[email protected] | 013c17c | 2012-01-21 19:09:01 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 5 | #include "net/socket/ssl_client_socket_impl.h" |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 6 | |
[email protected] | edfd0f4 | 2014-07-22 18:20:37 | [diff] [blame] | 7 | #include <errno.h> |
bnc | 67da3de | 2015-01-15 21:02:26 | [diff] [blame] | 8 | #include <string.h> |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 9 | |
mab | b51c514 | 2016-12-07 09:32:40 | [diff] [blame] | 10 | #include <algorithm> |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 11 | #include <map> |
davidben | 752bcf2 | 2015-12-21 22:55:50 | [diff] [blame] | 12 | #include <utility> |
| 13 | |
[email protected] | 0f7804ec | 2011-10-07 20:04:18 | [diff] [blame] | 14 | #include "base/bind.h" |
[email protected] | f2da6ac | 2013-02-04 08:22:53 | [diff] [blame] | 15 | #include "base/callback_helpers.h" |
David Benjamin | 9ba36b0 | 2017-11-10 19:01:53 | [diff] [blame] | 16 | #include "base/containers/span.h" |
David Benjamin | 6f2da65 | 2019-06-26 23:36:35 | [diff] [blame^] | 17 | #include "base/feature_list.h" |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 18 | #include "base/lazy_instance.h" |
Avi Drissman | 13fc893 | 2015-12-20 04:40:46 | [diff] [blame] | 19 | #include "base/macros.h" |
[email protected] | 3b63f8f4 | 2011-03-28 01:54:15 | [diff] [blame] | 20 | #include "base/memory/singleton.h" |
mmenke | 1beda3d | 2016-07-22 03:33:45 | [diff] [blame] | 21 | #include "base/metrics/field_trial.h" |
Adam Langley | 07416413 | 2018-01-17 03:27:32 | [diff] [blame] | 22 | #include "base/metrics/field_trial_params.h" |
Ilya Sherman | 0eb3980 | 2017-12-08 20:58:18 | [diff] [blame] | 23 | #include "base/metrics/histogram_functions.h" |
asvitkine | c3c9372 | 2015-06-17 14:48:37 | [diff] [blame] | 24 | #include "base/metrics/histogram_macros.h" |
davidben | 018aad6 | 2014-09-12 02:25:19 | [diff] [blame] | 25 | #include "base/strings/string_piece.h" |
xunjieli | 9f8c5fb5 | 2016-12-07 22:59:33 | [diff] [blame] | 26 | #include "base/strings/stringprintf.h" |
[email protected] | 20305ec | 2011-01-21 04:55:52 | [diff] [blame] | 27 | #include "base/synchronization/lock.h" |
ssid | 6d6b4010 | 2016-04-05 18:59:56 | [diff] [blame] | 28 | #include "base/trace_event/trace_event.h" |
estade | 5e5529d | 2015-05-21 20:59:11 | [diff] [blame] | 29 | #include "base/values.h" |
[email protected] | ee0f2aa8 | 2013-10-25 11:59:26 | [diff] [blame] | 30 | #include "crypto/ec_private_key.h" |
[email protected] | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 31 | #include "crypto/openssl_util.h" |
David Benjamin | 570460e | 2018-10-16 06:01:29 | [diff] [blame] | 32 | #include "net/base/features.h" |
martijn | a2e83bd | 2016-03-18 13:10:45 | [diff] [blame] | 33 | #include "net/base/ip_address.h" |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 34 | #include "net/base/net_errors.h" |
xunjieli | 0b7f5b6 | 2016-12-06 20:43:48 | [diff] [blame] | 35 | #include "net/base/trace_constants.h" |
David Benjamin | d5503c8 | 2018-02-01 20:59:38 | [diff] [blame] | 36 | #include "net/base/url_util.h" |
[email protected] | 6e7845ae | 2013-03-29 21:48:11 | [diff] [blame] | 37 | #include "net/cert/cert_verifier.h" |
estark | 6f9b3d8 | 2016-01-12 21:37:05 | [diff] [blame] | 38 | #include "net/cert/ct_policy_enforcer.h" |
estark | 723b5eeb | 2016-02-18 21:01:12 | [diff] [blame] | 39 | #include "net/cert/ct_policy_status.h" |
davidben | eb5f8ef3 | 2014-09-04 14:14:32 | [diff] [blame] | 40 | #include "net/cert/ct_verifier.h" |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 41 | #include "net/cert/internal/parse_certificate.h" |
[email protected] | 6e7845ae | 2013-03-29 21:48:11 | [diff] [blame] | 42 | #include "net/cert/x509_certificate_net_log_param.h" |
