From 140a89ce0173599cd014507f73359dafa1cc44a9 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 1 Apr 2020 13:27:42 +0300
Subject: [PATCH] TLS Early Data key derivation support.

---
 src/event/ngx_event_quic.c            | 7 ++++++-
 src/event/ngx_event_quic_protection.c | 4 ++++
 src/event/ngx_event_quic_protection.h | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index be86cf3bc..98474b3dc 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -195,7 +195,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 
     ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level);
-    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
 
     rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                         rsecret, secret_len,
@@ -204,6 +203,12 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
         return rc;
     }
 
+    if (level == ssl_encryption_early_data) {
+        return 1;
+    }
+
+    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
+
     return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                           wsecret, secret_len,
                                           &c->quic->secrets.server);
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 10c94ff9b..ba846e63e 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -620,6 +620,10 @@ ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn,
 
     switch (level) {
 
+    case ssl_encryption_early_data:
+        peer_secret = &qsec->ed;
+        break;
+
     case ssl_encryption_handshake:
         peer_secret = &qsec->hs;
         break;
diff --git a/src/event/ngx_event_quic_protection.h b/src/event/ngx_event_quic_protection.h
index 2763375e4..cf9cd479d 100644
--- a/src/event/ngx_event_quic_protection.h
+++ b/src/event/ngx_event_quic_protection.h
@@ -18,6 +18,7 @@ typedef struct ngx_quic_secret_s {
 
 typedef struct {
     ngx_quic_secret_t         in;
+    ngx_quic_secret_t         ed;
     ngx_quic_secret_t         hs;
     ngx_quic_secret_t         ad;
 } ngx_quic_peer_secrets_t;