From: Emeric Brun <ebrun@haproxy.com>
Date: Tue, 4 Jul 2023 12:56:08 +0000 (+0200)
Subject: BUG/MINOR: quic: retry token remove one useless intermediate expand
X-Git-Tag: v2.9-dev2~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc0a4fa0cc9eb7e50a343b20e6bdff7c88f31351;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: retry token remove one useless intermediate expand

According to rfc 5869 about hkdf, extract function returns a
pseudo random key usable to perform expand using labels to derive keys.
So the intermediate expand on a label is useless, the key should be strong
enought using only one expand.

This patch should be backported until v2.6
---

diff --git a/src/quic_tls.c b/src/quic_tls.c
index 5e4366368d..3efea45a6e 100644
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -766,13 +766,11 @@ int quic_tls_derive_retry_token_secret(const EVP_MD *md,
                                        const unsigned char *secret, size_t secretlen)
 {
 	unsigned char tmpkey[QUIC_TLS_KEY_LEN];
-	const unsigned char tmpkey_label[] = "retry token";
 	const unsigned char key_label[] = "retry token key";
 	const unsigned char iv_label[] = "retry token iv";
 
-	if (!quic_hkdf_extract_and_expand(md, tmpkey, sizeof tmpkey,
-	                                  secret, secretlen, salt, saltlen,
-	                                  tmpkey_label, sizeof tmpkey_label - 1) ||
+	if (!quic_hkdf_extract(md, tmpkey, sizeof tmpkey,
+	                       secret, secretlen, salt, saltlen) ||
 	    !quic_hkdf_expand(md, key, keylen, tmpkey, sizeof tmpkey,
 	                      key_label, sizeof key_label - 1) ||
 	    !quic_hkdf_expand(md, iv, ivlen, tmpkey, sizeof tmpkey,