mattm | 316af82 | 2017-02-23 04:05:56 | [diff] [blame] | 43 | #include "net/cert/x509_util.h" |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 44 | #include "net/der/parse_values.h" |
[email protected] | 8bd4e7a | 2014-08-09 14:49:17 | [diff] [blame] | 45 | #include "net/http/transport_security_state.h" |
mikecirone | f22f981 | 2016-10-04 03:40:19 | [diff] [blame] | 46 | #include "net/log/net_log.h" |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 47 | #include "net/log/net_log_event_type.h" |
mikecirone | f22f981 | 2016-10-04 03:40:19 | [diff] [blame] | 48 | #include "net/log/net_log_parameters_callback.h" |
[email protected] | 536fd0b | 2013-03-14 17:41:57 | [diff] [blame] | 49 | #include "net/ssl/ssl_cert_request_info.h" |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 50 | #include "net/ssl/ssl_cipher_suite_names.h" |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 51 | #include "net/ssl/ssl_client_session_cache.h" |
[email protected] | 536fd0b | 2013-03-14 17:41:57 | [diff] [blame] | 52 | #include "net/ssl/ssl_connection_status_flags.h" |
| 53 | #include "net/ssl/ssl_info.h" |
David Benjamin | bd37c17 | 2018-07-11 17:24:57 | [diff] [blame] | 54 | #include "net/ssl/ssl_key_logger.h" |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 55 | #include "net/ssl/ssl_private_key.h" |
[email protected] | a2b2cfc | 2017-12-06 09:06:08 | [diff] [blame] | 56 | #include "net/traffic_annotation/network_traffic_annotation.h" |
tfarina | e8cb8aa | 2016-10-21 02:44:01 | [diff] [blame] | 57 | #include "third_party/boringssl/src/include/openssl/bio.h" |
| 58 | #include "third_party/boringssl/src/include/openssl/bytestring.h" |
| 59 | #include "third_party/boringssl/src/include/openssl/err.h" |
| 60 | #include "third_party/boringssl/src/include/openssl/evp.h" |
| 61 | #include "third_party/boringssl/src/include/openssl/mem.h" |
| 62 | #include "third_party/boringssl/src/include/openssl/ssl.h" |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 63 | |
Adam Langley | 93cbfad1 | 2018-07-06 22:07:16 | [diff] [blame] | 64 | #if !defined(NET_DISABLE_BROTLI) |
| 65 | #include "third_party/brotli/include/brotli/decode.h" |
| 66 | #endif |
| 67 | |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 68 | namespace net { |
| 69 | |
| 70 | namespace { |
| 71 | |
[email protected] | 4b76856 | 2013-02-16 04:10:07 | [diff] [blame] | 72 | // This constant can be any non-negative/non-zero value (eg: it does not |
| 73 | // overlap with any value of the net::Error range, including net::OK). |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 74 | const int kSSLClientSocketNoPendingResult = 1; |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 75 | // This constant can be any non-negative/non-zero value (eg: it does not |
| 76 | // overlap with any value of the net::Error range, including net::OK). |
| 77 | const int kCertVerifyPending = 1; |
[email protected] | 4b76856 | 2013-02-16 04:10:07 | [diff] [blame] | 78 | |
haavardm | 2d92e72 | 2014-12-19 13:45:44 | [diff] [blame] | 79 | // Default size of the internal BoringSSL buffers. |
mmenke | 1beda3d | 2016-07-22 03:33:45 | [diff] [blame] | 80 | const int kDefaultOpenSSLBufferSize = 17 * 1024; |
haavardm | 2d92e72 | 2014-12-19 13:45:44 | [diff] [blame] | 81 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 82 | base::Value NetLogPrivateKeyOperationCallback(uint16_t algorithm, |
| 83 | SSLPrivateKey* key, |
| 84 | NetLogCaptureMode mode) { |
| 85 | base::DictionaryValue value; |
| 86 | value.SetString("algorithm", SSL_get_signature_algorithm_name( |
| 87 | algorithm, 0 /* exclude curve */)); |
| 88 | value.SetString("provider", key->GetProviderName()); |
davidben | 752bcf2 | 2015-12-21 22:55:50 | [diff] [blame] | 89 | return std::move(value); |
| 90 | } |
