]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 65f18d6) | patch
BUG/MEDIUM: quic: token IV was not computed using a strong secret
authorEmeric Brun <ebrun@haproxy.com>
Mon, 3 Jul 2023 10:14:41 +0000 (12:14 +0200)
committerAmaury Denoyelle <adenoyelle@haproxy.com>
Wed, 12 Jul 2023 12:30:07 +0000 (14:30 +0200)
commit075b8f4cd897e8aab682a54db4f1dcd0b1411167
tree18fa06637e871b3bdad500d2f29673cf2289236etree
parent65f18d65a3822acaa39418d8e919e9afe1f5e781commit | diff
BUG/MEDIUM: quic: token IV was not computed using a strong secret

Computing the token key and IV, a stronger derived key was used
to compute the key but the weak secret was still used to compute
the IV. This could be used to found the secret.

This patch fix this using the same derived key than the one used
to compute the token key.

This should backport until v2.6
src/quic_tls.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git