quic_conn_enc_level_init() location is definitively in QUIC TLS API source file:
src/quic_tls.c.
extern struct pool_head *pool_head_quic_tx_ring;
extern struct pool_head *pool_head_quic_rx_packet;
extern struct pool_head *pool_head_quic_tx_packet;
+extern struct pool_head *pool_head_quic_crypto_buf;
extern struct pool_head *pool_head_quic_frame;
extern struct pool_head *pool_head_quic_dgram;
extern struct pool_head *pool_head_quic_connection_id;
int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
+struct quic_cstream *quic_cstream_new(struct quic_conn *qc);
+struct quic_cstream *quic_cstream_new(struct quic_conn *qc);
+void quic_cstream_free(struct quic_cstream *cs);
/* Return the long packet type matching with <qv> version and <type> */
static inline int quic_pkt_type(int type, uint32_t version)
void quic_tls_kp_keys_hexdump(struct buffer *buf,
const struct quic_tls_kp *kp);
+int quic_conn_enc_level_init(struct quic_conn *qc,
+ enum quic_tls_enc_level level);
+void quic_conn_enc_level_uninit(struct quic_conn *qc, struct quic_enc_level *qel);
void quic_tls_secret_hexdump(struct buffer *buf,
const unsigned char *secret, size_t secret_len);
DECLARE_POOL(pool_head_quic_rx_packet, "quic_rx_packet", sizeof(struct quic_rx_packet));
DECLARE_POOL(pool_head_quic_tx_packet, "quic_tx_packet", sizeof(struct quic_tx_packet));
DECLARE_STATIC_POOL(pool_head_quic_rx_crypto_frm, "quic_rx_crypto_frm", sizeof(struct quic_rx_crypto_frm));
-DECLARE_STATIC_POOL(pool_head_quic_crypto_buf, "quic_crypto_buf", sizeof(struct quic_crypto_buf));
+DECLARE_POOL(pool_head_quic_crypto_buf, "quic_crypto_buf", sizeof(struct quic_crypto_buf));
DECLARE_STATIC_POOL(pool_head_quic_cstream, "quic_cstream", sizeof(struct quic_cstream));
DECLARE_POOL(pool_head_quic_frame, "quic_frame", sizeof(struct quic_frame));
DECLARE_STATIC_POOL(pool_head_quic_arng, "quic_arng", sizeof(struct quic_arng_node));
goto leave;
}
-/* Uninitialize <qel> QUIC encryption level. Never fails. */
-static void quic_conn_enc_level_uninit(struct quic_conn *qc, struct quic_enc_level *qel)
-{
- int i;
-
- TRACE_ENTER(QUIC_EV_CONN_CLOSE, qc);
-
- for (i = 0; i < qel->tx.crypto.nb_buf; i++) {
- if (qel->tx.crypto.bufs[i]) {
- pool_free(pool_head_quic_crypto_buf, qel->tx.crypto.bufs[i]);
- qel->tx.crypto.bufs[i] = NULL;
- }
- }
- ha_free(&qel->tx.crypto.bufs);
- quic_cstream_free(qel->cstream);
-
- TRACE_LEAVE(QUIC_EV_CONN_CLOSE, qc);
-}
-
-/* Initialize QUIC TLS encryption level with <level<> as level for <qc> QUIC
- * connection allocating everything needed.
- *
- * Returns 1 if succeeded, 0 if not. On error the caller is responsible to use
- * quic_conn_enc_level_uninit() to cleanup partially allocated content.
- */
-static int quic_conn_enc_level_init(struct quic_conn *qc,
- enum quic_tls_enc_level level)
-{
- int ret = 0;
- struct quic_enc_level *qel;
-
- TRACE_ENTER(QUIC_EV_CONN_CLOSE, qc);
-
- qel = &qc->els[level];
- qel->level = quic_to_ssl_enc_level(level);
- qel->tls_ctx.rx.aead = qel->tls_ctx.tx.aead = NULL;
- qel->tls_ctx.rx.md = qel->tls_ctx.tx.md = NULL;
- qel->tls_ctx.rx.hp = qel->tls_ctx.tx.hp = NULL;
- qel->tls_ctx.flags = 0;
-
- qel->rx.pkts = EB_ROOT;
- LIST_INIT(&qel->rx.pqpkts);
-
- /* Allocate only one buffer. */
- /* TODO: use a pool */
- qel->tx.crypto.bufs = malloc(sizeof *qel->tx.crypto.bufs);
- if (!qel->tx.crypto.bufs)
- goto leave;
-
- qel->tx.crypto.bufs[0] = pool_alloc(pool_head_quic_crypto_buf);
- if (!qel->tx.crypto.bufs[0])
- goto leave;
-
- qel->tx.crypto.bufs[0]->sz = 0;
- qel->tx.crypto.nb_buf = 1;
-
- qel->tx.crypto.sz = 0;
- qel->tx.crypto.offset = 0;
- /* No CRYPTO data for early data TLS encryption level */
- if (level == QUIC_TLS_ENC_LEVEL_EARLY_DATA)
- qel->cstream = NULL;
- else {
- qel->cstream = quic_cstream_new(qc);
- if (!qel->cstream)
- goto leave;
- }
-
- ret = 1;
- leave:
- TRACE_LEAVE(QUIC_EV_CONN_CLOSE, qc);
- return ret;
-}
-
/* Return 1 if <qc> connection may probe the Initial packet number space, 0 if not.
