| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/socket/ssl_client_socket_impl.h" |
| |
| #include <errno.h> |
| #include <openssl/bio.h> |
| #include <openssl/bytestring.h> |
| #include <openssl/err.h> |
| #include <openssl/evp.h> |
| #include <openssl/mem.h> |
| #include <openssl/ssl.h> |
| #include <string.h> |
| |
| #include <utility> |
| |
| #include "base/bind.h" |
| #include "base/callback_helpers.h" |
| #include "base/lazy_instance.h" |
| #include "base/macros.h" |
| #include "base/memory/singleton.h" |
| #include "base/metrics/field_trial.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "base/metrics/sparse_histogram.h" |
| #include "base/profiler/scoped_tracker.h" |
| #include "base/strings/string_number_conversions.h" |
| #include "base/strings/string_piece.h" |
| #include "base/synchronization/lock.h" |
| #include "base/threading/thread_local.h" |
| #include "base/trace_event/trace_event.h" |
| #include "base/values.h" |
| #include "crypto/auto_cbb.h" |
| #include "crypto/ec_private_key.h" |
| #include "crypto/openssl_util.h" |
| #include "crypto/scoped_openssl_types.h" |
| #include "net/base/ip_address.h" |
| #include "net/base/net_errors.h" |
| #include "net/cert/cert_verifier.h" |
| #include "net/cert/ct_ev_whitelist.h" |
| #include "net/cert/ct_policy_enforcer.h" |
| #include "net/cert/ct_policy_status.h" |
| #include "net/cert/ct_verifier.h" |
| #include "net/cert/x509_certificate_net_log_param.h" |
| #include "net/cert/x509_util_openssl.h" |
| #include "net/http/transport_security_state.h" |
| #include "net/ssl/scoped_openssl_types.h" |
| #include "net/ssl/ssl_cert_request_info.h" |
| #include "net/ssl/ssl_cipher_suite_names.h" |
| #include "net/ssl/ssl_client_session_cache.h" |
| #include "net/ssl/ssl_connection_status_flags.h" |
| #include "net/ssl/ssl_info.h" |
| #include "net/ssl/ssl_private_key.h" |
| #include "net/ssl/token_binding.h" |
| |
| #if !defined(OS_NACL) |
| #include "net/ssl/ssl_key_logger.h" |
| #endif |
| |
| #if defined(USE_NSS_CERTS) |
| #include "net/cert_net/nss_ocsp.h" |
| #endif |
| |
| namespace net { |
| |
| namespace { |
| |
| // This constant can be any non-negative/non-zero value (eg: it does not |
| // overlap with any value of the net::Error range, including net::OK). |
| const int kNoPendingResult = 1; |
| |
| // If a client doesn't have a list of protocols that it supports, but |
| // the server supports NPN, choosing "http/1.1" is the best answer. |
| const char kDefaultSupportedNPNProtocol[] = "http/1.1"; |
| |
| // Default size of the internal BoringSSL buffers. |
| const int kDefaultOpenSSLBufferSize = 17 * 1024; |
| |
| // TLS extension number use for Token Binding. |
| const unsigned int kTbExtNum = 24; |
| |
| // Token Binding ProtocolVersions supported. |
| const uint8_t kTbProtocolVersionMajor = 0; |
| const uint8_t kTbProtocolVersionMinor = 8; |
| const uint8_t kTbMinProtocolVersionMajor = 0; |
| const uint8_t kTbMinProtocolVersionMinor = 6; |
| |
| bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { |
| switch (EVP_MD_type(md)) { |
| case NID_md5_sha1: |
| *hash = SSLPrivateKey::Hash::MD5_SHA1; |
| return true; |
| case NID_sha1: |
| *hash = SSLPrivateKey::Hash::SHA1; |
| return true; |
| case NID_sha256: |
| *hash = SSLPrivateKey::Hash::SHA256; |
| return true; |
| case NID_sha384: |
| *hash = SSLPrivateKey::Hash::SHA384; |
| return true; |
| case NID_sha512: |
| *hash = SSLPrivateKey::Hash::SHA512; |
| return true; |
| default: |
| return false; |
| } |
| } |
| |
| std::unique_ptr<base::Value> NetLogPrivateKeyOperationCallback( |
| SSLPrivateKey::Type type, |
| SSLPrivateKey::Hash hash, |
| NetLogCaptureMode mode) { |
| std::string type_str; |
| switch (type) { |
| case SSLPrivateKey::Type::RSA: |
| type_str = "RSA"; |
| break; |
| case SSLPrivateKey::Type::ECDSA: |
| type_str = "ECDSA"; |
| break; |
| } |
| |
| std::string hash_str; |
| switch (hash) { |
| case SSLPrivateKey::Hash::MD5_SHA1: |
| hash_str = "MD5_SHA1"; |
| break; |
| case SSLPrivateKey::Hash::SHA1: |
| hash_str = "SHA1"; |
| break; |
| case SSLPrivateKey::Hash::SHA256: |
| hash_str = "SHA256"; |
| break; |
| case SSLPrivateKey::Hash::SHA384: |
| hash_str = "SHA384"; |
| break; |
| case SSLPrivateKey::Hash::SHA512: |
| hash_str = "SHA512"; |
| break; |
| } |
| |
| std::unique_ptr<base::DictionaryValue> value(new base::DictionaryValue); |
| value->SetString("type", type_str); |
| value->SetString("hash", hash_str); |
| return std::move(value); |
| } |
| |
| std::unique_ptr<base::Value> NetLogChannelIDLookupCallback( |
| ChannelIDService* channel_id_service, |
| NetLogCaptureMode capture_mode) { |
| ChannelIDStore* store = channel_id_service->GetChannelIDStore(); |
| std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
| dict->SetBoolean("ephemeral", store->IsEphemeral()); |
| dict->SetString("service", base::HexEncode(&channel_id_service, |
| sizeof(channel_id_service))); |
| dict->SetString("store", base::HexEncode(&store, sizeof(store))); |
| return std::move(dict); |
| } |
| |
| std::unique_ptr<base::Value> NetLogChannelIDLookupCompleteCallback( |
| crypto::ECPrivateKey* key, |
| int result, |
| NetLogCaptureMode capture_mode) { |
| std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
| dict->SetInteger("net_error", result); |
| std::string raw_key; |
| if (result == OK && key && key->ExportRawPublicKey(&raw_key)) { |
| std::string key_to_log = "redacted"; |
| if (capture_mode.include_cookies_and_credentials()) { |
| key_to_log = base::HexEncode(raw_key.data(), raw_key.length()); |
| } |
| dict->SetString("key", key_to_log); |
| } |
| return std::move(dict); |
| } |
| |
| std::unique_ptr<base::Value> NetLogSSLInfoCallback( |
| SSLClientSocketImpl* socket, |
| NetLogCaptureMode capture_mode) { |
| SSLInfo ssl_info; |
| if (!socket->GetSSLInfo(&ssl_info)) |
| return nullptr; |
| |
| std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
| const char* version_str; |
| SSLVersionToString(&version_str, |
| SSLConnectionStatusToVersion(ssl_info.connection_status)); |
| dict->SetString("version", version_str); |
| dict->SetBoolean("is_resumed", |
| ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME); |
| dict->SetInteger("cipher_suite", SSLConnectionStatusToCipherSuite( |
| ssl_info.connection_status)); |
| |
| dict->SetString("next_proto", SSLClientSocket::NextProtoToString( |
| socket->GetNegotiatedProtocol())); |
| |
| return std::move(dict); |
| } |
| |
| } // namespace |
| |
| class SSLClientSocketImpl::SSLContext { |
| public: |
| static SSLContext* GetInstance() { |
| return base::Singleton<SSLContext>::get(); |
| } |
| SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| SSLClientSessionCache* session_cache() { return &session_cache_; } |
| |
| SSLClientSocketImpl* GetClientSocketFromSSL(const SSL* ssl) { |
| DCHECK(ssl); |
| SSLClientSocketImpl* socket = static_cast<SSLClientSocketImpl*>( |
| SSL_get_ex_data(ssl, ssl_socket_data_index_)); |
| DCHECK(socket); |
| return socket; |
| } |
| |
| bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketImpl* socket) { |
| return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; |
| } |
| |
| #if !defined(OS_NACL) |
| void SetSSLKeyLogFile( |
| const base::FilePath& path, |
| const scoped_refptr<base::SequencedTaskRunner>& task_runner) { |
| DCHECK(!ssl_key_logger_); |
| ssl_key_logger_.reset(new SSLKeyLogger(path, task_runner)); |
| SSL_CTX_set_keylog_callback(ssl_ctx_.get(), KeyLogCallback); |
| } |
| #endif |
| |
| static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod; |
| |
| private: |
| friend struct base::DefaultSingletonTraits<SSLContext>; |
| |
| SSLContext() : session_cache_(SSLClientSessionCache::Config()) { |
| crypto::EnsureOpenSSLInit(); |
| ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); |
| DCHECK_NE(ssl_socket_data_index_, -1); |
| ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); |
| SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); |
| SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); |
| SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); |
| // This stops |SSL_shutdown| from generating the close_notify message, which |
| // is currently not sent on the network. |
| // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed. |
| SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1); |
| // Note that SSL_OP_DISABLE_NPN is used to disable NPN if |
| // ssl_config_.next_proto is empty. |
| SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, |
| NULL); |
| |
| // Disable the internal session cache. Session caching is handled |
| // externally (i.e. by SSLClientSessionCache). |
| SSL_CTX_set_session_cache_mode( |
| ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
| SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
| |
| if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, |
| &TokenBindingAddCallback, |
| &TokenBindingFreeCallback, nullptr, |
| &TokenBindingParseCallback, nullptr)) { |
| NOTREACHED(); |
| } |
| } |
| |
| static int TokenBindingAddCallback(SSL* ssl, |
| unsigned int extension_value, |
| const uint8_t** out, |
| size_t* out_len, |
| int* out_alert_value, |
| void* add_arg) { |
| DCHECK_EQ(extension_value, kTbExtNum); |
| SSLClientSocketImpl* socket = |
| SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL( |
| ssl); |
| return socket->TokenBindingAdd(out, out_len, out_alert_value); |
| } |
| |
| static void TokenBindingFreeCallback(SSL* ssl, |
| unsigned extension_value, |
| const uint8_t* out, |
| void* add_arg) { |
| DCHECK_EQ(extension_value, kTbExtNum); |
| OPENSSL_free(const_cast<unsigned char*>(out)); |
| } |
| |
| static int TokenBindingParseCallback(SSL* ssl, |
| unsigned int extension_value, |
| const uint8_t* contents, |
| size_t contents_len, |
| int* out_alert_value, |
| void* parse_arg) { |
| DCHECK_EQ(extension_value, kTbExtNum); |
| SSLClientSocketImpl* socket = |
| SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL( |
| ssl); |
| return socket->TokenBindingParse(contents, contents_len, out_alert_value); |
| } |
| |
