Land Recent QUIC changes.

net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc

Index: net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc
diff --git a/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc b/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc
index c32efcf6f52abadbefa80f49d599960c6982eaf7..79d0ec1a8a0b9b3dbc28e7b7ab97159d02bd2238 100644
--- a/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc
+++ b/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc
@@ -21,7 +21,7 @@ const size_t kAESNonceSize = 12;
 
 }  // namespace
 
-Aes128Gcm12Encrypter::Aes128Gcm12Encrypter() {}
+Aes128Gcm12Encrypter::Aes128Gcm12Encrypter() : last_seq_num_(0) {}
 
 Aes128Gcm12Encrypter::~Aes128Gcm12Encrypter() {}
 
@@ -118,6 +118,12 @@ QuicData* Aes128Gcm12Encrypter::EncryptPacket(
   size_t ciphertext_size = GetCiphertextSize(plaintext.length());
   scoped_ptr<char[]> ciphertext(new char[ciphertext_size]);
 
+  if (last_seq_num_ != 0 && sequence_number <= last_seq_num_) {
+    DLOG(FATAL) << "Sequence numbers regressed";
+    return NULL;
+  }
+  last_seq_num_ = sequence_number;
+
   uint8 nonce[kNoncePrefixSize + sizeof(sequence_number)];
   COMPILE_ASSERT(sizeof(nonce) == kAESNonceSize, bad_sequence_number_size);
   memcpy(nonce, nonce_prefix_, kNoncePrefixSize);