diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2020-04-01 13:27:42 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2020-04-01 13:27:42 +0300 |
| commit | 140a89ce0173599cd014507f73359dafa1cc44a9 (patch) | |
| tree | c147349ec07d5b596eafde762164839ab2067395 /src | |
| parent | 22671b37e3720af223bb2e563a940eaefe28aeb7 (diff) | |
| download | nginx-140a89ce0173599cd014507f73359dafa1cc44a9.tar.gz nginx-140a89ce0173599cd014507f73359dafa1cc44a9.tar.bz2 | |
TLS Early Data key derivation support.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_quic.c | 7 | ||||
| -rw-r--r-- | src/event/ngx_event_quic_protection.c | 4 | ||||
| -rw-r--r-- | src/event/ngx_event_quic_protection.h | 1 |
3 files changed, 11 insertions, 1 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index be86cf3bc..98474b3dc 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -195,7 +195,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level); - ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level); rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, rsecret, secret_len, @@ -204,6 +203,12 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, return rc; } + if (level == ssl_encryption_early_data) { + return 1; + } + + ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level); + return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level, wsecret, secret_len, &c->quic->secrets.server); diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c index 10c94ff9b..ba846e63e 100644 --- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -620,6 +620,10 @@ ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, switch (level) { + case ssl_encryption_early_data: + peer_secret = &qsec->ed; + break; + case ssl_encryption_handshake: peer_secret = &qsec->hs; break; diff --git a/src/event/ngx_event_quic_protection.h b/src/event/ngx_event_quic_protection.h index 2763375e4..cf9cd479d 100644 --- a/src/event/ngx_event_quic_protection.h +++ b/src/event/ngx_event_quic_protection.h @@ -18,6 +18,7 @@ typedef struct ngx_quic_secret_s { typedef struct { ngx_quic_secret_t in; + ngx_quic_secret_t ed; ngx_quic_secret_t hs; ngx_quic_secret_t ad; } ngx_quic_peer_secrets_t; |