From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Tue, 30 Nov 2021 10:06:41 +0000 (+0100)
Subject: MINOR: quic: Optional header protection key for quic_tls_derive_keys()
X-Git-Tag: v2.6-dev1~350
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6e351d6c195409f9cfe63c739d9b062303557bf1;p=thirdparty%2Fhaproxy.git

MINOR: quic: Optional header protection key for quic_tls_derive_keys()

quic_tls_derive_keys() is responsible to derive the AEAD keys, IVs and$
header protection key from a secret provided by the TLS stack. We want
to make the derivation of the header protection key be optional. This
is required for the Key Update process where there is no update for
the header protection key.
---

diff --git a/src/quic_tls.c b/src/quic_tls.c
index 2e354430c8..fcb80a34f9 100644
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -189,7 +189,7 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
 {
 	size_t aead_keylen = (size_t)EVP_CIPHER_key_length(aead);
 	size_t aead_ivlen = (size_t)EVP_CIPHER_iv_length(aead);
-	size_t hp_len = (size_t)EVP_CIPHER_key_length(hp);
+	size_t hp_len = hp ? (size_t)EVP_CIPHER_key_length(hp) : 0;
 	const unsigned char    key_label[] = "quic key";
 	const unsigned char     iv_label[] = "quic iv";
 	const unsigned char hp_key_label[] = "quic hp";
@@ -201,8 +201,8 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
 	                            key_label, sizeof key_label - 1) ||
 	    !quic_hkdf_expand_label(md, iv, aead_ivlen, secret, secretlen,
 	                            iv_label, sizeof iv_label - 1) ||
-	    !quic_hkdf_expand_label(md, hp_key, hp_len, secret, secretlen,
-	                            hp_key_label, sizeof hp_key_label - 1))
+	    (hp_key && !quic_hkdf_expand_label(md, hp_key, hp_len, secret, secretlen,
+	                                       hp_key_label, sizeof hp_key_label - 1)))
 		return 0;
 
 	return 1;