Delay delivering 1-RTT read key to QUIC
This change simulates the behavior pending in
https://boringssl-review.googlesource.com/c/boringssl/+/40127, so that when
BoringSSL is updated it will be a no-op.
gfe-relnote: Protected by reloadable flag quic_enable_version_draft_25_v2
PiperOrigin-RevId: 297650164
Change-Id: I6822ebbd3cb95abb5ef816a2629e5e4b6b61b630
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index e5587cd..bb8a821 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -160,6 +160,19 @@
return TlsHandshaker::BufferSizeLimitForLevel(level);
}
+bool TlsServerHandshaker::SetReadSecret(
+ EncryptionLevel level,
+ const SSL_CIPHER* cipher,
+ const std::vector<uint8_t>& read_secret) {
+ if (level != ENCRYPTION_FORWARD_SECURE || one_rtt_keys_available_) {
+ return TlsHandshaker::SetReadSecret(level, cipher, read_secret);
+ }
+ // Delay setting read secret for ENCRYPTION_FORWARD_SECURE until handshake
+ // completes.
+ app_data_read_secret_ = read_secret;
+ return true;
+}
+
void TlsServerHandshaker::AdvanceHandshake() {
if (state_ == STATE_CONNECTION_CLOSED) {
QUIC_LOG(INFO) << "TlsServerHandshaker received handshake message after "
@@ -287,6 +300,16 @@
}
crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
+ if (!app_data_read_secret_.empty()) {
+ if (!SetReadSecret(ENCRYPTION_FORWARD_SECURE, cipher,
+ app_data_read_secret_)) {
+ QUIC_BUG << "Failed to set forward secure read key.";
+ CloseConnection(QUIC_HANDSHAKE_FAILED, "Failed to set app data read key");
+ return;
+ }
+ app_data_read_secret_.clear();
+ }
+
handshaker_delegate()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
