From 01d515e0133c243d1e8c012f78faaeafcd4aa569 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Tue, 7 Jun 2022 11:39:00 +0200
Subject: [PATCH] BUG/MINOR: quic: Stop hardcoding Retry packet Version field

Use the same version as the one received. This is safe because the
version is treated before anything else sending a Version packet.

Must be backported to 2.6.
---
 src/xprt_quic.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 0e7949c06b..50d8e03960 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4927,16 +4927,20 @@ static int quic_retry_token_check(unsigned char *token, size_t tokenlen,
 	aadlen = quic_generate_retry_token_aad(aad, version, dcid, addr);
 	salt = token + tokenlen - QUIC_RETRY_TOKEN_SALTLEN;
 	if (!quic_tls_derive_retry_token_secret(EVP_sha256(), key, sizeof key, iv, sizeof iv,
-	                                        salt, QUIC_RETRY_TOKEN_SALTLEN, sec, seclen))
+	                                        salt, QUIC_RETRY_TOKEN_SALTLEN, sec, seclen)) {
+		TRACE_PROTO("Could not derive retry secret", QUIC_EV_CONN_LPKT, qc);
 		return 0;
+	}
 
 	if (!quic_tls_rx_ctx_init(&ctx, aead, key))
 		goto err;
 
 	/* Do not decrypt the QUIC_TOKEN_FMT_RETRY byte */
 	if (!quic_tls_decrypt2(buf, token + 1, tokenlen - QUIC_RETRY_TOKEN_SALTLEN - 1, aad, aadlen,
-	                       ctx, aead, key, iv))
+	                       ctx, aead, key, iv)) {
+		TRACE_PROTO("Could not decrypt retry token", QUIC_EV_CONN_LPKT, qc);
 		goto err;
+	}
 
 	if (parse_retry_token(buf, buf + tokenlen - QUIC_RETRY_TOKEN_SALTLEN - 1, odcid)) {
 		TRACE_PROTO("Error during Initial token parsing", QUIC_EV_CONN_LPKT, qc);
@@ -4968,10 +4972,10 @@ static int send_retry(int fd, struct sockaddr_storage *addr,
 	/* long header + fixed bit + packet type 0x3 */
 	buf[i++] = 0xf0;
 	/* version */
-	buf[i++] = 0x00;
-	buf[i++] = 0x00;
-	buf[i++] = 0x00;
-	buf[i++] = 0x01;
+	buf[i++] = *((unsigned char *)&pkt->version + 3);
+	buf[i++] = *((unsigned char *)&pkt->version + 2);
+	buf[i++] = *((unsigned char *)&pkt->version + 1);
+	buf[i++] = *(unsigned char *)&pkt->version;
 
 	/* Use the SCID from <pkt> for Retry DCID. */
 	buf[i++] = pkt->scid.len;