Skip to content

QUIC: constant initialization #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 26, 2024
Merged

QUIC: constant initialization #243

merged 2 commits into from
Nov 26, 2024
+16 −15

Conversation

@pluknet
Copy link
Contributor

@pluknet pluknet commented Oct 7, 2024
edited
Loading

after #242

@pluknet pluknet mentioned this pull request Oct 7, 2024
Merged
arut
arut reviewed Nov 20, 2024
View reviewed changes
src/event/quic/ngx_event_quic_protection.c

static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out,
u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
Copy link
Contributor

@arut arut Nov 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The const patch does feel incomplete For example, static ngx_quic_md_t key could also be const, but it's not. I feel like the complete patch could be much bigger than that. However, since it only constifies nonce, it's ok to commit.

Copy link
Contributor Author

@pluknet pluknet Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unlike nonce, constifying ngx_quic_md_t or ngx_quic_md_t::data looks less easy & useful, because it is not directly passed to the library and breaks in various places.

OTOH, making key just static in ngx_quic_create_retry_packet() is good enough, because this eliminates few load/store instructions by moving it into the data segment.

In principle, we could leave nonce just static as well; making it also const moves from the data segment to the read-only data segment. I made it const because this can be done at no cost.

@pluknet
QUIC: constified nonce parameter of crypto functions.
c451e53 
This follows OpenSSL and BoringSSL API, and gives a hint to compiler
that this parameter may not be modified.
@pluknet
Copy link
Contributor Author

pluknet commented Nov 25, 2024

Rebased.

@pluknet
Copy link
Contributor Author

pluknet commented Nov 25, 2024

Removed extra parens.

@Maryna-f5 Maryna-f5 added this to the nginx-1.27.3 milestone Nov 25, 2024
arut
arut approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@arut arut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pluknet pluknet merged commit 3f755b5 into nginx:master Nov 26, 2024
1 check passed
@pluknet pluknet deleted the quic-crypto branch November 26, 2024 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arut arut arut approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

nginx-1.27.3

Development

Successfully merging this pull request may close these issues.

3 participants

@pluknet @arut @Maryna-f5