mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: Missing TLS secret context initialization

Browse Source 
This bug arrived with this commit:

     MINOR: quic: Remove pool_zalloc() from qc_new_conn()

Missing initialization of largest packet number received during a keyupdate phase.
This prevented the keyupdate feature from working and made the keyupdate interop
tests to fail for all the clients.

Furthermore, ->flags from quic_tls_ctx was also not initialized. This could
also impact the keyupdate feature at least.

No backport needed.
This commit is contained in:
Frédéric Lécaille 2023-06-19 11:56:19 +02:00 committed by Amaury Denoyelle
parent a55acf993a
commit c2bab72d32
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/quic_tls-t.h
View File

@ -153,6 +153,7 @@ struct quic_tls_secrets {
size_t ivlen;
unsigned char *key;
size_t keylen;
/* Used only on the RX part to store the largest received packet number */
int64_t pn;
};

5
include/haproxy/quic_tls.h
View File

@ -364,11 +364,16 @@ static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx)
ctx->rx.hp_ctx = NULL;
ctx->rx.iv = NULL;
ctx->rx.key = NULL;
ctx->rx.pn = 0;
ctx->tx.ctx = NULL;
ctx->tx.hp_ctx = NULL;
ctx->tx.iv = NULL;
ctx->tx.key = NULL;
/* Not used on the TX path. */
ctx->tx.pn = 0;
ctx->flags = 0;
}
/* Erase and free the secrets for a QUIC encryption level with <ctx> as