Google Git
Sign in
quiche/quiche.git/f78146e029bf45facfbfdba66c3907c0bdf0441b^!/.
commit
f78146e029bf45facfbfdba66c3907c0bdf0441b
[log] [tgz]
author
wub <wub@google.com>
Wed Sep 08 08:18:50 2021 -0700
committer
Copybara-Service <copybara-worker@google.com>
Wed Sep 08 08:21:21 2021 -0700
tree
c19a4c7edfb89ffee4b19730e4bdb361fca4029d
parent
7711cc8c386157fe3f56f1d269c8c3327caf7ffd [diff]
Restore connection context in various callbacks in TlsServerHandshaker.

Protected by FLAGS_quic_reloadable_flag_quic_tls_restore_connection_context_in_callbacks.

PiperOrigin-RevId: 395476747

diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index 423401a..631c38f 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h

@@ -99,6 +99,8 @@
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_reset_per_packet_state_for_undecryptable_packets, true)
 // If true, respect FLAGS_quic_time_wait_list_max_pending_packets as the upper bound of queued packets in time wait list.
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_add_upperbound_for_queued_packets, true)
+// If true, restore connection context in various callbacks in TlsServerHandshaker.
+QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_restore_connection_context_in_callbacks, true)
 // If true, send PATH_RESPONSE upon receiving PATH_CHALLENGE regardless of perspective. --gfe2_reloadable_flag_quic_start_peer_migration_earlier has to be true before turn on this flag.
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_send_path_response2, true)
 // If true, set burst token to 2 in cwnd bootstrapping experiment.

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 8112b41..514c462 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -143,6 +143,21 @@
   handshaker_ = nullptr;
 
   handshaker->decrypted_session_ticket_ = std::move(plaintext);
+  const bool is_async =
+      (handshaker->expected_ssl_error() == SSL_ERROR_PENDING_TICKET);
+
+  absl::optional<QuicConnectionContextSwitcher> context_switcher;
+  if (handshaker->restore_connection_context_in_callbacks_) {
+    QUIC_RELOADABLE_FLAG_COUNT_N(
+        quic_tls_restore_connection_context_in_callbacks, 1, 3);
+    if (is_async) {
+      context_switcher.emplace(handshaker->connection_context());
+    }
+    QUIC_TRACESTRING(
+        absl::StrCat("TLS ticket decryption done. len(decrypted_ticket):",
+                     handshaker->decrypted_session_ticket_.size()));
+  }
+
   // DecryptCallback::Run could be called synchronously. When that happens, we
   // are currently in the middle of a call to AdvanceHandshake.
   // (AdvanceHandshake called SSL_do_handshake, which through some layers
@@ -154,7 +169,7 @@
   // is pending), TlsServerHandshaker is not actively processing handshake
   // messages. We need to have it resume processing handshake messages by
   // calling AdvanceHandshake.
-  if (handshaker->expected_ssl_error() == SSL_ERROR_PENDING_TICKET) {
+  if (is_async) {
     handshaker->AdvanceHandshakeFromCallback();
   }
 
@@ -668,6 +683,19 @@
   QUIC_DVLOG(1) << "OnComputeSignatureDone. ok:" << ok
                 << ", is_sync:" << is_sync
                 << ", len(signature):" << signature.size();
+  absl::optional<QuicConnectionContextSwitcher> context_switcher;
+  if (restore_connection_context_in_callbacks_) {
+    QUIC_RELOADABLE_FLAG_COUNT_N(
+        quic_tls_restore_connection_context_in_callbacks, 2, 3);
+
+    if (!is_sync) {
+      context_switcher.emplace(connection_context());
+    }
+
+    QUIC_TRACESTRING(absl::StrCat("TLS compute signature done. ok:", ok,
+                                  ", len(signature):", signature.size()));
+  }
+
   if (ok) {
     cert_verify_sig_ = std::move(signature);
     proof_source_details_ = std::move(details);
@@ -935,6 +963,20 @@
                 << ", len(handshake_hints):" << handshake_hints.size()
                 << ", len(ticket_encryption_key):"
                 << ticket_encryption_key.size();
+  absl::optional<QuicConnectionContextSwitcher> context_switcher;
+  if (restore_connection_context_in_callbacks_) {
+    QUIC_RELOADABLE_FLAG_COUNT_N(
+        quic_tls_restore_connection_context_in_callbacks, 3, 3);
+
+    if (!is_sync) {
+      context_switcher.emplace(connection_context());
+    }
+
+    QUIC_TRACESTRING(absl::StrCat(
+        "TLS select certificate done: ok:", ok,
+        ", len(handshake_hints):", handshake_hints.size(),
+        ", len(ticket_encryption_key):", ticket_encryption_key.size()));
+  }
   ticket_encryption_key_ = std::string(ticket_encryption_key);
   select_cert_status_ = QUIC_FAILURE;
   if (ok) {

diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 0f7289e..948a29a 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h

@@ -313,6 +313,11 @@
   }
   QuicTime now() const { return session()->GetClock()->Now(); }
 
+  QuicConnectionContext* connection_context() {
+    QUICHE_DCHECK(restore_connection_context_in_callbacks_);
+    return session()->connection()->context();
+  }
+
   std::unique_ptr<ProofSourceHandle> proof_source_handle_;
   ProofSource* proof_source_;
 
@@ -357,6 +362,8 @@
       crypto_negotiated_params_;
   TlsServerConnection tls_connection_;
   const QuicCryptoServerConfig* crypto_config_;  // Unowned.
+  const bool restore_connection_context_in_callbacks_ =
+      GetQuicReloadableFlag(quic_tls_restore_connection_context_in_callbacks);
 };
 
 }  // namespace quic