# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1623855261 -10800
# Node ID ef8276c8ccff4d64f7d62c4b983dc88e3727ca94
# Parent  fc5719637aff8b2429941592cc70fc8b469bbd54
QUIC: consistent use of 12-byte buffers in nonce computation.

All supported cipher suites produce 96-bit IV (RFC 5116, 5.1, RFC 8439, 2.3).
This eliminates a few magic numbers and run-time overhead.

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -204,8 +204,8 @@ ngx_quic_keys_set_initial_secret(ngx_poo
     client->hp.len = EVP_CIPHER_key_length(cipher);
     server->hp.len = EVP_CIPHER_key_length(cipher);
 
-    client->iv.len = EVP_CIPHER_iv_length(cipher);
-    server->iv.len = EVP_CIPHER_iv_length(cipher);
+    client->iv.len = NGX_QUIC_IV_LEN;
+    server->iv.len = NGX_QUIC_IV_LEN;
 
     struct {
         ngx_str_t   label;
@@ -793,12 +793,12 @@ ngx_quic_keys_update(ngx_connection_t *c
 
     next->client.secret.len = current->client.secret.len;
     next->client.key.len = current->client.key.len;
-    next->client.iv.len = current->client.iv.len;
+    next->client.iv.len = NGX_QUIC_IV_LEN;
     next->client.hp = current->client.hp;
 
     next->server.secret.len = current->server.secret.len;
     next->server.key.len = current->server.key.len;
-    next->server.iv.len = current->server.iv.len;
+    next->server.iv.len = NGX_QUIC_IV_LEN;
     next->server.hp = current->server.hp;
 
     struct {
@@ -860,7 +860,7 @@ ngx_quic_create_packet(ngx_quic_header_t
     ngx_uint_t           i;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    u_char               nonce[12], mask[NGX_QUIC_HP_LEN];
+    u_char               nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
 
     out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
 
@@ -924,9 +924,9 @@ ngx_quic_create_retry_packet(ngx_quic_he
         "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
     static u_char     key29[16] =
         "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1";
-    static u_char     nonce[12] =
+    static u_char     nonce[NGX_QUIC_IV_LEN] =
         "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
-    static u_char     nonce29[12] =
+    static u_char     nonce29[NGX_QUIC_IV_LEN] =
         "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c";
     static ngx_str_t  in = ngx_string("");
 
@@ -947,7 +947,7 @@ ngx_quic_create_retry_packet(ngx_quic_he
 
     secret.key.len = sizeof(key);
     secret.key.data = (pkt->version & 0xff000000) ? key29 : key;
-    secret.iv.len = sizeof(nonce);
+    secret.iv.len = NGX_QUIC_IV_LEN;
 
     if (ngx_quic_tls_seal(ciphers.c, &secret, &itag,
                           (pkt->version & 0xff000000) ? nonce29 : nonce,
@@ -1087,7 +1087,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     ngx_str_t            in, ad;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    uint8_t              nonce[12], mask[NGX_QUIC_HP_LEN];
+    uint8_t              nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
 
     if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
     {