TLS Early Data key derivation support.

2025-02-25 18:55:26 -06:00 · 2020-04-01 13:27:42 +03:00 · 2020-04-01 13:27:42 +03:00 · 140a89ce01
commit 140a89ce01
parent 22671b37e3
3 changed files with 11 additions and 1 deletions
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@ -195,7 +195,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
    c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);

    ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level);
-    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);

    rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                        rsecret, secret_len,
@ -204,6 +203,12 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
        return rc;
    }

+    if (level == ssl_encryption_early_data) {
+        return 1;
+    }
+
+    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
+
    return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                          wsecret, secret_len,
                                          &c->quic->secrets.server);
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@ -620,6 +620,10 @@ ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn,

    switch (level) {

+    case ssl_encryption_early_data:
+        peer_secret = &qsec->ed;
+        break;
+
    case ssl_encryption_handshake:
        peer_secret = &qsec->hs;
        break;
--- a/src/event/ngx_event_quic_protection.h
+++ b/src/event/ngx_event_quic_protection.h
@ -18,6 +18,7 @@ typedef struct ngx_quic_secret_s {

 typedef struct {
    ngx_quic_secret_t         in;
+    ngx_quic_secret_t         ed;
    ngx_quic_secret_t         hs;
    ngx_quic_secret_t         ad;
 } ngx_quic_peer_secrets_t;