Bug 1654332 - Fixup a10493dcfcc9: copy ECHConfig.config_id with socke…

…t r=jcj

A late review change for ECH was for the server to compute each ECHConfig `config_id` when set to the socket, rather than on each connection. This works, but now we also need to copy that config_id when copying a socket, else the server won't find a matching ECHConfig to use for decryption.

Differential Revision: https://phabricator.services.mozilla.com/D97475

--HG--
extra : moz-landing-system : lando

lib/ssl/ssl3con.c

@@ -5521,7 +5521,7 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         if (IS_DTLS(ss)) {
             rv = dtls_StageHandshakeMessage(ss);
             if (rv != SECSuccess) {
-                return rv;
+                goto loser;
             }
         }
         /* By default, all messagess are added to both the inner and

lib/ssl/tls13con.c

@@ -1752,7 +1752,7 @@ tls13_MaybeSendHelloRetry(sslSocket *ss, const sslNamedGroupDef *requestedGroup,
         return SECFailure; /* Code already set. */
     }
 
-    /* We received ECH, but have to start over with CH2. */
+    /* We may have received ECH, but have to start over with CH2. */
     ss->ssl3.hs.echAccepted = PR_FALSE;
     PK11_HPKE_DestroyContext(ss->ssl3.hs.echHpkeCtx, PR_TRUE);
     ss->ssl3.hs.echHpkeCtx = NULL;

lib/ssl/tls13ech.c

@@ -86,6 +86,7 @@ tls13_CopyEchConfigs(PRCList *oConfigs, PRCList *configs)
         newConfig->contents.kdfId = config->contents.kdfId;
         newConfig->contents.aeadId = config->contents.aeadId;
         newConfig->contents.maxNameLen = config->contents.maxNameLen;
+        PORT_Memcpy(newConfig->configId, config->configId, sizeof(newConfig->configId));
         PR_APPEND_LINK(&newConfig->link, configs);
     }
     return SECSuccess;