MINOR: quic-be: Make the secret derivation works for QUIC backends (USE_QUIC_OPENSSL_COMPAT)
quic_tls_compat_keylog_callback() is the callback used by the QUIC OpenSSL compatibility module to derive the TLS secrets from other secrets provided by keylog. The <write> local variable to this function is initialized to denote the direction (write to send, read to receive) the secret is supposed to be used for. That said, as the QUIC cryptographic algorithms are symmetrical, the direction is inversed between the peer: a secret which is used to write/send/cipher data from a peer point of view is also the secret which is used to read/receive/decipher data. This was confirmed by the fact that without this patch, the TLS stack first provides the peer with Handshake to send/cipher data. The client could not use such secret to decipher the Handshake packets received from the server. This patch simply reverse the direction stored by <write> variable to make the secrets derivation works for the QUIC client.
This commit is contained in:
parent
d1cd0bb987
commit
034cf74437
@ -150,22 +150,22 @@ void quic_tls_compat_keylog_callback(const SSL *ssl, const char *line)
|
|||||||
if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE) - 1 == n &&
|
if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE) - 1 == n &&
|
||||||
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE, n)) {
|
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_HANDSHAKE, n)) {
|
||||||
level = ssl_encryption_handshake;
|
level = ssl_encryption_handshake;
|
||||||
write = 0;
|
write = qc_is_listener(qc) ? 0 : 1;
|
||||||
}
|
}
|
||||||
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE) - 1 == n &&
|
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE) - 1 == n &&
|
||||||
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE, n)) {
|
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_HANDSHAKE, n)) {
|
||||||
level = ssl_encryption_handshake;
|
level = ssl_encryption_handshake;
|
||||||
write = 1;
|
write = qc_is_listener(qc) ? 1 : 0;
|
||||||
}
|
}
|
||||||
else if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION) - 1 == n &&
|
else if (sizeof(QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION) - 1 == n &&
|
||||||
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION, n)) {
|
!strncmp(start, QUIC_OPENSSL_COMPAT_CLIENT_APPLICATION, n)) {
|
||||||
level = ssl_encryption_application;
|
level = ssl_encryption_application;
|
||||||
write = 0;
|
write = qc_is_listener(qc) ? 0 : 1;
|
||||||
}
|
}
|
||||||
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_APPLICATION) - 1 == n &&
|
else if (sizeof(QUIC_OPENSSL_COMPAT_SERVER_APPLICATION) - 1 == n &&
|
||||||
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_APPLICATION, n)) {
|
!strncmp(start, QUIC_OPENSSL_COMPAT_SERVER_APPLICATION, n)) {
|
||||||
level = ssl_encryption_application;
|
level = ssl_encryption_application;
|
||||||
write = 1;
|
write = qc_is_listener(qc) ? 1 : 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
goto leave;
|
goto leave;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user