Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2285)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 2176323002: Deprecate FLAGS_quic_disable_pre_30. Remove QUIC versions [25-29]. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@127879468
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config_test.cc ('k') | net/quic/quic_connection.cc » ('j') | net/tools/quic/quic_dispatcher.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
index 97e798087d97bb9949f078174736378f8317668e..a26088d2d18160779d743dd2519518de4869a65d 100644
--- a/net/quic/crypto/quic_crypto_server_config.cc
+++ b/net/quic/crypto/quic_crypto_server_config.cc
@@ -625,12 +625,10 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
return QUIC_HANDSHAKE_FAILED;
}
- if (version > QUIC_VERSION_29) {
- StringPiece cert_sct;
- if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
- cert_sct.empty()) {
- params->sct_supported_by_client = true;
- }
+ StringPiece cert_sct;
+ if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
+ cert_sct.empty()) {
+ params->sct_supported_by_client = true;
}
if (!info.reject_reasons.empty() || !requested_config.get()) {
@@ -719,13 +717,11 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
client_hello_serialized.length());
hkdf_suffix.append(requested_config->serialized);
DCHECK(proof_source_.get());
- if (version > QUIC_VERSION_25) {
- if (crypto_proof->chain->certs.empty()) {
- *error_details = "Failed to get certs";
- return QUIC_CRYPTO_INTERNAL_ERROR;
- }
- hkdf_suffix.append(crypto_proof->chain->certs.at(0));
+ if (crypto_proof->chain->certs.empty()) {
+ *error_details = "Failed to get certs";
+ return QUIC_CRYPTO_INTERNAL_ERROR;
}
+ hkdf_suffix.append(crypto_proof->chain->certs.at(0));
StringPiece cetv_ciphertext;
if (requested_config->channel_id_enabled &&
@@ -834,10 +830,8 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
forward_secure_hkdf_input.append(hkdf_suffix);
string shlo_nonce;
- if (version > QUIC_VERSION_26) {
- shlo_nonce = NewServerNonce(rand, info.now);
- out->SetStringPiece(kServerNonceTag, shlo_nonce);
- }
+ shlo_nonce = NewServerNonce(rand, info.now);
+ out->SetStringPiece(kServerNonceTag, shlo_nonce);
if (!CryptoUtils::DeriveKeys(
params->forward_secure_premaster_secret, params->aead,
@@ -1113,42 +1107,40 @@ void QuicCryptoServerConfig::EvaluateClientHello(
}
bool get_proof_failed = false;
- if (version > QUIC_VERSION_25) {
- bool x509_supported = false;
- bool x509_ecdsa_supported = false;
- ParseProofDemand(client_hello, &x509_supported, &x509_ecdsa_supported);
- string serialized_config = primary_config->serialized;
- string chlo_hash;
- CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
- bool need_proof = true;
- if (FLAGS_quic_refresh_proof) {
- need_proof = !crypto_proof->chain;
- }
- if (FLAGS_enable_async_get_proof) {
- if (need_proof) {
- // Make an async call to GetProof and setup the callback to trampoline
- // back into EvaluateClientHelloAfterGetProof
- std::unique_ptr<EvaluateClientHelloCallback> cb(
- new EvaluateClientHelloCallback(
- *this, found_error, server_ip, version, primary_orbit,
- requested_config, primary_config, crypto_proof,
- client_hello_state, done_cb));
- proof_source_->GetProof(server_ip, info->sni.as_string(),
- serialized_config, version, chlo_hash,
- x509_ecdsa_supported, std::move(cb));
- helper.DetachCallback();
- return;
- }
+ bool x509_supported = false;
+ bool x509_ecdsa_supported = false;
+ ParseProofDemand(client_hello, &x509_supported, &x509_ecdsa_supported);
+ string serialized_config = primary_config->serialized;
+ string chlo_hash;
+ CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
+ bool need_proof = true;
+ if (FLAGS_quic_refresh_proof) {
+ need_proof = !crypto_proof->chain;
+ }
+ if (FLAGS_enable_async_get_proof) {
+ if (need_proof) {
+ // Make an async call to GetProof and setup the callback to trampoline
+ // back into EvaluateClientHelloAfterGetProof
+ std::unique_ptr<EvaluateClientHelloCallback> cb(
+ new EvaluateClientHelloCallback(
+ *this, found_error, server_ip, version, primary_orbit,
+ requested_config, primary_config, crypto_proof,
+ client_hello_state, done_cb));
+ proof_source_->GetProof(server_ip, info->sni.as_string(),
+ serialized_config, version, chlo_hash,
+ x509_ecdsa_supported, std::move(cb));
+ helper.DetachCallback();
+ return;
}
+ }
- // No need to get a new proof if one was already generated.
- if (need_proof &&
- !proof_source_->GetProof(
- server_ip, info->sni.as_string(), serialized_config, version,
- chlo_hash, x509_ecdsa_supported, &crypto_proof->chain,
- &crypto_proof->signature, &crypto_proof->cert_sct)) {
- get_proof_failed = true;
- }
+ // No need to get a new proof if one was already generated.
+ if (need_proof &&
+ !proof_source_->GetProof(
+ server_ip, info->sni.as_string(), serialized_config, version,
+ chlo_hash, x509_ecdsa_supported, &crypto_proof->chain,
+ &crypto_proof->signature, &crypto_proof->cert_sct)) {
+ get_proof_failed = true;
}
EvaluateClientHelloAfterGetProof(
@@ -1178,11 +1170,9 @@ void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof(
info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
}
- if (version > QUIC_VERSION_25) {
- if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
- found_error = true;
- info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
- }
+ if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
+ found_error = true;
+ info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
}
if (info->client_nonce.size() != kNonceSize) {
@@ -1308,8 +1298,7 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
out->SetStringPiece(kCertificateTag, compressed);
out->SetStringPiece(kPROF, signature);
- if (params.sct_supported_by_client && version > QUIC_VERSION_29 &&
- enable_serving_sct_) {
+ if (params.sct_supported_by_client && enable_serving_sct_) {
if (cert_sct.empty()) {
DLOG(WARNING) << "SCT is expected but it is empty.";
} else {
@@ -1416,8 +1405,7 @@ void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage(
message.SetStringPiece(kCertificateTag, compressed);
message.SetStringPiece(kPROF, signature);
- if (sct_supported_by_client && version > QUIC_VERSION_29 &&
- enable_serving_sct_) {
+ if (sct_supported_by_client && enable_serving_sct_) {
if (leaf_cert_sct.empty()) {
DLOG(WARNING) << "SCT is expected but it is empty.";
} else {
@@ -1502,8 +1490,8 @@ void QuicCryptoServerConfig::BuildRejection(
client_hello.size() * chlo_multiplier_ - kREJOverheadBytes;
static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes,
"overhead calculation may underflow");
- bool should_return_sct = params->sct_supported_by_client &&
- version > QUIC_VERSION_29 && enable_serving_sct_;
+ bool should_return_sct =
+ params->sct_supported_by_client && enable_serving_sct_;
const size_t sct_size = should_return_sct ? crypto_proof.cert_sct.size() : 0;
if (info.valid_source_address_token ||
crypto_proof.signature.size() + compressed.size() + sct_size <
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config_test.cc ('k') | net/quic/quic_connection.cc » ('j') | net/tools/quic/quic_dispatcher.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698