From: Frédéric Lécaille Date: Mon, 19 Jun 2023 09:56:19 +0000 (+0200) Subject: BUG/MINOR: quic: Missing TLS secret context initialization X-Git-Tag: v2.9-dev1~48 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2bab72d32eea98b53dff89e47205e1fa42caabe;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Missing TLS secret context initialization This bug arrived with this commit: MINOR: quic: Remove pool_zalloc() from qc_new_conn() Missing initialization of largest packet number received during a keyupdate phase. This prevented the keyupdate feature from working and made the keyupdate interop tests to fail for all the clients. Furthermore, ->flags from quic_tls_ctx was also not initialized. This could also impact the keyupdate feature at least. No backport needed. --- diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h index 875a2634a5..7ea67c43f2 100644 --- a/include/haproxy/quic_tls-t.h +++ b/include/haproxy/quic_tls-t.h @@ -153,6 +153,7 @@ struct quic_tls_secrets { size_t ivlen; unsigned char *key; size_t keylen; + /* Used only on the RX part to store the largest received packet number */ int64_t pn; }; diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h index 48660f2b78..72aeb1ab36 100644 --- a/include/haproxy/quic_tls.h +++ b/include/haproxy/quic_tls.h @@ -364,11 +364,16 @@ static inline void quic_tls_ctx_reset(struct quic_tls_ctx *ctx) ctx->rx.hp_ctx = NULL; ctx->rx.iv = NULL; ctx->rx.key = NULL; + ctx->rx.pn = 0; ctx->tx.ctx = NULL; ctx->tx.hp_ctx = NULL; ctx->tx.iv = NULL; ctx->tx.key = NULL; + /* Not used on the TX path. */ + ctx->tx.pn = 0; + + ctx->flags = 0; } /* Erase and free the secrets for a QUIC encryption level with as