Mercurial > hg > nginx
changeset 8729:0f8565e0fc76 quic
QUIC: HKDF API compatibility with OpenSSL master branch.
OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call. EVP_PKEY_derive() documents this.
See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/5a285ad
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 31 Mar 2021 21:43:17 +0300 |
parents | f1986657fc26 |
children | 90ae21799f67 |
files | src/event/quic/ngx_event_quic_protection.c |
diffstat | 1 files changed, 2 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_protection.c Tue Mar 30 23:34:51 2021 +0300 +++ b/src/event/quic/ngx_event_quic_protection.c Wed Mar 31 21:43:17 2021 +0300 @@ -165,6 +165,7 @@ cipher = EVP_aes_128_gcm(); digest = EVP_sha256(); + is_len = SHA256_DIGEST_LENGTH; if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, (version & 0xff000000) ? salt29 : salt, sizeof(salt)) @@ -968,6 +969,7 @@ uint8_t info[20]; digest = EVP_sha256(); + is_len = SHA256_DIGEST_LENGTH; if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, salt->data, salt->len)