From 15833a15a1507d9cefa757a0ae47473aa95cd01e Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 23 May 2020 09:24:31 +0900
Subject: [PATCH] Remove tls argument from crypto lib interface
---
crypto/gnutls/gnutls.c | 4 +--
crypto/includes/ngtcp2/ngtcp2_crypto.h | 10 +++----
crypto/openssl/openssl.c | 4 +--
crypto/shared.c | 36 ++++++++++++++------------
examples/client.cc | 6 ++---
examples/server.cc | 6 ++---
6 files changed, 32 insertions(+), 34 deletions(-)
diff --git a/crypto/gnutls/gnutls.c b/crypto/gnutls/gnutls.c
index 16b0185c..e4a9b012 100644
--- a/crypto/gnutls/gnutls.c
+++ b/crypto/gnutls/gnutls.c
@@ -275,10 +275,10 @@ from_ngtcp2_level(ngtcp2_crypto_level crypto_level) {
}
}
-int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,
+int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen) {
- gnutls_session_t session = tls;
+ gnutls_session_t session = ngtcp2_conn_get_tls(conn);
int rv;
if (datalen > 0) {
diff --git a/crypto/includes/ngtcp2/ngtcp2_crypto.h b/crypto/includes/ngtcp2/ngtcp2_crypto.h
index e1c7952c..af2211dc 100644
--- a/crypto/includes/ngtcp2/ngtcp2_crypto.h
+++ b/crypto/includes/ngtcp2/ngtcp2_crypto.h
@@ -325,7 +325,7 @@ NGTCP2_EXTERN int ngtcp2_crypto_hp_mask_cb(uint8_t *dest,
* This function returns 0 if it succeeds, or -1.
*/
NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_rx_key(
- ngtcp2_conn *conn, void *tls, uint8_t *key, uint8_t *iv, uint8_t *hp,
+ ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp,
ngtcp2_crypto_level level, const uint8_t *secret, size_t secretlen);
/**
@@ -362,7 +362,7 @@ NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_rx_key(
* This function returns 0 if it succeeds, or -1.
*/
NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_tx_key(
- ngtcp2_conn *conn, void *tls, uint8_t *key, uint8_t *iv, uint8_t *hp,
+ ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp,
ngtcp2_crypto_level level, const uint8_t *secret, size_t secretlen);
/**
@@ -533,10 +533,6 @@ NGTCP2_EXTERN int ngtcp2_crypto_recv_client_initial_cb(ngtcp2_conn *conn,
* allowed to call this function with datalen == 0. In this case, no
* additional read operation is done.
*
- * |tls| points to a implementation dependent TLS session object. If
- * libngtcp2_crypto_openssl is linked, |tls| must be a pointer to SSL
- * object.
- *
* This function returns 0 if it succeeds, or a negative error code.
* The generic error code is -1 if a specific error code is not
* suitable. The error codes less than -10000 are specific to
@@ -544,7 +540,7 @@ NGTCP2_EXTERN int ngtcp2_crypto_recv_client_initial_cb(ngtcp2_conn *conn,
* defined in ngtcp2_crypto_openssl.h.
*/
NGTCP2_EXTERN int
-ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,
+ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen);
diff --git a/crypto/openssl/openssl.c b/crypto/openssl/openssl.c
index 44be050c..f7f6b6b9 100644
--- a/crypto/openssl/openssl.c
+++ b/crypto/openssl/openssl.c
@@ -315,10 +315,10 @@ from_ngtcp2_level(ngtcp2_crypto_level crypto_level) {
}
}
-int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,
+int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen) {
- SSL *ssl = tls;
+ SSL *ssl = ngtcp2_conn_get_tls(conn);
int rv;
int err;
diff --git a/crypto/shared.c b/crypto/shared.c
index aed0278e..53959894 100644
--- a/crypto/shared.c
+++ b/crypto/shared.c
@@ -145,12 +145,15 @@ int ngtcp2_crypto_update_traffic_secret(uint8_t *dest,
return 0;
}
-int ngtcp2_crypto_derive_and_install_rx_key(
- ngtcp2_conn *conn, void *tls, uint8_t *key, uint8_t *iv, uint8_t *hp_key,
- ngtcp2_crypto_level level, const uint8_t *secret, size_t secretlen) {
+int ngtcp2_crypto_derive_and_install_rx_key(ngtcp2_conn *conn, uint8_t *key,
+ uint8_t *iv, uint8_t *hp_key,
+ ngtcp2_crypto_level level,
+ const uint8_t *secret,
+ size_t secretlen) {
const ngtcp2_crypto_ctx *ctx;
const ngtcp2_crypto_aead *aead;
const ngtcp2_crypto_md *md;
+ void *tls = ngtcp2_conn_get_tls(conn);
uint8_t keybuf[64], ivbuf[64], hp_keybuf[64];
size_t keylen;
size_t ivlen;
@@ -226,12 +229,15 @@ int ngtcp2_crypto_derive_and_install_rx_key(
return 0;
}
-int ngtcp2_crypto_derive_and_install_tx_key(
- ngtcp2_conn *conn, void *tls, uint8_t *key, uint8_t *iv, uint8_t *hp_key,
- ngtcp2_crypto_level level, const uint8_t *secret, size_t secretlen) {
+int ngtcp2_crypto_derive_and_install_tx_key(ngtcp2_conn *conn, uint8_t *key,
+ uint8_t *iv, uint8_t *hp_key,
+ ngtcp2_crypto_level level,
+ const uint8_t *secret,
+ size_t secretlen) {
const ngtcp2_crypto_ctx *ctx;
const ngtcp2_crypto_aead *aead;
const ngtcp2_crypto_md *md;
+ void *tls = ngtcp2_conn_get_tls(conn);
uint8_t keybuf[64], ivbuf[64], hp_keybuf[64];
size_t keylen;
size_t ivlen;
@@ -580,8 +586,10 @@ static int crypto_set_local_transport_params(ngtcp2_conn *conn, void *tls) {
* crypto_setup_initial_crypto establishes the initial secrets and
* encryption keys, and prepares local QUIC transport parameters.
