From b661fa9155560a3ad77e397a09000e9f51269540 Mon Sep 17 00:00:00 2001 From: Christian Huitema Date: Mon, 25 Mar 2024 22:51:06 -0700 Subject: [PATCH] Fix uint32 issue with initial PN --- picoquic/packet.c | 2 +- picoquic/tls_api.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/picoquic/packet.c b/picoquic/packet.c index c76260b47..b0bfb3a8d 100644 --- a/picoquic/packet.c +++ b/picoquic/packet.c @@ -131,7 +131,7 @@ int picoquic_screen_initial_packet( * is not decrypted yet. */ if (picoquic_verify_retry_token(quic, addr_from, current_time, - &is_new_token, &original_cnxid, &ph->dest_cnx_id, UINT64_MAX, + &is_new_token, &original_cnxid, &ph->dest_cnx_id, UINT32_MAX, ph->token_bytes, ph->token_length, 1) == 0) { has_good_token = 1; } diff --git a/picoquic/tls_api.c b/picoquic/tls_api.c index 870ab8acf..5d88d92cc 100644 --- a/picoquic/tls_api.c +++ b/picoquic/tls_api.c @@ -2910,9 +2910,9 @@ int picoquic_verify_retry_token(picoquic_quic_t* quic, const struct sockaddr * a /* Invalid token, too old */ ret = -1; } - /* If the PN value is not yet decrypted, setting it to UINT64_MAX + /* If the PN value is not yet decrypted, setting it to UINT32_MAX * bypasses the verification */ - else if (initial_pn != UINT64_MAX && odcid->id_len > 0 && token_pn >= initial_pn) { + else if (initial_pn != UINT32_MAX && odcid->id_len > 0 && token_pn >= initial_pn) { /* Invalid PN number */ ret = -1; }