Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

QUIC: HKDF API compatibility with OpenSSL master branch.

Browse source 
OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call.  EVP_PKEY_derive() documents this.

See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/5a285ad
This commit is contained in:
Sergey Kandaurov 2021-03-31 21:43:17 +03:00
parent 5fa81bbd88
commit 65beb99539
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/event/quic/ngx_event_quic_protection.c
View file

@ -165,6 +165,7 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
cipher = EVP_aes_128_gcm();
digest = EVP_sha256();
is_len = SHA256_DIGEST_LENGTH;
if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
(version & 0xff000000) ? salt29 : salt, sizeof(salt))
@ -968,6 +969,7 @@ ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret,
uint8_t info[20];
digest = EVP_sha256();
is_len = SHA256_DIGEST_LENGTH;
if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
salt->data, salt->len)