# HG changeset patch # User Vladimir Homutov # Date 1658927800 -14400 # Node ID f2925c80401c9dd07a5065d648f06888b93387a0 # Parent d8b3851f172ccefcebc7623ae5ab907269ad71c1 QUIC: avoided pool usage in ngx_quic_protection.c. diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -325,7 +325,7 @@ ngx_quic_new_connection(ngx_connection_t } } - if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid) + if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log) != NGX_OK) { return NULL; diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c --- a/src/event/quic/ngx_event_quic_output.c +++ b/src/event/quic/ngx_event_quic_output.c @@ -961,7 +961,7 @@ ngx_quic_send_early_cc(ngx_connection_t return NGX_ERROR; } - if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid) + if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log) != NGX_OK) { return NGX_ERROR; diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -113,7 +113,7 @@ static ngx_int_t ngx_quic_tls_seal(const static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, ngx_quic_secret_t *s, u_char *out, u_char *in); static ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, - const EVP_MD *digest, ngx_pool_t *pool); + const EVP_MD *digest, ngx_log_t *log); static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res); @@ -179,8 +179,8 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic ngx_int_t -ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, - ngx_str_t *secret) +ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, + ngx_log_t *log) { size_t is_len; uint8_t is[SHA256_DIGEST_LENGTH]; @@ -217,12 +217,12 @@ ngx_quic_keys_set_initial_secret(ngx_poo .len = is_len }; - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, "quic ngx_quic_set_initial_secret"); #ifdef NGX_QUIC_DEBUG_CRYPTO - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "quic initial secret len:%uz %*xs", is_len, is_len, is); #endif @@ -251,7 +251,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], digest, pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) { return NGX_ERROR; } } @@ -261,7 +261,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo static ngx_int_t -ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool) +ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log) { size_t info_len; uint8_t *p; @@ -280,13 +280,13 @@ ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, h->prk, h->prk_len, info, info_len) != NGX_OK) { - ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, + ngx_ssl_error(NGX_LOG_INFO, log, 0, "ngx_hkdf_expand(%*s) failed", h->label_len, h->label); return NGX_ERROR; } #ifdef NGX_QUIC_DEBUG_CRYPTO - ngx_log_debug5(NGX_LOG_DEBUG_EVENT, pool->log, 0, + ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0, "quic expand \"%*s\" len:%uz %*xs", h->label_len, h->label, h->out_len, h->out_len, h->out); #endif @@ -667,7 +667,7 @@ failed: ngx_int_t -ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, +ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) { @@ -685,12 +685,12 @@ ngx_quic_keys_set_encryption_secret(ngx_ key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); if (key_len == NGX_ERROR) { - ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); + ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); return NGX_ERROR; } if (sizeof(peer_secret->secret.data) < secret_len) { - ngx_log_error(NGX_LOG_ALERT, pool->log, 0, + ngx_log_error(NGX_LOG_ALERT, log, 0, "unexpected secret len: %uz", secret_len); return NGX_ERROR; } @@ -712,7 +712,7 @@ ngx_quic_keys_set_encryption_secret(ngx_ }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { return NGX_ERROR; } } @@ -802,7 +802,7 @@ ngx_quic_keys_update(ngx_connection_t *c }; for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { - if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->pool) != NGX_OK) { + if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) { return NGX_ERROR; } } diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -18,9 +18,9 @@ ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); -ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, - ngx_quic_keys_t *keys, ngx_str_t *secret); -ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, +ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, + ngx_str_t *secret, ngx_log_t *log); +ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -73,7 +73,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t secret_len, rsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, cipher, rsecret, secret_len) != NGX_OK) { @@ -109,7 +109,7 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t secret_len, wsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, cipher, wsecret, secret_len) != NGX_OK) { @@ -143,7 +143,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ cipher = SSL_get_current_cipher(ssl_conn); - if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level, cipher, rsecret, secret_len) != NGX_OK) { @@ -164,7 +164,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_ secret_len, wsecret); #endif - if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level, + if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level, cipher, wsecret, secret_len) != NGX_OK) {