Mercurial > hg > nginx-quic
changeset 8379:0f8565e0fc76 quic
QUIC: HKDF API compatibility with OpenSSL master branch.
OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call. EVP_PKEY_derive() documents this.
See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/5a285ad
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 31 Mar 2021 21:43:17 +0300 |
parents | f1986657fc26 |
children | 90ae21799f67 |
files | src/event/quic/ngx_event_quic_protection.c |
diffstat | 1 files changed, 2 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -165,6 +165,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); + is_len = SHA256_DIGEST_LENGTH; if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, (version & 0xff000000) ? salt29 : salt, sizeof(salt)) @@ -968,6 +969,7 @@ ngx_quic_derive_key(ngx_log_t *log, cons uint8_t info[20]; digest = EVP_sha256(); + is_len = SHA256_DIGEST_LENGTH; if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, salt->data, salt->len)