From e85d2854d326ae07bd7590f2c87511b08494b245 Mon Sep 17 00:00:00 2001
From: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Wed, 4 Nov 2020 10:27:50 -0500
Subject: [PATCH] Release 2.24.1

- [API] Allow use of ea_get_ssl_ctx() on the client (optional).  PR #186.
- [BUGFIX] Expand datagram with ack-eliciting Initial to 1200 bytes
  after connection promotion.
- [BUGFIX] Discard CRYPTO frames from lower encryption levels after
  connection promotion.
- [BUGFIX] Cancel path response if path could not be initialized.
---
 CHANGELOG                             |  9 ++++++++
 CONTRIBUTORS.txt                      |  1 +
 docs/conf.py                          |  2 +-
 include/lsquic.h                      |  2 +-
 src/liblsquic/lsquic_full_conn_ietf.c | 30 ++++++++++++++++++++++-----
 src/liblsquic/lsquic_send_ctl.c       |  4 +++-
 6 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index f3ef034..f53834c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,12 @@
+2020-11-04
+    - 2.24.1
+    - [API] Allow use of ea_get_ssl_ctx() on the client (optional).  PR #186.
+    - [BUGFIX] Expand datagram with ack-eliciting Initial to 1200 bytes
+      after connection promotion.
+    - [BUGFIX] Discard CRYPTO frames from lower encryption levels after
+      connection promotion.
+    - [BUGFIX] Cancel path response if path could not be initialized.
+
 2020-10-28
     - 2.24.0
     - [FEATURE] QUIC and HTTP/3 Internet Draft 31 support.  Drop ID-30
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt
index 6b62bf9..a96c3cd 100644
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -12,6 +12,7 @@ to the LiteSpeed QUIC and HTTP/3 Library:
     - Rahul Jadhav -- Android support
     - Victor Stewart -- Generate SCIDs API (connection ID steering)
     - Aaron France -- Shared library support and Lisp bindings
+    - Suma Subbarao -- Use callback to supply client's SSL_CTX
 
 Thank you!
 
diff --git a/docs/conf.py b/docs/conf.py
index 3ecbb94..016d7ac 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -26,7 +26,7 @@ author = u'LiteSpeed Technologies'
 # The short X.Y version
 version = u'2.24'
 # The full version, including alpha/beta/rc tags
-release = u'2.24.0'
+release = u'2.24.1'
 
 
 # -- General configuration ---------------------------------------------------
diff --git a/include/lsquic.h b/include/lsquic.h
index 54996a7..7a4f14a 100644
--- a/include/lsquic.h
+++ b/include/lsquic.h
@@ -25,7 +25,7 @@ extern "C" {
 
 #define LSQUIC_MAJOR_VERSION 2
 #define LSQUIC_MINOR_VERSION 24
-#define LSQUIC_PATCH_VERSION 0
+#define LSQUIC_PATCH_VERSION 1
 
 /**
  * Engine flags:
diff --git a/src/liblsquic/lsquic_full_conn_ietf.c b/src/liblsquic/lsquic_full_conn_ietf.c
index 14afeaa..1e050ee 100644
--- a/src/liblsquic/lsquic_full_conn_ietf.c
+++ b/src/liblsquic/lsquic_full_conn_ietf.c
@@ -5357,6 +5357,7 @@ process_crypto_frame_server (struct ietf_full_conn *conn,
     struct lsquic_packet_in *packet_in, const unsigned char *p, size_t len)
 {
     struct stream_frame stream_frame;
+    enum enc_level enc_level;
     int parsed_len;
 
     parsed_len = conn->ifc_conn.cn_pf->pf_parse_crypto_frame(p, len,
@@ -5364,9 +5365,19 @@ process_crypto_frame_server (struct ietf_full_conn *conn,
     if (parsed_len < 0)
         return 0;
 
