]> git.kaiwu.me - nginx.git/commitdiff
QUIC: HKDF API compatibility with OpenSSL master branch.
authorSergey Kandaurov <pluknet@nginx.com>
Wed, 31 Mar 2021 18:43:17 +0000 (21:43 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Wed, 31 Mar 2021 18:43:17 +0000 (21:43 +0300)
OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call.  EVP_PKEY_derive() documents this.

See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/5a285ad

src/event/quic/ngx_event_quic_protection.c

index 4b29869cebb6f4056d4c46c18cbc724978cb8f49..efc15a22b3a2ebb3d5ec93ccf8e2f590ccd0ab33 100644 (file)
@@ -165,6 +165,7 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
 
     cipher = EVP_aes_128_gcm();
     digest = EVP_sha256();
+    is_len = SHA256_DIGEST_LENGTH;
 
     if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
                          (version & 0xff000000) ? salt29 : salt, sizeof(salt))
@@ -968,6 +969,7 @@ ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret,
     uint8_t        info[20];
 
     digest = EVP_sha256();
+    is_len = SHA256_DIGEST_LENGTH;
 
     if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
                          salt->data, salt->len)