From cfbd3c709707f8243440ed316a83120591bb0e85 Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Wed, 16 Jun 2021 17:55:57 +0300 Subject: [PATCH] QUIC: optimized initial secrets key length computation. AES-128 key length is known in compile time. --- src/event/quic/ngx_event_quic_protection.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c index 156bfa3cf..5bb81c87c 100644 --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -15,6 +15,8 @@ /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ #define NGX_QUIC_HP_LEN 5 +#define NGX_QUIC_AES_128_KEY_LEN 16 + #define NGX_AES_128_GCM_SHA256 0x1301 #define NGX_AES_256_GCM_SHA384 0x1302 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 @@ -150,7 +152,6 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, uint8_t is[SHA256_DIGEST_LENGTH]; ngx_uint_t i; const EVP_MD *digest; - const EVP_CIPHER *cipher; ngx_quic_secret_t *client, *server; static const uint8_t salt[20] = @@ -170,7 +171,6 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, * for HKDF when deriving initial secrets and keys is SHA-256. */ - cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); is_len = SHA256_DIGEST_LENGTH; @@ -198,11 +198,11 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, client->secret.len = SHA256_DIGEST_LENGTH; server->secret.len = SHA256_DIGEST_LENGTH; - client->key.len = EVP_CIPHER_key_length(cipher); - server->key.len = EVP_CIPHER_key_length(cipher); + client->key.len = NGX_QUIC_AES_128_KEY_LEN; + server->key.len = NGX_QUIC_AES_128_KEY_LEN; - client->hp.len = EVP_CIPHER_key_length(cipher); - server->hp.len = EVP_CIPHER_key_length(cipher); + client->hp.len = NGX_QUIC_AES_128_KEY_LEN; + server->hp.len = NGX_QUIC_AES_128_KEY_LEN; client->iv.len = NGX_QUIC_IV_LEN; server->iv.len = NGX_QUIC_IV_LEN;