From 642dba8c22f3135baf355eb068326c20f42690b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Mon, 3 Jul 2023 18:12:47 +0200
Subject: [PATCH] MINOR: quic: Stop storing the TX encoded transport parameters

There is no need to keep an encoded version of the QUIC listener transport
parameters attache to the connection.

Remove ->enc_params and ->enc_params_len member of quic_conn struct.
Use variables to build the encoded transport parameter local to
ha_quic_set_encryption_secrets() before they are passed to
SSL_set_quic_transport_params().

Modify qc_ssl_sess_init() prototype. It was expected to be used with
the encoded transport parameters as passed parameter, but they were not
used. Cleanup this function.
---
 include/haproxy/quic_conn-t.h |  2 --
 src/quic_conn.c               | 19 ++++++++-----------
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h
index dea013d90..3d830ebbc 100644
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@@ -589,8 +589,6 @@ struct quic_conn {
 	int state;
 	enum qc_mux_state mux_state; /* status of the connection/mux layer */
 	struct quic_err err;
-	unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
-	size_t enc_params_len;
 
 	struct quic_cid odcid; /* First DCID used by client on its Initial packet. */
 	struct quic_cid dcid; /* DCID of our endpoint - not updated when a new DCID is used */
diff --git a/src/quic_conn.c b/src/quic_conn.c
index 8a9f8ebd3..8885b7655 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1145,16 +1145,16 @@ write:
 	}
 
 	if (level == ssl_encryption_handshake && qc_is_listener(qc)) {
-		qc->enc_params_len =
-			quic_transport_params_encode(qc->enc_params,
-			                             qc->enc_params + sizeof qc->enc_params,
-			                             &qc->rx.params, ver, 1);
-		if (!qc->enc_params_len) {
+		int tps_len;
+		unsigned char tps[QUIC_TP_MAX_ENCLEN];
+
+		tps_len = quic_transport_params_encode(tps, tps + sizeof tps, &qc->rx.params, ver, 1);
+		if (!tps_len) {
 			TRACE_ERROR("quic_transport_params_encode() failed", QUIC_EV_CONN_RWSEC);
 			goto leave;
 		}
 
-		if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, qc->enc_params, qc->enc_params_len)) {
+		if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, tps, tps_len)) {
 			TRACE_ERROR("SSL_set_quic_transport_params() failed", QUIC_EV_CONN_RWSEC);
 			goto leave;
 		}
@@ -6667,8 +6667,7 @@ static struct quic_conn *retrieve_qc_conn_from_cid(struct quic_rx_packet *pkt,
  * Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <qc->conn> to
  * CO_ER_SSL_NO_MEM.
  */
-static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
-                            unsigned char *params, size_t params_len)
+static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 {
 	int retry, ret = -1;
 
@@ -6735,10 +6734,8 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
 	ctx->qc = qc;
 
 	if (qc_is_listener(qc)) {
-		if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl,
-		                     qc->enc_params, qc->enc_params_len) == -1) {
+		if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
 		        goto err;
-		}
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 		/* Enabling 0-RTT */
 		if (bc->ssl_conf.early_data)