mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: adjust quic_tls prototypes

Browse Source 
Two prototypes in quic_tls module were not identical to the actual
function definition.

* quic_tls_decrypt2() : the second argument const attribute is not
  present, to be able to use it with EVP_CIPHER_CTX_ctlr(). As a
  consequence of this change, token field of quic_rx_packet is now
  declared as non-const.

* quic_tls_generate_retry_integrity_tag() : the second argument type
  differ between the two. Adjust this by fixing it to as unsigned char
  to match EVP_EncryptUpdate() SSL function.

This situation did not seem to have any visible effect. However, this is
clearly an undefined behavior and should be treated as a bug.

This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2022-09-30 17:37:38 +02:00
parent a19bb6f0b2
commit f3c40f83fb
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/haproxy/quic_tls.h
View File

@ -50,7 +50,7 @@ int quic_tls_encrypt(unsigned char *buf, size_t len,
const unsigned char *key, const unsigned char *iv); const unsigned char *key, const unsigned char *iv);
int quic_tls_decrypt2(unsigned char *out, int quic_tls_decrypt2(unsigned char *out,
const unsigned char *in, size_t ilen, unsigned char *in, size_t ilen,
unsigned char *aad, size_t aad_len, unsigned char *aad, size_t aad_len,
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *aead, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *aead,
const unsigned char *key, const unsigned char *iv); const unsigned char *key, const unsigned char *iv);
@ -60,7 +60,7 @@ int quic_tls_decrypt(unsigned char *buf, size_t len,
EVP_CIPHER_CTX *tls_ctx, const EVP_CIPHER *aead, EVP_CIPHER_CTX *tls_ctx, const EVP_CIPHER *aead,
const unsigned char *key, const unsigned char *iv); const unsigned char *key, const unsigned char *iv);
int quic_tls_generate_retry_integrity_tag(unsigned char *odcid, size_t odcid_len, int quic_tls_generate_retry_integrity_tag(unsigned char *odcid, unsigned char odcid_len,
unsigned char *buf, size_t len, unsigned char *buf, size_t len,
const struct quic_version *qv); const struct quic_version *qv);

2
include/haproxy/xprt_quic-t.h
View File

@ -403,7 +403,7 @@ struct quic_rx_packet {
/* Packet number length */ /* Packet number length */
uint32_t pnl; uint32_t pnl;
uint64_t token_len; uint64_t token_len;
const unsigned char *token; unsigned char *token;
/* Packet length */ /* Packet length */
uint64_t len; uint64_t len;
/* Packet length before decryption */ /* Packet length before decryption */

2
src/quic_tls.c
View File

@ -1,3 +1,5 @@
#include <haproxy/quic_tls.h>
#include <string.h> #include <string.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>

2
src/xprt_quic.c
View File

@ -5433,7 +5433,7 @@ static int quic_generate_retry_token(unsigned char *buf, size_t len,
* of client source connection ID. * of client source connection ID.
* Return 1 if succeeded, 0 if not. * Return 1 if succeeded, 0 if not.
*/ */
static int quic_retry_token_check(const unsigned char *token, size_t tokenlen, static int quic_retry_token_check(unsigned char *token, size_t tokenlen,
const struct quic_version *qv, const struct quic_version *qv,
struct quic_cid *odcid, struct quic_cid *odcid,
const struct quic_cid *dcid, const struct quic_cid *dcid,