| static int ClientCertRequestCallback(SSL* ssl, void* arg) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| DCHECK(socket); |
| return socket->ClientCertRequestCallback(ssl); |
| } |
| |
| static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) { |
| SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data( |
| store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| CHECK(socket); |
| |
| return socket->CertVerifyCallback(store_ctx); |
| } |
| |
| static int SelectNextProtoCallback(SSL* ssl, |
| unsigned char** out, |
| unsigned char* outlen, |
| const unsigned char* in, |
| unsigned int inlen, |
| void* arg) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->SelectNextProtoCallback(out, outlen, in, inlen); |
| } |
| |
| static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->NewSessionCallback(session); |
| } |
| |
| static int PrivateKeyTypeCallback(SSL* ssl) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->PrivateKeyTypeCallback(); |
| } |
| |
| static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->PrivateKeyMaxSignatureLenCallback(); |
| } |
| |
| static ssl_private_key_result_t PrivateKeySignDigestCallback( |
| SSL* ssl, |
| uint8_t* out, |
| size_t* out_len, |
| size_t max_out, |
| const EVP_MD* md, |
| const uint8_t* in, |
| size_t in_len) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->PrivateKeySignDigestCallback(out, out_len, max_out, md, in, |
| in_len); |
| } |
| |
| static ssl_private_key_result_t PrivateKeyCompleteCallback(SSL* ssl, |
| uint8_t* out, |
| size_t* out_len, |
| size_t max_out) { |
| SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| return socket->PrivateKeyCompleteCallback(out, out_len, max_out); |
| } |
| |
| #if !defined(OS_NACL) |
| static void KeyLogCallback(const SSL* ssl, const char* line) { |
| GetInstance()->ssl_key_logger_->WriteLine(line); |
| } |
| #endif |
| |
| // This is the index used with SSL_get_ex_data to retrieve the owner |
| // SSLClientSocketImpl object from an SSL instance. |
| int ssl_socket_data_index_; |
| |
| ScopedSSL_CTX ssl_ctx_; |
| |
| #if !defined(OS_NACL) |
| std::unique_ptr<SSLKeyLogger> ssl_key_logger_; |
| #endif |
| |
| // TODO(davidben): Use a separate cache per URLRequestContext. |
| // https://crbug.com/458365 |
| // |
| // TODO(davidben): Sessions should be invalidated on fatal |
| // alerts. https://crbug.com/466352 |
| SSLClientSessionCache session_cache_; |
| }; |
| |
| // TODO(davidben): Switch from sign_digest to sign. |
| const SSL_PRIVATE_KEY_METHOD |
| SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = { |
| &SSLClientSocketImpl::SSLContext::PrivateKeyTypeCallback, |
| &SSLClientSocketImpl::SSLContext::PrivateKeyMaxSignatureLenCallback, |
| nullptr /* sign */, |
| &SSLClientSocketImpl::SSLContext::PrivateKeySignDigestCallback, |
| nullptr /* decrypt */, |
| &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback, |
| }; |
| |
| // PeerCertificateChain is a helper object which extracts the certificate |
| // chain, as given by the server, from an OpenSSL socket and performs the needed |
| // resource management. The first element of the chain is the leaf certificate |
| // and the other elements are in the order given by the server. |
| class SSLClientSocketImpl::PeerCertificateChain { |
| public: |
| explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); } |
| PeerCertificateChain(const PeerCertificateChain& other) { *this = other; } |
| ~PeerCertificateChain() {} |
| PeerCertificateChain& operator=(const PeerCertificateChain& other); |
| |
| // Resets the PeerCertificateChain to the set of certificates in|chain|, |
| // which may be NULL, indicating to empty the store certificates. |
| // Note: If an error occurs, such as being unable to parse the certificates, |
| // this will behave as if Reset(NULL) was called. |
| void Reset(STACK_OF(X509) * chain); |
| |
| // Note that when USE_OPENSSL_CERTS is defined, OSCertHandle is X509* |
| scoped_refptr<X509Certificate> AsOSChain() const; |
| |
| size_t size() const { |
| if (!openssl_chain_.get()) |
| return 0; |
| return sk_X509_num(openssl_chain_.get()); |
| } |
| |
| bool empty() const { return size() == 0; } |
| |
| X509* Get(size_t index) const { |
| DCHECK_LT(index, size()); |
| return sk_X509_value(openssl_chain_.get(), index); |
| } |
| |
| private: |
| ScopedX509Stack openssl_chain_; |
| }; |
| |
| SSLClientSocketImpl::PeerCertificateChain& |
| SSLClientSocketImpl::PeerCertificateChain::operator=( |
| const PeerCertificateChain& other) { |
| if (this == &other) |
| return *this; |
| |
| openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get())); |
| return *this; |
| } |
| |
| void SSLClientSocketImpl::PeerCertificateChain::Reset(STACK_OF(X509) * chain) { |
| openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL); |
| } |
| |
| scoped_refptr<X509Certificate> |
| SSLClientSocketImpl::PeerCertificateChain::AsOSChain() const { |
| #if defined(USE_OPENSSL_CERTS) |
| // When OSCertHandle is typedef'ed to X509, this implementation does a short |
| // cut to avoid converting back and forth between DER and the X509 struct. |
| X509Certificate::OSCertHandles intermediates; |
| for (size_t i = 1; i < sk_X509_num(openssl_chain_.get()); ++i) { |
| intermediates.push_back(sk_X509_value(openssl_chain_.get(), i)); |
| } |
| |
| return X509Certificate::CreateFromHandle( |
| sk_X509_value(openssl_chain_.get(), 0), intermediates); |
| #else |
| // DER-encode the chain and convert to a platform certificate handle. |
| std::vector<base::StringPiece> der_chain; |
| for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) { |
| X509* x = sk_X509_value(openssl_chain_.get(), i); |
| base::StringPiece der; |
| if (!x509_util::GetDER(x, &der)) |
| return NULL; |
| der_chain.push_back(der); |
| } |
| |
| return X509Certificate::CreateFromDERCertChain(der_chain); |
| #endif |
| } |
| |
| // static |
| void SSLClientSocket::ClearSessionCache() { |
| SSLClientSocketImpl::SSLContext* context = |
| SSLClientSocketImpl::SSLContext::GetInstance(); |
| context->session_cache()->Flush(); |
| } |
| |
| SSLClientSocketImpl::SSLClientSocketImpl( |
| std::unique_ptr<ClientSocketHandle> transport_socket, |
| const HostPortPair& host_and_port, |
| const SSLConfig& ssl_config, |
| const SSLClientSocketContext& context) |
| : transport_send_busy_(false), |
| transport_recv_busy_(false), |
| pending_read_error_(kNoPendingResult), |
| pending_read_ssl_error_(SSL_ERROR_NONE), |
| transport_read_error_(OK), |
| transport_write_error_(OK), |
| server_cert_chain_(new PeerCertificateChain(NULL)), |
| completed_connect_(false), |
| was_ever_used_(false), |
| cert_verifier_(context.cert_verifier), |
| cert_transparency_verifier_(context.cert_transparency_verifier), |
| channel_id_service_(context.channel_id_service), |
| tb_was_negotiated_(false), |
| tb_negotiated_param_(TB_PARAM_ECDSAP256), |
| tb_signed_ekm_map_(10), |
| ssl_(NULL), |
| transport_bio_(NULL), |
| transport_(std::move(transport_socket)), |
| host_and_port_(host_and_port), |
| ssl_config_(ssl_config), |
| ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| next_handshake_state_(STATE_NONE), |
| disconnected_(false), |
| npn_status_(kNextProtoUnsupported), |
| negotiated_protocol_(kProtoUnknown), |
| negotiation_extension_(kExtensionUnknown), |
| channel_id_sent_(false), |
| certificate_verified_(false), |
| signature_result_(kNoPendingResult), |
| transport_security_state_(context.transport_security_state), |
| policy_enforcer_(context.ct_policy_enforcer), |
| pkp_bypassed_(false), |
| net_log_(transport_->socket()->NetLog()), |
| weak_factory_(this) { |
| CHECK(cert_verifier_); |
| CHECK(transport_security_state_); |
| CHECK(cert_transparency_verifier_); |
| CHECK(policy_enforcer_); |
| } |
| |
| SSLClientSocketImpl::~SSLClientSocketImpl() { |
| Disconnect(); |
| } |
| |
| #if !defined(OS_NACL) |
| void SSLClientSocketImpl::SetSSLKeyLogFile( |
| const base::FilePath& ssl_keylog_file, |
| const scoped_refptr<base::SequencedTaskRunner>& task_runner) { |
| SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner); |
| } |
| #endif |
| |
| void SSLClientSocketImpl::GetSSLCertRequestInfo( |
| SSLCertRequestInfo* cert_request_info) { |
| cert_request_info->host_and_port = host_and_port_; |
| cert_request_info->cert_authorities = cert_authorities_; |
| cert_request_info->cert_key_types = cert_key_types_; |
| } |
| |
| ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const { |
| return channel_id_service_; |
| } |
| |
| Error SSLClientSocketImpl::GetSignedEKMForTokenBinding( |
| crypto::ECPrivateKey* key, |
| std::vector<uint8_t>* out) { |
| // The same key will be used across multiple requests to sign the same value, |
| // so the signature is cached. |
| std::string raw_public_key; |
| if (!key->ExportRawPublicKey(&raw_public_key)) |
| return ERR_FAILED; |
| SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key); |
| if (it != tb_signed_ekm_map_.end()) { |
| *out = it->second; |
| return OK; |
| } |
| |
| uint8_t tb_ekm_buf[32]; |
| static const char kTokenBindingExporterLabel[] = "EXPORTER-Token-Binding"; |
| if (!SSL_export_keying_material(ssl_, tb_ekm_buf, sizeof(tb_ekm_buf), |
| kTokenBindingExporterLabel, |
| strlen(kTokenBindingExporterLabel), nullptr, |
| 0, false /* no context */)) { |
| return ERR_FAILED; |
| } |
| |
| if (!SignTokenBindingEkm( |
| base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf), |
| sizeof(tb_ekm_buf)), |
| key, out)) |
| return ERR_FAILED; |
| |
| tb_signed_ekm_map_.Put(raw_public_key, *out); |
| return OK; |
| } |
| |
| crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const { |
| return channel_id_key_.get(); |
| } |
| |
| int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, |
| bool has_context, |
| const base::StringPiece& context, |
| unsigned char* out, |
| unsigned int outlen) { |
| if (!IsConnected()) |
| return ERR_SOCKET_NOT_CONNECTED; |
| |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| |
| int rv = SSL_export_keying_material( |
| ssl_, out, outlen, label.data(), label.size(), |