| 91 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 92 | base::Value NetLogSSLInfoCallback(SSLClientSocketImpl* socket, |
| 93 | NetLogCaptureMode capture_mode) { |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 94 | SSLInfo ssl_info; |
| 95 | if (!socket->GetSSLInfo(&ssl_info)) |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 96 | return base::Value(); |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 97 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 98 | base::DictionaryValue dict; |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 99 | const char* version_str; |
| 100 | SSLVersionToString(&version_str, |
| 101 | SSLConnectionStatusToVersion(ssl_info.connection_status)); |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 102 | dict.SetString("version", version_str); |
| 103 | dict.SetBoolean("is_resumed", |
| 104 | ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME); |
| 105 | dict.SetInteger("cipher_suite", |
| 106 | SSLConnectionStatusToCipherSuite(ssl_info.connection_status)); |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 107 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 108 | dict.SetString("next_proto", |
| 109 | NextProtoToString(socket->GetNegotiatedProtocol())); |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 110 | |
| 111 | return std::move(dict); |
| 112 | } |
| 113 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 114 | base::Value NetLogSSLAlertCallback(const void* bytes, |
| 115 | size_t len, |
| 116 | NetLogCaptureMode capture_mode) { |
| 117 | base::DictionaryValue dict; |
| 118 | dict.SetKey("bytes", NetLogBinaryValue(bytes, len)); |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 119 | return std::move(dict); |
| 120 | } |
| 121 | |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 122 | base::Value NetLogSSLMessageCallback(bool is_write, |
| 123 | const void* bytes, |
| 124 | size_t len, |
| 125 | NetLogCaptureMode capture_mode) { |
| 126 | base::DictionaryValue dict; |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 127 | if (len == 0) { |
| 128 | NOTREACHED(); |
| 129 | return std::move(dict); |
| 130 | } |
| 131 | |
| 132 | // The handshake message type is the first byte. Include it so elided messages |
| 133 | // still report their type. |
| 134 | uint8_t type = reinterpret_cast<const uint8_t*>(bytes)[0]; |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 135 | dict.SetInteger("type", type); |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 136 | |
| 137 | // Elide client certificate messages unless logging socket bytes. The client |
| 138 | // certificate does not contain information needed to impersonate the user |
| 139 | // (that's the private key which isn't sent over the wire), but it may contain |
| 140 | // information on the user's identity. |
| 141 | if (!is_write || type != SSL3_MT_CERTIFICATE || |
| 142 | capture_mode.include_socket_bytes()) { |
Eric Roman | b043691 | 2019-04-30 23:38:42 | [diff] [blame] | 143 | dict.SetKey("bytes", NetLogBinaryValue(bytes, len)); |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 144 | } |
| 145 | |
| 146 | return std::move(dict); |
| 147 | } |
| 148 | |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 149 | // This enum is used in histograms, so values may not be reused. |
| 150 | enum class RSAKeyUsage { |
| 151 | // The TLS cipher suite was not RSA or ECDHE_RSA. |
| 152 | kNotRSA = 0, |
| 153 | // The Key Usage extension is not present, which is consistent with TLS usage. |
| 154 | kOKNoExtension = 1, |
| 155 | // The Key Usage extension has both the digitalSignature and keyEncipherment |
| 156 | // bits, which is consistent with TLS usage. |
| 157 | kOKHaveBoth = 2, |
| 158 | // The Key Usage extension contains only the digitalSignature bit, which is |
| 159 | // consistent with TLS usage. |
