Google Git
Sign in
quiche/quiche/c1ef8d3749ba64d6cd26e9511ff093cf4c8be4fd^!/.
commit
c1ef8d3749ba64d6cd26e9511ff093cf4c8be4fd
[log]
author
dschinazi <dschinazi@google.com>
Mon Apr 05 11:14:58 2021 -0700
committer
Copybara-Service <copybara-worker@google.com>
Mon Apr 05 11:15:35 2021 -0700
tree
2b63c29c45c4ebba0c1bfad0a9618b435a072c64
parent
2dd24000b647d315b560320a680a8d8814e731f4 [diff]
Deprecate quic_stateless_reset_faster_random

This CL deprecates gfe2_reloadable_flag_quic_stateless_reset_faster_random.

PiperOrigin-RevId: 366834791
Change-Id: Id70d679c9dce72a0f8cd5ab41856ba92bc944d1f

diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index 9d55012..3bc9235 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h

@@ -58,7 +58,6 @@
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_server_reverse_validate_new_path3, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_single_ack_in_packet2, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_start_peer_migration_earlier, true)
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_stateless_reset_faster_random, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_testonly_default_false, false)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_testonly_default_true, true)
 QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_use_normalized_sni_for_cert_selectioon, true)

diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index 36d1cca..1200956 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc

@@ -1324,7 +1324,10 @@
                               kQuicMaxConnectionIdWithLengthPrefixLength);
     std::unique_ptr<char[]> buffer(new char[len]);
     QuicDataWriter writer(len, buffer.get());
-    // Append random bytes.
+    // Append random bytes. This randomness only exists to prevent middleboxes
+    // from comparing the entire packet to a known value. Therefore it has no
+    // cryptographic use, and does not need a secure cryptographic pseudo-random
+    // number generator. It's therefore safe to use WriteInsecureRandomBytes.
     if (!writer.WriteInsecureRandomBytes(QuicRandom::GetInstance(),
                                          len - sizeof(quic::QuicUint128))) {
       QUIC_BUG(362045737_2) << "Failed to append random bytes of length: "
@@ -1365,18 +1368,10 @@
   // Append random bytes. This randomness only exists to prevent middleboxes
   // from comparing the entire packet to a known value. Therefore it has no
   // cryptographic use, and does not need a secure cryptographic pseudo-random
-  // number generator. It's therefore safe to use WriteInsecureRandomBytes here.
-  if (GetQuicReloadableFlag(quic_stateless_reset_faster_random)) {
-    QUIC_RELOADABLE_FLAG_COUNT(quic_stateless_reset_faster_random);
-    if (!writer.WriteInsecureRandomBytes(
-            QuicRandom::GetInstance(), kMinRandomBytesLengthInStatelessReset)) {
-      return nullptr;
-    }
-  } else {
-    if (!writer.WriteRandomBytes(QuicRandom::GetInstance(),
-                                 kMinRandomBytesLengthInStatelessReset)) {
-      return nullptr;
-    }
+  // number generator. It's therefore safe to use WriteInsecureRandomBytes.
+  if (!writer.WriteInsecureRandomBytes(QuicRandom::GetInstance(),
+                                       kMinRandomBytesLengthInStatelessReset)) {
+    return nullptr;
   }
 
   // Append stateless reset token.