Chromium Code Reviews Chromium Code Reviews
Issue 291093002:
Fail the SPDY transaction if it does not meet TLS base requirements. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ | 5 #ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ |
| 6 #define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ | 6 #define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ |
| 7 | 7 |
| 8 #include "base/logging.h" | |
| 9 #include "base/macros.h" | |
| 10 | |
| 8 namespace net { | 11 namespace net { |
| 9 | 12 |
| 10 // Status flags for SSLInfo::connection_status. | 13 // Status flags for SSLInfo::connection_status. |
| 11 enum { | 14 enum { |
| 12 // The lower 16 bits are reserved for the TLS ciphersuite id. | 15 // The lower 16 bits are reserved for the TLS ciphersuite id. |
| 13 SSL_CONNECTION_CIPHERSUITE_SHIFT = 0, | 16 SSL_CONNECTION_CIPHERSUITE_SHIFT = 0, |
| 14 SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff, | 17 SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff, |
| 15 | 18 |
| 16 // The next two bits are reserved for the compression used. | 19 // The next two bits are reserved for the compression used. |
| 17 SSL_CONNECTION_COMPRESSION_SHIFT = 16, | 20 SSL_CONNECTION_COMPRESSION_SHIFT = 16, |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 53 inline int SSLConnectionStatusToCipherSuite(int connection_status) { | 56 inline int SSLConnectionStatusToCipherSuite(int connection_status) { |
| 54 return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) & | 57 return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) & |
| 55 SSL_CONNECTION_CIPHERSUITE_MASK; | 58 SSL_CONNECTION_CIPHERSUITE_MASK; |
| 56 } | 59 } |
| 57 | 60 |
| 58 inline int SSLConnectionStatusToVersion(int connection_status) { | 61 inline int SSLConnectionStatusToVersion(int connection_status) { |
| 59 return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) & | 62 return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) & |
| 60 SSL_CONNECTION_VERSION_MASK; | 63 SSL_CONNECTION_VERSION_MASK; |
| 61 } | 64 } |
| 62 | 65 |
| 66 inline void SSLConnectionStatusSetCipherSuite(int cipher_suite, | |
| 67 int* connection_status) { | |
| 68 int tmp = *connection_status; | |
| 69 // Clear out the old ciphersuite. | |
| 70 tmp &= ~(SSL_CONNECTION_CIPHERSUITE_MASK << SSL_CONNECTION_CIPHERSUITE_SHIFT); | |
| 71 // Set the new ciphersuite. | |
| 72 tmp |= ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) | |
| 73 << SSL_CONNECTION_CIPHERSUITE_SHIFT); | |
| 74 | |
| 75 *connection_status = tmp; | |
| 76 } | |
| 77 | |
| 78 inline void SSLConnectionStatusSetVersion(int version, int* connection_status) { | |
| 79 DCHECK_GT(version, 0); | |
|
agl
2014/05/20 02:45:13
The minimum should be SSLv3 (and then be >=).
| |
| 80 DCHECK_LT(version, SSL_CONNECTION_VERSION_MAX); | |
| 81 | |
| 82 int tmp = *connection_status; | |
| 83 // Clear out the old version. | |
| 84 tmp &= ~(SSL_CONNECTION_VERSION_MASK << SSL_CONNECTION_VERSION_SHIFT); | |
| 85 // Set the new version. | |
| 86 tmp |= | |
| 87 ((version & SSL_CONNECTION_VERSION_MASK) << SSL_CONNECTION_VERSION_SHIFT); | |
| 88 | |
| 89 *connection_status = tmp; | |
| 90 } | |
| 91 | |
| 63 } // namespace net | 92 } // namespace net |
| 64 | 93 |
| 65 #endif // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ | 94 #endif // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_ |
| OLD | NEW |
