Merge branch 'maint-0.4.3'

diff --cc src/feature/hs/hs_client.c
Simple merge

diff --cc src/feature/hs/hs_client.h
Simple merge

diff --cc src/feature/hs/hs_descriptor.c
index a39a4a09c994d29c3d5ae7cc033bc2a271751dbd,d1c81bbff8ce9f96d2af3a43d31832531d2fdd71..50a46fb40fd322a0a681412fee85618164ae4e86
--- 1/src/feature/hs/hs_descriptor.c
--- 2/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@@ -1429,14 -1434,17 +1429,18 @@@ decrypt_descriptor_cookie(const hs_desc
    tor_assert(!fast_mem_is_zero(
          (char *) &desc->superencrypted_data.auth_ephemeral_pubkey,
          sizeof(desc->superencrypted_data.auth_ephemeral_pubkey)));
-   tor_assert(!fast_mem_is_zero((char *) client_auth_sk,
-                               sizeof(*client_auth_sk)));
 -  tor_assert(!fast_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN));
 +  tor_assert(!fast_mem_is_zero((char *) desc->subcredential.subcred,
 +                               DIGEST256_LEN));
  
+   /* Catch potential code-flow cases of an unitialized private key sneaking
+    * into this function. */
+   if (BUG(fast_mem_is_zero((char *)client_auth_sk, sizeof(*client_auth_sk)))) {
+     goto done;
+   }
+ 
    /* Get the KEYS component to derive the CLIENT-ID and COOKIE-KEY. */
    keystream_length =
 -    build_descriptor_cookie_keys(desc->subcredential, DIGEST256_LEN,
 +    build_descriptor_cookie_keys(&desc->subcredential,
                               client_auth_sk,
                               &desc->superencrypted_data.auth_ephemeral_pubkey,
                               &keystream);

diff --cc src/test/test_hs_client.c
Simple merge