MINOR: quic_tls: Stop hardcoding cipher IV lengths

author Frédéric Lécaille <flecaille@haproxy.com>

Tue, 5 Apr 2022 10:18:46 +0000 (12:18 +0200)

committer Amaury Denoyelle <adenoyelle@haproxy.com>

Fri, 8 Apr 2022 13:38:29 +0000 (15:38 +0200)
author Frédéric Lécaille <flecaille@haproxy.com>
Tue, 5 Apr 2022 10:18:46 +0000 (12:18 +0200)
committer Amaury Denoyelle <adenoyelle@haproxy.com>
Fri, 8 Apr 2022 13:38:29 +0000 (15:38 +0200)
diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h

index 59a8186e4f646976f1945dc08288888a140aa750..95fefc486e51e5e3195b466a39cae1b23e3deaf3 100644 (file)
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -86,8 +86,11 @@ enum quic_tls_pktns {
         QUIC_TLS_PKTNS_MAX,
  };
  
-/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tag */
+/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tags and
+ * 12 bytes for IVs.
+ */
  #define QUIC_TLS_TAG_LEN             16
+#define QUIC_TLS_IV_LEN              12
  
  extern unsigned char initial_salt[20];
  
diff --git a/src/quic_tls.c b/src/quic_tls.c

index cff461c8dac3b28c45530b3609315bfc44dc284c..f8d11a305e29fd1ac70952f0719dd1fb094e767a 100644 (file)
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -317,7 +317,7 @@ int quic_tls_rx_ctx_init(EVP_CIPHER_CTX **rx_ctx,
                 return 0;
  
         if (!EVP_DecryptInit_ex(ctx, aead, NULL, NULL, NULL) ||
-           !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) ||
+           !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, QUIC_TLS_IV_LEN, NULL) ||
             (aead_nid == NID_aes_128_ccm &&
              !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, QUIC_TLS_TAG_LEN, NULL)) ||
             !EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL))
@@ -346,7 +346,7 @@ int quic_tls_tx_ctx_init(EVP_CIPHER_CTX **tx_ctx,
                 return 0;
  
         if (!EVP_EncryptInit_ex(ctx, aead, NULL, NULL, NULL) ||
-           !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) ||
+           !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, QUIC_TLS_IV_LEN, NULL) ||
             (aead_nid == NID_aes_128_ccm &&
              !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, QUIC_TLS_TAG_LEN, NULL)) ||
             !EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
diff --git a/src/xprt_quic.c b/src/xprt_quic.c

index 01bf9e05536ce9db196d7d552a0ffe8e822da2ec..d120efcd55a5efa4b8ca256821f41cf2b8e9df18 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1334,7 +1334,7 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len,
                                 unsigned char *aad, size_t aad_len, uint64_t pn,
                                 struct quic_tls_ctx *tls_ctx, struct quic_conn *qc)
  {
-       unsigned char iv[12];
+       unsigned char iv[QUIC_TLS_IV_LEN];
         unsigned char *tx_iv = tls_ctx->tx.iv;
         size_t tx_iv_sz = tls_ctx->tx.ivlen;
         struct enc_debug_info edi;
@@ -1364,7 +1364,7 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len,
  static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_enc_level *qel)
  {
         int ret, kp_changed;
-       unsigned char iv[12];
+       unsigned char iv[QUIC_TLS_IV_LEN];
         struct quic_tls_ctx *tls_ctx = &qel->tls_ctx;
         unsigned char *rx_iv = tls_ctx->rx.iv;
         size_t rx_iv_sz = tls_ctx->rx.ivlen;
author	Frédéric Lécaille <flecaille@haproxy.com>
	Tue, 5 Apr 2022 10:18:46 +0000 (12:18 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 8 Apr 2022 13:38:29 +0000 (15:38 +0200)
include/haproxy/quic_tls-t.h		patch \| blob \| blame \| history
src/quic_tls.c		patch \| blob \| blame \| history
src/xprt_quic.c		patch \| blob \| blame \| history