diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2026-02-25 21:07:01 +0400 |
|---|---|---|
| committer | Sergey Kandaurov <s.kandaurov@f5.com> | 2026-02-26 18:05:07 +0400 |
| commit | 2f039e6f7233c7fd9ab88888642410352572c089 (patch) | |
| tree | 2793e766ed71899e0748e8d65d22dd849e375af4 /src/event | |
| parent | 578c91818f1d68797323d6029e17a441a7438506 (diff) | |
| download | nginx-2f039e6f7233c7fd9ab88888642410352572c089.tar.gz nginx-2f039e6f7233c7fd9ab88888642410352572c089.tar.bz2 | |
QUIC: refactored ngx_quic_address_hash().
Now it accepts an optional salt, to be used in a subsequent change.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/quic/ngx_event_quic.c | 6 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_connection.h | 2 | ||||
| -rw-r--r-- | src/event/quic/ngx_event_quic_tokens.c | 5 |
3 files changed, 9 insertions, 4 deletions
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c index 096e8327f..09ce4b81e 100644 --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c @@ -1475,7 +1475,7 @@ ngx_quic_shutdown_quic(ngx_connection_t *c) void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, - ngx_uint_t no_port, u_char buf[20]) + ngx_uint_t no_port, u_char *salt, size_t saltlen, u_char buf[20]) { size_t len; u_char *data; @@ -1514,5 +1514,9 @@ ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, ngx_sha1_init(&sha1); ngx_sha1_update(&sha1, data, len); + if (salt) { + ngx_sha1_update(&sha1, salt, saltlen); + } + ngx_sha1_final(buf, &sha1); } diff --git a/src/event/quic/ngx_event_quic_connection.h b/src/event/quic/ngx_event_quic_connection.h index e84e754d8..efcb632ca 100644 --- a/src/event/quic/ngx_event_quic_connection.h +++ b/src/event/quic/ngx_event_quic_connection.h @@ -315,7 +315,7 @@ void ngx_quic_discard_ctx(ngx_connection_t *c, ngx_uint_t level); void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc); void ngx_quic_shutdown_quic(ngx_connection_t *c); void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, - ngx_uint_t no_port, u_char buf[20]); + ngx_uint_t no_port, u_char *salt, size_t saltlen, u_char buf[20]); #if (NGX_DEBUG) void ngx_quic_connstate_dbg(ngx_connection_t *c); diff --git a/src/event/quic/ngx_event_quic_tokens.c b/src/event/quic/ngx_event_quic_tokens.c index 89d318157..6c94d5c18 100644 --- a/src/event/quic/ngx_event_quic_tokens.c +++ b/src/event/quic/ngx_event_quic_tokens.c @@ -46,7 +46,7 @@ ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr, u_char in[NGX_QUIC_MAX_TOKEN_SIZE]; - ngx_quic_address_hash(sockaddr, socklen, !is_retry, in); + ngx_quic_address_hash(sockaddr, socklen, !is_retry, NULL, 0, in); p = in + 20; @@ -207,7 +207,8 @@ ngx_quic_validate_token(ngx_connection_t *c, u_char *key, pkt->retried = (*p++ == 1); - ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, addr_hash); + ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, NULL, 0, + addr_hash); if (ngx_memcmp(tdec, addr_hash, 20) != 0) { goto bad_token; |