Google Git
Sign in
quiche / quiche.git / 573ac768f1affdbd95081e7e97bb3fc4ca7ed21f^! / .
commit573ac768f1affdbd95081e7e97bb3fc4ca7ed21f[log] [tgz]
authornharper <nharper@google.com>Fri Jun 05 06:53:42 2020 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Jun 05 06:54:15 2020 -0700
treec940bf7c3b8c2efc1e5a39a26fe652cb8760fbd2
parent1a5d09ce1b898b4a7a694f5ae99a9a9a31bd34f3 [diff]
Remove no-op code in tlsserverhandshaker, not flag protected

This code was added in cl/297650164 to simulate pending behavior in
BoringSSL, which landed in
https://boringssl-review.googlesource.com/c/boringssl/+/40127.

PiperOrigin-RevId: 314920425
Change-Id: Id41e82d474711c8f87e67b5563f7f1aea169e9ee

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index cdc89d8..7d97bdb 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -214,19 +214,6 @@
 
 void TlsServerHandshaker::OverrideQuicConfigDefaults(QuicConfig* /*config*/) {}
 
-bool TlsServerHandshaker::SetReadSecret(
-    EncryptionLevel level,
-    const SSL_CIPHER* cipher,
-    const std::vector<uint8_t>& read_secret) {
-  if (level != ENCRYPTION_FORWARD_SECURE || one_rtt_keys_available_) {
-    return TlsHandshaker::SetReadSecret(level, cipher, read_secret);
-  }
-  // Delay setting read secret for ENCRYPTION_FORWARD_SECURE until handshake
-  // completes.
-  app_data_read_secret_ = read_secret;
-  return true;
-}
-
 void TlsServerHandshaker::AdvanceHandshake() {
   if (state_ == STATE_CONNECTION_CLOSED) {
     QUIC_LOG(INFO) << "TlsServerHandshaker received handshake message after "
@@ -390,18 +377,6 @@
   state_ = STATE_HANDSHAKE_COMPLETE;
   one_rtt_keys_available_ = true;
 
-  const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
-
-  if (!app_data_read_secret_.empty()) {
-    if (!SetReadSecret(ENCRYPTION_FORWARD_SECURE, cipher,
-                       app_data_read_secret_)) {
-      QUIC_BUG << "Failed to set forward secure read key.";
-      CloseConnection(QUIC_HANDSHAKE_FAILED, "Failed to set app data read key");
-      return;
-    }
-    app_data_read_secret_.clear();
-  }
-
   handshaker_delegate()->OnOneRttKeysAvailable();
   handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
   handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);

diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 85c1b86..9d4bc5c 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h

@@ -82,13 +82,6 @@
   virtual void ProcessAdditionalTransportParameters(
       const TransportParameters& /*params*/) {}
 
-  // Override of TlsHandshaker::SetReadSecret so that setting the read secret
-  // for ENCRYPTION_FORWARD_SECURE can be delayed until the handshake is
-  // complete.
-  bool SetReadSecret(EncryptionLevel level,
-                     const SSL_CIPHER* cipher,
-                     const std::vector<uint8_t>& read_secret) override;
-
   // Called when a new message is received on the crypto stream and is available
   // for the TLS stack to read.
   void AdvanceHandshake() override;
@@ -195,11 +188,6 @@
   // Pre-shared key used during the handshake.
   std::string pre_shared_key_;
 
-  // Used to hold the ENCRYPTION_FORWARD_SECURE read secret until the handshake
-  // is complete. This is temporary until
-  // https://bugs.chromium.org/p/boringssl/issues/detail?id=303 is resolved.
-  std::vector<uint8_t> app_data_read_secret_;
-
   bool encryption_established_ = false;
   bool one_rtt_keys_available_ = false;
   bool valid_alpn_received_ = false;