Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 917a7dbdc706acc80814059f514b84c3599c57cb^! / .
commit917a7dbdc706acc80814059f514b84c3599c57cb[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Mon Jan 03 17:00:35 2022 +0100
committerFrédéric Lécaille <flecaille@haproxy.com>Tue Jan 04 17:30:00 2022 +0100
treec59c858d6b672e1cbee0602b73d6987a5aaea51f
parentee2b8b377fa254f173d34f6f070f71b08b5924a5 [diff]
MINOR: quic: Do not drop secret key but drop the CRYPTO data

We need to be able to decrypt late Handshake packets after the TLS secret
keys have been discarded. If not the peer send Handshake packet which have
not been acknowledged. But for such packets, we discard the CRYPTO data.

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index 303ba37..2c3528d 100644
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h

@@ -459,7 +459,6 @@
 {
 	qel->tls_ctx.rx.flags |= QUIC_FL_TLS_SECRETS_DCD;
 	qel->tls_ctx.tx.flags |= QUIC_FL_TLS_SECRETS_DCD;
-	quic_tls_ctx_secs_free(&qel->tls_ctx);
 }
 
 /* Derive the initial secrets with <ctx> as QUIC TLS context which is the

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 98718ce..6e6be11 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -2250,6 +2250,17 @@
 		{
 			struct quic_rx_crypto_frm *cf;
 
+			if (unlikely(qel->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD)) {
+				/* XXX TO DO: <cfdebug> is used only for the traces. */
+				struct quic_rx_crypto_frm cfdebug = { };
+
+				cfdebug.offset_node.key = frm.crypto.offset;
+				cfdebug.len = frm.crypto.len;
+				TRACE_PROTO("CRYPTO data discarded",
+				            QUIC_EV_CONN_ELRXPKTS, qc, pkt, &cfdebug);
+				break;
+			}
+
 			if (unlikely(frm.crypto.offset < qel->rx.crypto.offset)) {
 				if (frm.crypto.offset + frm.crypto.len <= qel->rx.crypto.offset) {
 					/* XXX TO DO: <cfdebug> is used only for the traces. */
@@ -3091,7 +3102,14 @@
 		(!MT_LIST_ISEMPTY(&qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA].rx.pqpkts) ||
 		qc_el_rx_pkts(&qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA]));
  start:
-	if (!quic_get_tls_enc_levels(&tel, &next_tel, st, zero_rtt))
+	if (st >= QUIC_HS_ST_COMPLETE &&
+	    qc_el_rx_pkts(&qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE])) {
+		TRACE_PROTO("remaining Handshake packets", QUIC_EV_CONN_PHPKTS, qc);
+		/* There may be remaining Handshake packets to treat and acknowledge. */
+		tel = QUIC_TLS_ENC_LEVEL_HANDSHAKE;
+		next_tel = QUIC_TLS_ENC_LEVEL_APP;
+	}
+	else if (!quic_get_tls_enc_levels(&tel, &next_tel, st, zero_rtt))
 		goto err;
 
 	qel = &qc->els[tel];
@@ -3563,10 +3581,8 @@
 	}
 
 	*qel = &qc->els[tel];
-	if ((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD) {
+	if ((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD)
 		TRACE_DEVEL("Discarded keys", QUIC_EV_CONN_TRMHP, qc);
-		return 0;
-	}
 
 	if (((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_SET) &&
 	    (tel != QUIC_TLS_ENC_LEVEL_APP ||