| 160 | kOKHaveDigitalSignature = 3, |
| 161 | // The Key Usage extension contains only the keyEncipherment bit, which is |
| 162 | // consistent with TLS usage. |
| 163 | kOKHaveKeyEncipherment = 4, |
| 164 | // The Key Usage extension is missing the digitalSignature bit. |
| 165 | kMissingDigitalSignature = 5, |
| 166 | // The Key Usage extension is missing the keyEncipherment bit. |
| 167 | kMissingKeyEncipherment = 6, |
| 168 | // There was an error processing the certificate. |
| 169 | kError = 7, |
| 170 | |
| 171 | kLastValue = kError, |
| 172 | }; |
| 173 | |
| 174 | RSAKeyUsage CheckRSAKeyUsage(const X509Certificate* cert, |
| 175 | const SSL_CIPHER* cipher) { |
| 176 | bool need_key_encipherment = false; |
| 177 | switch (SSL_CIPHER_get_kx_nid(cipher)) { |
| 178 | case NID_kx_rsa: |
| 179 | need_key_encipherment = true; |
| 180 | break; |
| 181 | case NID_kx_ecdhe: |
| 182 | if (SSL_CIPHER_get_auth_nid(cipher) != NID_auth_rsa) { |
| 183 | return RSAKeyUsage::kNotRSA; |
| 184 | } |
| 185 | break; |
| 186 | default: |
| 187 | return RSAKeyUsage::kNotRSA; |
| 188 | } |
| 189 | |
| 190 | const CRYPTO_BUFFER* buffer = cert->cert_buffer(); |
| 191 | der::Input tbs_certificate_tlv; |
| 192 | der::Input signature_algorithm_tlv; |
| 193 | der::BitString signature_value; |
| 194 | ParsedTbsCertificate tbs; |
| 195 | if (!ParseCertificate( |
| 196 | der::Input(CRYPTO_BUFFER_data(buffer), CRYPTO_BUFFER_len(buffer)), |
| 197 | &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, |
| 198 | nullptr) || |
| 199 | !ParseTbsCertificate(tbs_certificate_tlv, |
| 200 | x509_util::DefaultParseCertificateOptions(), &tbs, |
| 201 | nullptr)) { |
| 202 | return RSAKeyUsage::kError; |
| 203 | } |
| 204 | |
| 205 | if (!tbs.has_extensions) { |
| 206 | return RSAKeyUsage::kOKNoExtension; |
| 207 | } |
| 208 | |
| 209 | std::map<der::Input, ParsedExtension> extensions; |
| 210 | if (!ParseExtensions(tbs.extensions_tlv, &extensions)) { |
| 211 | return RSAKeyUsage::kError; |
| 212 | } |
| 213 | ParsedExtension key_usage_ext; |
| 214 | if (!ConsumeExtension(KeyUsageOid(), &extensions, &key_usage_ext)) { |
| 215 | return RSAKeyUsage::kOKNoExtension; |
| 216 | } |
| 217 | der::BitString key_usage; |
| 218 | if (!ParseKeyUsage(key_usage_ext.value, &key_usage)) { |
| 219 | return RSAKeyUsage::kError; |
| 220 | } |
| 221 | |
| 222 | bool have_digital_signature = |
| 223 | key_usage.AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); |
| 224 | bool have_key_encipherment = |
| 225 | key_usage.AssertsBit(KEY_USAGE_BIT_KEY_ENCIPHERMENT); |
| 226 | if (have_digital_signature && have_key_encipherment) { |
| 227 | return RSAKeyUsage::kOKHaveBoth; |
| 228 | } |
| 229 | |
| 230 | if (need_key_encipherment) { |
| 231 | return have_key_encipherment ? RSAKeyUsage::kOKHaveKeyEncipherment |
| 232 | : RSAKeyUsage::kMissingKeyEncipherment; |
| 233 | } |
| 234 | return have_digital_signature ? RSAKeyUsage::kOKHaveDigitalSignature |
| 235 | : RSAKeyUsage::kMissingDigitalSignature; |
| 236 | } |
| 237 | |
Adam Langley | 93cbfad1 | 2018-07-06 22:07:16 | [diff] [blame] | 238 | #if !defined(NET_DISABLE_BROTLI) |
| 239 | int DecompressBrotliCert(SSL* ssl, |
| 240 | CRYPTO_BUFFER** out, |
| 241 | size_t uncompressed_len, |
| 242 | const uint8_t* in, |
| 243 | size_t in_len) { |
| 244 | uint8_t* data; |
| 245 | bssl::UniquePtr<CRYPTO_BUFFER> decompressed( |
| 246 | CRYPTO_BUFFER_alloc(&data, uncompressed_len)); |
| 247 | if (!decompressed) { |
| 248 | return 0; |
| 249 | } |
| 250 | |
| 251 | size_t output_size = uncompressed_len; |
| 252 | if (BrotliDecoderDecompress(in_len, in, &output_size, data) != |
| 253 | BROTLI_DECODER_RESULT_SUCCESS || |
| 254 | output_size != uncompressed_len) { |
| 255 | return 0; |
| 256 | } |
| 257 | |
| 258 | *out = decompressed.release(); |
| 259 | return 1; |
| 260 | } |
