From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 22 Jun 2023 12:51:28 +0000 (+0200)
Subject: MINOR: quic: Reduce the maximum length of TLS secrets
X-Git-Tag: v2.9-dev1~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5c1a3b774fc5200e32548d7fa8a16ae4c976247;p=thirdparty%2Fhaproxy.git

MINOR: quic: Reduce the maximum length of TLS secrets

The maximum length of the secrets derived by the TLS stack is 384 bits.
This reduces the size of the objects provided by the "quic_tls_secret" pool by
16 bytes.

Should be backported as far as 2.6
---

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 71f8932fdb..b13e4f8bc2 100644
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -44,7 +44,7 @@
 /* AEAD iv and secrete key lengths */
 #define QUIC_TLS_IV_LEN     12 /* bytes */
 #define QUIC_TLS_KEY_LEN    32 /* bytes */
-#define QUIC_TLS_SECRET_LEN 64 /* bytes */
+#define QUIC_TLS_SECRET_LEN 48 /* bytes */
 /* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tags */
 #define QUIC_TLS_TAG_LEN    16 /* bytes */