MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct)

Modify qf_new_token structure to use a static buffer with QUIC_TOKEN_LEN
as size as defined by the token for future connections (quic_token.c).
Modify consequently the NEW_TOKEN frame parser (see quic_parse_new_token_frame()).
Also add comments to denote that the NEW_TOKEN parser function is used only by
clients and that its builder is used only by servers.

diff --git a/include/haproxy/quic_frame-t.h b/include/haproxy/quic_frame-t.h
index 5e91f93208aa52ba23d225ccbc08b71fff895c22..fe80f279366770fd65f1c74ecfc66b0e96aca437 100644 (file)
--- a/include/haproxy/quic_frame-t.h
+++ b/include/haproxy/quic_frame-t.h
@@ -33,6 +33,7 @@
 #include <haproxy/buf-t.h>
 #include <haproxy/list.h>
 #include <haproxy/quic_stream-t.h>
+#include <haproxy/quic_token.h>
 
 extern struct pool_head *pool_head_quic_frame;
 extern struct pool_head *pool_head_qf_crypto;
@@ -154,7 +155,7 @@ struct qf_crypto {
 
 struct qf_new_token {
        uint64_t len;
-       const unsigned char *data;
+       unsigned char data[QUIC_TOKEN_LEN];
 };
 
 struct qf_stream {

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index edeab59eba3e753a9e94b5c80b98a9fd14ce65ee..1a39919b6d8f15c0cbe3be0604d0a9becf4ec677 100644 (file)
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -17,6 +17,7 @@
 #error "Must define USE_OPENSSL"
 #endif
 
+#include <haproxy/openssl-compat.h>
 #if defined(OPENSSL_IS_AWSLC)
 #include <openssl/chacha.h>
 #endif
@@ -27,7 +28,6 @@
 #include <haproxy/buf-t.h>
 #include <haproxy/ncbuf-t.h>
 #include <haproxy/quic_ack-t.h>
-#include <haproxy/openssl-compat.h>
 
 /* Use EVP_CIPHER or EVP_AEAD API depending on the library */
 #if defined(OPENSSL_IS_AWSLC)

diff --git a/src/quic_frame.c b/src/quic_frame.c
index 8d42786e0f8266df69f14511208549ec66dde2e8..6c459353c86fc56e504958b8fd90367b5c59b67b 100644 (file)
--- a/src/quic_frame.c
+++ b/src/quic_frame.c
@@ -473,7 +473,8 @@ static int quic_parse_crypto_frame(struct quic_frame *frm, struct quic_conn *qc,
        return 1;
 }
 
-/* Encode a NEW_TOKEN frame at <pos> buffer position.
+/* Server only function.
+ * Encode a NEW_TOKEN frame at <pos> buffer position.
  * Returns 1 if succeeded (enough room at <pos> buffer position to encode the frame), 0 if not.
  */
 static int quic_build_new_token_frame(unsigned char **pos, const unsigned char *end,
@@ -490,7 +491,8 @@ static int quic_build_new_token_frame(unsigned char **pos, const unsigned char *
        return 1;
 }
 
-/* Parse a NEW_TOKEN frame at <pos> buffer position with <end> as end into <frm> frame.
+/* Client only function.
+ * Parse a NEW_TOKEN frame at <pos> buffer position with <end> as end into <frm> frame.
  * Return 1 if succeeded (enough room at <pos> buffer position to parse this frame), 0 if not.
  */
 static int quic_parse_new_token_frame(struct quic_frame *frm, struct quic_conn *qc,
@@ -498,10 +500,11 @@ static int quic_parse_new_token_frame(struct quic_frame *frm, struct quic_conn *
 {
        struct qf_new_token *new_token_frm = &frm->new_token;
 
-       if (!quic_dec_int(&new_token_frm->len, pos, end) || end - *pos < new_token_frm->len)
+       if (!quic_dec_int(&new_token_frm->len, pos, end) || end - *pos < new_token_frm->len ||
+           sizeof(new_token_frm->data) < new_token_frm->len)
                return 0;
 
-       new_token_frm->data = *pos;
+       memcpy(new_token_frm->data, *pos, new_token_frm->len);
        *pos += new_token_frm->len;
 
        return 1;