From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Tue, 14 Dec 2021 18:29:34 +0000 (+0100)
Subject: MINOR: quic: No TX secret at EARLY_DATA encryption level
X-Git-Tag: v2.6-dev1~274
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4015cbb723111e4d4bdd43ad073061f7d44466a1;p=thirdparty%2Fhaproxy.git

MINOR: quic: No TX secret at EARLY_DATA encryption level

The TLS does not provide us with TX secrets after we have provided it
with 0-RTT data. This is logic: the server does not need to send 0-RTT
data. We must skip the section where such secrets are derived if we do not
want to close the connection with a TLS alert.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 55c45f964b..d1f1c5beca 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -812,6 +812,10 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
 	}
 
 	rx->flags |= QUIC_FL_TLS_SECRETS_SET;
+
+	if (!write_secret)
+		goto tp;
+
 	if (!quic_tls_derive_keys(tx->aead, tx->hp, tx->md, tx->key, tx->keylen,
 	                          tx->iv, tx->ivlen, tx->hp_key, sizeof tx->hp_key,
 	                          write_secret, secret_len)) {
@@ -820,6 +824,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
 	}
 
 	tx->flags |= QUIC_FL_TLS_SECRETS_SET;
+ tp:
 	if (objt_server(conn->target) && level == ssl_encryption_application) {
 		const unsigned char *buf;
 		size_t buflen;