diff options
author | Cronet Mainline Eng <cronet-mainline-eng+copybara@google.com> | 2023-04-18 07:37:34 -0800 |
---|---|---|
committer | Patrick Rohr <prohr@google.com> | 2023-04-18 08:40:26 -0700 |
commit | eddec18c18cdbcbdbbe9bf3c0fa24cb7f8d768ae (patch) | |
tree | 2983326030c4b680835550dca47bc960e77c492f /net/socket | |
parent | 41cb724250484f326b0bbd5f8b955eb37b3b83c6 (diff) | |
download | cronet-eddec18c18cdbcbdbbe9bf3c0fa24cb7f8d768ae.tar.gz |
Import Cronet version 114.0.5715.0
Project import generated by Copybara.
FolderOrigin-RevId: /tmp/copybara-origin/src
Test: none
Change-Id: I15627f4badf0f6173d24f6c555169cc815a29fdd
Diffstat (limited to 'net/socket')
-rw-r--r-- | net/socket/ssl_client_socket_impl.cc | 28 | ||||
-rw-r--r-- | net/socket/udp_socket_posix.cc | 8 | ||||
-rw-r--r-- | net/socket/udp_socket_posix.h | 4 | ||||
-rw-r--r-- | net/socket/udp_socket_win.cc | 8 | ||||
-rw-r--r-- | net/socket/udp_socket_win.h | 6 |
5 files changed, 28 insertions, 26 deletions
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc index 4989bf000..0f1192063 100644 --- a/net/socket/ssl_client_socket_impl.cc +++ b/net/socket/ssl_client_socket_impl.cc @@ -238,18 +238,6 @@ RSAKeyUsage CheckRSAKeyUsage(const X509Certificate* cert, : RSAKeyUsage::kMissingDigitalSignature; } -// IsCECPQ2Host returns true if the given host is eligible for CECPQ2. This is -// used to implement a gradual rollout as the larger TLS messages may cause -// middlebox issues. -bool IsCECPQ2Host(const std::string& host) { - // Currently only eTLD+1s that start with "aa" are included, for example - // aardvark.com or aaron.com. - return registry_controlled_domains::GetDomainAndRegistry( - host, registry_controlled_domains::PrivateRegistryFilter:: - EXCLUDE_PRIVATE_REGISTRIES) - .find(features::kPostQuantumCECPQ2Prefix.Get()) == 0; -} - bool HostIsIPAddressNoBrackets(base::StringPiece host) { // Note this cannot directly call url::HostIsIPAddress, because that function // expects bracketed IPv6 literals. By the time hosts reach SSLClientSocket, @@ -758,20 +746,10 @@ int SSLClientSocketImpl::Init() { return ERR_UNEXPECTED; } - if (base::FeatureList::IsEnabled(features::kPostQuantumKyber)) { + if (context_->config().post_quantum_enabled && + base::FeatureList::IsEnabled(features::kPostQuantumKyber)) { static const int kCurves[] = {NID_X25519Kyber768, NID_X25519, - NID_P256Kyber768, NID_X9_62_prime256v1, - NID_secp384r1}; - if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { - return ERR_UNEXPECTED; - } - } else if (context_->config().cecpq2_enabled && - (base::FeatureList::IsEnabled(features::kPostQuantumCECPQ2) || - (!host_is_ip_address && - base::FeatureList::IsEnabled(features::kPostQuantumCECPQ2SomeDomains) && - IsCECPQ2Host(host_and_port_.host())))) { - static const int kCurves[] = {NID_CECPQ2, NID_X25519, NID_X9_62_prime256v1, - NID_secp384r1}; + NID_X9_62_prime256v1, NID_secp384r1}; if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { return ERR_UNEXPECTED; } diff --git a/net/socket/udp_socket_posix.cc b/net/socket/udp_socket_posix.cc index ebdb5129f..d7fe60ca6 100644 --- a/net/socket/udp_socket_posix.cc +++ b/net/socket/udp_socket_posix.cc @@ -1063,6 +1063,14 @@ int UDPSocketPosix::SetDiffServCodePoint(DiffServCodePoint dscp) { return OK; } +int UDPSocketPosix::SetIPv6Only(bool ipv6_only) { + DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); + if (is_connected()) { + return ERR_SOCKET_IS_CONNECTED; + } + return net::SetIPv6Only(socket_, ipv6_only); +} + void UDPSocketPosix::DetachFromThread() { DETACH_FROM_THREAD(thread_checker_); } diff --git a/net/socket/udp_socket_posix.h b/net/socket/udp_socket_posix.h index 59eb51499..ed9c7549c 100644 --- a/net/socket/udp_socket_posix.h +++ b/net/socket/udp_socket_posix.h @@ -251,6 +251,10 @@ class NET_EXPORT UDPSocketPosix { // Returns a net error code. int SetDiffServCodePoint(DiffServCodePoint dscp); + // Sets IPV6_V6ONLY on the socket. If this flag is true, the socket will be + // restricted to only IPv6; false allows both IPv4 and IPv6 traffic. + int SetIPv6Only(bool ipv6_only); + // Exposes the underlying socket descriptor for testing its state. Does not // release ownership of the descriptor. SocketDescriptor SocketDescriptorForTesting() const { return socket_; } diff --git a/net/socket/udp_socket_win.cc b/net/socket/udp_socket_win.cc index 3e52f8c30..dfc234f5d 100644 --- a/net/socket/udp_socket_win.cc +++ b/net/socket/udp_socket_win.cc @@ -1185,6 +1185,14 @@ int UDPSocketWin::SetDiffServCodePoint(DiffServCodePoint dscp) { return OK; } +int UDPSocketWin::SetIPv6Only(bool ipv6_only) { + DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); + if (is_connected()) { + return ERR_SOCKET_IS_CONNECTED; + } + return net::SetIPv6Only(socket_, ipv6_only); +} + void UDPSocketWin::DetachFromThread() { DETACH_FROM_THREAD(thread_checker_); } diff --git a/net/socket/udp_socket_win.h b/net/socket/udp_socket_win.h index 421de9df4..857613564 100644 --- a/net/socket/udp_socket_win.h +++ b/net/socket/udp_socket_win.h @@ -334,11 +334,15 @@ class NET_EXPORT UDPSocketWin : public base::win::ObjectWatcher::Delegate { int SetMulticastLoopbackMode(bool loopback); // Sets the differentiated services flags on outgoing packets. May not do - // anything on some platforms. A return value of ERR_INVALID_HANDLE indicates + // anything on some platforms. A return value of ERR_INVALID_HANDLE indicates // the value was not set but could succeed on a future call, because // initialization is in progress. int SetDiffServCodePoint(DiffServCodePoint dscp); + // Sets IPV6_V6ONLY on the socket. If this flag is true, the socket will be + // restricted to only IPv6; false allows both IPv4 and IPv6 traffic. + int SetIPv6Only(bool ipv6_only); + // Resets the thread to be used for thread-safety checks. void DetachFromThread(); |