Expose OpenSSL's key_exchange_info in the content API

net/http/http_response_info.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_response_info.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/time/time.h"
 #include "net/base/auth.h"
@@ skipping 75 matching lines @@
   RESPONSE_INFO_HAS_CONNECTION_INFO = 1 << 18,
 
   // This bit is set if the request has http authentication.
   RESPONSE_INFO_USE_HTTP_AUTHENTICATION = 1 << 19,
 
   // This bit is set if ssl_info has SCTs.
   RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS = 1 << 20,
 
   RESPONSE_INFO_UNUSED_SINCE_PREFETCH = 1 << 21,
 
+  // This bit is set if the response has a key-exchange-info field at the end.
+  RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO = 1 << 22,
+
   // TODO(darin): Add other bits to indicate alternate request methods.
   // For now, we don't support storing those.
 };
 
 HttpResponseInfo::HttpResponseInfo()
     : was_cached(false),
       server_data_unavailable(false),
       network_accessed(false),
       was_fetched_via_spdy(false),
       was_npn_negotiated(false),
@@ skipping 98 matching lines @@
     if (!iter.ReadUInt32(&cert_status))
       return false;
     ssl_info.cert_status = cert_status;
   }
   if (flags & RESPONSE_INFO_HAS_SECURITY_BITS) {
     int security_bits;
     if (!iter.ReadInt(&security_bits))
       return false;
     ssl_info.security_bits = security_bits;
   }
+  if (flags & RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO) {
+    int key_exchange_info;
+    if (!iter.ReadInt(&key_exchange_info))
+      return false;
+    ssl_info.key_exchange_info = key_exchange_info;
+  }

[Ryan Sleevi, 2015/09/02 01:37:07]

BUG: This is a stable serialization format, as unfortunate as it may be :)

As a result, if an older version of Chrome (e.g. Stable) were to read a cache
entry from a newer version (e.g. Beta), because they shared the same profile
dir, then it wouldn't understand the RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO and
would totally explode.

[sigbjorn, 2015/09/02 13:42:14]

Moved last, this should hopefully work as the code doesn't seem to have any
checks that it reached the end of the Pickle. Please comment if not sufficient.

 
   if (flags & RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS) {
     int connection_status;
     if (!iter.ReadInt(&connection_status))
       return false;
     ssl_info.connection_status = connection_status;
   }
 
   if (flags & RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS) {
     int num_scts;
@@ skipping 66 matching lines @@
 
 void HttpResponseInfo::Persist(base::Pickle* pickle,
                                bool skip_transient_headers,
                                bool response_truncated) const {
   int flags = RESPONSE_INFO_VERSION;
   if (ssl_info.is_valid()) {
     flags |= RESPONSE_INFO_HAS_CERT;
     flags |= RESPONSE_INFO_HAS_CERT_STATUS;
     if (ssl_info.security_bits != -1)
       flags |= RESPONSE_INFO_HAS_SECURITY_BITS;
+    if (ssl_info.key_exchange_info != 0)
+      flags |= RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO;
     if (ssl_info.connection_status != 0)
       flags |= RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS;
   }
   if (vary_data.is_valid())
     flags |= RESPONSE_INFO_HAS_VARY_DATA;
   if (response_truncated)
     flags |= RESPONSE_INFO_TRUNCATED;
   if (was_fetched_via_spdy)
     flags |= RESPONSE_INFO_WAS_SPDY;
   if (was_npn_negotiated) {
@@ skipping 27 matching lines @@
                       HttpResponseHeaders::PERSIST_SANS_SECURITY_STATE;
   }
 
   headers->Persist(pickle, persist_options);
 
   if (ssl_info.is_valid()) {
     ssl_info.cert->Persist(pickle);
     pickle->WriteUInt32(ssl_info.cert_status);
     if (ssl_info.security_bits != -1)
       pickle->WriteInt(ssl_info.security_bits);
+    if (ssl_info.key_exchange_info != 0)
+      pickle->WriteInt(ssl_info.key_exchange_info);
     if (ssl_info.connection_status != 0)
       pickle->WriteInt(ssl_info.connection_status);
     if (!ssl_info.signed_certificate_timestamps.empty()) {
       pickle->WriteInt(ssl_info.signed_certificate_timestamps.size());
       for (SignedCertificateTimestampAndStatusList::const_iterator it =
            ssl_info.signed_certificate_timestamps.begin(); it !=
            ssl_info.signed_certificate_timestamps.end(); ++it) {
         it->sct->Persist(pickle);
         pickle->WriteUInt16(static_cast<uint16>(it->status));
       }
@@ skipping 63 matching lines @@
     case CONNECTION_INFO_QUIC1_SPDY3:
       return "quic/1+spdy/3";
     case NUM_OF_CONNECTION_INFOS:
       break;
   }
   NOTREACHED();
   return "";
 }
 
 }  // namespace net