commit 786a4abc079afc6e7080f9df6b365308597b5f0d
author nharper <nharper@google.com> Fri Jul 10 11:56:01 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Fri Jul 10 11:56:33 2020 -0700
tree 949eaeeca0a0a3efdb6f62712dabd5577fe8c4bf
parent 820312778359a1930a285ed31837f2b4d21fdbf2

Only set QUIC TLS 0-RTT client state if a 0-RTT handshake was attempted

Even if an SSL_SESSION is early data capable, it is still possible (for
various reasons) that BoringSSL will decide not to do a 0-RTT handshake.
TlsClientHandshaker should wait for a signal from BoringSSL that it is
attempting a 0-RTT handshake before it sets saved transport and application
state for early data.

Client-side only quic behavior change, not flag protected.

PiperOrigin-RevId: 320646436
Change-Id: Ib1cfe2640d3cd62e23344ede852b91756a44f687

quic/core/tls_client_handshaker.cc

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 7d000d9..76f9b82 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -68,7 +68,6 @@
       pre_shared_key_(crypto_config->pre_shared_key()),
       crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
       has_application_state_(has_application_state),
-      attempting_zero_rtt_(crypto_config->early_data_enabled_for_tls()),
       tls_connection_(crypto_config->ssl_ctx(), this) {}
 
 TlsClientHandshaker::~TlsClientHandshaker() {
@@ -116,18 +115,11 @@
   }
 
   // Set a session to resume, if there is one.
-  std::unique_ptr<QuicResumptionState> cached_state;
   if (session_cache_) {
-    cached_state = session_cache_->Lookup(server_id_, SSL_get_SSL_CTX(ssl()));
+    cached_state_ = session_cache_->Lookup(server_id_, SSL_get_SSL_CTX(ssl()));
   }
-  if (cached_state) {
-    SSL_set_session(ssl(), cached_state->tls_session.get());
-    if (attempting_zero_rtt_ &&
-        SSL_SESSION_early_data_capable(cached_state->tls_session.get())) {
-      if (!PrepareZeroRttConfig(cached_state.get())) {
-        return false;
-      }
-    }
+  if (cached_state_) {
+    SSL_set_session(ssl(), cached_state_->tls_session.get());
   }
 
   // Start the handshake.
@@ -467,8 +459,11 @@
     // 0-RTT-capable, which means that FinishHandshake will get called twice -
     // the first time after sending the ClientHello, and the second time after
     // the handshake is complete. If we're in the first time FinishHandshake is
-    // called, we can't do any end-of-handshake processing, so we return early
-    // from this function.
+    // called, we can't do any end-of-handshake processing.
+
+    // If we're attempting a 0-RTT handshake, then we need to let the transport
+    // and application know what state to apply to early data.
+    PrepareZeroRttConfig(cached_state_.get());
     return;
   }
   QUIC_LOG(INFO) << "Client: handshake finished";