RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-14 15:34:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic_tls: Stop hardcoding cipher IV lengths

Browse Source 
For QUIC AEAD usage, the number of bytes for the IVs is always 12.
This commit is contained in:
Frédéric Lécaille 2022-04-05 12:18:46 +02:00 committed by Amaury Denoyelle
parent f4605748f4
commit f2f4a4eee5
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/haproxy/quic_tls-t.h
View File

@ -86,8 +86,11 @@ enum quic_tls_pktns {
QUIC_TLS_PKTNS_MAX,
};
/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tag */
/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tags and
* 12 bytes for IVs.
*/
#define QUIC_TLS_TAG_LEN 16
#define QUIC_TLS_IV_LEN 12
extern unsigned char initial_salt[20];

4
src/quic_tls.c
View File

@ -317,7 +317,7 @@ int quic_tls_rx_ctx_init(EVP_CIPHER_CTX **rx_ctx,
return 0;
if (!EVP_DecryptInit_ex(ctx, aead, NULL, NULL, NULL) ||
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) ||
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, QUIC_TLS_IV_LEN, NULL) ||
(aead_nid == NID_aes_128_ccm &&
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, QUIC_TLS_TAG_LEN, NULL)) ||
!EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL))
@ -346,7 +346,7 @@ int quic_tls_tx_ctx_init(EVP_CIPHER_CTX **tx_ctx,
return 0;
if (!EVP_EncryptInit_ex(ctx, aead, NULL, NULL, NULL) ||
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) ||
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, QUIC_TLS_IV_LEN, NULL) ||
(aead_nid == NID_aes_128_ccm &&
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, QUIC_TLS_TAG_LEN, NULL)) ||
!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))

4
src/xprt_quic.c
View File

@ -1334,7 +1334,7 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len,
unsigned char *aad, size_t aad_len, uint64_t pn,
struct quic_tls_ctx *tls_ctx, struct quic_conn *qc)
{
unsigned char iv[12];
unsigned char iv[QUIC_TLS_IV_LEN];
unsigned char *tx_iv = tls_ctx->tx.iv;
size_t tx_iv_sz = tls_ctx->tx.ivlen;
struct enc_debug_info edi;
@ -1364,7 +1364,7 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len,
static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_enc_level *qel)
{
int ret, kp_changed;
unsigned char iv[12];
unsigned char iv[QUIC_TLS_IV_LEN];
struct quic_tls_ctx *tls_ctx = &qel->tls_ctx;
unsigned char *rx_iv = tls_ctx->rx.iv;
size_t rx_iv_sz = tls_ctx->rx.ivlen;