Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2227553003: Use the CHLO packet size, not message size when determining how large a REJ can be. Protected by --… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@129101660
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_client_stream.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/core/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
index bb1b809905a81d2e444da2d8bc0c8a496ee6adf0..b039f411bc42cce0cefca2514c417c3e6fd065a3 100644
--- a/net/quic/core/crypto/quic_crypto_server_config.cc
+++ b/net/quic/core/crypto/quic_crypto_server_config.cc
@@ -567,6 +567,8 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
QuicCompressedCertsCache* compressed_certs_cache,
QuicCryptoNegotiatedParameters* params,
QuicCryptoProof* crypto_proof,
+ QuicByteCount total_framing_overhead,
+ QuicByteCount chlo_packet_size,
CryptoHandshakeMessage* out,
DiversificationNonce* out_diversification_nonce,
string* error_details) const {
@@ -641,7 +643,8 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
BuildRejection(version, *primary_config, client_hello, info,
validate_chlo_result.cached_network_params,
use_stateless_rejects, server_designated_connection_id, rand,
- compressed_certs_cache, params, *crypto_proof, out);
+ compressed_certs_cache, params, *crypto_proof,
+ total_framing_overhead, chlo_packet_size, out);
return QUIC_NO_ERROR;
}
@@ -1442,6 +1445,8 @@ void QuicCryptoServerConfig::BuildRejection(
QuicCompressedCertsCache* compressed_certs_cache,
QuicCryptoNegotiatedParameters* params,
const QuicCryptoProof& crypto_proof,
+ QuicByteCount total_framing_overhead,
+ QuicByteCount chlo_packet_size,
CryptoHandshakeMessage* out) const {
if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) {
DVLOG(1) << "QUIC Crypto server config returning stateless reject "
@@ -1486,6 +1491,7 @@ void QuicCryptoServerConfig::BuildRejection(
params->client_common_set_hashes,
params->client_cached_cert_hashes, config.common_cert_sets);
+ DCHECK_GT(chlo_packet_size, client_hello.size());
// kREJOverheadBytes is a very rough estimate of how much of a REJ
// message is taken up by things other than the certificates.
// STK: 56 bytes
@@ -1497,8 +1503,14 @@ void QuicCryptoServerConfig::BuildRejection(
// max_unverified_size is the number of bytes that the certificate chain,
// signature, and (optionally) signed certificate timestamp can consume before
// we will demand a valid source-address token.
- const size_t max_unverified_size =
+ const size_t old_max_unverified_size =
client_hello.size() * chlo_multiplier_ - kREJOverheadBytes;
+ const size_t new_max_unverified_size =
+ chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) -
+ kREJOverheadBytes;
+ const size_t max_unverified_size = FLAGS_quic_use_chlo_packet_size
+ ? new_max_unverified_size
+ : old_max_unverified_size;
static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes,
"overhead calculation may underflow");
bool should_return_sct =
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_client_stream.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698