Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
/* This frame makes the packet ACK eliciting */
ackm_data->is_ack_eliciting = 1;
+ if (token_len == 0) {
+ /*
+ * RFC 9000 s. 19.7: "A client MUST treat receipt of a NEW_TOKEN frame
+ * with an empty Token field as a connection error of type
+ * FRAME_ENCODING_ERROR."
+ */
+ ossl_quic_channel_raise_protocol_error(ch,
+ QUIC_ERR_FRAME_ENCODING_ERROR,
+ OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
+ "zero-length NEW_TOKEN");
+ return 0;
+ }
+
/* TODO(QUIC): ADD CODE to send |token| to the session manager */
return 1;