commit a45ee8af4158539753b62f9a63c5bec894582e91
author fayang <fayang@google.com> Fri Mar 20 08:56:11 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Fri Mar 20 08:56:52 2020 -0700
tree 04c9f58c3e0110c15e5610f79cd114c3834a8d10
parent b885a12eaaed1dbea70542be9dfac3b7a47b4ff8

gfe-relnote: In QUIC, send H3 SETTINGs once 1-RTT write key is available (instead of both keys are available). Protected by gfe2_restart_flag_quic_send_settings_on_write_key_available.

PiperOrigin-RevId: 302036759
Change-Id: If883b658e4a394ed8e72f200f544809979ebabea

quic/core/tls_client_handshaker.cc

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 3782ab5..5148e71 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -286,6 +286,17 @@
   OnHandshakeConfirmed();
 }
 
+void TlsClientHandshaker::SetWriteSecret(
+    EncryptionLevel level,
+    const SSL_CIPHER* cipher,
+    const std::vector<uint8_t>& write_secret) {
+  if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) &&
+      level == ENCRYPTION_FORWARD_SECURE) {
+    encryption_established_ = true;
+  }
+  TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
+}
+
 void TlsClientHandshaker::OnHandshakeConfirmed() {
   DCHECK(one_rtt_keys_available_);
   if (handshake_confirmed_) {
@@ -352,6 +363,16 @@
 void TlsClientHandshaker::FinishHandshake() {
   QUIC_LOG(INFO) << "Client: handshake finished";
   state_ = STATE_HANDSHAKE_COMPLETE;
+  if (GetQuicRestartFlag(quic_send_settings_on_write_key_available)) {
+    // Fill crypto_negotiated_params_:
+    const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
+    if (cipher) {
+      crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+    }
+    crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
+    crypto_negotiated_params_->peer_signature_algorithm =
+        SSL_get_peer_signature_algorithm(ssl());
+  }
 
   std::string error_details;
   if (!ProcessTransportParameters(&error_details)) {
@@ -388,17 +409,21 @@
   QUIC_DLOG(INFO) << "Client: server selected ALPN: '" << received_alpn_string
                   << "'";
 
-  encryption_established_ = true;
+  if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) {
+    encryption_established_ = true;
+  }
   one_rtt_keys_available_ = true;
 
-  // Fill crypto_negotiated_params_:
-  const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
-  if (cipher) {
-    crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+  if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) {
+    // Fill crypto_negotiated_params_:
+    const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
+    if (cipher) {
+      crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+    }
+    crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
+    crypto_negotiated_params_->peer_signature_algorithm =
+        SSL_get_peer_signature_algorithm(ssl());
   }
-  crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
-  crypto_negotiated_params_->peer_signature_algorithm =
-      SSL_get_peer_signature_algorithm(ssl());
 
   handshaker_delegate()->OnOneRttKeysAvailable();
 }