From: Neil Horman <nhorman@openssl.org>
Date: Mon, 27 Jan 2025 21:32:32 +0000 (-0500)
Subject: Don't reserve an unused cid for NEW_TOKENS
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=56d0ca6791ea660b962ee4a25e7c0bfed9eed9c6;p=thirdparty%2Fopenssl.git

Don't reserve an unused cid for NEW_TOKENS

Just realized that NEW_TOKEN tokens don't need a reserved rscid.

Because a client might use a received NEW_TOKEN for multiple subsequent
connections, we allocate a cid when we validate the token on new
connection establishment (in fact we just use the one that the client
sends).  As such the allocated rscid never gets used, and just sits
there until it ages out.

Instead, fill the rscid with random data to mutate subsequently
generated NEW_TOKENS's, since it won't ever be part of the validation
process anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
---

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index e6e2762463f..3276ec885c4 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1360,8 +1360,17 @@ static void generate_new_token(QUIC_CHANNEL *ch, BIO_ADDR *peer)
     if (ct_buf == NULL)
         return;
 
-    if (!ossl_quic_lcidm_get_unused_cid(ch->port->lcidm, &rscid))
+    /*
+     * NEW_TOKEN tokens may be used for multiple subsequent connections
+     * within their timeout period, so don't reserve an rscid here
+     * like we do for retry tokens, instead, just fill it with random
+     * data, as we won't use it anyway
+     */
+    rscid.id_len = 8;
+    if (!RAND_bytes_ex(ch->port->engine->libctx, rscid.id, 8, 0)) {
+        OPENSSL_free(ct_buf);
         return;
+    }
 
     if (!generate_token(peer, ch->init_dcid, rscid, &token, 0)
         || !marshal_validation_token(&token, buffer, &token_buf_len)