mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: Wrong key update cipher context initialization for encryption

Browse Source 
As noticed by Miroslav, there was a typo in quic_tls_key_update() which lead
a cipher context for decryption to be initialized and used in place of a cipher
context for encryption. Surprisingly, this did not prevent the key update
from working. Perhaps this is due to the fact that the underlying cryptographic
algorithms used by QUIC are all symetric algorithms.

Also modify incorrect traces.

Must be backported in 2.6 and 2.7.
This commit is contained in:
Frédéric Lécaille 2023-05-02 20:03:19 +02:00
parent a94612522d
commit 7a01ff7921
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_conn.c
View File

@ -948,7 +948,7 @@ static int quic_tls_key_update(struct quic_conn *qc)
}
if (!quic_tls_rx_ctx_init(&nxt_rx->ctx, tls_ctx->rx.aead, nxt_rx->key)) {
TRACE_ERROR("could not initial RX TLS cipher context", QUIC_EV_CONN_KP, qc);
TRACE_ERROR("could not initialize RX TLS cipher context", QUIC_EV_CONN_KP, qc);
goto leave;
}
@ -957,8 +957,8 @@ static int quic_tls_key_update(struct quic_conn *qc)
nxt_tx->ctx = NULL;
}
if (!quic_tls_rx_ctx_init(&nxt_tx->ctx, tls_ctx->tx.aead, nxt_tx->key)) {
TRACE_ERROR("could not initial RX TLS cipher context", QUIC_EV_CONN_KP, qc);
if (!quic_tls_tx_ctx_init(&nxt_tx->ctx, tls_ctx->tx.aead, nxt_tx->key)) {
TRACE_ERROR("could not initialize TX TLS cipher context", QUIC_EV_CONN_KP, qc);
goto leave;
}