*/
-static int crypto_setup_initial_crypto(ngtcp2_conn *conn, void *tls,
+static int crypto_setup_initial_crypto(ngtcp2_conn *conn,
const ngtcp2_cid *dcid) {
+ void *tls = ngtcp2_conn_get_tls(conn);
+
if (ngtcp2_crypto_derive_and_install_initial_key(conn, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
dcid) != 0) {
@@ -593,17 +601,14 @@ static int crypto_setup_initial_crypto(ngtcp2_conn *conn, void *tls,
int ngtcp2_crypto_client_initial_cb(ngtcp2_conn *conn, void *user_data) {
const ngtcp2_cid *dcid = ngtcp2_conn_get_dcid(conn);
- void *tls = ngtcp2_conn_get_tls(conn);
(void)user_data;
- assert(tls);
-
- if (crypto_setup_initial_crypto(conn, tls, dcid) != 0) {
+ if (crypto_setup_initial_crypto(conn, dcid) != 0) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
- if (ngtcp2_crypto_read_write_crypto_data(
- conn, tls, NGTCP2_CRYPTO_LEVEL_INITIAL, NULL, 0) != 0) {
+ if (ngtcp2_crypto_read_write_crypto_data(conn, NGTCP2_CRYPTO_LEVEL_INITIAL,
+ NULL, 0) != 0) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
@@ -628,12 +633,9 @@ int ngtcp2_crypto_recv_retry_cb(ngtcp2_conn *conn, const ngtcp2_pkt_hd *hd,
int ngtcp2_crypto_recv_client_initial_cb(ngtcp2_conn *conn,
const ngtcp2_cid *dcid,
void *user_data) {
- void *tls = ngtcp2_conn_get_tls(conn);
(void)user_data;
- assert(tls);
-
- if (crypto_setup_initial_crypto(conn, tls, dcid) != 0) {
+ if (crypto_setup_initial_crypto(conn, dcid) != 0) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
diff --git a/examples/client.cc b/examples/client.cc
index 2667f6cc..753e41ea 100644
--- a/examples/client.cc
+++ b/examples/client.cc
@@ -174,12 +174,12 @@ int Client::on_key(ngtcp2_crypto_level level, const uint8_t *rx_secret,
std::array<uint8_t, 64> rx_key, rx_iv, rx_hp_key, tx_key, tx_iv, tx_hp_key;
if (ngtcp2_crypto_derive_and_install_rx_key(
- conn_, ssl_, rx_key.data(), rx_iv.data(), rx_hp_key.data(), level,
+ conn_, rx_key.data(), rx_iv.data(), rx_hp_key.data(), level,
rx_secret, secretlen) != 0) {
return -1;
}
if (ngtcp2_crypto_derive_and_install_tx_key(
- conn_, ssl_, tx_key.data(), tx_iv.data(), tx_hp_key.data(), level,
+ conn_, tx_key.data(), tx_iv.data(), tx_hp_key.data(), level,
tx_secret, secretlen) != 0) {
return -1;
}
@@ -1206,7 +1206,7 @@ void Client::write_client_handshake(ngtcp2_crypto_level level,
int Client::recv_crypto_data(ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen) {
- return ngtcp2_crypto_read_write_crypto_data(conn_, ssl_, crypto_level, data,
+ return ngtcp2_crypto_read_write_crypto_data(conn_, crypto_level, data,
datalen);
}
diff --git a/examples/server.cc b/examples/server.cc
index 3e98e9f1..6c65cbd3 100644
--- a/examples/server.cc
+++ b/examples/server.cc
@@ -95,12 +95,12 @@ int Handler::on_key(ngtcp2_crypto_level level, const uint8_t *rx_secret,
std::array<uint8_t, 64> rx_key, rx_iv, rx_hp_key, tx_key, tx_iv, tx_hp_key;
if (ngtcp2_crypto_derive_and_install_rx_key(
- conn_, ssl_, rx_key.data(), rx_iv.data(), rx_hp_key.data(), level,
+ conn_, rx_key.data(), rx_iv.data(), rx_hp_key.data(), level,
rx_secret, secretlen) != 0) {
return -1;
}
if (ngtcp2_crypto_derive_and_install_tx_key(
- conn_, ssl_, tx_key.data(), tx_iv.data(), tx_hp_key.data(), level,
+ conn_, tx_key.data(), tx_iv.data(), tx_hp_key.data(), level,
tx_secret, secretlen) != 0) {
return -1;
}
@@ -1585,7 +1585,7 @@ void Handler::write_server_handshake(ngtcp2_crypto_level level,
int Handler::recv_crypto_data(ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen) {
- return ngtcp2_crypto_read_write_crypto_data(conn_, ssl_, crypto_level, data,
+ return ngtcp2_crypto_read_write_crypto_data(conn_, crypto_level, data,
datalen);
}
--
GitLab