include <ngx_event_quic_connection.h> |
| 12 | 12 |
| 13 | 13 |
| 14 #define NGX_QUIC_MAX_TOKEN_SIZE 64 | |
| 15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ | |
| 16 | |
| 17 /* RFC 3602, 2.1 and 2.4 for AES-CBC block size and IV length */ | |
| 18 #define NGX_QUIC_AES_256_CBC_IV_LEN 16 | |
| 19 #define NGX_QUIC_AES_256_CBC_BLOCK_SIZE 16 | |
| 20 | |
| 21 | |
| 22 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, | 14 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, |
| 23 ngx_uint_t no_port, u_char buf[20]); | 15 ngx_uint_t no_port, u_char buf[20]); |
| 24 | 16 |
| 25 | 17 |
| 26 ngx_int_t | 18 ngx_int_t |
| 46 return NGX_OK; | 38 return NGX_OK; |
| 47 } | 39 } |
| 48 | 40 |
| 49 | 41 |
| 50 ngx_int_t | 42 ngx_int_t |
| 51 ngx_quic_new_token(ngx_connection_t *c, struct sockaddr *sockaddr, | 43 ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr, |
| 52 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid, | 44 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid, |
| 53 time_t exp, ngx_uint_t is_retry) | 45 time_t exp, ngx_uint_t is_retry) |
| 54 { | 46 { |
| 55 int len, iv_len; | 47 int len, iv_len; |
| 56 u_char *p, *iv; | 48 u_char *p, *iv; |
| 78 len = p - in; | 70 len = p - in; |
| 79 | 71 |
| 80 cipher = EVP_aes_256_cbc(); | 72 cipher = EVP_aes_256_cbc(); |
| 81 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; | 73 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; |
| 82 | 74 |
| 83 token->len = iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE; | 75 if ((size_t) (iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) > token->len) |
| 84 token->data = ngx_pnalloc(c->pool, token->len); | 76 { |
| 85 if (token->data == NULL) { | 77 ngx_log_error(NGX_LOG_ALERT, log, 0, "quic token buffer is too small"); |
| 86 return NGX_ERROR; | 78 return NGX_ERROR; |
| 87 } | 79 } |
| 88 | 80 |
| 89 ctx = EVP_CIPHER_CTX_new(); | 81 ctx = EVP_CIPHER_CTX_new(); |
| 90 if (ctx == NULL) { | 82 if (ctx == NULL) { |
| 117 token->len += len; | 109 token->len += len; |
| 118 | 110 |
| 119 EVP_CIPHER_CTX_free(ctx); | 111 EVP_CIPHER_CTX_free(ctx); |
| 120 | 112 |
| 121 #ifdef NGX_QUIC_DEBUG_PACKETS | 113 #ifdef NGX_QUIC_DEBUG_PACKETS |
| 122 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 114 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, |
| 123 "quic new token len:%uz %xV", token->len, token); | 115 "quic new token len:%uz %xV", token->len, token); |
| 124 #endif | 116 #endif |
| 125 | 117 |
| 126 return NGX_OK; | 118 return NGX_OK; |
| 127 } | 119 } |
| 266 return NGX_DECLINED; | 258 return NGX_DECLINED; |
| 267 } | 259 } |
| 268 | 260 |
| 269 if (odcid.len) { | 261 if (odcid.len) { |
| 270 pkt->odcid.len = odcid.len; | 262 pkt->odcid.len = odcid.len; |
| 271 pkt->odcid.data = ngx_pstrdup(c->pool, &odcid); | 263 pkt->odcid.data = pkt->odcid_buf; |
| 272 if (pkt->odcid.data == NULL) { | 264 ngx_memcpy(pkt->odcid.data, odcid.data, odcid.len); |
| 273 return NGX_ERROR; | |
| 274 } | |
| 275 | 265 |
| 276 } else { | 266 } else { |
| 277 pkt->odcid = pkt->dcid; | 267 pkt->odcid = pkt->dcid; |
| 278 } | 268 } |
| 279 | 269 |