| reinterpret_cast<const unsigned char*>(context.data()), context.length(), |
| has_context ? 1 : 0); |
| |
| if (rv != 1) { |
| int ssl_error = SSL_get_error(ssl_, rv); |
| LOG(ERROR) << "Failed to export keying material;" |
| << " returned " << rv << ", SSL error code " << ssl_error; |
| return MapOpenSSLError(ssl_error, err_tracer); |
| } |
| return OK; |
| } |
| |
| int SSLClientSocketImpl::Connect(const CompletionCallback& callback) { |
| // Although StreamSocket does allow calling Connect() after Disconnect(), |
| // this has never worked for layered sockets. CHECK to detect any consumers |
| // reconnecting an SSL socket. |
| // |
| // TODO(davidben,mmenke): Remove this API feature. See |
| // https://crbug.com/499289. |
| CHECK(!disconnected_); |
| |
| net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); |
| |
| // Set up new ssl object. |
| int rv = Init(); |
| if (rv != OK) { |
| LogConnectEndEvent(rv); |
| return rv; |
| } |
| |
| // Set SSL to client mode. Handshake happens in the loop below. |
| SSL_set_connect_state(ssl_); |
| |
| next_handshake_state_ = STATE_HANDSHAKE; |
| rv = DoHandshakeLoop(OK); |
| if (rv == ERR_IO_PENDING) { |
| user_connect_callback_ = callback; |
| } else { |
| LogConnectEndEvent(rv); |
| } |
| |
| return rv > OK ? OK : rv; |
| } |
| |
| void SSLClientSocketImpl::Disconnect() { |
| crypto::OpenSSLErrStackTracer tracer(FROM_HERE); |
| |
| if (ssl_) { |
| // Calling SSL_shutdown prevents the session from being marked as |
| // unresumable. |
| SSL_shutdown(ssl_); |
| SSL_free(ssl_); |
| ssl_ = NULL; |
| } |
| if (transport_bio_) { |
| BIO_free_all(transport_bio_); |
| transport_bio_ = NULL; |
| } |
| |
| disconnected_ = true; |
| |
| // Shut down anything that may call us back. |
| cert_verifier_request_.reset(); |
| transport_->socket()->Disconnect(); |
| |
| // Null all callbacks, delete all buffers. |
| transport_send_busy_ = false; |
| send_buffer_ = NULL; |
| transport_recv_busy_ = false; |
| recv_buffer_ = NULL; |
| |
| user_connect_callback_.Reset(); |
| user_read_callback_.Reset(); |
| user_write_callback_.Reset(); |
| user_read_buf_ = NULL; |
| user_read_buf_len_ = 0; |
| user_write_buf_ = NULL; |
| user_write_buf_len_ = 0; |
| |
| pending_read_error_ = kNoPendingResult; |
| pending_read_ssl_error_ = SSL_ERROR_NONE; |
| pending_read_error_info_ = OpenSSLErrorInfo(); |
| |
| transport_read_error_ = OK; |
| transport_write_error_ = OK; |
| |
| server_cert_verify_result_.Reset(); |
| completed_connect_ = false; |
| |
| cert_authorities_.clear(); |
| cert_key_types_.clear(); |
| |
| start_cert_verification_time_ = base::TimeTicks(); |
| |
| npn_status_ = kNextProtoUnsupported; |
| negotiated_protocol_ = kProtoUnknown; |
| |
| channel_id_sent_ = false; |
| tb_was_negotiated_ = false; |
| pending_session_ = nullptr; |
| certificate_verified_ = false; |
| channel_id_request_.Cancel(); |
| |
| signature_result_ = kNoPendingResult; |
| signature_.clear(); |
| } |
| |
| bool SSLClientSocketImpl::IsConnected() const { |
| // If the handshake has not yet completed. |
| if (!completed_connect_) |
| return false; |
| // If an asynchronous operation is still pending. |
| if (user_read_buf_.get() || user_write_buf_.get()) |
| return true; |
| |
| return transport_->socket()->IsConnected(); |
| } |
| |
| bool SSLClientSocketImpl::IsConnectedAndIdle() const { |
| // If the handshake has not yet completed. |
| if (!completed_connect_) |
| return false; |
| // If an asynchronous operation is still pending. |
| if (user_read_buf_.get() || user_write_buf_.get()) |
| return false; |
| |
| // If there is data read from the network that has not yet been consumed, do |
| // not treat the connection as idle. |
| // |
| // Note that this does not check |BIO_pending|, whether there is ciphertext |
| // that has not yet been flushed to the network. |Write| returns early, so |
| // this can cause race conditions which cause a socket to not be treated |
| // reusable when it should be. See https://crbug.com/466147. |
| if (BIO_wpending(transport_bio_) > 0) |
| return false; |
| |
| return transport_->socket()->IsConnectedAndIdle(); |
| } |
| |
| int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const { |
| return transport_->socket()->GetPeerAddress(addressList); |
| } |
| |
| int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const { |
| return transport_->socket()->GetLocalAddress(addressList); |
| } |
| |
| const BoundNetLog& SSLClientSocketImpl::NetLog() const { |
| return net_log_; |
| } |
| |
| void SSLClientSocketImpl::SetSubresourceSpeculation() { |
| if (transport_.get() && transport_->socket()) { |
| transport_->socket()->SetSubresourceSpeculation(); |
| } else { |
| NOTREACHED(); |
| } |
| } |
| |
| void SSLClientSocketImpl::SetOmniboxSpeculation() { |
| if (transport_.get() && transport_->socket()) { |
| transport_->socket()->SetOmniboxSpeculation(); |
| } else { |
| NOTREACHED(); |
| } |
| } |
| |
| bool SSLClientSocketImpl::WasEverUsed() const { |
| return was_ever_used_; |
| } |
| |
| bool SSLClientSocketImpl::WasNpnNegotiated() const { |
| return negotiated_protocol_ != kProtoUnknown; |
| } |
| |
| NextProto SSLClientSocketImpl::GetNegotiatedProtocol() const { |
| return negotiated_protocol_; |
| } |
| |
| bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
| ssl_info->Reset(); |
| if (server_cert_chain_->empty()) |
| return false; |
| |
| ssl_info->cert = server_cert_verify_result_.verified_cert; |
| ssl_info->unverified_cert = server_cert_; |
| ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| ssl_info->is_issued_by_known_root = |
| server_cert_verify_result_.is_issued_by_known_root; |
| ssl_info->pkp_bypassed = pkp_bypassed_; |
| ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
| ssl_info->client_cert_sent = |
| ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| ssl_info->channel_id_sent = channel_id_sent_; |
| ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| ssl_info->token_binding_key_param = tb_negotiated_param_; |
| ssl_info->pinning_failure_log = pinning_failure_log_; |
| ssl_info->ocsp_result = server_cert_verify_result_.ocsp_result; |
| |
| AddCTInfoToSSLInfo(ssl_info); |
| |
| const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| CHECK(cipher); |
| ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| if (SSL_CIPHER_is_ECDHE(cipher)) { |
| ssl_info->key_exchange_info = SSL_get_curve_id(ssl_); |
| } else if (SSL_CIPHER_is_DHE(cipher)) { |
| ssl_info->key_exchange_info = SSL_get_dhe_group_size(ssl_); |
| } |
| |
| SSLConnectionStatusSetCipherSuite( |
| static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), |
| &ssl_info->connection_status); |
| SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_), |
| &ssl_info->connection_status); |
| |
| if (!SSL_get_secure_renegotiation_support(ssl_)) |
| ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; |
| |
| if (ssl_config_.version_fallback) |
| ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK; |
| |
| ssl_info->handshake_type = SSL_session_reused(ssl_) |
| ? SSLInfo::HANDSHAKE_RESUME |
| : SSLInfo::HANDSHAKE_FULL; |
| |
| return true; |
| } |
| |
| void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { |
| out->clear(); |
| } |
| |
| int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { |
| return transport_->socket()->GetTotalReceivedBytes(); |
| } |
| |
| int SSLClientSocketImpl::Read(IOBuffer* buf, |
| int buf_len, |
| const CompletionCallback& callback) { |
| user_read_buf_ = buf; |
| user_read_buf_len_ = buf_len; |
| |
| int rv = DoReadLoop(); |
| |
| if (rv == ERR_IO_PENDING) { |
| user_read_callback_ = callback; |
| } else { |
| if (rv > 0) |
| was_ever_used_ = true; |
| user_read_buf_ = NULL; |
| user_read_buf_len_ = 0; |
| } |
| |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::Write(IOBuffer* buf, |
| int buf_len, |
| const CompletionCallback& callback) { |
| user_write_buf_ = buf; |
| user_write_buf_len_ = buf_len; |
| |
| int rv = DoWriteLoop(); |
| |
| if (rv == ERR_IO_PENDING) { |
| user_write_callback_ = callback; |
| } else { |
| if (rv > 0) |
| was_ever_used_ = true; |
| user_write_buf_ = NULL; |
| user_write_buf_len_ = 0; |
| } |
| |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::SetReceiveBufferSize(int32_t size) { |
| return transport_->socket()->SetReceiveBufferSize(size); |
| } |
| |
| int SSLClientSocketImpl::SetSendBufferSize(int32_t size) { |
| return transport_->socket()->SetSendBufferSize(size); |
| } |
| |
| int SSLClientSocketImpl::Init() { |
| DCHECK(!ssl_); |
| DCHECK(!transport_bio_); |
| |
| #if defined(USE_NSS_CERTS) |
| if (ssl_config_.cert_io_enabled) { |
| // TODO(davidben): Move this out of SSLClientSocket. See |
| // https://crbug.com/539520. |
| EnsureNSSHttpIOInit(); |
| } |
| #endif |
| |
| SSLContext* context = SSLContext::GetInstance(); |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| |
| ssl_ = SSL_new(context->ssl_ctx()); |
| if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this)) |
| return ERR_UNEXPECTED; |
| |
| // SNI should only contain valid DNS hostnames, not IP addresses (see RFC |
| // 6066, Section 3). |
| // |
| // TODO(rsleevi): Should this code allow hostnames that violate the LDH rule? |
| // See https://crbug.com/496472 and https://crbug.com/496468 for discussion. |
| IPAddress unused; |
| if (!unused.AssignFromIPLiteral(host_and_port_.host()) && |
| !SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str())) { |
| return ERR_UNEXPECTED; |
| } |
| |
| ScopedSSL_SESSION session = |
| context->session_cache()->Lookup(GetSessionCacheKey()); |
| if (session) |
| SSL_set_session(ssl_, session.get()); |
| |
| // Get read and write buffer sizes from field trials, if possible. If values |
| // not present, use default. Also make sure values are in reasonable range. |
| int send_buffer_size = kDefaultOpenSSLBufferSize; |
| #if !defined(OS_NACL) |
| int override_send_buffer_size; |
| if (base::StringToInt(base::FieldTrialList::FindFullName("SSLBufferSizeSend"), |
| &override_send_buffer_size)) { |
| send_buffer_size = override_send_buffer_size; |