+    enc_level = lsquic_packet_in_enc_level(packet_in);
+    EV_LOG_CRYPTO_FRAME_IN(LSQUIC_LOG_CONN_ID, &stream_frame, enc_level);
+    LSQ_DEBUG("Got CRYPTO frame for enc level #%u", enc_level);
     if (!(conn->ifc_flags & IFC_PROC_CRYPTO))
     {
-        LSQ_DEBUG("discard %d-byte CRYPTO frame", parsed_len);
+        LSQ_DEBUG("discard %d-byte CRYPTO frame: handshake has been confirmed",
+                                                                    parsed_len);
+        return (unsigned) parsed_len;
+    }
+    if (enc_level < ENC_LEV_INIT)
+    {   /* Must be dup */
+        LSQ_DEBUG("discard %d-byte CRYPTO frame on level %s", parsed_len,
+                                                lsquic_enclev2str[enc_level]);
         return (unsigned) parsed_len;
     }
 
@@ -6581,7 +6592,7 @@ init_new_path (struct ietf_full_conn *conn, struct conn_path *path,
 }
 
 
-static void
+static int
 on_new_or_unconfirmed_path (struct ietf_full_conn *conn,
                                     const struct lsquic_packet_in *packet_in)
 {
@@ -6608,7 +6619,7 @@ on_new_or_unconfirmed_path (struct ietf_full_conn *conn,
     {
         ABORT_ERROR("DCID %"CID_FMT" not found on new path",
                                             CID_BITS(&packet_in->pi_dcid));
-        return;
+        return -1;
     }
 
     dcid_changed = !(cce->cce_flags & CCE_USED);
@@ -6620,7 +6631,7 @@ on_new_or_unconfirmed_path (struct ietf_full_conn *conn,
         if (0 == init_new_path(conn, path, dcid_changed))
             path->cop_flags |= COP_INITIALIZED;
         else
-            return;
+            return -1;
 
         conn->ifc_send_flags |= SF_SEND_PATH_CHAL << packet_in->pi_path_id;
         LSQ_DEBUG("scheduled return path challenge on path %hhu",
@@ -6638,6 +6649,7 @@ on_new_or_unconfirmed_path (struct ietf_full_conn *conn,
     path->cop_cce_idx = cce - lconn->cn_cces;
     cce->cce_flags |= CCE_USED;
     LOG_SCIDS(conn);
+    return 0;
 }
 
 
@@ -7157,7 +7169,15 @@ process_regular_packet (struct ietf_full_conn *conn,
         if (saved_path_id == conn->ifc_cur_path_id)
         {
             if (conn->ifc_cur_path_id != packet_in->pi_path_id)
-                on_new_or_unconfirmed_path(conn, packet_in);
+            {
+                if (0 != on_new_or_unconfirmed_path(conn, packet_in))
+                {
+                    LSQ_DEBUG("path %hhu invalid, cancel any path response "
+                        "on it", packet_in->pi_path_id);
+                    conn->ifc_send_flags &= ~(SF_SEND_PATH_RESP
+                                                    << packet_in->pi_path_id);
+                }
+            }
             else if (!LSQUIC_CIDS_EQ(CN_SCID(&conn->ifc_conn),
                                                     &packet_in->pi_dcid))
             {
diff --git a/src/liblsquic/lsquic_send_ctl.c b/src/liblsquic/lsquic_send_ctl.c
index 060b5dc..f61b042 100644
--- a/src/liblsquic/lsquic_send_ctl.c
+++ b/src/liblsquic/lsquic_send_ctl.c
@@ -1943,7 +1943,9 @@ lsquic_send_ctl_next_packet_to_send (struct lsquic_send_ctl *ctl,
         packet_out->po_lflags &= ~POL_LIMITED;
 
     if (UNLIKELY(packet_out->po_header_type == HETY_INITIAL)
-                    && !(ctl->sc_conn_pub->lconn->cn_flags & LSCONN_SERVER)
+                    && (!(ctl->sc_conn_pub->lconn->cn_flags & LSCONN_SERVER)
+                        || (packet_out->po_frame_types
+                                                & IQUIC_FRAME_ACKABLE_MASK))
                     && size < 1200)
     {
         send_ctl_maybe_zero_pad(ctl, packet_out, 1200 - size);