Google Git
Sign in
quiche/quiche/f238f60d0d951c8dd670136f7388495391ebce6c^!/.
commit
f238f60d0d951c8dd670136f7388495391ebce6c
[log] [tgz]
author
nharper <nharper@google.com>
Tue Aug 04 18:49:13 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Tue Aug 04 18:49:44 2020 -0700
tree
a3c600ad5148994925c46c5adb550eb42268c9fb
parent
5b44b00c9fb9c2087baca0d2806f8e52150e80c0 [diff]
Use trampoline for TicketCrypterGoogle3::Decrypt

Fix QUIC session ticket decryption bug, protected by gfe2_restart_flag_quic_enable_tls_resumption_v4

PiperOrigin-RevId: 324935765
Change-Id: I93dff953fe71911909fe4b5df0a4564795985c05

diff --git a/quic/core/crypto/tls_server_connection.cc b/quic/core/crypto/tls_server_connection.cc
index 69c5a82..0e59997 100644
--- a/quic/core/crypto/tls_server_connection.cc
+++ b/quic/core/crypto/tls_server_connection.cc

@@ -24,7 +24,7 @@
   SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr);
   // We don't actually need the TicketCrypter here, but we need to know
   // whether it's set.
-  if (GetQuicRestartFlag(quic_enable_tls_resumption_v3) &&
+  if (GetQuicRestartFlag(quic_enable_tls_resumption_v4) &&
       proof_source->GetTicketCrypter()) {
     SSL_CTX_set_ticket_aead_method(ssl_ctx.get(),
                                    &TlsServerConnection::kSessionTicketMethod);

diff --git a/quic/core/http/end_to_end_test.cc b/quic/core/http/end_to_end_test.cc
index 5e50cc5..2f5e7b9 100644
--- a/quic/core/http/end_to_end_test.cc
+++ b/quic/core/http/end_to_end_test.cc

@@ -202,7 +202,7 @@
     SetQuicReloadableFlag(quic_fix_packet_number_length, true);
 
     SetQuicReloadableFlag(quic_support_handshake_done_in_t050, true);
-    SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+    SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
     SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
   }
 

diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc
index 15ac198..a6be1e6 100644
--- a/quic/core/http/quic_spdy_client_session_test.cc
+++ b/quic/core/http/quic_spdy_client_session_test.cc

@@ -96,7 +96,7 @@
             QuicUtils::GetInvalidStreamId(GetParam().transport_version)) {
     auto client_cache = std::make_unique<test::SimpleSessionCache>();
     client_session_cache_ = client_cache.get();
-    SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+    SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
     SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
     client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
         crypto_test_utils::ProofVerifierForTesting(), std::move(client_cache));

diff --git a/quic/core/quic_versions.cc b/quic/core/quic_versions.cc
index fbd6c0f..93b5748 100644
--- a/quic/core/quic_versions.cc
+++ b/quic/core/quic_versions.cc

@@ -683,7 +683,7 @@
 
 void QuicVersionInitializeSupportForIetfDraft() {
   // Enable necessary flags.
-  SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+  SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
   SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
 }
 

diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index adf06ad..e2988d9 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc

@@ -174,7 +174,7 @@
         server_id_(kServerHostname, kServerPort, false),
         server_compressed_certs_cache_(
             QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) {
-    SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+    SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
     SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
     crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
         std::make_unique<TestProofVerifier>(),

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 2c7c77e..ac3b056 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -502,7 +502,7 @@
   memcpy(out, decrypted_session_ticket_.data(),
          decrypted_session_ticket_.size());
   *out_len = decrypted_session_ticket_.size();
-  QUIC_RESTART_FLAG_COUNT(quic_enable_tls_resumption_v3);
+  QUIC_RESTART_FLAG_COUNT(quic_enable_tls_resumption_v4);
 
   return ssl_ticket_aead_success;
 }

diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index ac7b530..05b7d68 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc

@@ -48,7 +48,7 @@
       : server_compressed_certs_cache_(
             QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
         server_id_(kServerHostname, kServerPort, false) {
-    SetQuicRestartFlag(quic_enable_tls_resumption_v3, true);
+    SetQuicRestartFlag(quic_enable_tls_resumption_v4, true);
     SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true);
     client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>(
         crypto_test_utils::ProofVerifierForTesting(),