| send_buffer_size = std::max(send_buffer_size, 1000); |
| send_buffer_size = |
| std::min(send_buffer_size, 2 * kDefaultOpenSSLBufferSize); |
| } |
| #endif // !defined(OS_NACL) |
| send_buffer_ = new GrowableIOBuffer(); |
| send_buffer_->SetCapacity(send_buffer_size); |
| |
| int recv_buffer_size = kDefaultOpenSSLBufferSize; |
| #if !defined(OS_NACL) |
| int override_recv_buffer_size; |
| if (base::StringToInt(base::FieldTrialList::FindFullName("SSLBufferSizeRecv"), |
| &override_recv_buffer_size)) { |
| recv_buffer_size = override_recv_buffer_size; |
| recv_buffer_size = std::max(recv_buffer_size, 1000); |
| recv_buffer_size = |
| std::min(recv_buffer_size, 2 * kDefaultOpenSSLBufferSize); |
| } |
| #endif // !defined(OS_NACL) |
| recv_buffer_ = new GrowableIOBuffer(); |
| recv_buffer_->SetCapacity(recv_buffer_size); |
| |
| BIO* ssl_bio = NULL; |
| |
| // SSLClientSocketImpl retains ownership of the BIO buffers. |
| if (!BIO_new_bio_pair_external_buf( |
| &ssl_bio, send_buffer_->capacity(), |
| reinterpret_cast<uint8_t*>(send_buffer_->data()), &transport_bio_, |
| recv_buffer_->capacity(), |
| reinterpret_cast<uint8_t*>(recv_buffer_->data()))) |
| return ERR_UNEXPECTED; |
| DCHECK(ssl_bio); |
| DCHECK(transport_bio_); |
| |
| // Install a callback on OpenSSL's end to plumb transport errors through. |
| BIO_set_callback(ssl_bio, &SSLClientSocketImpl::BIOCallback); |
| BIO_set_callback_arg(ssl_bio, reinterpret_cast<char*>(this)); |
| |
| SSL_set_bio(ssl_, ssl_bio, ssl_bio); |
| |
| DCHECK_LT(SSL3_VERSION, ssl_config_.version_min); |
| DCHECK_LT(SSL3_VERSION, ssl_config_.version_max); |
| SSL_set_min_version(ssl_, ssl_config_.version_min); |
| SSL_set_max_version(ssl_, ssl_config_.version_max); |
| |
| // OpenSSL defaults some options to on, others to off. To avoid ambiguity, |
| // set everything we care about to an absolute value. |
| SslSetClearMask options; |
| options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true); |
| |
| // TODO(joth): Set this conditionally, see http://crbug.com/55410 |
| options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true); |
| |
| SSL_set_options(ssl_, options.set_mask); |
| SSL_clear_options(ssl_, options.clear_mask); |
| |
| // Same as above, this time for the SSL mode. |
| SslSetClearMask mode; |
| |
| mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
| mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); |
| |
| mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, |
| ssl_config_.false_start_enabled); |
| |
| mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback); |
| |
| SSL_set_mode(ssl_, mode.set_mask); |
| SSL_clear_mode(ssl_, mode.clear_mask); |
| |
| // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
| // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable |
| // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not |
| // supported. As DHE is being deprecated, don't add a cipher only to remove it |
| // immediately. |
| std::string command; |
| if (SSLClientSocket::IsPostQuantumExperimentEnabled()) { |
| // These are experimental, non-standard ciphersuites. They are part of an |
| // experiment in post-quantum cryptography. They're not intended to |
| // represent a de-facto standard, and will be removed from BoringSSL in |
| // ~2018. |
| if (EVP_has_aes_hardware()) { |
| command.append( |
| "CECPQ1-RSA-AES256-GCM-SHA384:" |
| "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
| } |
| command.append( |
| "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" |
| "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); |
| if (!EVP_has_aes_hardware()) { |
| command.append( |
| "CECPQ1-RSA-AES256-GCM-SHA384:" |
| "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
| } |
| } |
| command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); |
| |
| if (ssl_config_.require_ecdhe) |
| command.append(":!kRSA:!kDHE"); |
| |
| if (!ssl_config_.deprecated_cipher_suites_enabled) { |
| // Only offer DHE on the second handshake. https://crbug.com/538690 |
| command.append(":!kDHE"); |
| } |
| |
| // Remove any disabled ciphers. |
| for (uint16_t id : ssl_config_.disabled_cipher_suites) { |
| const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); |
| if (cipher) { |
| command.append(":!"); |
| command.append(SSL_CIPHER_get_name(cipher)); |
| } |
| } |
| |
| int rv = SSL_set_cipher_list(ssl_, command.c_str()); |
| // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. |
| // This will almost certainly result in the socket failing to complete the |
| // handshake at which point the appropriate error is bubbled up to the client. |
| LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " |
| "returned " |
| << rv; |
| |
| // TLS channel ids. |
| if (IsChannelIDEnabled()) { |
| SSL_enable_tls_channel_id(ssl_); |
| } |
| |
| if (!ssl_config_.alpn_protos.empty()) { |
| std::vector<uint8_t> wire_protos = |
| SerializeNextProtos(ssl_config_.alpn_protos); |
| SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], |
| wire_protos.size()); |
| } |
| |
| if (ssl_config_.npn_protos.empty()) |
| SSL_set_options(ssl_, SSL_OP_DISABLE_NPN); |
| |
| if (ssl_config_.signed_cert_timestamps_enabled) { |
| SSL_enable_signed_cert_timestamps(ssl_); |
| SSL_enable_ocsp_stapling(ssl_); |
| } |
| |
| if (cert_verifier_->SupportsOCSPStapling()) |
| SSL_enable_ocsp_stapling(ssl_); |
| |
| return OK; |
| } |
| |
| void SSLClientSocketImpl::DoReadCallback(int rv) { |
| // Since Run may result in Read being called, clear |user_read_callback_| |
| // up front. |
| if (rv > 0) |
| was_ever_used_ = true; |
| user_read_buf_ = NULL; |
| user_read_buf_len_ = 0; |
| base::ResetAndReturn(&user_read_callback_).Run(rv); |
| } |
| |
| void SSLClientSocketImpl::DoWriteCallback(int rv) { |
| // Since Run may result in Write being called, clear |user_write_callback_| |
| // up front. |
| if (rv > 0) |
| was_ever_used_ = true; |
| user_write_buf_ = NULL; |
| user_write_buf_len_ = 0; |
| base::ResetAndReturn(&user_write_callback_).Run(rv); |
| } |
| |
| bool SSLClientSocketImpl::DoTransportIO() { |
| bool network_moved = false; |
| int rv; |
| // Read and write as much data as possible. The loop is necessary because |
| // Write() may return synchronously. |
| do { |
| rv = BufferSend(); |
| if (rv != ERR_IO_PENDING && rv != 0) |
| network_moved = true; |
| } while (rv > 0); |
| if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) |
| network_moved = true; |
| return network_moved; |
| } |
| |
| // TODO(cbentzel): Remove including "base/threading/thread_local.h" and |
| // g_first_run_completed once crbug.com/424386 is fixed. |
| base::LazyInstance<base::ThreadLocalBoolean>::Leaky g_first_run_completed = |
| LAZY_INSTANCE_INITIALIZER; |
| |
| int SSLClientSocketImpl::DoHandshake() { |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| |
| int rv; |
| |
| // TODO(cbentzel): Leave only 1 call to SSL_do_handshake once crbug.com/424386 |
| // is fixed. |
| if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { |
| rv = SSL_do_handshake(ssl_); |
| } else { |
| if (g_first_run_completed.Get().Get()) { |
| // TODO(cbentzel): Remove ScopedTracker below once crbug.com/424386 is |
| // fixed. |
| tracked_objects::ScopedTracker tracking_profile( |
| FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 SSL_do_handshake()")); |
| |
| rv = SSL_do_handshake(ssl_); |
| } else { |
| g_first_run_completed.Get().Set(true); |
| rv = SSL_do_handshake(ssl_); |
| } |
| } |
| |
| int net_error = OK; |
| if (rv <= 0) { |
| int ssl_error = SSL_get_error(ssl_, rv); |
| if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) { |
| // The server supports channel ID. Stop to look one up before returning to |
| // the handshake. |
| next_handshake_state_ = STATE_CHANNEL_ID_LOOKUP; |
| return OK; |
| } |
| if (ssl_error == SSL_ERROR_WANT_X509_LOOKUP && |
| !ssl_config_.send_client_cert) { |
| return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| } |
| if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) { |
| DCHECK(ssl_config_.client_private_key); |
| DCHECK_NE(kNoPendingResult, signature_result_); |
| next_handshake_state_ = STATE_HANDSHAKE; |
| return ERR_IO_PENDING; |
| } |
| |
| OpenSSLErrorInfo error_info; |
| net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); |
| if (net_error == ERR_IO_PENDING) { |
| // If not done, stay in this state |
| next_handshake_state_ = STATE_HANDSHAKE; |
| return ERR_IO_PENDING; |
| } |
| |
| LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " |
| << ssl_error << ", net_error " << net_error; |
| net_log_.AddEvent( |
| NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| } |
| |
| next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; |
| return net_error; |
| } |
| |
| int SSLClientSocketImpl::DoHandshakeComplete(int result) { |
| if (result < 0) |
| return result; |
| |
| if (ssl_config_.version_fallback && |
| ssl_config_.version_max < ssl_config_.version_fallback_min) { |
| return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
| } |
| |
| // DHE is offered on the deprecated cipher fallback and then rejected |
| // afterwards. This is to aid in diagnosing connection failures because a |
| // server requires DHE ciphers. |
| // |
| // TODO(davidben): A few releases after DHE's removal, remove this logic. |
| if (!ssl_config_.dhe_enabled && |
| SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) { |
| return ERR_SSL_OBSOLETE_CIPHER; |
| } |
| |
| // Check that if token binding was negotiated, then extended master secret |
| // must also be negotiated. |
| if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) |
| return ERR_SSL_PROTOCOL_ERROR; |
| |
| // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
| if (npn_status_ == kNextProtoUnsupported) { |
| const uint8_t* alpn_proto = NULL; |
| unsigned alpn_len = 0; |
| SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
| if (alpn_len > 0) { |
| base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto), |
| alpn_len); |
| negotiated_protocol_ = NextProtoFromString(proto); |
| npn_status_ = kNextProtoNegotiated; |
| negotiation_extension_ = kExtensionALPN; |
