Use trampoline for TicketCrypterGoogle3::Decrypt
Fix QUIC session ticket decryption bug, protected by gfe2_restart_flag_quic_enable_tls_resumption_v4
PiperOrigin-RevId: 324935765
Change-Id: I93dff953fe71911909fe4b5df0a4564795985c05
diff --git a/quic/core/crypto/tls_server_connection.cc b/quic/core/crypto/tls_server_connection.cc
index 69c5a82..0e59997 100644
--- a/quic/core/crypto/tls_server_connection.cc
+++ b/quic/core/crypto/tls_server_connection.cc
@@ -24,7 +24,7 @@
SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr);
// We don't actually need the TicketCrypter here, but we need to know
// whether it's set.
- if (GetQuicRestartFlag(quic_enable_tls_resumption_v3) &&
+ if (GetQuicRestartFlag(quic_enable_tls_resumption_v4) &&
proof_source->GetTicketCrypter()) {
SSL_CTX_set_ticket_aead_method(ssl_ctx.get(),
&TlsServerConnection::kSessionTicketMethod);
diff --git a/quic/core/http/end_to_end_test.cc b/quic/core/http/end_to_end_test.cc
index 5e50cc5..2f5e7b9 100644
--- a/quic/core/http/end_to_end_test.cc
+++ b/quic/core/http/end_to_end_test.cc
@@ -202,7 +202,7 @@
SetQuicReloadableFlag(quic_fix_packet_number_length, true);
SetQuicReloadableFlag(quic_support_handshake_done_in_t050, true);
- SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+ SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
}
diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc
index 15ac198..a6be1e6 100644
--- a/quic/core/http/quic_spdy_client_session_test.cc
+++ b/quic/core/http/quic_spdy_client_session_test.cc
@@ -96,7 +96,7 @@
QuicUtils::GetInvalidStreamId(GetParam().transport_version)) {
auto client_cache = std::make_unique<test::SimpleSessionCache>();
client_session_cache_ = client_cache.get();
- SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+ SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
crypto_test_utils::ProofVerifierForTesting(), std::move(client_cache));
diff --git a/quic/core/quic_versions.cc b/quic/core/quic_versions.cc
index fbd6c0f..93b5748 100644
--- a/quic/core/quic_versions.cc
+++ b/quic/core/quic_versions.cc
@@ -683,7 +683,7 @@
void QuicVersionInitializeSupportForIetfDraft() {
// Enable necessary flags.
- SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+ SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
}
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index adf06ad..e2988d9 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc
@@ -174,7 +174,7 @@
server_id_(kServerHostname, kServerPort, false),
server_compressed_certs_cache_(
QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) {
- SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+ SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
std::make_unique<TestProofVerifier>(),
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 2c7c77e..ac3b056 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -502,7 +502,7 @@
memcpy(out, decrypted_session_ticket_.data(),
decrypted_session_ticket_.size());
*out_len = decrypted_session_ticket_.size();
- QUIC_RESTART_FLAG_COUNT(quic_enable_tls_resumption_v3);
+ QUIC_RESTART_FLAG_COUNT(quic_enable_tls_resumption_v4);
return ssl_ticket_aead_success;
}
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index ac7b530..05b7d68 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -48,7 +48,7 @@
: server_compressed_certs_cache_(
QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
server_id_(kServerHostname, kServerPort, false) {
- SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+ SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
crypto_test_utils::ProofVerifierForTesting(),
