From c2bab72d32eea98b53dff89e47205e1fa42caabe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 19 Jun 2023 11:56:19 +0200 Subject: [PATCH] BUG/MINOR: quic: Missing TLS secret context initialization This bug arrived with this commit: MINOR: quic: Remove pool_zalloc() from qc_new_conn() Missing initialization of largest packet number received during a keyupdate phase. This prevented the keyupdate feature from working and made the keyupdate interop tests to fail for all the clients. Furthermore, ->flags from quic_tls_ctx was also not initialized. This could also impact the keyupdate feature at least. No backport needed. --- include/haproxy/quic_tls-t.h | 1 + include/haproxy/quic_tls.h | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h index 875a2634a..7ea67c43f 100644 --- a/include/haproxy/quic_tls-t.h +++ b/include/haproxy/quic_tls-t.h @@ -153,6 +153,7 @@ struct quic_tls_secrets { size_t ivlen; unsigned char *key; size_t keylen; + /* Used only on the RX part to store the largest received packet number */ int64_t pn; }; diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h index 48660f2b7..72aeb1ab3 100644 --- a/include/haproxy/quic_tls.h +++ b/include/haproxy/quic_tls.h @@ -364,11 +364,16 @@ static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx) ctx->rx.hp_ctx = NULL; ctx->rx.iv = NULL; ctx->rx.key = NULL; + ctx->rx.pn = 0; ctx->tx.ctx = NULL; ctx->tx.hp_ctx = NULL; ctx->tx.iv = NULL; ctx->tx.key = NULL; + /* Not used on the TX path. */ + ctx->tx.pn = 0; + + ctx->flags = 0; } /* Erase and free the secrets for a QUIC encryption level with as