mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Make ->set_encryption_secrets() be callable two times

Browse Source 
With this patch, ha_set_encryption_secrets() may be callable two times,
one time to derive the RX secrets and a second time to derive the TX secrets.

There was a missing step to do so when the RX secret was received from the stack.
In this case the secret was not stored for the keyupdate, leading the keyupdate
RX part to be uninitialized.

Add a label to initialize the keyupdate RX part and a "goto" statement to run
the concerned code after having derived the RX secrets.

This patch is required to make the keupdate feature work with the OpenSSL wrapper.

Must be backported as far as 2.6.
This commit is contained in:
Frédéric Lécaille 2023-06-06 17:40:41 +02:00
parent e3991e03cc
commit 91f1950ed6
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/quic_conn.c
View File

@ -1112,7 +1112,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
write:
if (!write_secret)
goto out;
goto keyupdate_init;
tx = &tls_ctx->tx;
if (!quic_tls_secrets_keys_alloc(tx)) {
@ -1157,6 +1157,8 @@ write:
}
}
keyupdate_init:
/* Store the secret provided by the TLS stack, required for keyupdate. */
if (level == ssl_encryption_application) {
struct quic_tls_kp *prv_rx = &qc->ku.prv_rx;
struct quic_tls_kp *nxt_rx = &qc->ku.nxt_rx;