RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-30 18:13:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Stop storing the TX encoded transport parameters

Browse Source 
There is no need to keep an encoded version of the QUIC listener transport
parameters attache to the connection.

Remove ->enc_params and ->enc_params_len member of quic_conn struct.
Use variables to build the encoded transport parameter local to
ha_quic_set_encryption_secrets() before they are passed to
SSL_set_quic_transport_params().

Modify qc_ssl_sess_init() prototype. It was expected to be used with
the encoded transport parameters as passed parameter, but they were not
used. Cleanup this function.
This commit is contained in:
Frédéric Lécaille 2023-07-03 18:12:47 +02:00
parent 57926fe8a3
commit 642dba8c22
2 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/quic_conn-t.h
View File

@ -589,8 +589,6 @@ struct quic_conn {
int state; int state;
enum qc_mux_state mux_state; /* status of the connection/mux layer */ enum qc_mux_state mux_state; /* status of the connection/mux layer */
struct quic_err err; struct quic_err err;
unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
size_t enc_params_len;
struct quic_cid odcid; /* First DCID used by client on its Initial packet. */ struct quic_cid odcid; /* First DCID used by client on its Initial packet. */
struct quic_cid dcid; /* DCID of our endpoint - not updated when a new DCID is used */ struct quic_cid dcid; /* DCID of our endpoint - not updated when a new DCID is used */

19
src/quic_conn.c
View File

@ -1145,16 +1145,16 @@ write:
} }
if (level == ssl_encryption_handshake && qc_is_listener(qc)) { if (level == ssl_encryption_handshake && qc_is_listener(qc)) {
qc->enc_params_len = int tps_len;
quic_transport_params_encode(qc->enc_params, unsigned char tps[QUIC_TP_MAX_ENCLEN];
qc->enc_params + sizeof qc->enc_params,
&qc->rx.params, ver, 1); tps_len = quic_transport_params_encode(tps, tps + sizeof tps, &qc->rx.params, ver, 1);
if (!qc->enc_params_len) { if (!tps_len) {
TRACE_ERROR("quic_transport_params_encode() failed", QUIC_EV_CONN_RWSEC); TRACE_ERROR("quic_transport_params_encode() failed", QUIC_EV_CONN_RWSEC);
goto leave; goto leave;
} }
if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, qc->enc_params, qc->enc_params_len)) { if (!SSL_set_quic_transport_params(qc->xprt_ctx->ssl, tps, tps_len)) {
TRACE_ERROR("SSL_set_quic_transport_params() failed", QUIC_EV_CONN_RWSEC); TRACE_ERROR("SSL_set_quic_transport_params() failed", QUIC_EV_CONN_RWSEC);
goto leave; goto leave;
} }
@ -6667,8 +6667,7 @@ static struct quic_conn *retrieve_qc_conn_from_cid(struct quic_rx_packet *pkt,
* Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <qc->conn> to * Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <qc->conn> to
* CO_ER_SSL_NO_MEM. * CO_ER_SSL_NO_MEM.
*/ */
static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl, static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
unsigned char *params, size_t params_len)
{ {
int retry, ret = -1; int retry, ret = -1;
@ -6735,10 +6734,8 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
ctx->qc = qc; ctx->qc = qc;
if (qc_is_listener(qc)) { if (qc_is_listener(qc)) {
if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl, if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
qc->enc_params, qc->enc_params_len) == -1) {
goto err; goto err;
}
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
/* Enabling 0-RTT */ /* Enabling 0-RTT */
if (bc->ssl_conf.early_data) if (bc->ssl_conf.early_data)