| 261 | #endif |
| 262 | |
[email protected] | 821e3bb | 2013-11-08 01:06:01 | [diff] [blame] | 263 | } // namespace |
| 264 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 265 | class SSLClientSocketImpl::SSLContext { |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 266 | public: |
olli.raula | 36aa8be | 2015-09-10 11:14:22 | [diff] [blame] | 267 | static SSLContext* GetInstance() { |
fdoray | 33e7c3c5 | 2017-01-19 18:37:23 | [diff] [blame] | 268 | return base::Singleton<SSLContext, |
| 269 | base::LeakySingletonTraits<SSLContext>>::get(); |
olli.raula | 36aa8be | 2015-09-10 11:14:22 | [diff] [blame] | 270 | } |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 271 | SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 272 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 273 | SSLClientSocketImpl* GetClientSocketFromSSL(const SSL* ssl) { |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 274 | DCHECK(ssl); |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 275 | SSLClientSocketImpl* socket = static_cast<SSLClientSocketImpl*>( |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 276 | SSL_get_ex_data(ssl, ssl_socket_data_index_)); |
| 277 | DCHECK(socket); |
| 278 | return socket; |
| 279 | } |
| 280 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 281 | bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketImpl* socket) { |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 282 | return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; |
| 283 | } |
| 284 | |
David Benjamin | bd37c17 | 2018-07-11 17:24:57 | [diff] [blame] | 285 | void SetSSLKeyLogger(std::unique_ptr<SSLKeyLogger> logger) { |
davidben | 2a811e4e | 2015-12-01 10:49:34 | [diff] [blame] | 286 | DCHECK(!ssl_key_logger_); |
David Benjamin | bd37c17 | 2018-07-11 17:24:57 | [diff] [blame] | 287 | ssl_key_logger_ = std::move(logger); |
davidben | 2a811e4e | 2015-12-01 10:49:34 | [diff] [blame] | 288 | SSL_CTX_set_keylog_callback(ssl_ctx_.get(), KeyLogCallback); |
| 289 | } |
davidben | 2a811e4e | 2015-12-01 10:49:34 | [diff] [blame] | 290 | |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 291 | static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod; |
| 292 | |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 293 | private: |
olli.raula | 36aa8be | 2015-09-10 11:14:22 | [diff] [blame] | 294 | friend struct base::DefaultSingletonTraits<SSLContext>; |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 295 | |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 296 | SSLContext() { |
[email protected] | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 297 | crypto::EnsureOpenSSLInit(); |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 298 | ssl_socket_data_index_ = |
| 299 | SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 300 | DCHECK_NE(ssl_socket_data_index_, -1); |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 301 | ssl_ctx_.reset(SSL_CTX_new(TLS_with_buffers_method())); |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 302 | SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, nullptr); |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 303 | |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 304 | // Verifies the server certificate even on resumed sessions. |
| 305 | SSL_CTX_set_reverify_on_resume(ssl_ctx_.get(), 1); |
Steven Valdez | 3eaa996 | 2017-07-18 21:51:05 | [diff] [blame] | 306 | SSL_CTX_set_custom_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 307 | VerifyCertCallback); |
davidben | dafe4e5 | 2015-04-08 22:53:52 | [diff] [blame] | 308 | // Disable the internal session cache. Session caching is handled |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 309 | // externally (i.e. by SSLClientSessionCache). |
davidben | dafe4e5 | 2015-04-08 22:53:52 | [diff] [blame] | 310 | SSL_CTX_set_session_cache_mode( |
| 311 | ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
davidben | 44aeae6 | 2015-06-24 20:47:43 | [diff] [blame] | 312 | SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
davidben | 99ce630 | 2016-11-09 17:30:28 | [diff] [blame] | 313 | SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */); |
nharper | 736ceda | 2015-11-07 00:16:59 | [diff] [blame] | 314 | |
davidben | facfac7b | 2016-09-27 22:39:53 | [diff] [blame] | 315 | SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); |
| 316 | |
davidben | bf0fcf1 | 2017-02-10 21:00:34 | [diff] [blame] | 317 | // Deduplicate all certificates minted from the SSL_CTX in memory. |
| 318 | SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); |
| 319 | |
David Benjamin | 7a8e4dfa | 2018-06-12 23:07:21 | [diff] [blame] | 320 | SSL_CTX_set_info_callback(ssl_ctx_.get(), InfoCallback); |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 321 | SSL_CTX_set_msg_callback(ssl_ctx_.get(), MessageCallback); |
Adam Langley | 93cbfad1 | 2018-07-06 22:07:16 | [diff] [blame] | 322 | |
| 323 | #if !defined(NET_DISABLE_BROTLI) |
| 324 | SSL_CTX_add_cert_compression_alg( |
| 325 | ssl_ctx_.get(), TLSEXT_cert_compression_brotli, |
| 326 | nullptr /* compression not supported */, DecompressBrotliCert); |
| 327 | #endif |
Adam Langley | bb7f87fa | 2019-01-25 02:03:10 | [diff] [blame] | 328 | |
| 329 | if (base::FeatureList::IsEnabled(features::kPostQuantumCECPQ2)) { |
| 330 | static const int kCurves[] = {NID_CECPQ2, NID_X25519, |
| 331 | NID_X9_62_prime256v1, NID_secp384r1}; |
| 332 | SSL_CTX_set1_curves(ssl_ctx_.get(), kCurves, base::size(kCurves)); |
| 333 | } |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 334 | } |
| 335 | |
[email protected] | 82c5902 | 2014-08-15 09:38:27 | [diff] [blame] | 336 | static int ClientCertRequestCallback(SSL* ssl, void* arg) { |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 337 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
[email protected] | 82c5902 | 2014-08-15 09:38:27 | [diff] [blame] | 338 | DCHECK(socket); |
| 339 | return socket->ClientCertRequestCallback(ssl); |
[email protected] | 718c967 | 2010-12-02 10:04:10 | [diff] [blame] | 340 | } |
| 341 | |
davidben | 44aeae6 | 2015-06-24 20:47:43 | [diff] [blame] | 342 | static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) { |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 343 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
davidben | 44aeae6 | 2015-06-24 20:47:43 | [diff] [blame] | 344 | return socket->NewSessionCallback(session); |
davidben | dafe4e5 | 2015-04-08 22:53:52 | [diff] [blame] | 345 | } |
| 346 | |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 347 | static ssl_private_key_result_t PrivateKeySignCallback(SSL* ssl, |
| 348 | uint8_t* out, |
| 349 | size_t* out_len, |
| 350 | size_t max_out, |
| 351 | uint16_t algorithm, |
| 352 | const uint8_t* in, |
| 353 | size_t in_len) { |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 354 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 355 | return socket->PrivateKeySignCallback(out, out_len, max_out, algorithm, in, |
| 356 | in_len); |
davidben | 0bca07fd | 2016-07-18 15:12:03 | [diff] [blame] | 357 | } |
| 358 | |
| 359 | static ssl_private_key_result_t PrivateKeyCompleteCallback(SSL* ssl, |
| 360 | uint8_t* out, |
| 361 | size_t* out_len, |
| 362 | size_t max_out) { |
| 363 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 364 | return socket->PrivateKeyCompleteCallback(out, out_len, max_out); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 365 | } |
| 366 | |
davidben | 2a811e4e | 2015-12-01 10:49:34 | [diff] [blame] | 367 | static void KeyLogCallback(const SSL* ssl, const char* line) { |
| 368 | GetInstance()->ssl_key_logger_->WriteLine(line); |
| 369 | } |
davidben | 2a811e4e | 2015-12-01 10:49:34 | [diff] [blame] | 370 | |
David Benjamin | 7a8e4dfa | 2018-06-12 23:07:21 | [diff] [blame] | 371 | static void InfoCallback(const SSL* ssl, int type, int value) { |
| 372 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 373 | socket->InfoCallback(type, value); |
| 374 | } |
| 375 | |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 376 | static void MessageCallback(int is_write, |
| 377 | int version, |
| 378 | int content_type, |
| 379 | const void* buf, |
| 380 | size_t len, |
| 381 | SSL* ssl, |
| 382 | void* arg) { |
| 383 | SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 384 | return socket->MessageCallback(is_write, content_type, buf, len); |
| 385 | } |
| 386 | |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 387 | // This is the index used with SSL_get_ex_data to retrieve the owner |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 388 | // SSLClientSocketImpl object from an SSL instance. |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 389 | int ssl_socket_data_index_; |
| 390 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 391 | bssl::UniquePtr<SSL_CTX> ssl_ctx_; |
davidben | dafe4e5 | 2015-04-08 22:53:52 | [diff] [blame] | 392 | |
danakj | 655b66c | 2016-04-16 00:51:38 | [diff] [blame] | 393 | std::unique_ptr<SSLKeyLogger> ssl_key_logger_; |
[email protected] | 1279de1 | 2013-12-03 15:13:32 | [diff] [blame] | 394 | }; |
| 395 | |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 396 | const SSL_PRIVATE_KEY_METHOD |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 397 | SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = { |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 398 | &SSLClientSocketImpl::SSLContext::PrivateKeySignCallback, |
davidben | 0bca07fd | 2016-07-18 15:12:03 | [diff] [blame] | 399 | nullptr /* decrypt */, |
| 400 | &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback, |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 401 | }; |
| 402 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 403 | SSLClientSocketImpl::SSLClientSocketImpl( |
Matt Menke | 841fc41 | 2019-03-05 23:20:12 | [diff] [blame] | 404 | std::unique_ptr<StreamSocket> stream_socket, |
[email protected] | 055d7f2 | 2010-11-15 12:03:12 | [diff] [blame] | 405 | const HostPortPair& host_and_port, |
[email protected] | 822581d | 2010-12-16 17:27:15 | [diff] [blame] | 406 | const SSLConfig& ssl_config, |
[email protected] | feb79bcd | 2011-07-21 16:55:17 | [diff] [blame] | 407 | const SSLClientSocketContext& context) |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 408 | : pending_read_error_(kSSLClientSocketNoPendingResult), |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 409 | pending_read_ssl_error_(SSL_ERROR_NONE), |
[email protected] | 64b5c89 | 2014-08-08 09:39:26 | [diff] [blame] | 410 | completed_connect_(false), |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 411 | was_ever_used_(false), |
[email protected] | feb79bcd | 2011-07-21 16:55:17 | [diff] [blame] | 412 | cert_verifier_(context.cert_verifier), |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 413 | cert_verification_result_(kCertVerifyPending), |
davidben | eb5f8ef3 | 2014-09-04 14:14:32 | [diff] [blame] | 414 | cert_transparency_verifier_(context.cert_transparency_verifier), |
Matt Menke | 841fc41 | 2019-03-05 23:20:12 | [diff] [blame] | 415 | stream_socket_(std::move(stream_socket)), |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 416 | host_and_port_(host_and_port), |
| 417 | ssl_config_(ssl_config), |
| 418 | ssl_client_session_cache_(context.ssl_client_session_cache), |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 419 | next_handshake_state_(STATE_NONE), |
| 420 | in_confirm_handshake_(false), |
| 421 | disconnected_(false), |
