Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QUIC: moved variable declaration to fix build with MSVC 2010. 

Previously, ngx_quic_hkdf_t variables used declaration with assignment
in the middle of a function, which is not supported by MSVC 2010.
Fixing this also required to rewrite the ngx_quic_hkdf_set macro
and to switch to an explicit array size.
This commit is contained in:
Sergey Kandaurov 2022-11-22 18:05:35 +04:00
parent 5a00ab5877
commit 8e422fd5e8
1 changed files with 32 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/event/quic/ngx_event_quic_protection.c
View File

@ -48,12 +48,10 @@ typedef struct {
const u_char *label;
} ngx_quic_hkdf_t;
#define ngx_quic_hkdf_set(label, out, prk) \
{ \
(out)->len, (out)->data, \
(prk)->len, (prk)->data, \
(sizeof(label) - 1), (u_char *)(label), \
}
#define ngx_quic_hkdf_set(seq, _label, _out, _prk) \
(seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \
(seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \
(seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label);
static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
@ -151,6 +149,7 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
uint8_t is[SHA256_DIGEST_LENGTH];
ngx_uint_t i;
const EVP_MD *digest;
ngx_quic_hkdf_t seq[8];
ngx_quic_secret_t *client, *server;
static const uint8_t salt[20] =
@ -203,17 +202,15 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
client->iv.len = NGX_QUIC_IV_LEN;
server->iv.len = NGX_QUIC_IV_LEN;
ngx_quic_hkdf_t seq[] = {
/* labels per RFC 9001, 5.1. Packet Protection Keys */
ngx_quic_hkdf_set("tls13 client in", &client->secret, &iss),
ngx_quic_hkdf_set("tls13 quic key", &client->key, &client->secret),
ngx_quic_hkdf_set("tls13 quic iv", &client->iv, &client->secret),
ngx_quic_hkdf_set("tls13 quic hp", &client->hp, &client->secret),
ngx_quic_hkdf_set("tls13 server in", &server->secret, &iss),
ngx_quic_hkdf_set("tls13 quic key", &server->key, &server->secret),
ngx_quic_hkdf_set("tls13 quic iv", &server->iv, &server->secret),
ngx_quic_hkdf_set("tls13 quic hp", &server->hp, &server->secret),
};
/* labels per RFC 9001, 5.1. Packet Protection Keys */
ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss);
ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client->key, &client->secret);
ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret);
ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret);
ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss);
ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server->key, &server->secret);
ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret);
ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret);
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
@ -639,6 +636,7 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
ngx_int_t key_len;
ngx_str_t secret_str;
ngx_uint_t i;
ngx_quic_hkdf_t seq[3];
ngx_quic_secret_t *peer_secret;
ngx_quic_ciphers_t ciphers;
@ -670,11 +668,10 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
secret_str.len = secret_len;
secret_str.data = (u_char *) secret;
ngx_quic_hkdf_t seq[] = {
ngx_quic_hkdf_set("tls13 quic key", &peer_secret->key, &secret_str),
ngx_quic_hkdf_set("tls13 quic iv", &peer_secret->iv, &secret_str),
ngx_quic_hkdf_set("tls13 quic hp", &peer_secret->hp, &secret_str),
};
ngx_quic_hkdf_set(&seq[0], "tls13 quic key",
&peer_secret->key, &secret_str);
ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str);
ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str);
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
@ -720,6 +717,7 @@ ngx_int_t
ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys)
{
ngx_uint_t i;
ngx_quic_hkdf_t seq[6];
ngx_quic_ciphers_t ciphers;
ngx_quic_secrets_t *current, *next;
@ -744,20 +742,18 @@ ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys)
next->server.iv.len = NGX_QUIC_IV_LEN;
next->server.hp = current->server.hp;
ngx_quic_hkdf_t seq[] = {
ngx_quic_hkdf_set("tls13 quic ku",
&next->client.secret, &current->client.secret),
ngx_quic_hkdf_set("tls13 quic key",
&next->client.key, &next->client.secret),
ngx_quic_hkdf_set("tls13 quic iv",
&next->client.iv, &next->client.secret),
ngx_quic_hkdf_set("tls13 quic ku",
&next->server.secret, &current->server.secret),
ngx_quic_hkdf_set("tls13 quic key",
&next->server.key, &next->server.secret),
ngx_quic_hkdf_set("tls13 quic iv",
&next->server.iv, &next->server.secret),
};
ngx_quic_hkdf_set(&seq[0], "tls13 quic ku",
&next->client.secret, &current->client.secret);
ngx_quic_hkdf_set(&seq[1], "tls13 quic key",
&next->client.key, &next->client.secret);
ngx_quic_hkdf_set(&seq[2], "tls13 quic iv",
&next->client.iv, &next->client.secret);
ngx_quic_hkdf_set(&seq[3], "tls13 quic ku",
&next->server.secret, &current->server.secret);
ngx_quic_hkdf_set(&seq[4], "tls13 quic key",
&next->server.key, &next->server.secret);
ngx_quic_hkdf_set(&seq[5], "tls13 quic iv",
&next->server.iv, &next->server.secret);
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {