deps: update ngtcp2 to 1.5.0

deps/ngtcp2/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h

@@ -540,7 +540,7 @@ NGTCP2_EXTERN int ngtcp2_crypto_generate_stateless_reset_token(
  * `ngtcp2_crypto_generate_retry_token` or
  * `ngtcp2_crypto_generate_regular_token`.
  */
-#define NGTCP2_CRYPTO_TOKEN_RAND_DATALEN 32
+#define NGTCP2_CRYPTO_TOKEN_RAND_DATALEN 16
 
 /**
  * @macro

deps/ngtcp2/ngtcp2/crypto/shared.c

@@ -923,10 +923,11 @@ ngtcp2_ssize ngtcp2_crypto_generate_retry_token(
     uint8_t *token, const uint8_t *secret, size_t secretlen, uint32_t version,
     const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen,
     const ngtcp2_cid *retry_scid, const ngtcp2_cid *odcid, ngtcp2_tstamp ts) {
-  uint8_t plaintext[NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN];
+  uint8_t
+      plaintext[/* cid len = */ 1 + NGTCP2_MAX_CIDLEN + sizeof(ngtcp2_tstamp)];
   uint8_t rand_data[NGTCP2_CRYPTO_TOKEN_RAND_DATALEN];
-  uint8_t key[32];
-  uint8_t iv[32];
+  uint8_t key[16];
+  uint8_t iv[12];
   size_t keylen;
   size_t ivlen;
   ngtcp2_crypto_aead aead;
@@ -962,8 +963,8 @@ ngtcp2_ssize ngtcp2_crypto_generate_retry_token(
   keylen = ngtcp2_crypto_aead_keylen(&aead);
   ivlen = ngtcp2_crypto_aead_noncelen(&aead);
 
-  assert(sizeof(key) >= keylen);
-  assert(sizeof(iv) >= ivlen);
+  assert(sizeof(key) == keylen);
+  assert(sizeof(iv) == ivlen);
 
   if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
                               rand_data, sizeof(rand_data),
@@ -1005,8 +1006,8 @@ int ngtcp2_crypto_verify_retry_token(
     const ngtcp2_cid *dcid, ngtcp2_duration timeout, ngtcp2_tstamp ts) {
   uint8_t
       plaintext[/* cid len = */ 1 + NGTCP2_MAX_CIDLEN + sizeof(ngtcp2_tstamp)];
-  uint8_t key[32];
-  uint8_t iv[32];
+  uint8_t key[16];
+  uint8_t iv[12];
   size_t keylen;
   size_t ivlen;
   ngtcp2_crypto_aead_ctx aead_ctx;
@@ -1039,6 +1040,9 @@ int ngtcp2_crypto_verify_retry_token(
   keylen = ngtcp2_crypto_aead_keylen(&aead);
   ivlen = ngtcp2_crypto_aead_noncelen(&aead);
 
+  assert(sizeof(key) == keylen);
+  assert(sizeof(iv) == ivlen);
+
   if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
                               rand_data, NGTCP2_CRYPTO_TOKEN_RAND_DATALEN,
                               retry_token_info_prefix,
@@ -1114,8 +1118,8 @@ ngtcp2_ssize ngtcp2_crypto_generate_regular_token(
     ngtcp2_tstamp ts) {
   uint8_t plaintext[sizeof(ngtcp2_tstamp)];
   uint8_t rand_data[NGTCP2_CRYPTO_TOKEN_RAND_DATALEN];
-  uint8_t key[32];
-  uint8_t iv[32];
+  uint8_t key[16];
+  uint8_t iv[12];
   size_t keylen;
   size_t ivlen;
   ngtcp2_crypto_aead aead;
@@ -1144,8 +1148,8 @@ ngtcp2_ssize ngtcp2_crypto_generate_regular_token(
   keylen = ngtcp2_crypto_aead_keylen(&aead);
   ivlen = ngtcp2_crypto_aead_noncelen(&aead);
 
-  assert(sizeof(key) >= keylen);
-  assert(sizeof(iv) >= ivlen);
+  assert(sizeof(key) == keylen);
+  assert(sizeof(iv) == ivlen);
 
   if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
                               rand_data, sizeof(rand_data),
@@ -1186,8 +1190,8 @@ int ngtcp2_crypto_verify_regular_token(const uint8_t *token, size_t tokenlen,
                                        ngtcp2_duration timeout,
                                        ngtcp2_tstamp ts) {
   uint8_t plaintext[sizeof(ngtcp2_tstamp)];
-  uint8_t key[32];
-  uint8_t iv[32];
+  uint8_t key[16];
+  uint8_t iv[12];
   size_t keylen;
   size_t ivlen;
   ngtcp2_crypto_aead_ctx aead_ctx;
@@ -1217,6 +1221,9 @@ int ngtcp2_crypto_verify_regular_token(const uint8_t *token, size_t tokenlen,
   keylen = ngtcp2_crypto_aead_keylen(&aead);
   ivlen = ngtcp2_crypto_aead_noncelen(&aead);
 
+  assert(sizeof(key) == keylen);
+  assert(sizeof(iv) == ivlen);
+
   if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
                               rand_data, NGTCP2_CRYPTO_TOKEN_RAND_DATALEN,
                               regular_token_info_prefix,

deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/ngtcp2.h

@@ -1689,7 +1689,8 @@ typedef enum ngtcp2_token_type {
 } ngtcp2_token_type;
 
 #define NGTCP2_SETTINGS_V1 1
-#define NGTCP2_SETTINGS_VERSION NGTCP2_SETTINGS_V1
+#define NGTCP2_SETTINGS_V2 2
+#define NGTCP2_SETTINGS_VERSION NGTCP2_SETTINGS_V2
 
 /**
  * @struct
@@ -1723,8 +1724,7 @@ typedef struct ngtcp2_settings {
   ngtcp2_printf log_printf;
   /**
    * :member:`max_tx_udp_payload_size` is the maximum size of UDP
-   * datagram payload that the local endpoint transmits.  It is used
-   * by congestion controller to compute congestion window.
+   * datagram payload that the local endpoint transmits.
    */
   size_t max_tx_udp_payload_size;
   /**
@@ -1877,6 +1877,24 @@ typedef struct ngtcp2_settings {
    * number space.  It must be in range [0, INT32_MAX], inclusive.
    */
   uint32_t initial_pkt_num;
+  /* The following fields have been added since NGTCP2_SETTINGS_V2. */
+  /**
+   * :member:`pmtud_probes` is the array of UDP datagram payload size
+   * to probe during Path MTU Discovery.  The discovery is done in the
+   * order appeared in this array.  The size must be strictly larger
+   * than 1200, otherwise the behavior is undefined.  The maximum
+   * value in this array should be set to
+   * :member:`max_tx_udp_payload_size`.  If this field is not set, the
+   * predefined PMTUD probes are made.  This field has been available
+   * since v1.4.0.
+   */
+  const uint16_t *pmtud_probes;
+  /**
+   * :member:`pmtud_probeslen` is the number of elements that are
+   * contained in the array pointed by :member:`pmtud_probes`.  This
+   * field has been available since v1.4.0.
+   */
+  size_t pmtud_probeslen;
 } ngtcp2_settings;
 
 /**
@@ -4388,7 +4406,8 @@ NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_stream_versioned(
  * handshake as well.
  *
  * |destlen| should be at least
- * :member:`ngtcp2_settings.max_tx_udp_payload_size`.
+ * :member:`ngtcp2_settings.max_tx_udp_payload_size`.  It must be at
+ * least :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE`.
  *
  * Specifying -1 to |stream_id| means no new stream data to send.
  *
@@ -4418,8 +4437,10 @@ NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_stream_versioned(
  * In that case, |*pdatalen| would be -1 if |pdatalen| is not
  * ``NULL``.
  *
- * If |flags| & :macro:`NGTCP2_WRITE_STREAM_FLAG_FIN` is nonzero, and
- * 0 length STREAM frame is successfully serialized, |*pdatalen| would
+ * Empty data is treated specially, and it is only accepted if no
+ * data, including the empty data, is submitted to a stream or
+ * :macro:`NGTCP2_WRITE_STREAM_FLAG_FIN` is set in |flags|.  If 0
+ * length STREAM frame is successfully serialized, |*pdatalen| would
  * be 0.
  *
  * The number of data encoded in STREAM frame is stored in |*pdatalen|
@@ -4573,7 +4594,8 @@ NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_datagram_versioned(
  * as well.
  *
  * |destlen| should be at least
- * :member:`ngtcp2_settings.max_tx_udp_payload_size`.
+ * :member:`ngtcp2_settings.max_tx_udp_payload_size`.  It must be at
+ * least :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE`.
  *
  * For |path| and |pi| parameters, refer to
  * `ngtcp2_conn_writev_stream`.
@@ -5193,7 +5215,19 @@ typedef enum ngtcp2_ccerr_type {
    * transport error, and it indicates that connection is closed
    * because of idle timeout.
    */
-  NGTCP2_CCERR_TYPE_IDLE_CLOSE
+  NGTCP2_CCERR_TYPE_IDLE_CLOSE,
+  /**
+   * :enum:`NGTCP2_CCERR_TYPE_DROP_CONN` is a special case of QUIC
+   * transport error, and it indicates that connection should be
+   * dropped without sending a CONNECTION_CLOSE frame.
+   */
+  NGTCP2_CCERR_TYPE_DROP_CONN,
+  /**
+   * :enum:`NGTCP2_CCERR_TYPE_RETRY` is a special case of QUIC
+   * transport error, and it indicates that RETRY packet should be
+   * sent to a client.
+   */
+  NGTCP2_CCERR_TYPE_RETRY
 } ngtcp2_ccerr_type;
 
 /**
@@ -5284,6 +5318,18 @@ NGTCP2_EXTERN void ngtcp2_ccerr_set_transport_error(ngtcp2_ccerr *ccerr,
  * :member:`ccerr->error_code <ngtcp2_ccerr.error_code>` to
  * :macro:`NGTCP2_NO_ERROR`.
  *
+ * If |liberr| is :macro:`NGTCP2_ERR_DROP_CONN`, :member:`ccerr->type
+ * <ngtcp2_ccerr.type>` is set to
+ * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_DROP_CONN`, and
+ * :member:`ccerr->error_code <ngtcp2_ccerr.error_code>` to
+ * :macro:`NGTCP2_NO_ERROR`.
+ *
+ * If |liberr| is :macro:`NGTCP2_ERR_RETRY`, :member:`ccerr->type
+ * <ngtcp2_ccerr.type>` is set to
+ * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_RETRY`, and
+ * :member:`ccerr->error_type <ngtcp2_ccerr.error_code>` to
+ * :macro:`NGTCP2_NO_ERROR`.
+ *
  * Otherwise, :member:`ccerr->type <ngtcp2_ccerr.type>` is set to
  * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT`, and
  * :member:`ccerr->error_code <ngtcp2_ccerr.error_code>` is set to an

deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h

@@ -36,7 +36,7 @@
  *
  * Version number of the ngtcp2 library release.
  */
-#define NGTCP2_VERSION "1.3.0"
+#define NGTCP2_VERSION "1.5.0"
 
 /**
  * @macro
@@ -46,6 +46,6 @@
  * number, 8 bits for minor and 8 bits for patch. Version 1.2.3
  * becomes 0x010203.
  */
-#define NGTCP2_VERSION_NUM 0x010300
+#define NGTCP2_VERSION_NUM 0x010500
 
 #endif /* VERSION_H */

deps/ngtcp2/ngtcp2/lib/ngtcp2_acktr.c

@@ -60,31 +60,18 @@ static int greater(const ngtcp2_ksl_key *lhs, const ngtcp2_ksl_key *rhs) {
   return *(int64_t *)lhs > *(int64_t *)rhs;
 }
 
-int ngtcp2_acktr_init(ngtcp2_acktr *acktr, ngtcp2_log *log,
-                      const ngtcp2_mem *mem) {
-  int rv;
-
+void ngtcp2_acktr_init(ngtcp2_acktr *acktr, ngtcp2_log *log,
+                       const ngtcp2_mem *mem) {
   ngtcp2_objalloc_acktr_entry_init(&acktr->objalloc, 32, mem);
 
-  rv = ngtcp2_ringbuf_init(&acktr->acks, 32, sizeof(ngtcp2_acktr_ack_entry),
-                           mem);
-  if (rv != 0) {
-    goto fail_acks_init;
-  }
+  ngtcp2_static_ringbuf_acks_init(&acktr->acks);
 
   ngtcp2_ksl_init(&acktr->ents, greater, sizeof(int64_t), mem);
 
   acktr->log = log;
-  acktr->mem = mem;
   acktr->flags = NGTCP2_ACKTR_FLAG_NONE;
   acktr->first_unacked_ts = UINT64_MAX;
   acktr->rx_npkt = 0;
-
-  return 0;
-
-fail_acks_init:
-  ngtcp2_objalloc_free(&acktr->objalloc);
-  return rv;
 }
 
 void ngtcp2_acktr_free(ngtcp2_acktr *acktr) {
@@ -105,8 +92,6 @@ void ngtcp2_acktr_free(ngtcp2_acktr *acktr) {
 
   ngtcp2_ksl_free(&acktr->ents);
 
-  ngtcp2_ringbuf_free(&acktr->acks);
-
   ngtcp2_objalloc_free(&acktr->objalloc);
 }
 
@@ -225,7 +210,7 @@ int ngtcp2_acktr_empty(ngtcp2_acktr *acktr) {
 ngtcp2_acktr_ack_entry *ngtcp2_acktr_add_ack(ngtcp2_acktr *acktr,
                                              int64_t pkt_num,
                                              int64_t largest_ack) {
-  ngtcp2_acktr_ack_entry *ent = ngtcp2_ringbuf_push_front(&acktr->acks);
+  ngtcp2_acktr_ack_entry *ent = ngtcp2_ringbuf_push_front(&acktr->acks.rb);
 
   ent->largest_ack = largest_ack;
   ent->pkt_num = pkt_num;
@@ -266,8 +251,10 @@ static void acktr_on_ack(ngtcp2_acktr *acktr, ngtcp2_ringbuf *rb,
 
     ngtcp2_ksl_it_prev(&it);
     ent = ngtcp2_ksl_it_get(&it);
-    if (ent->pkt_num > ack_ent->largest_ack &&
-        ack_ent->largest_ack >= ent->pkt_num - (int64_t)(ent->len - 1)) {
+
+    assert(ent->pkt_num > ack_ent->largest_ack);
+
+    if (ack_ent->largest_ack >= ent->pkt_num - (int64_t)(ent->len - 1)) {
       ent->len = (size_t)(ent->pkt_num - ack_ent->largest_ack);
     }
   }
@@ -279,7 +266,7 @@ void ngtcp2_acktr_recv_ack(ngtcp2_acktr *acktr, const ngtcp2_ack *fr) {
   ngtcp2_acktr_ack_entry *ent;
   int64_t largest_ack = fr->largest_ack, min_ack;
   size_t i, j;
-  ngtcp2_ringbuf *rb = &acktr->acks;
+  ngtcp2_ringbuf *rb = &acktr->acks.rb;
   size_t nacks = ngtcp2_ringbuf_len(rb);
 
   /* Assume that ngtcp2_pkt_validate_ack(fr) returns 0 */
@@ -306,8 +293,7 @@ void ngtcp2_acktr_recv_ack(ngtcp2_acktr *acktr, const ngtcp2_ack *fr) {
 
     for (;;) {
       if (ent->pkt_num > largest_ack) {
-        ++j;
-        if (j == nacks) {
+        if (++j == nacks) {
           return;
         }
         ent = ngtcp2_ringbuf_get(rb, j);

deps/ngtcp2/ngtcp2/lib/ngtcp2_acktr.h

@@ -108,17 +108,18 @@ typedef struct ngtcp2_acktr_ack_entry {
    expired and canceled. */
 #define NGTCP2_ACKTR_FLAG_CANCEL_TIMER 0x0100u
 
+ngtcp2_static_ringbuf_def(acks, 32, sizeof(ngtcp2_acktr_ack_entry));
+
 /*
  * ngtcp2_acktr tracks received packets which we have to send ack.
  */
 typedef struct ngtcp2_acktr {
   ngtcp2_objalloc objalloc;
-  ngtcp2_ringbuf acks;
+  ngtcp2_static_ringbuf_acks acks;
   /* ents includes ngtcp2_acktr_entry sorted by decreasing order of
      packet number. */
   ngtcp2_ksl ents;
   ngtcp2_log *log;
-  const ngtcp2_mem *mem;
   /* flags is bitwise OR of zero, or more of NGTCP2_ACKTR_FLAG_*. */
   uint16_t flags;
   /* first_unacked_ts is timestamp when ngtcp2_acktr_entry is added
@@ -131,15 +132,9 @@ typedef struct ngtcp2_acktr {
 
 /*
  * ngtcp2_acktr_init initializes |acktr|.
- *
- * This function returns 0 if it succeeds, or one of the following
- * negative error codes:
- *
- * NGTCP2_ERR_NOMEM
- *     Out of memory.
  */
-int ngtcp2_acktr_init(ngtcp2_acktr *acktr, ngtcp2_log *log,
-                      const ngtcp2_mem *mem);
+void ngtcp2_acktr_init(ngtcp2_acktr *acktr, ngtcp2_log *log,
+                       const ngtcp2_mem *mem);
 
 /*
  * ngtcp2_acktr_free frees resources allocated for |acktr|.  It frees