BUG/MINOR: quic: Missing TLS secret context initialization

This bug arrived with this commit:

     MINOR: quic: Remove pool_zalloc() from qc_new_conn()

Missing initialization of largest packet number received during a keyupdate phase.
This prevented the keyupdate feature from working and made the keyupdate interop
tests to fail for all the clients.

Furthermore, ->flags from quic_tls_ctx was also not initialized. This could
also impact the keyupdate feature at least.

No backport needed.

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 875a2634a579bb47aaf6fb1af974bff5f6459d9e..7ea67c43f2a54c566d10b220c5ed26d8066e5bfc 100644 (file)
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -153,6 +153,7 @@ struct quic_tls_secrets {
        size_t ivlen;
        unsigned char *key;
        size_t keylen;
+       /* Used only on the RX part to store the largest received packet number */
        int64_t pn;
 };
 

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index 48660f2b78115ef68aaa77f7224b3b729d31ae07..72aeb1ab36850f7b7f69af238452b584c7551c0b 100644 (file)
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -364,11 +364,16 @@ static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx)
        ctx->rx.hp_ctx = NULL;
        ctx->rx.iv = NULL;
        ctx->rx.key = NULL;
+       ctx->rx.pn = 0;
 
        ctx->tx.ctx = NULL;
        ctx->tx.hp_ctx = NULL;
        ctx->tx.iv = NULL;
        ctx->tx.key = NULL;
+       /* Not used on the TX path. */
+       ctx->tx.pn = 0;
+
+       ctx->flags = 0;
 }
 
 /* Erase and free the secrets for a QUIC encryption level with <ctx> as