| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 1309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1320 client_hello_state, | 1320 client_hello_state, |
| 1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1324 ClientHelloInfo* info = &(client_hello_state->info); | 1324 ClientHelloInfo* info = &(client_hello_state->info); |
| 1325 | 1325 |
| 1326 if (get_proof_failed) { | 1326 if (get_proof_failed) { |
| 1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1328 } | 1328 } |
| 1329 | 1329 |
| 1330 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { | 1330 if (signed_config->chain != nullptr && |
| 1331 !ValidateExpectedLeafCertificate(client_hello, |
| 1332 signed_config->chain->certs)) { |
| 1331 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); | 1333 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); |
| 1332 } | 1334 } |
| 1333 | 1335 |
| 1334 if (info->client_nonce.size() != kNonceSize) { | 1336 if (info->client_nonce.size() != kNonceSize) { |
| 1335 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); | 1337 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); |
| 1336 // Invalid client nonce. | 1338 // Invalid client nonce. |
| 1337 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); | 1339 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); |
| 1338 DVLOG(1) << "Invalid client nonce."; | 1340 DVLOG(1) << "Invalid client nonce."; |
| 1339 } | 1341 } |
| 1340 | 1342 |
| (...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1979 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1981 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
| 1980 sizeof(server_nonce) - sizeof(timestamp)); | 1982 sizeof(server_nonce) - sizeof(timestamp)); |
| 1981 | 1983 |
| 1982 return server_nonce_boxer_.Box( | 1984 return server_nonce_boxer_.Box( |
| 1983 rand, | 1985 rand, |
| 1984 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1986 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
| 1985 } | 1987 } |
| 1986 | 1988 |
| 1987 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1989 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
| 1988 const CryptoHandshakeMessage& client_hello, | 1990 const CryptoHandshakeMessage& client_hello, |
| 1989 const QuicSignedServerConfig& signed_config) const { | 1991 const std::vector<string>& certs) const { |
| 1990 if (signed_config.chain->certs.empty()) { | 1992 if (certs.empty()) { |
| 1991 return false; | 1993 return false; |
| 1992 } | 1994 } |
| 1993 | 1995 |
| 1994 uint64_t hash_from_client; | 1996 uint64_t hash_from_client; |
| 1995 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1997 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
| 1996 return false; | 1998 return false; |
| 1997 } | 1999 } |
| 1998 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == | 2000 return CryptoUtils::ComputeLeafCertHash(certs.at(0)) == hash_from_client; |
| 1999 hash_from_client; | |
| 2000 } | 2001 } |
| 2001 | 2002 |
| 2002 bool QuicCryptoServerConfig::ClientDemandsX509Proof( | 2003 bool QuicCryptoServerConfig::ClientDemandsX509Proof( |
| 2003 const CryptoHandshakeMessage& client_hello) const { | 2004 const CryptoHandshakeMessage& client_hello) const { |
| 2004 const QuicTag* their_proof_demands; | 2005 const QuicTag* their_proof_demands; |
| 2005 size_t num_their_proof_demands; | 2006 size_t num_their_proof_demands; |
| 2006 | 2007 |
| 2007 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, | 2008 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, |
| 2008 &num_their_proof_demands) != QUIC_NO_ERROR) { | 2009 &num_their_proof_demands) != QUIC_NO_ERROR) { |
| 2009 return false; | 2010 return false; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 2025 expiry_time(QuicWallTime::Zero()), | 2026 expiry_time(QuicWallTime::Zero()), |
| 2026 priority(0), | 2027 priority(0), |
| 2027 source_address_token_boxer(nullptr) {} | 2028 source_address_token_boxer(nullptr) {} |
| 2028 | 2029 |
| 2029 QuicCryptoServerConfig::Config::~Config() {} | 2030 QuicCryptoServerConfig::Config::~Config() {} |
| 2030 | 2031 |
| 2031 QuicSignedServerConfig::QuicSignedServerConfig() {} | 2032 QuicSignedServerConfig::QuicSignedServerConfig() {} |
| 2032 QuicSignedServerConfig::~QuicSignedServerConfig() {} | 2033 QuicSignedServerConfig::~QuicSignedServerConfig() {} |
| 2033 | 2034 |
| 2034 } // namespace net | 2035 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2626443002:
Fix QUIC crash when ProofSource::GetProof fails (Closed)
