Mercurial > hg > nginx-quic

comparison src/event/quic/ngx_event_quic_protection.c @ 8379:0f8565e0fc76 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: HKDF API compatibility with OpenSSL master branch. OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer used to represent the amount of data written to contain the length of the key buffer before the call. EVP_PKEY_derive() documents this. See HKDF_Extract() internal implementation update in this change: https://github.com/openssl/openssl/commit/5a285ad
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 31 Mar 2021 21:43:17 +0300
parents 1c48629cfa74
children c0cd180308e4
comparison
equal deleted inserted replaced
8378:f1986657fc26 8379:0f8565e0fc76
163 163
164 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ 164 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
165 165
166 cipher = EVP_aes_128_gcm(); 166 cipher = EVP_aes_128_gcm();
167 digest = EVP_sha256(); 167 digest = EVP_sha256();
168 is_len = SHA256_DIGEST_LENGTH;
168 169
169 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, 170 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
170 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) 171 (version & 0xff000000) ? salt29 : salt, sizeof(salt))
171 != NGX_OK) 172 != NGX_OK)
172 { 173 {
966 967
967 uint8_t is[SHA256_DIGEST_LENGTH]; 968 uint8_t is[SHA256_DIGEST_LENGTH];
968 uint8_t info[20]; 969 uint8_t info[20];
969 970
970 digest = EVP_sha256(); 971 digest = EVP_sha256();
972 is_len = SHA256_DIGEST_LENGTH;
971 973
972 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, 974 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
973 salt->data, salt->len) 975 salt->data, salt->len)
974 != NGX_OK) 976 != NGX_OK)
975 { 977 {