| } |
| } |
| |
| RecordNegotiationExtension(); |
| RecordChannelIDSupport(); |
| |
| const uint8_t* ocsp_response_raw; |
| size_t ocsp_response_len; |
| SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); |
| std::string ocsp_response; |
| if (ocsp_response_len > 0) { |
| ocsp_response_.assign(reinterpret_cast<const char*>(ocsp_response_raw), |
| ocsp_response_len); |
| } |
| set_stapled_ocsp_response_received(ocsp_response_len != 0); |
| UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_response_len != 0); |
| |
| const uint8_t* sct_list; |
| size_t sct_list_len; |
| SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list, &sct_list_len); |
| set_signed_cert_timestamps_received(sct_list_len != 0); |
| |
| if (IsRenegotiationAllowed()) |
| SSL_set_renegotiate_mode(ssl_, ssl_renegotiate_freely); |
| |
| uint16_t signature_algorithm = SSL_get_peer_signature_algorithm(ssl_); |
| if (signature_algorithm != 0) { |
| UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLSignatureAlgorithm", |
| signature_algorithm); |
| } |
| |
| // Verify the certificate. |
| UpdateServerCert(); |
| next_handshake_state_ = STATE_VERIFY_CERT; |
| return OK; |
| } |
| |
| int SSLClientSocketImpl::DoChannelIDLookup() { |
| NetLog::ParametersCallback callback = base::Bind( |
| &NetLogChannelIDLookupCallback, base::Unretained(channel_id_service_)); |
| net_log_.BeginEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID, callback); |
| next_handshake_state_ = STATE_CHANNEL_ID_LOOKUP_COMPLETE; |
| return channel_id_service_->GetOrCreateChannelID( |
| host_and_port_.host(), &channel_id_key_, |
| base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete, |
| base::Unretained(this)), |
| &channel_id_request_); |
| } |
| |
| int SSLClientSocketImpl::DoChannelIDLookupComplete(int result) { |
| net_log_.EndEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID, |
| base::Bind(&NetLogChannelIDLookupCompleteCallback, |
| channel_id_key_.get(), result)); |
| if (result < 0) |
| return result; |
| |
| // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key |
| // type. |
| DCHECK(channel_id_key_); |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key()); |
| if (!rv) { |
| LOG(ERROR) << "Failed to set Channel ID."; |
| int err = SSL_get_error(ssl_, rv); |
| return MapOpenSSLError(err, err_tracer); |
| } |
| |
| // Return to the handshake. |
| channel_id_sent_ = true; |
| next_handshake_state_ = STATE_HANDSHAKE; |
| return OK; |
| } |
| |
| int SSLClientSocketImpl::DoVerifyCert(int result) { |
| DCHECK(!server_cert_chain_->empty()); |
| DCHECK(start_cert_verification_time_.is_null()); |
| |
| next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; |
| |
| // OpenSSL decoded the certificate, but the platform certificate |
| // implementation could not. This is treated as a fatal SSL-level protocol |
| // error rather than a certificate error. See https://crbug.com/91341. |
| if (!server_cert_.get()) |
| return ERR_SSL_SERVER_CERT_BAD_FORMAT; |
| |
| // If the certificate is bad and has been previously accepted, use |
| // the previous status and bypass the error. |
| base::StringPiece der_cert; |
| if (!x509_util::GetDER(server_cert_chain_->Get(0), &der_cert)) { |
| NOTREACHED(); |
| return ERR_CERT_INVALID; |
| } |
| CertStatus cert_status; |
| if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { |
| server_cert_verify_result_.Reset(); |
| server_cert_verify_result_.cert_status = cert_status; |
| server_cert_verify_result_.verified_cert = server_cert_; |
| return OK; |
| } |
| |
| start_cert_verification_time_ = base::TimeTicks::Now(); |
| |
| return cert_verifier_->Verify( |
| CertVerifier::RequestParams(server_cert_, host_and_port_.host(), |
| ssl_config_.GetCertVerifyFlags(), |
| ocsp_response_, CertificateList()), |
| // TODO(davidben): Route the CRLSet through SSLConfig so |
| // SSLClientSocket doesn't depend on SSLConfigService. |
| SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete, |
| base::Unretained(this)), |
| &cert_verifier_request_, net_log_); |
| } |
| |
| int SSLClientSocketImpl::DoVerifyCertComplete(int result) { |
| cert_verifier_request_.reset(); |
| |
| if (!start_cert_verification_time_.is_null()) { |
| base::TimeDelta verify_time = |
| base::TimeTicks::Now() - start_cert_verification_time_; |
| if (result == OK) { |
| UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| } else { |
| UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| } |
| } |
| |
| // If the connection was good, check HPKP and CT status simultaneously, |
| // but prefer to treat the HPKP error as more serious, if there was one. |
| const CertStatus cert_status = server_cert_verify_result_.cert_status; |
| if ((result == OK || |
| (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) { |
| int ct_result = VerifyCT(); |
| TransportSecurityState::PKPStatus pin_validity = |
| transport_security_state_->CheckPublicKeyPins( |
| host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
| server_cert_verify_result_.public_key_hashes, server_cert_.get(), |
| server_cert_verify_result_.verified_cert.get(), |
| TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_); |
| switch (pin_validity) { |
| case TransportSecurityState::PKPStatus::VIOLATED: |
| server_cert_verify_result_.cert_status |= |
| CERT_STATUS_PINNED_KEY_MISSING; |
| result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| break; |
| case TransportSecurityState::PKPStatus::BYPASSED: |
| pkp_bypassed_ = true; |
| // Fall through. |
| case TransportSecurityState::PKPStatus::OK: |
| // Do nothing. |
| break; |
| } |
| if (result != ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN && ct_result != OK) |
| result = ct_result; |
| } |
| |
| if (result == OK) { |
| DCHECK(!certificate_verified_); |
| certificate_verified_ = true; |
| MaybeCacheSession(); |
| SSLInfo ssl_info; |
| bool ok = GetSSLInfo(&ssl_info); |
| DCHECK(ok); |
| transport_security_state_->CheckExpectStaple(host_and_port_, ssl_info, |
| ocsp_response_); |
| } |
| |
| completed_connect_ = true; |
| // Exit DoHandshakeLoop and return the result to the caller to Connect. |
| DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| return result; |
| } |
| |
| void SSLClientSocketImpl::DoConnectCallback(int rv) { |
| if (!user_connect_callback_.is_null()) { |
| CompletionCallback c = user_connect_callback_; |
| user_connect_callback_.Reset(); |
| c.Run(rv > OK ? OK : rv); |
| } |
| } |
| |
| void SSLClientSocketImpl::UpdateServerCert() { |
| server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); |
| server_cert_ = server_cert_chain_->AsOSChain(); |
| if (server_cert_.get()) { |
| net_log_.AddEvent(NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, |
| base::Bind(&NetLogX509CertificateCallback, |
| base::Unretained(server_cert_.get()))); |
| } |
| } |
| |
| void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
| int rv = DoHandshakeLoop(result); |
| if (rv != ERR_IO_PENDING) { |
| LogConnectEndEvent(rv); |
| DoConnectCallback(rv); |
| } |
| } |
| |
| void SSLClientSocketImpl::OnSendComplete(int result) { |
| if (next_handshake_state_ == STATE_HANDSHAKE) { |
| // In handshake phase. |
| OnHandshakeIOComplete(result); |
| return; |
| } |
| |
| // During a renegotiation, a Read call may also be blocked on a transport |
| // write, so retry both operations. |
| PumpReadWriteEvents(); |
| } |
| |
| void SSLClientSocketImpl::OnRecvComplete(int result) { |
| TRACE_EVENT0("net", "SSLClientSocketImpl::OnRecvComplete"); |
| if (next_handshake_state_ == STATE_HANDSHAKE) { |
| // In handshake phase. |
| OnHandshakeIOComplete(result); |
| return; |
| } |
| |
| // Network layer received some data, check if client requested to read |
| // decrypted data. |
| if (!user_read_buf_.get()) |
| return; |
| |
| int rv = DoReadLoop(); |
| if (rv != ERR_IO_PENDING) |
| DoReadCallback(rv); |
| } |
| |
| int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { |
| TRACE_EVENT0("net", "SSLClientSocketImpl::DoHandshakeLoop"); |
| int rv = last_io_result; |
| do { |
| // Default to STATE_NONE for next state. |
| // (This is a quirk carried over from the windows |
| // implementation. It makes reading the logs a bit harder.) |
| // State handlers can and often do call GotoState just |
| // to stay in the current state. |
| State state = next_handshake_state_; |
| next_handshake_state_ = STATE_NONE; |
| switch (state) { |
| case STATE_HANDSHAKE: |
| rv = DoHandshake(); |
| break; |
| case STATE_HANDSHAKE_COMPLETE: |
| rv = DoHandshakeComplete(rv); |
| break; |
| case STATE_CHANNEL_ID_LOOKUP: |
| DCHECK_EQ(OK, rv); |
| rv = DoChannelIDLookup(); |
| break; |
| case STATE_CHANNEL_ID_LOOKUP_COMPLETE: |
| rv = DoChannelIDLookupComplete(rv); |
| break; |
| case STATE_VERIFY_CERT: |
| DCHECK_EQ(OK, rv); |
| rv = DoVerifyCert(rv); |
| break; |
| case STATE_VERIFY_CERT_COMPLETE: |
| rv = DoVerifyCertComplete(rv); |
| break; |
| case STATE_NONE: |
| default: |
| rv = ERR_UNEXPECTED; |
| NOTREACHED() << "unexpected state" << state; |
| break; |
| } |
| |
| bool network_moved = DoTransportIO(); |
| if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { |
| // In general we exit the loop if rv is ERR_IO_PENDING. In this |
| // special case we keep looping even if rv is ERR_IO_PENDING because |
| // the transport IO may allow DoHandshake to make progress. |
| rv = OK; // This causes us to stay in the loop. |
| } |
| } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::DoReadLoop() { |
| bool network_moved; |
| int rv; |
| do { |
| rv = DoPayloadRead(); |
| network_moved = DoTransportIO(); |
| } while (rv == ERR_IO_PENDING && network_moved); |
| |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::DoWriteLoop() { |
| bool network_moved; |
| int rv; |
| do { |
| rv = DoPayloadWrite(); |
| network_moved = DoTransportIO(); |
| } while (rv == ERR_IO_PENDING && network_moved); |
| |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::DoPayloadRead() { |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| |
| DCHECK_LT(0, user_read_buf_len_); |
