TLS Early Data key derivation support.

src/event/ngx_event_quic.c

@@ -195,7 +195,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 
     ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level);
-    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
 
     rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                         rsecret, secret_len,
@@ -204,6 +203,12 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
         return rc;
     }
 
+    if (level == ssl_encryption_early_data) {
+        return 1;
+    }
+
+    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
+
     return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                           wsecret, secret_len,
                                           &c->quic->secrets.server);

src/event/ngx_event_quic_protection.c

@@ -620,6 +620,10 @@ ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn,
 
     switch (level) {
 
+    case ssl_encryption_early_data:
+        peer_secret = &qsec->ed;
+        break;
+
     case ssl_encryption_handshake:
         peer_secret = &qsec->hs;
         break;

src/event/ngx_event_quic_protection.h

@@ -18,6 +18,7 @@ typedef struct ngx_quic_secret_s {
 
 typedef struct {
     ngx_quic_secret_t         in;
+    ngx_quic_secret_t         ed;
     ngx_quic_secret_t         hs;
     ngx_quic_secret_t         ad;
 } ngx_quic_peer_secrets_t;