* This is not the case if the remote peer address is not validated and if
* it cannot send at least QUIC_INITIAL_PACKET_MINLEN bytes.
#include <haproxy/buf.h>
#include <haproxy/chunk.h>
#include <haproxy/pool.h>
-#include <haproxy/quic_conn-t.h>
+#include <haproxy/quic_conn.h>
DECLARE_POOL(pool_head_quic_tls_secret, "quic_tls_secret", QUIC_TLS_SECRET_LEN);
chunk_appendf(buf, "%02x", secret[i]);
}
+/* Initialize QUIC TLS encryption level with <level<> as level for <qc> QUIC
+ * connection allocating everything needed.
+ *
+ * Returns 1 if succeeded, 0 if not. On error the caller is responsible to use
+ * quic_conn_enc_level_uninit() to cleanup partially allocated content.
+ */
+int quic_conn_enc_level_init(struct quic_conn *qc,
+ enum quic_tls_enc_level level)
+{
+ int ret = 0;
+ struct quic_enc_level *qel;
+
+ TRACE_ENTER(QUIC_EV_CONN_CLOSE, qc);
+
+ qel = &qc->els[level];
+ qel->level = quic_to_ssl_enc_level(level);
+ qel->tls_ctx.rx.aead = qel->tls_ctx.tx.aead = NULL;
+ qel->tls_ctx.rx.md = qel->tls_ctx.tx.md = NULL;
+ qel->tls_ctx.rx.hp = qel->tls_ctx.tx.hp = NULL;
+ qel->tls_ctx.flags = 0;
+
+ qel->rx.pkts = EB_ROOT;
+ LIST_INIT(&qel->rx.pqpkts);
+
+ /* Allocate only one buffer. */
+ /* TODO: use a pool */
+ qel->tx.crypto.bufs = malloc(sizeof *qel->tx.crypto.bufs);
+ if (!qel->tx.crypto.bufs)
+ goto leave;
+
+ qel->tx.crypto.bufs[0] = pool_alloc(pool_head_quic_crypto_buf);
+ if (!qel->tx.crypto.bufs[0])
+ goto leave;
+
+ qel->tx.crypto.bufs[0]->sz = 0;
+ qel->tx.crypto.nb_buf = 1;
+
+ qel->tx.crypto.sz = 0;
+ qel->tx.crypto.offset = 0;
+ /* No CRYPTO data for early data TLS encryption level */
+ if (level == QUIC_TLS_ENC_LEVEL_EARLY_DATA)
+ qel->cstream = NULL;
+ else {
+ qel->cstream = quic_cstream_new(qc);
+ if (!qel->cstream)
+ goto leave;
+ }
+
+ ret = 1;
+ leave:
+ TRACE_LEAVE(QUIC_EV_CONN_CLOSE, qc);
+ return ret;
+}
+
+/* Uninitialize <qel> QUIC encryption level. Never fails. */
+void quic_conn_enc_level_uninit(struct quic_conn *qc, struct quic_enc_level *qel)
+{
+ int i;
+
+ TRACE_ENTER(QUIC_EV_CONN_CLOSE, qc);
+
+ for (i = 0; i < qel->tx.crypto.nb_buf; i++) {
+ if (qel->tx.crypto.bufs[i]) {
+ pool_free(pool_head_quic_crypto_buf, qel->tx.crypto.bufs[i]);
+ qel->tx.crypto.bufs[i] = NULL;
+ }
+ }
+ ha_free(&qel->tx.crypto.bufs);
+ quic_cstream_free(qel->cstream);
+
+ TRACE_LEAVE(QUIC_EV_CONN_CLOSE, qc);
+}
+
int quic_hkdf_extract(const EVP_MD *md,
unsigned char *buf, size_t buflen,
const unsigned char *key, size_t keylen,
projects / thirdparty / haproxy.git / commitdiff
