Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(772)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 186313002: Make the VER tag required in QUIC CHLO and SHLO messages. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after
477 477
478 const CryptoHandshakeMessage& client_hello = 478 const CryptoHandshakeMessage& client_hello =
479 validate_chlo_result.client_hello; 479 validate_chlo_result.client_hello;
480 const ClientHelloInfo& info = validate_chlo_result.info; 480 const ClientHelloInfo& info = validate_chlo_result.info;
481 481
482 // If the client's preferred version is not the version we are currently 482 // If the client's preferred version is not the version we are currently
483 // speaking, then the client went through a version negotiation. In this 483 // speaking, then the client went through a version negotiation. In this
484 // case, we need to make sure that we actually do not support this version 484 // case, we need to make sure that we actually do not support this version
485 // and that it wasn't a downgrade attack. 485 // and that it wasn't a downgrade attack.
486 QuicTag client_version_tag; 486 QuicTag client_version_tag;
487 // TODO(rch): Make this check mandatory when we remove QUIC_VERSION_12. 487 if (client_hello.GetUint32(kVER, &client_version_tag) != QUIC_NO_ERROR) {
488 if (client_hello.GetUint32(kVER, &client_version_tag) == QUIC_NO_ERROR) { 488 *error_details = "client hello missing version list";
489 QuicVersion client_version = QuicTagToQuicVersion(client_version_tag); 489 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
490 if (client_version != version) { 490 }
491 // Just because client_version is a valid version enum doesn't mean that 491 QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);
492 // this server actually supports that version, so we check to see if 492 if (client_version != version) {
493 // it's actually in the supported versions list. 493 // Just because client_version is a valid version enum doesn't mean that
494 for (size_t i = 0; i < supported_versions.size(); ++i) { 494 // this server actually supports that version, so we check to see if
495 if (client_version == supported_versions[i]) { 495 // it's actually in the supported versions list.
496 *error_details = "Downgrade attack detected"; 496 for (size_t i = 0; i < supported_versions.size(); ++i) {
497 return QUIC_VERSION_NEGOTIATION_MISMATCH; 497 if (client_version == supported_versions[i]) {
498 } 498 *error_details = "Downgrade attack detected";
499 return QUIC_VERSION_NEGOTIATION_MISMATCH;
499 } 500 }
500 } 501 }
501 } 502 }
502 503
503 StringPiece requested_scid; 504 StringPiece requested_scid;
504 client_hello.GetStringPiece(kSCID, &requested_scid); 505 client_hello.GetStringPiece(kSCID, &requested_scid);
505 const QuicWallTime now(clock->WallNow()); 506 const QuicWallTime now(clock->WallNow());
506 507
507 scoped_refptr<Config> requested_config; 508 scoped_refptr<Config> requested_config;
508 scoped_refptr<Config> primary_config; 509 scoped_refptr<Config> primary_config;
(...skipping 816 matching lines...) Expand 10 before | Expand all | Expand 10 after
1325 1326
1326 QuicCryptoServerConfig::Config::Config() 1327 QuicCryptoServerConfig::Config::Config()
1327 : channel_id_enabled(false), 1328 : channel_id_enabled(false),
1328 is_primary(false), 1329 is_primary(false),
1329 primary_time(QuicWallTime::Zero()), 1330 primary_time(QuicWallTime::Zero()),
1330 priority(0) {} 1331 priority(0) {}
1331 1332
1332 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1333 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1333 1334
1334 } // namespace net 1335 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698