Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(300)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_client_config.cc

Issue 186313002: Make the VER tag required in QUIC CHLO and SHLO messages. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_client_config.h" 5 #include "net/quic/crypto/quic_crypto_client_config.h"
6 6
7 #include "base/stl_util.h" 7 #include "base/stl_util.h"
8 #include "net/quic/crypto/cert_compressor.h" 8 #include "net/quic/crypto/cert_compressor.h"
9 #include "net/quic/crypto/channel_id.h" 9 #include "net/quic/crypto/channel_id.h"
10 #include "net/quic/crypto/common_cert_set.h" 10 #include "net/quic/crypto/common_cert_set.h"
(...skipping 630 matching lines...) Expand 10 before | Expand all | Expand 10 after
641 string* error_details) { 641 string* error_details) {
642 DCHECK(error_details != NULL); 642 DCHECK(error_details != NULL);
643 643
644 if (server_hello.tag() != kSHLO) { 644 if (server_hello.tag() != kSHLO) {
645 *error_details = "Bad tag"; 645 *error_details = "Bad tag";
646 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE; 646 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE;
647 } 647 }
648 648
649 const QuicTag* supported_version_tags; 649 const QuicTag* supported_version_tags;
650 size_t num_supported_versions; 650 size_t num_supported_versions;
651 // TODO(rch): Once QUIC_VERSION_12 is removed, then make it a failure 651
652 // if the server does not have a version list.
653 if (server_hello.GetTaglist(kVER, &supported_version_tags, 652 if (server_hello.GetTaglist(kVER, &supported_version_tags,
654 &num_supported_versions) == QUIC_NO_ERROR) { 653 &num_supported_versions) != QUIC_NO_ERROR) {
655 if (!negotiated_versions.empty()) { 654 *error_details = "server hello missing version list";
656 bool mismatch = num_supported_versions != negotiated_versions.size(); 655 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
657 for (size_t i = 0; i < num_supported_versions && !mismatch; ++i) { 656 }
658 mismatch = QuicTagToQuicVersion(supported_version_tags[i]) != 657 if (!negotiated_versions.empty()) {
659 negotiated_versions[i]; 658 bool mismatch = num_supported_versions != negotiated_versions.size();
660 } 659 for (size_t i = 0; i < num_supported_versions && !mismatch; ++i) {
661 // The server sent a list of supported versions, and the connection 660 mismatch = QuicTagToQuicVersion(supported_version_tags[i]) !=
662 // reports that there was a version negotiation during the handshake. 661 negotiated_versions[i];
662 }
663 // The server sent a list of supported versions, and the connection
664 // reports that there was a version negotiation during the handshake.
663 // Ensure that these two lists are identical. 665 // Ensure that these two lists are identical.
664 if (mismatch) { 666 if (mismatch) {
665 *error_details = "Downgrade attack detected"; 667 *error_details = "Downgrade attack detected";
666 return QUIC_VERSION_NEGOTIATION_MISMATCH; 668 return QUIC_VERSION_NEGOTIATION_MISMATCH;
667 }
668 } 669 }
669 } 670 }
670 671
671 // Learn about updated source address tokens. 672 // Learn about updated source address tokens.
672 StringPiece token; 673 StringPiece token;
673 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { 674 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) {
674 cached->set_source_address_token(token); 675 cached->set_source_address_token(token);
675 } 676 }
676 677
677 // TODO(agl): 678 // TODO(agl):
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
729 CachedState* canonical_cached = 730 CachedState* canonical_cached =
730 canonical_crypto_config->LookupOrCreate(canonical_server_hostname); 731 canonical_crypto_config->LookupOrCreate(canonical_server_hostname);
731 if (!canonical_cached->proof_valid()) { 732 if (!canonical_cached->proof_valid()) {
732 return; 733 return;
733 } 734 }
734 CachedState* cached = LookupOrCreate(server_hostname); 735 CachedState* cached = LookupOrCreate(server_hostname);
735 cached->InitializeFrom(*canonical_cached); 736 cached->InitializeFrom(*canonical_cached);
736 } 737 }
737 738
738 } // namespace net 739 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698