QUIC: avoided pool usage in ngx_quic_protection.c.

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 834e7935f9f9e75328b20deb53f84b48bd1bf357..e82fe129ac9bb52920fe4ef5c49585a6bd7c56de 100644 (file)
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -325,7 +325,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
         }
     }
 
-    if (ngx_quic_keys_set_initial_secret(c->pool, qc->keys, &pkt->dcid)
+    if (ngx_quic_keys_set_initial_secret(qc->keys, &pkt->dcid, c->log)
         != NGX_OK)
     {
         return NULL;

diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
index b72d3319e6e1cfba39424faead9e9fc075288e98..720b8fccc230f14361e27d2ea860184e2313766c 100644 (file)
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -961,7 +961,7 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
         return NGX_ERROR;
     }
 
-    if (ngx_quic_keys_set_initial_secret(c->pool, pkt.keys, &inpkt->dcid)
+    if (ngx_quic_keys_set_initial_secret(pkt.keys, &inpkt->dcid, c->log)
         != NGX_OK)
     {
         return NGX_ERROR;

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
index 61ca9994f0b6ba6f7ff749267eb221911eb4e3f1..03f7b5c2b837d7d0d49db3a756ad45ec287fbda1 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -113,7 +113,7 @@ static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
     ngx_quic_secret_t *s, u_char *out, u_char *in);
 static ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf,
-    const EVP_MD *digest, ngx_pool_t *pool);
+    const EVP_MD *digest, ngx_log_t *log);
 
 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
     ngx_str_t *res);
@@ -179,8 +179,8 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
 
 
 ngx_int_t
-ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
-    ngx_str_t *secret)
+ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
+    ngx_log_t *log)
 {
     size_t              is_len;
     uint8_t             is[SHA256_DIGEST_LENGTH];
@@ -217,12 +217,12 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
         .len = is_len
     };
 
-    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
                    "quic ngx_quic_set_initial_secret");
 #ifdef NGX_QUIC_DEBUG_CRYPTO
-    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
                    "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt);
-    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
                    "quic initial secret len:%uz %*xs", is_len, is_len, is);
 #endif
 
@@ -251,7 +251,7 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
     };
 
     for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
-        if (ngx_quic_hkdf_expand(&seq[i], digest, pool) != NGX_OK) {
+        if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
             return NGX_ERROR;
         }
     }
@@ -261,7 +261,7 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
 
 
 static ngx_int_t
-ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool)
+ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log)
 {
     size_t    info_len;
     uint8_t  *p;
@@ -280,13 +280,13 @@ ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_pool_t *pool)
                         h->prk, h->prk_len, info, info_len)
         != NGX_OK)
     {
-        ngx_ssl_error(NGX_LOG_INFO, pool->log, 0,
+        ngx_ssl_error(NGX_LOG_INFO, log, 0,
                       "ngx_hkdf_expand(%*s) failed", h->label_len, h->label);
         return NGX_ERROR;
     }
 
 #ifdef NGX_QUIC_DEBUG_CRYPTO
-    ngx_log_debug5(NGX_LOG_DEBUG_EVENT, pool->log, 0,
+    ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0,
                    "quic expand \"%*s\" len:%uz %*xs",
                    h->label_len, h->label, h->out_len, h->out_len, h->out);
 #endif
@@ -667,7 +667,7 @@ failed:
 
 
 ngx_int_t
-ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
+ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
     ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
     const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
 {
@@ -685,12 +685,12 @@ ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
     key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
 
     if (key_len == NGX_ERROR) {
-        ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher");
+        ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
         return NGX_ERROR;
     }
 
     if (sizeof(peer_secret->secret.data) < secret_len) {
-        ngx_log_error(NGX_LOG_ALERT, pool->log, 0,
+        ngx_log_error(NGX_LOG_ALERT, log, 0,
                       "unexpected secret len: %uz", secret_len);
         return NGX_ERROR;
     }
@@ -712,7 +712,7 @@ ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
     };
 
     for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
-        if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, pool) != NGX_OK) {
+        if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
             return NGX_ERROR;
         }
     }
@@ -802,7 +802,7 @@ ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys)
     };
 
     for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
-        if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->pool) != NGX_OK) {
+        if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
             return NGX_ERROR;
         }
     }

diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
index ff375b5101becab635d5b1c4282a9b2c57a6e123..a9d72127496e7c538e6aa1f48974a101595517e3 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -18,9 +18,9 @@
 
 
 ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
-ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool,
-    ngx_quic_keys_t *keys, ngx_str_t *secret);
-ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool,
+ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
+    ngx_str_t *secret, ngx_log_t *log);
+ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
     ngx_uint_t is_write, ngx_quic_keys_t *keys,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 41a0ccff88b6970ba4a5588863643e8cfc88427e..aacea02a200bfea085ba9fd32cce22946ab7fee4 100644 (file)
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -73,7 +73,7 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
                    secret_len, rsecret);
 #endif
 
-    if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+    if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
                                             cipher, rsecret, secret_len)
         != NGX_OK)
     {
@@ -109,7 +109,7 @@ ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
                    secret_len, wsecret);
 #endif
 
-    if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+    if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
                                             cipher, wsecret, secret_len)
         != NGX_OK)
     {
@@ -143,7 +143,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
 
     cipher = SSL_get_current_cipher(ssl_conn);
 
-    if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+    if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
                                             cipher, rsecret, secret_len)
         != NGX_OK)
     {
@@ -164,7 +164,7 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
                    secret_len, wsecret);
 #endif
 
-    if (ngx_quic_keys_set_encryption_secret(c->pool, 1, qc->keys, level,
+    if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
                                             cipher, wsecret, secret_len)
         != NGX_OK)
     {