Tomáš Mráz

We do not have single copy public API for QUIC yet. The internals are mostly written with single copy in mind but there are things missing. And this API SSL_writev...

Neither of these would be acceptable. IMO converting it to individiual ossl_sstream() calls would be acceptable, except it still does not avoid copying the data into the ring buffer. It...

Thank you for the benchmark results. Not surprisingly the results for SSL_writev() and SSL_write() with coalescing the buffer before the call do not differ significantly. IMO that makes the SSL_writev()...

It is not a problem with the implementation. It is a problem with how QUIC does resending frames when packets are lost. Basically this API won't fit its model.

OTC needs to decide. (There is an OTC hold set on the PR #21011)

IMO this is just a documentation issue and what you describe as the workaround is actually the right way how to use this algorithm. The default KDF_OUTLEN is 0 and...

@Jakuje no KDF means using the output of the ECDH kex directly. That output has well-defined length. There is no KDF applied -> OSSL_EXCHANGE_PARAM_KDF_OUTLEN does not have any meaning for...

> One more attempt, would it make sense for the operation to fail when there is no `OSSL_EXCHANGE_PARAM_KDF_OUTLEN` provided (making it mandatory argument) to provide the user explicit failure, rather...

If it is only a build target config addition, it would be OK for all branches.

My opinion is strongly in favor of disabling the warning in Configure on all active branches. I believe the warning is only marginally useful but I would not be against...