Don't reserve an unused cid for NEW_TOKENS

Just realized that NEW_TOKEN tokens don't need a reserved rscid.

Because a client might use a received NEW_TOKEN for multiple subsequent
connections, we allocate a cid when we validate the token on new
connection establishment (in fact we just use the one that the client
sends).  As such the allocated rscid never gets used, and just sits
there until it ages out.

Instead, fill the rscid with random data to mutate subsequently
generated NEW_TOKENS's, since it won't ever be part of the validation
process anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index e6e2762463f2207c455f69532c2da153a7f6b457..3276ec885c4ffff3d316a8676ccb9a56cb0ccdd1 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1360,8 +1360,17 @@ static void generate_new_token(QUIC_CHANNEL *ch, BIO_ADDR *peer)
     if (ct_buf == NULL)
         return;
 
-    if (!ossl_quic_lcidm_get_unused_cid(ch->port->lcidm, &rscid))
+    /*
+     * NEW_TOKEN tokens may be used for multiple subsequent connections
+     * within their timeout period, so don't reserve an rscid here
+     * like we do for retry tokens, instead, just fill it with random
+     * data, as we won't use it anyway
+     */
+    rscid.id_len = 8;
+    if (!RAND_bytes_ex(ch->port->engine->libctx, rscid.id, 8, 0)) {
+        OPENSSL_free(ct_buf);
         return;
+    }
 
     if (!generate_token(peer, ch->init_dcid, rscid, &token, 0)
         || !marshal_validation_token(&token, buffer, &token_buf_len)