BUG/MINOR: quic: Stop hardcoding Retry packet Version field
Use the same version as the one received. This is safe because the
version is treated before anything else sending a Version packet.
Must be backported to 2.6.
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 0e7949c..50d8e03 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4927,16 +4927,20 @@
aadlen = quic_generate_retry_token_aad(aad, version, dcid, addr);
salt = token + tokenlen - QUIC_RETRY_TOKEN_SALTLEN;
if (!quic_tls_derive_retry_token_secret(EVP_sha256(), key, sizeof key, iv, sizeof iv,
- salt, QUIC_RETRY_TOKEN_SALTLEN, sec, seclen))
+ salt, QUIC_RETRY_TOKEN_SALTLEN, sec, seclen)) {
+ TRACE_PROTO("Could not derive retry secret", QUIC_EV_CONN_LPKT, qc);
return 0;
+ }
if (!quic_tls_rx_ctx_init(&ctx, aead, key))
goto err;
/* Do not decrypt the QUIC_TOKEN_FMT_RETRY byte */
if (!quic_tls_decrypt2(buf, token + 1, tokenlen - QUIC_RETRY_TOKEN_SALTLEN - 1, aad, aadlen,
- ctx, aead, key, iv))
+ ctx, aead, key, iv)) {
+ TRACE_PROTO("Could not decrypt retry token", QUIC_EV_CONN_LPKT, qc);
goto err;
+ }
if (parse_retry_token(buf, buf + tokenlen - QUIC_RETRY_TOKEN_SALTLEN - 1, odcid)) {
TRACE_PROTO("Error during Initial token parsing", QUIC_EV_CONN_LPKT, qc);
@@ -4968,10 +4972,10 @@
/* long header + fixed bit + packet type 0x3 */
buf[i++] = 0xf0;
/* version */
- buf[i++] = 0x00;
- buf[i++] = 0x00;
- buf[i++] = 0x00;
- buf[i++] = 0x01;
+ buf[i++] = *((unsigned char *)&pkt->version + 3);
+ buf[i++] = *((unsigned char *)&pkt->version + 2);
+ buf[i++] = *((unsigned char *)&pkt->version + 1);
+ buf[i++] = *(unsigned char *)&pkt->version;
/* Use the SCID from <pkt> for Retry DCID. */
buf[i++] = pkt->scid.len;