| DCHECK(user_read_buf_.get()); |
| |
| int rv; |
| if (pending_read_error_ != kNoPendingResult) { |
| rv = pending_read_error_; |
| pending_read_error_ = kNoPendingResult; |
| if (rv == 0) { |
| net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
| user_read_buf_->data()); |
| } else { |
| net_log_.AddEvent( |
| NetLog::TYPE_SSL_READ_ERROR, |
| CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| pending_read_error_info_)); |
| } |
| pending_read_ssl_error_ = SSL_ERROR_NONE; |
| pending_read_error_info_ = OpenSSLErrorInfo(); |
| return rv; |
| } |
| |
| int total_bytes_read = 0; |
| int ssl_ret; |
| do { |
| ssl_ret = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, |
| user_read_buf_len_ - total_bytes_read); |
| if (ssl_ret > 0) |
| total_bytes_read += ssl_ret; |
| } while (total_bytes_read < user_read_buf_len_ && ssl_ret > 0); |
| |
| // Although only the final SSL_read call may have failed, the failure needs to |
| // processed immediately, while the information still available in OpenSSL's |
| // error queue. |
| if (ssl_ret <= 0) { |
| // A zero return from SSL_read may mean any of: |
| // - The underlying BIO_read returned 0. |
| // - The peer sent a close_notify. |
| // - Any arbitrary error. https://crbug.com/466303 |
| // |
| // TransportReadComplete converts the first to an ERR_CONNECTION_CLOSED |
| // error, so it does not occur. The second and third are distinguished by |
| // SSL_ERROR_ZERO_RETURN. |
| pending_read_ssl_error_ = SSL_get_error(ssl_, ssl_ret); |
| if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) { |
| pending_read_error_ = 0; |
| } else if (pending_read_ssl_error_ == SSL_ERROR_WANT_X509_LOOKUP && |
| !ssl_config_.send_client_cert) { |
| pending_read_error_ = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| } else if (pending_read_ssl_error_ == |
| SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) { |
| DCHECK(ssl_config_.client_private_key); |
| DCHECK_NE(kNoPendingResult, signature_result_); |
| pending_read_error_ = ERR_IO_PENDING; |
| } else { |
| pending_read_error_ = MapOpenSSLErrorWithDetails( |
| pending_read_ssl_error_, err_tracer, &pending_read_error_info_); |
| } |
| |
| // Many servers do not reliably send a close_notify alert when shutting down |
| // a connection, and instead terminate the TCP connection. This is reported |
| // as ERR_CONNECTION_CLOSED. Because of this, map the unclean shutdown to a |
| // graceful EOF, instead of treating it as an error as it should be. |
| if (pending_read_error_ == ERR_CONNECTION_CLOSED) |
| pending_read_error_ = 0; |
| } |
| |
| if (total_bytes_read > 0) { |
| // Return any bytes read to the caller. The error will be deferred to the |
| // next call of DoPayloadRead. |
| rv = total_bytes_read; |
| |
| // Do not treat insufficient data as an error to return in the next call to |
| // DoPayloadRead() - instead, let the call fall through to check SSL_read() |
| // again. This is because DoTransportIO() may complete in between the next |
| // call to DoPayloadRead(), and thus it is important to check SSL_read() on |
| // subsequent invocations to see if a complete record may now be read. |
| if (pending_read_error_ == ERR_IO_PENDING) |
| pending_read_error_ = kNoPendingResult; |
| } else { |
| // No bytes were returned. Return the pending read error immediately. |
| DCHECK_NE(kNoPendingResult, pending_read_error_); |
| rv = pending_read_error_; |
| pending_read_error_ = kNoPendingResult; |
| } |
| |
| if (rv >= 0) { |
| net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
| user_read_buf_->data()); |
| } else if (rv != ERR_IO_PENDING) { |
| net_log_.AddEvent( |
| NetLog::TYPE_SSL_READ_ERROR, |
| CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| pending_read_error_info_)); |
| pending_read_ssl_error_ = SSL_ERROR_NONE; |
| pending_read_error_info_ = OpenSSLErrorInfo(); |
| } |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::DoPayloadWrite() { |
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| |
| if (rv >= 0) { |
| net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| user_write_buf_->data()); |
| return rv; |
| } |
| |
| int ssl_error = SSL_get_error(ssl_, rv); |
| if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) |
| return ERR_IO_PENDING; |
| OpenSSLErrorInfo error_info; |
| int net_error = |
| MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); |
| |
| if (net_error != ERR_IO_PENDING) { |
| net_log_.AddEvent( |
| NetLog::TYPE_SSL_WRITE_ERROR, |
| CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| } |
| return net_error; |
| } |
| |
| void SSLClientSocketImpl::PumpReadWriteEvents() { |
| int rv_read = ERR_IO_PENDING; |
| int rv_write = ERR_IO_PENDING; |
| bool network_moved; |
| do { |
| if (user_read_buf_.get()) |
| rv_read = DoPayloadRead(); |
| if (user_write_buf_.get()) |
| rv_write = DoPayloadWrite(); |
| network_moved = DoTransportIO(); |
| } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING && |
| (user_read_buf_.get() || user_write_buf_.get()) && network_moved); |
| |
| // Performing the Read callback may cause |this| to be deleted. If this |
| // happens, the Write callback should not be invoked. Guard against this by |
| // holding a WeakPtr to |this| and ensuring it's still valid. |
| base::WeakPtr<SSLClientSocketImpl> guard(weak_factory_.GetWeakPtr()); |
| if (user_read_buf_.get() && rv_read != ERR_IO_PENDING) |
| DoReadCallback(rv_read); |
| |
| if (!guard.get()) |
| return; |
| |
| if (user_write_buf_.get() && rv_write != ERR_IO_PENDING) |
| DoWriteCallback(rv_write); |
| } |
| |
| int SSLClientSocketImpl::BufferSend(void) { |
| if (transport_send_busy_) |
| return ERR_IO_PENDING; |
| |
| size_t buffer_read_offset; |
| uint8_t* read_buf; |
| size_t max_read; |
| int status = BIO_zero_copy_get_read_buf(transport_bio_, &read_buf, |
| &buffer_read_offset, &max_read); |
| DCHECK_EQ(status, 1); // Should never fail. |
| if (!max_read) |
| return 0; // Nothing pending in the OpenSSL write BIO. |
| CHECK_EQ(read_buf, reinterpret_cast<uint8_t*>(send_buffer_->StartOfBuffer())); |
| CHECK_LT(buffer_read_offset, static_cast<size_t>(send_buffer_->capacity())); |
| send_buffer_->set_offset(buffer_read_offset); |
| |
| int rv = transport_->socket()->Write( |
| send_buffer_.get(), max_read, |
| base::Bind(&SSLClientSocketImpl::BufferSendComplete, |
| base::Unretained(this))); |
| if (rv == ERR_IO_PENDING) { |
| transport_send_busy_ = true; |
| } else { |
| TransportWriteComplete(rv); |
| } |
| return rv; |
| } |
| |
| int SSLClientSocketImpl::BufferRecv(void) { |
| if (transport_recv_busy_) |
| return ERR_IO_PENDING; |
| |
| // Determine how much was requested from |transport_bio_| that was not |
| // actually available. |
| size_t requested = BIO_ctrl_get_read_request(transport_bio_); |
| if (requested == 0) { |
| // This is not a perfect match of error codes, as no operation is |
| // actually pending. However, returning 0 would be interpreted as |
| // a possible sign of EOF, which is also an inappropriate match. |
| return ERR_IO_PENDING; |
| } |
| |
| // Known Issue: While only reading |requested| data is the more correct |
| // implementation, it has the downside of resulting in frequent reads: |
| // One read for the SSL record header (~5 bytes) and one read for the SSL |
| // record body. Rather than issuing these reads to the underlying socket |
| // (and constantly allocating new IOBuffers), a single Read() request to |
| // fill |transport_bio_| is issued. As long as an SSL client socket cannot |
| // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL |
| // traffic, this over-subscribed Read()ing will not cause issues. |
| |
| size_t buffer_write_offset; |
| uint8_t* write_buf; |
| size_t max_write; |
| int status = BIO_zero_copy_get_write_buf(transport_bio_, &write_buf, |
| &buffer_write_offset, &max_write); |
| DCHECK_EQ(status, 1); // Should never fail. |
| if (!max_write) |
| return ERR_IO_PENDING; |
| |
| CHECK_EQ(write_buf, |
| reinterpret_cast<uint8_t*>(recv_buffer_->StartOfBuffer())); |
| CHECK_LT(buffer_write_offset, static_cast<size_t>(recv_buffer_->capacity())); |
| |
| recv_buffer_->set_offset(buffer_write_offset); |
| int rv = transport_->socket()->Read( |
| recv_buffer_.get(), max_write, |
| base::Bind(&SSLClientSocketImpl::BufferRecvComplete, |
| base::Unretained(this))); |
| if (rv == ERR_IO_PENDING) { |
| transport_recv_busy_ = true; |
| } else { |
| rv = TransportReadComplete(rv); |
| } |
| return rv; |
| } |
| |
| void SSLClientSocketImpl::BufferSendComplete(int result) { |
| TransportWriteComplete(result); |
| OnSendComplete(result); |
| } |
| |
| void SSLClientSocketImpl::BufferRecvComplete(int result) { |
| result = TransportReadComplete(result); |
| OnRecvComplete(result); |
| } |
| |
| void SSLClientSocketImpl::TransportWriteComplete(int result) { |
| DCHECK(ERR_IO_PENDING != result); |
| int bytes_written = 0; |
| if (result < 0) { |
| // Record the error. Save it to be reported in a future read or write on |
| // transport_bio_'s peer. |
| transport_write_error_ = result; |
| } else { |
| bytes_written = result; |
| } |
| DCHECK_GE(send_buffer_->RemainingCapacity(), bytes_written); |
| int ret = BIO_zero_copy_get_read_buf_done(transport_bio_, bytes_written); |
| DCHECK_EQ(1, ret); |
| transport_send_busy_ = false; |
| } |
| |
| int SSLClientSocketImpl::TransportReadComplete(int result) { |
| DCHECK(ERR_IO_PENDING != result); |
| // If an EOF, canonicalize to ERR_CONNECTION_CLOSED here so MapOpenSSLError |
| // does not report success. |
| if (result == 0) |
| result = ERR_CONNECTION_CLOSED; |
| int bytes_read = 0; |
| if (result < 0) { |
| // Received an error. Save it to be reported in a future read on |
| // transport_bio_'s peer. |
| transport_read_error_ = result; |
| } else { |
| bytes_read = result; |
| } |
| DCHECK_GE(recv_buffer_->RemainingCapacity(), bytes_read); |
| int ret = BIO_zero_copy_get_write_buf_done(transport_bio_, bytes_read); |
| DCHECK_EQ(1, ret); |
| transport_recv_busy_ = false; |
| return result; |
| } |
| |
| int SSLClientSocketImpl::VerifyCT() { |
