MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct)

Modify qf_new_token structure to use a static buffer with QUIC_TOKEN_LEN
as size as defined by the token for future connections (quic_token.c).
Modify consequently the NEW_TOKEN frame parser (see quic_parse_new_token_frame()).
Also add comments to denote that the NEW_TOKEN parser function is used only by
clients and that its builder is used only by servers.

(cherry picked from commit e926378375)
[fl: remove openssl/chacha.h header inclusion when moving openssl-compat.h
     at the start of the header inclusions as expected by this patch]
Signed-off-by: Frederic Lecaille <flecaille@haproxy.com>

include/haproxy/quic_frame-t.h

@@ -33,6 +33,7 @@
 #include <haproxy/buf-t.h>
 #include <haproxy/list.h>
 #include <haproxy/quic_stream-t.h>
+#include <haproxy/quic_token.h>
 
 extern struct pool_head *pool_head_quic_frame;
 extern struct pool_head *pool_head_qf_crypto;
@@ -154,7 +155,7 @@ struct qf_crypto {
 
 struct qf_new_token {
 	uint64_t len;
-	const unsigned char *data;
+	unsigned char data[QUIC_TOKEN_LEN];
 };
 
 struct qf_stream {

include/haproxy/quic_tls-t.h

@@ -17,6 +17,7 @@
 #error "Must define USE_OPENSSL"
 #endif
 
+#include <haproxy/openssl-compat.h>
 #include <openssl/evp.h>
 
 #include <import/ebtree.h>
@@ -24,7 +25,6 @@
 #include <haproxy/buf-t.h>
 #include <haproxy/ncbuf-t.h>
 #include <haproxy/quic_ack-t.h>
-#include <haproxy/openssl-compat.h>
 
 /* Use EVP_CIPHER or EVP_AEAD API depending on the library */
 #if defined(USE_OPENSSL_AWSLC)

src/quic_frame.c

@@ -473,7 +473,8 @@ static int quic_parse_crypto_frame(struct quic_frame *frm, struct quic_conn *qc,
 	return 1;
 }
 
-/* Encode a NEW_TOKEN frame at <pos> buffer position.
+/* Server only function.
+ * Encode a NEW_TOKEN frame at <pos> buffer position.
  * Returns 1 if succeeded (enough room at <pos> buffer position to encode the frame), 0 if not.
  */
 static int quic_build_new_token_frame(unsigned char **pos, const unsigned char *end,
@@ -490,7 +491,8 @@ static int quic_build_new_token_frame(unsigned char **pos, const unsigned char *
 	return 1;
 }
 
-/* Parse a NEW_TOKEN frame at <pos> buffer position with <end> as end into <frm> frame.
+/* Client only function.
+ * Parse a NEW_TOKEN frame at <pos> buffer position with <end> as end into <frm> frame.
  * Return 1 if succeeded (enough room at <pos> buffer position to parse this frame), 0 if not.
  */
 static int quic_parse_new_token_frame(struct quic_frame *frm, struct quic_conn *qc,
@@ -498,10 +500,11 @@ static int quic_parse_new_token_frame(struct quic_frame *frm, struct quic_conn *
 {
 	struct qf_new_token *new_token_frm = &frm->new_token;
 
-	if (!quic_dec_int(&new_token_frm->len, pos, end) || end - *pos < new_token_frm->len)
+	if (!quic_dec_int(&new_token_frm->len, pos, end) || end - *pos < new_token_frm->len ||
+	    sizeof(new_token_frm->data) < new_token_frm->len)
 		return 0;
 
-	new_token_frm->data = *pos;
+	memcpy(new_token_frm->data, *pos, new_token_frm->len);
 	*pos += new_token_frm->len;
 
 	return 1;