RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-02 03:23:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Optional header protection key for quic_tls_derive_keys()

Browse Source 
quic_tls_derive_keys() is responsible to derive the AEAD keys, IVs and$
header protection key from a secret provided by the TLS stack. We want
to make the derivation of the header protection key be optional. This
is required for the Key Update process where there is no update for
the header protection key.
This commit is contained in:
Frédéric Lécaille 2021-11-30 11:06:41 +01:00
parent 40df78f116
commit 6e351d6c19
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_tls.c
View File

@ -189,7 +189,7 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
{
size_t aead_keylen = (size_t)EVP_CIPHER_key_length(aead);
size_t aead_ivlen = (size_t)EVP_CIPHER_iv_length(aead);
size_t hp_len = (size_t)EVP_CIPHER_key_length(hp);
size_t hp_len = hp ? (size_t)EVP_CIPHER_key_length(hp) : 0;
const unsigned char key_label[] = "quic key";
const unsigned char iv_label[] = "quic iv";
const unsigned char hp_key_label[] = "quic hp";
@ -201,8 +201,8 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
key_label, sizeof key_label - 1) ||
!quic_hkdf_expand_label(md, iv, aead_ivlen, secret, secretlen,
iv_label, sizeof iv_label - 1) ||
!quic_hkdf_expand_label(md, hp_key, hp_len, secret, secretlen,
hp_key_label, sizeof hp_key_label - 1))
(hp_key && !quic_hkdf_expand_label(md, hp_key, hp_len, secret, secretlen,
hp_key_label, sizeof hp_key_label - 1)))
return 0;
return 1;