MINOR: quic: Stop storing the TX encoded transport parameters

There is no need to keep an encoded version of the QUIC listener transport parameters attache to the connection. Remove ->enc_params and ->enc_params_len member of quic_conn struct. Use variables to build the encoded transport parameter local to ha_quic_set_encryption_secrets() before they are passed to SSL_set_quic_transport_params(). Modify qc_ssl_sess_init() prototype. It was expected to be used with the encoded transport parameters as passed parameter, but they were not used. Cleanup this function.
2025-01-30 18:13:32 +00:00 · 2023-07-03 18:12:47 +02:00 · 2023-07-03 18:12:47 +02:00 · 642dba8c22
commit 642dba8c22
parent 57926fe8a3
2 changed files with 8 additions and 13 deletions
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@ -589,8 +589,6 @@ struct quic_conn {
 	int state;
 	enum qc_mux_state mux_state; /* status of the connection/mux layer */
 	struct quic_err err;
-	unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
-	size_t enc_params_len;

 	struct quic_cid odcid; /* First DCID used by client on its Initial packet. */
 	struct quic_cid dcid; /* DCID of our endpoint - not updated when a new DCID is used */
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@ -1145,16 +1145,16 @@ write:
 	}

 	if (level == ssl_encryption_handshake && qc_is_listener(qc)) {
-		qc->enc_params_len =
-			quic_transport_params_encode(qc->enc_params,
-			                             qc->enc_params + sizeof qc->enc_params,
-			                             &qc->rx.params, ver, 1);
-		if (!qc->enc_params_len) {
+		int tps_len;
+		unsigned char tps[QUIC_TP_MAX_ENCLEN];
+
+		tps_len = quic_transport_params_encode(tps, tps + sizeof tps, &qc->rx.params, ver, 1);
+		if (!tps_len) {
 			TRACE_ERROR("quic_transport_params_encode() failed", QUIC_EV_CONN_RWSEC);
 			goto leave;
 		}

-		if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, qc->enc_params, qc->enc_params_len)) {
+		if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, tps, tps_len)) {
 			TRACE_ERROR("SSL_set_quic_transport_params() failed", QUIC_EV_CONN_RWSEC);
 			goto leave;
 		}
@ -6667,8 +6667,7 @@ static struct quic_conn *retrieve_qc_conn_from_cid(struct quic_rx_packet *pkt,
 * Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <qc->conn> to
 * CO_ER_SSL_NO_MEM.
 */
-static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
-                            unsigned char *params, size_t params_len)
+static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 {
 	int retry, ret = -1;

@ -6735,10 +6734,8 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
 	ctx->qc = qc;

 	if (qc_is_listener(qc)) {
-		if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl,
-		                     qc->enc_params, qc->enc_params_len) == -1) {
+		if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
 		        goto err;
-		}
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 		/* Enabling 0-RTT */
 		if (bc->ssl_conf.early_data)