RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-17 17:04:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Do not drop secret key but drop the CRYPTO data

Browse Source 
We need to be able to decrypt late Handshake packets after the TLS secret
keys have been discarded. If not the peer send Handshake packet which have
not been acknowledged. But for such packets, we discard the CRYPTO data.
This commit is contained in:
Frédéric Lécaille 2022-01-03 17:00:35 +01:00
parent ee2b8b377f
commit 917a7dbdc7
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/quic_tls.h
View File

@ -459,7 +459,6 @@ static inline void quic_tls_discard_keys(struct quic_enc_level *qel)
{
qel->tls_ctx.rx.flags |= QUIC_FL_TLS_SECRETS_DCD;
qel->tls_ctx.tx.flags |= QUIC_FL_TLS_SECRETS_DCD;
quic_tls_ctx_secs_free(&qel->tls_ctx);
}
/* Derive the initial secrets with <ctx> as QUIC TLS context which is the

24
src/xprt_quic.c
View File

@ -2250,6 +2250,17 @@ static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ct
{
struct quic_rx_crypto_frm *cf;
if (unlikely(qel->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD)) {
/* XXX TO DO: <cfdebug> is used only for the traces. */
struct quic_rx_crypto_frm cfdebug = { };
cfdebug.offset_node.key = frm.crypto.offset;
cfdebug.len = frm.crypto.len;
TRACE_PROTO("CRYPTO data discarded",
QUIC_EV_CONN_ELRXPKTS, qc, pkt, &cfdebug);
break;
}
if (unlikely(frm.crypto.offset < qel->rx.crypto.offset)) {
if (frm.crypto.offset + frm.crypto.len <= qel->rx.crypto.offset) {
/* XXX TO DO: <cfdebug> is used only for the traces. */
@ -3091,7 +3102,14 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
(!MT_LIST_ISEMPTY(&qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA].rx.pqpkts) ||
qc_el_rx_pkts(&qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA]));
start:
if (!quic_get_tls_enc_levels(&tel, &next_tel, st, zero_rtt))
if (st >= QUIC_HS_ST_COMPLETE &&
qc_el_rx_pkts(&qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE])) {
TRACE_PROTO("remaining Handshake packets", QUIC_EV_CONN_PHPKTS, qc);
/* There may be remaining Handshake packets to treat and acknowledge. */
tel = QUIC_TLS_ENC_LEVEL_HANDSHAKE;
next_tel = QUIC_TLS_ENC_LEVEL_APP;
}
else if (!quic_get_tls_enc_levels(&tel, &next_tel, st, zero_rtt))
goto err;
qel = &qc->els[tel];
@ -3563,10 +3581,8 @@ static int qc_pkt_may_rm_hp(struct quic_conn *qc, struct quic_rx_packet *pkt,
}
*qel = &qc->els[tel];
if ((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD) {
if ((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD)
TRACE_DEVEL("Discarded keys", QUIC_EV_CONN_TRMHP, qc);
return 0;
}
if (((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_SET) &&
(tel != QUIC_TLS_ENC_LEVEL_APP ||