From: Emeric Brun Date: Mon, 3 Jul 2023 10:14:41 +0000 (+0200) Subject: BUG/MEDIUM: quic: token IV was not computed using a strong secret X-Git-Tag: v2.9-dev2~57 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=075b8f4cd897e8aab682a54db4f1dcd0b1411167;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: quic: token IV was not computed using a strong secret Computing the token key and IV, a stronger derived key was used to compute the key but the weak secret was still used to compute the IV. This could be used to found the secret. This patch fix this using the same derived key than the one used to compute the token key. This should backport until v2.6 --- diff --git a/src/quic_tls.c b/src/quic_tls.c index f80e486e6a..5e4366368d 100644 --- a/src/quic_tls.c +++ b/src/quic_tls.c @@ -775,7 +775,7 @@ int quic_tls_derive_retry_token_secret(const EVP_MD *md, tmpkey_label, sizeof tmpkey_label - 1) || !quic_hkdf_expand(md, key, keylen, tmpkey, sizeof tmpkey, key_label, sizeof key_label - 1) || - !quic_hkdf_expand(md, iv, ivlen, secret, secretlen, + !quic_hkdf_expand(md, iv, ivlen, tmpkey, sizeof tmpkey, iv_label, sizeof iv_label - 1)) return 0;