MINOR: quic: Stop storing the TX encoded transport parameters

There is no need to keep an encoded version of the QUIC listener transport
parameters attache to the connection.

Remove ->enc_params and ->enc_params_len member of quic_conn struct.
Use variables to build the encoded transport parameter local to
ha_quic_set_encryption_secrets() before they are passed to
SSL_set_quic_transport_params().

Modify qc_ssl_sess_init() prototype. It was expected to be used with
the encoded transport parameters as passed parameter, but they were not
used. Cleanup this function.

diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h
index dea013d904254f5d2a3bb086459d730af60918eb..3d830ebbc3e34a1b482c28c25156029576ec17e8 100644 (file)
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@@ -589,8 +589,6 @@ struct quic_conn {
        int state;
        enum qc_mux_state mux_state; /* status of the connection/mux layer */
        struct quic_err err;
-       unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
-       size_t enc_params_len;
 
        struct quic_cid odcid; /* First DCID used by client on its Initial packet. */
        struct quic_cid dcid; /* DCID of our endpoint - not updated when a new DCID is used */

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 8a9f8ebd30a036479ae3f01c2dcc495e39c9d501..8885b7655d9df107992fb8c0d48c0fe136b92618 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1145,16 +1145,16 @@ write:
        }
 
        if (level == ssl_encryption_handshake && qc_is_listener(qc)) {
-               qc->enc_params_len =
-                       quic_transport_params_encode(qc->enc_params,
-                                                    qc->enc_params + sizeof qc->enc_params,
-                                                    &qc->rx.params, ver, 1);
-               if (!qc->enc_params_len) {
+               int tps_len;
+               unsigned char tps[QUIC_TP_MAX_ENCLEN];
+
+               tps_len = quic_transport_params_encode(tps, tps + sizeof tps, &qc->rx.params, ver, 1);
+               if (!tps_len) {
                        TRACE_ERROR("quic_transport_params_encode() failed", QUIC_EV_CONN_RWSEC);
                        goto leave;
                }
 
-               if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, qc->enc_params, qc->enc_params_len)) {
+               if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, tps, tps_len)) {
                        TRACE_ERROR("SSL_set_quic_transport_params() failed", QUIC_EV_CONN_RWSEC);
                        goto leave;
                }
@@ -6667,8 +6667,7 @@ static struct quic_conn *retrieve_qc_conn_from_cid(struct quic_rx_packet *pkt,
  * Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <qc->conn> to
  * CO_ER_SSL_NO_MEM.
  */
-static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
-                            unsigned char *params, size_t params_len)
+static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 {
        int retry, ret = -1;
 
@@ -6735,10 +6734,8 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
        ctx->qc = qc;
 
        if (qc_is_listener(qc)) {
-               if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl,
-                                    qc->enc_params, qc->enc_params_len) == -1) {
+               if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
                        goto err;
-               }
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
                /* Enabling 0-RTT */
                if (bc->ssl_conf.early_data)