| const uint8_t* sct_list_raw; |
| size_t sct_list_len; |
| SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list_raw, &sct_list_len); |
| std::string sct_list; |
| if (sct_list_len > 0) |
| sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); |
| |
| // Note that this is a completely synchronous operation: The CT Log Verifier |
| // gets all the data it needs for SCT verification and does not do any |
| // external communication. |
| cert_transparency_verifier_->Verify( |
| server_cert_verify_result_.verified_cert.get(), ocsp_response_, sct_list, |
| &ct_verify_result_, net_log_); |
| |
| ct_verify_result_.ct_policies_applied = true; |
| ct_verify_result_.ev_policy_compliance = |
| ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; |
| |
| SCTList verified_scts = |
| ct::SCTsMatchingStatus(ct_verify_result_.scts, ct::SCT_STATUS_OK); |
| |
| if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
| scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| SSLConfigService::GetEVCertsWhitelist(); |
| ct::EVPolicyCompliance ev_policy_compliance = |
| policy_enforcer_->DoesConformToCTEVPolicy( |
| server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
| verified_scts, net_log_); |
| ct_verify_result_.ev_policy_compliance = ev_policy_compliance; |
| if (ev_policy_compliance != |
| ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY && |
| ev_policy_compliance != |
| ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST && |
| ev_policy_compliance != |
| ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) { |
| server_cert_verify_result_.cert_status |= |
| CERT_STATUS_CT_COMPLIANCE_FAILED; |
| server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| } |
| } |
| ct_verify_result_.cert_policy_compliance = |
| policy_enforcer_->DoesConformToCertPolicy( |
| server_cert_verify_result_.verified_cert.get(), verified_scts, |
| net_log_); |
| |
| if (ct_verify_result_.cert_policy_compliance != |
| ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && |
| transport_security_state_->ShouldRequireCT( |
| host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), |
| server_cert_verify_result_.public_key_hashes)) { |
| server_cert_verify_result_.cert_status |= |
| CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| } |
| |
| return OK; |
| } |
| |
| int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { |
| DCHECK(ssl == ssl_); |
| |
| net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED); |
| |
| // Clear any currently configured certificates. |
| SSL_certs_clear(ssl_); |
| |
| #if defined(OS_IOS) |
| // TODO(droger): Support client auth on iOS. See http://crbug.com/145954). |
| LOG(WARNING) << "Client auth is not supported"; |
| #else // !defined(OS_IOS) |
| if (!ssl_config_.send_client_cert) { |
| // First pass: we know that a client certificate is needed, but we do not |
| // have one at hand. |
| STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl); |
| for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) { |
| X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i); |
| unsigned char* str = NULL; |
| int length = i2d_X509_NAME(ca_name, &str); |
| cert_authorities_.push_back(std::string( |
| reinterpret_cast<const char*>(str), static_cast<size_t>(length))); |
| OPENSSL_free(str); |
| } |
| |
| const unsigned char* client_cert_types; |
| size_t num_client_cert_types = |
| SSL_get0_certificate_types(ssl, &client_cert_types); |
| for (size_t i = 0; i < num_client_cert_types; i++) { |
| cert_key_types_.push_back( |
| static_cast<SSLClientCertType>(client_cert_types[i])); |
| } |
| |
| // Suspends handshake. SSL_get_error will return SSL_ERROR_WANT_X509_LOOKUP. |
| return -1; |
| } |
| |
| // Second pass: a client certificate should have been selected. |
| if (ssl_config_.client_cert.get()) { |
| ScopedX509 leaf_x509 = |
| OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle()); |
| if (!leaf_x509) { |
| LOG(WARNING) << "Failed to import certificate"; |
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); |
| return -1; |
| } |
| |
| ScopedX509Stack chain = OSCertHandlesToOpenSSL( |
| ssl_config_.client_cert->GetIntermediateCertificates()); |
| if (!chain) { |
| LOG(WARNING) << "Failed to import intermediate certificates"; |
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); |
| return -1; |
| } |
| |
| if (!SSL_use_certificate(ssl_, leaf_x509.get()) || |
| !SSL_set1_chain(ssl_, chain.get())) { |
| LOG(WARNING) << "Failed to set client certificate"; |
| return -1; |
| } |
| |
| if (!ssl_config_.client_private_key) { |
| // The caller supplied a null private key. Fail the handshake and surface |
| // an appropriate error to the caller. |
| LOG(WARNING) << "Client cert found without private key"; |
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); |
| return -1; |
| } |
| |
| SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod); |
| |
| std::vector<SSLPrivateKey::Hash> digest_prefs = |
| ssl_config_.client_private_key->GetDigestPreferences(); |
| |
| size_t digests_len = digest_prefs.size(); |
| std::vector<int> digests; |
| for (size_t i = 0; i < digests_len; i++) { |
| switch (digest_prefs[i]) { |
| case SSLPrivateKey::Hash::SHA1: |
| digests.push_back(NID_sha1); |
| break; |
| case SSLPrivateKey::Hash::SHA256: |
| digests.push_back(NID_sha256); |
| break; |
| case SSLPrivateKey::Hash::SHA384: |
| digests.push_back(NID_sha384); |
| break; |
| case SSLPrivateKey::Hash::SHA512: |
| digests.push_back(NID_sha512); |
| break; |
| case SSLPrivateKey::Hash::MD5_SHA1: |
| // MD5-SHA1 is not used in TLS 1.2. |
| break; |
| } |
| } |
| |
| SSL_set_private_key_digest_prefs(ssl_, digests.data(), digests.size()); |
| |
| int cert_count = 1 + sk_X509_num(chain.get()); |
| net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| NetLog::IntCallback("cert_count", cert_count)); |
| return 1; |
| } |
| #endif // defined(OS_IOS) |
| |
| // Send no client certificate. |
| net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| NetLog::IntCallback("cert_count", 0)); |
| return 1; |
| } |
| |
| int SSLClientSocketImpl::CertVerifyCallback(X509_STORE_CTX* store_ctx) { |
| if (!completed_connect_) { |
| // If the first handshake hasn't completed then we accept any certificates |
| // because we verify after the handshake. |
| return 1; |
| } |
| |
| // Disallow the server certificate to change in a renegotiation. |
| if (server_cert_chain_->empty()) { |
| LOG(ERROR) << "Received invalid certificate chain between handshakes"; |
| return 0; |
| } |
| base::StringPiece old_der, new_der; |
| if (store_ctx->cert == NULL || |
| !x509_util::GetDER(server_cert_chain_->Get(0), &old_der) || |
| !x509_util::GetDER(store_ctx->cert, &new_der)) { |
| LOG(ERROR) << "Failed to encode certificates"; |
| return 0; |
| } |
| if (old_der != new_der) { |
| LOG(ERROR) << "Server certificate changed between handshakes"; |
| return 0; |
| } |
| |
| return 1; |
| } |
| |
| // SelectNextProtoCallback is called by OpenSSL during the handshake. If the |
| // server supports NPN, selects a protocol from the list that the server |
| // provides. According to third_party/boringssl/src/ssl/ssl_lib.c, the |
| // callback can assume that |in| is syntactically valid. |
| int SSLClientSocketImpl::SelectNextProtoCallback(unsigned char** out, |
| unsigned char* outlen, |
| const unsigned char* in, |
| unsigned int inlen) { |
| if (ssl_config_.npn_protos.empty()) { |
| *out = reinterpret_cast<uint8_t*>( |
| const_cast<char*>(kDefaultSupportedNPNProtocol)); |
| *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1; |
| npn_status_ = kNextProtoUnsupported; |
| return SSL_TLSEXT_ERR_OK; |
| } |
| |
| // Assume there's no overlap between our protocols and the server's list. |
| npn_status_ = kNextProtoNoOverlap; |
| |
| // For each protocol in server preference order, see if we support it. |
| for (unsigned int i = 0; i < inlen; i += in[i] + 1) { |
| for (NextProto next_proto : ssl_config_.npn_protos) { |
| const std::string proto = NextProtoToString(next_proto); |
| if (in[i] == proto.size() && |
| memcmp(&in[i + 1], proto.data(), in[i]) == 0) { |
| // We found a match. |
| negotiated_protocol_ = next_proto; |
| *out = const_cast<unsigned char*>(in) + i + 1; |
| *outlen = in[i]; |
| npn_status_ = kNextProtoNegotiated; |
| break; |
| } |
| } |
| if (npn_status_ == kNextProtoNegotiated) |
| break; |
| } |
| |
| // If we didn't find a protocol, we select the last one from our list. |
| if (npn_status_ == kNextProtoNoOverlap) { |
| negotiated_protocol_ = ssl_config_.npn_protos.back(); |
| // NextProtoToString returns a pointer to a static string. |
| const char* proto = NextProtoToString(negotiated_protocol_); |
| *out = reinterpret_cast<unsigned char*>(const_cast<char*>(proto)); |
| *outlen = strlen(proto); |
| } |
| |
| negotiation_extension_ = kExtensionNPN; |
| return SSL_TLSEXT_ERR_OK; |
| } |
| |
| long SSLClientSocketImpl::MaybeReplayTransportError(BIO* bio, |
| int cmd, |
| const char* argp, |
| int argi, |
| long argl, |
| long retvalue) { |
| if (cmd == (BIO_CB_READ | BIO_CB_RETURN) && retvalue <= 0) { |
| // If there is no more data in the buffer, report any pending errors that |
| // were observed. Note that both the readbuf and the writebuf are checked |
| // for errors, since the application may have encountered a socket error |
| // while writing that would otherwise not be reported until the application |
| // attempted to write again - which it may never do. See |
| // https://crbug.com/249848. |
| if (transport_read_error_ != OK) { |
| OpenSSLPutNetError(FROM_HERE, transport_read_error_); |
| return -1; |
| } |
| if (transport_write_error_ != OK) { |
| OpenSSLPutNetError(FROM_HERE, transport_write_error_); |
| return -1; |
| } |
| } else if (cmd == BIO_CB_WRITE) { |
| // Because of the write buffer, this reports a failure from the previous |
| // write payload. If the current payload fails to write, the error will be |
| // reported in a future write or read to |bio|. |
| if (transport_write_error_ != OK) { |
| OpenSSLPutNetError(FROM_HERE, transport_write_error_); |
| return -1; |
| } |
| } |
| return retvalue; |
| } |
| |
| // static |
| long SSLClientSocketImpl::BIOCallback(BIO* bio, |
| int cmd, |
| const char* argp, |
| int argi, |
| long argl, |
| long retvalue) { |
| SSLClientSocketImpl* socket = |
| reinterpret_cast<SSLClientSocketImpl*>(BIO_get_callback_arg(bio)); |
| CHECK(socket); |
| return socket->MaybeReplayTransportError(bio, cmd, argp, argi, argl, |
| retvalue); |
| } |
| |
| void SSLClientSocketImpl::MaybeCacheSession() { |
| // Only cache the session once both a new session has been established and the |
| // certificate has been verified. Due to False Start, these events may happen |
| // in either order. |
| if (!pending_session_ || !certificate_verified_) |
| return; |
| |
| SSLContext::GetInstance()->session_cache()->Insert(GetSessionCacheKey(), |
| pending_session_.get()); |
| pending_session_ = nullptr; |
| } |
| |
| int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { |
| // OpenSSL passes a reference to |session|. |
| pending_session_.reset(session); |
| MaybeCacheSession(); |
| return 1; |
| } |
| |
| void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
| ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
| } |
| |
| std::string SSLClientSocketImpl::GetSessionCacheKey() const { |
| std::string result = host_and_port_.ToString(); |
| result.append("/"); |
| result.append(ssl_session_cache_shard_); |
| |
| // Shard the session cache based on maximum protocol version. This causes |
| // fallback connections to use a separate session cache. |
| result.append("/"); |
| switch (ssl_config_.version_max) { |
| case SSL_PROTOCOL_VERSION_TLS1: |
| result.append("tls1"); |
| break; |
| case SSL_PROTOCOL_VERSION_TLS1_1: |
| result.append("tls1.1"); |
| break; |
| case SSL_PROTOCOL_VERSION_TLS1_2: |
| result.append("tls1.2"); |
| break; |
| case SSL_PROTOCOL_VERSION_TLS1_3: |
| result.append("tls1.3"); |
| break; |
| default: |
| NOTREACHED(); |
| } |
| |
| result.append("/"); |
| if (ssl_config_.deprecated_cipher_suites_enabled) |
| result.append("deprecated"); |
| |
| result.append("/"); |
| if (ssl_config_.channel_id_enabled) |
| result.append("channelid"); |
| |
| return result; |
| } |
| |
| bool SSLClientSocketImpl::IsRenegotiationAllowed() const { |
| if (tb_was_negotiated_) |
| return false; |
| |
| if (npn_status_ == kNextProtoUnsupported) |
| return ssl_config_.renego_allowed_default; |
| |
| for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { |
| if (negotiated_protocol_ == allowed) |
| return true; |
| } |
| return false; |
| } |
| |
| int SSLClientSocketImpl::PrivateKeyTypeCallback() { |
| switch (ssl_config_.client_private_key->GetType()) { |
| case SSLPrivateKey::Type::RSA: |
| return EVP_PKEY_RSA; |
| case SSLPrivateKey::Type::ECDSA: |
| return EVP_PKEY_EC; |
| } |
| NOTREACHED(); |
| return EVP_PKEY_NONE; |
| } |
| |
| size_t SSLClientSocketImpl::PrivateKeyMaxSignatureLenCallback() { |
| return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes(); |
| } |
| |
| ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignDigestCallback( |
| uint8_t* out, |
| size_t* out_len, |
| size_t max_out, |
| const EVP_MD* md, |
| const uint8_t* in, |
| size_t in_len) { |
| DCHECK_EQ(kNoPendingResult, signature_result_); |
| DCHECK(signature_.empty()); |
| DCHECK(ssl_config_.client_private_key); |
| |
| SSLPrivateKey::Hash hash; |
| if (!EVP_MDToPrivateKeyHash(md, &hash)) { |
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| return ssl_private_key_failure; |
| } |
| |
| net_log_.BeginEvent( |
| NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION, |
| base::Bind(&NetLogPrivateKeyOperationCallback, |
| ssl_config_.client_private_key->GetType(), hash)); |
| |
| signature_result_ = ERR_IO_PENDING; |
| ssl_config_.client_private_key->SignDigest( |
| hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len), |
| base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete, |
| weak_factory_.GetWeakPtr())); |
| return ssl_private_key_retry; |
| } |
| |
| ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback( |
| uint8_t* out, |
| size_t* out_len, |
| size_t max_out) { |
| DCHECK_NE(kNoPendingResult, signature_result_); |
| DCHECK(ssl_config_.client_private_key); |
| |
| if (signature_result_ == ERR_IO_PENDING) |
| return ssl_private_key_retry; |
| if (signature_result_ != OK) { |
| OpenSSLPutNetError(FROM_HERE, signature_result_); |
| return ssl_private_key_failure; |
| } |
| if (signature_.size() > max_out) { |
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| return ssl_private_key_failure; |
| } |
| memcpy(out, signature_.data(), signature_.size()); |
| *out_len = signature_.size(); |
| signature_.clear(); |
| return ssl_private_key_success; |
| } |
| |
| void SSLClientSocketImpl::OnPrivateKeyComplete( |
| Error error, |
| const std::vector<uint8_t>& signature) { |
| DCHECK_EQ(ERR_IO_PENDING, signature_result_); |
| DCHECK(signature_.empty()); |
| DCHECK(ssl_config_.client_private_key); |
| |
| net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION, |
| error); |
| |
| signature_result_ = error; |
| if (signature_result_ == OK) |
| signature_ = signature; |
| |
| if (next_handshake_state_ == STATE_HANDSHAKE) { |
| OnHandshakeIOComplete(signature_result_); |
| return; |
| } |
| |
| // During a renegotiation, either Read or Write calls may be blocked on an |
| // asynchronous private key operation. |
| PumpReadWriteEvents(); |
| } |
| |
| int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out, |
| size_t* out_len, |
| int* out_alert_value) { |
| if (ssl_config_.token_binding_params.empty()) { |
| return 0; |
| } |
| crypto::AutoCBB output; |
| CBB parameters_list; |
| if (!CBB_init(output.get(), 7) || |
| !CBB_add_u8(output.get(), kTbProtocolVersionMajor) || |
| !CBB_add_u8(output.get(), kTbProtocolVersionMinor) || |
| !CBB_add_u8_length_prefixed(output.get(), ¶meters_list)) { |
| *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| return -1; |
| } |
| for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { |
| if (!CBB_add_u8(¶meters_list, ssl_config_.token_binding_params[i])) { |
| *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| return -1; |
| } |
| } |
| // |*out| will be freed by TokenBindingFreeCallback. |
| if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) { |
| *out_alert_value = SSL_AD_INTERNAL_ERROR; |
| return -1; |
| } |
| |
| return 1; |
| } |
| |
| int SSLClientSocketImpl::TokenBindingParse(const uint8_t* contents, |
| size_t contents_len, |
| int* out_alert_value) { |
| if (completed_connect_) { |
| // Token Binding may only be negotiated on the initial handshake. |
| *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| return 0; |
| } |
| |
| CBS extension; |
| CBS_init(&extension, contents, contents_len); |
| |
| CBS parameters_list; |
| uint8_t version_major, version_minor, param; |
| if (!CBS_get_u8(&extension, &version_major) || |
| !CBS_get_u8(&extension, &version_minor) || |
| !CBS_get_u8_length_prefixed(&extension, ¶meters_list) || |
| !CBS_get_u8(¶meters_list, ¶m) || CBS_len(¶meters_list) > 0 || |
| CBS_len(&extension) > 0) { |
| *out_alert_value = SSL_AD_DECODE_ERROR; |
| return 0; |
| } |
| // The server-negotiated version must be less than or equal to our version. |
| if (version_major > kTbProtocolVersionMajor || |
| (version_minor > kTbProtocolVersionMinor && |
| version_major == kTbProtocolVersionMajor)) { |
| *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| return 0; |
| } |
| // If the version the server negotiated is older than we support, don't fail |
| // parsing the extension, but also don't set |negotiated_|. |
| if (version_major < kTbMinProtocolVersionMajor || |
| (version_minor < kTbMinProtocolVersionMinor && |
| version_major == kTbMinProtocolVersionMajor)) { |
| return 1; |
| } |
| |
| for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { |
| if (param == ssl_config_.token_binding_params[i]) { |
| tb_negotiated_param_ = ssl_config_.token_binding_params[i]; |
| tb_was_negotiated_ = true; |
| return 1; |
| } |
| } |
| |
| *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| return 0; |
| } |
| |
| void SSLClientSocketImpl::LogConnectEndEvent(int rv) { |
| if (rv != OK) { |
| net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| return; |
| } |
| |
| net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| } |
| |
| void SSLClientSocketImpl::RecordNegotiationExtension() const { |
| if (negotiation_extension_ == kExtensionUnknown) |
| return; |
| if (npn_status_ == kNextProtoUnsupported) |
| return; |
| base::HistogramBase::Sample sample = |
| static_cast<base::HistogramBase::Sample>(negotiated_protocol_); |
| // In addition to the protocol negotiated, we want to record which TLS |
| // extension was used, and in case of NPN, whether there was overlap between |
| // server and client list of supported protocols. |
| if (negotiation_extension_ == kExtensionNPN) { |
| if (npn_status_ == kNextProtoNoOverlap) { |
| sample += 1000; |
| } else { |
| sample += 500; |
| } |
| } else { |
| DCHECK_EQ(kExtensionALPN, negotiation_extension_); |
| } |
| UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample); |
| } |
| |
| void SSLClientSocketImpl::RecordChannelIDSupport() const { |
| // Since this enum is used for a histogram, do not change or re-use values. |
| enum { |
| DISABLED = 0, |
| CLIENT_ONLY = 1, |
| CLIENT_AND_SERVER = 2, |
| // CLIENT_NO_ECC is unused now. |
| // CLIENT_BAD_SYSTEM_TIME is unused now. |
| CLIENT_BAD_SYSTEM_TIME = 4, |
| CLIENT_NO_CHANNEL_ID_SERVICE = 5, |
| CHANNEL_ID_USAGE_MAX |
| } supported = DISABLED; |
| if (channel_id_sent_) { |
| supported = CLIENT_AND_SERVER; |
| } else if (ssl_config_.channel_id_enabled) { |
| if (!channel_id_service_) |
| supported = CLIENT_NO_CHANNEL_ID_SERVICE; |
| else |
| supported = CLIENT_ONLY; |
| } |
| UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
| CHANNEL_ID_USAGE_MAX); |
| } |
| |
| bool SSLClientSocketImpl::IsChannelIDEnabled() const { |
| return ssl_config_.channel_id_enabled && channel_id_service_; |
| } |
| |
| } // namespace net |