| 422 | negotiated_protocol_(kProtoUnknown), |
| 423 | certificate_requested_(false), |
| 424 | signature_result_(kSSLClientSocketNoPendingResult), |
| 425 | transport_security_state_(context.transport_security_state), |
| 426 | policy_enforcer_(context.ct_policy_enforcer), |
| 427 | pkp_bypassed_(false), |
| 428 | is_fatal_cert_error_(false), |
| 429 | net_log_(stream_socket_->NetLog()), |
kulkarni.a | cd7b446 | 2014-08-28 07:41:34 | [diff] [blame] | 430 | weak_factory_(this) { |
rsleevi | be81cd6 | 2016-06-24 01:38:59 | [diff] [blame] | 431 | CHECK(cert_verifier_); |
| 432 | CHECK(transport_security_state_); |
| 433 | CHECK(cert_transparency_verifier_); |
| 434 | CHECK(policy_enforcer_); |
[email protected] | 8e45855 | 2014-08-05 00:02:15 | [diff] [blame] | 435 | } |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 436 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 437 | SSLClientSocketImpl::~SSLClientSocketImpl() { |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 438 | Disconnect(); |
| 439 | } |
| 440 | |
David Benjamin | bd37c17 | 2018-07-11 17:24:57 | [diff] [blame] | 441 | void SSLClientSocketImpl::SetSSLKeyLogger( |
| 442 | std::unique_ptr<SSLKeyLogger> logger) { |
| 443 | SSLContext::GetInstance()->SetSSLKeyLogger(std::move(logger)); |
zhongyi | 81f85c6d9 | 2015-10-16 19:34:14 | [diff] [blame] | 444 | } |
| 445 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 446 | int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, |
| 447 | bool has_context, |
| 448 | const base::StringPiece& context, |
| 449 | unsigned char* out, |
| 450 | unsigned int outlen) { |
davidben | 86935f7 | 2015-05-06 22:24:49 | [diff] [blame] | 451 | if (!IsConnected()) |
| 452 | return ERR_SOCKET_NOT_CONNECTED; |
| 453 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 454 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 455 | |
davidben | f225b26 | 2016-09-15 22:09:22 | [diff] [blame] | 456 | if (!SSL_export_keying_material( |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 457 | ssl_.get(), out, outlen, label.data(), label.size(), |
davidben | f225b26 | 2016-09-15 22:09:22 | [diff] [blame] | 458 | reinterpret_cast<const unsigned char*>(context.data()), |
| 459 | context.length(), has_context ? 1 : 0)) { |
| 460 | LOG(ERROR) << "Failed to export keying material."; |
| 461 | return ERR_FAILED; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 462 | } |
davidben | f225b26 | 2016-09-15 22:09:22 | [diff] [blame] | 463 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 464 | return OK; |
| 465 | } |
| 466 | |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 467 | int SSLClientSocketImpl::Connect(CompletionOnceCallback callback) { |
svaldez | 4af14d2 | 2015-08-20 13:48:24 | [diff] [blame] | 468 | // Although StreamSocket does allow calling Connect() after Disconnect(), |
| 469 | // this has never worked for layered sockets. CHECK to detect any consumers |
| 470 | // reconnecting an SSL socket. |
| 471 | // |
| 472 | // TODO(davidben,mmenke): Remove this API feature. See |
| 473 | // https://crbug.com/499289. |
| 474 | CHECK(!disconnected_); |
| 475 | |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 476 | net_log_.BeginEvent(NetLogEventType::SSL_CONNECT); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 477 | |
| 478 | // Set up new ssl object. |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 479 | int rv = Init(); |
| 480 | if (rv != OK) { |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 481 | LogConnectEndEvent(rv); |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 482 | return rv; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 483 | } |
| 484 | |
| 485 | // Set SSL to client mode. Handshake happens in the loop below. |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 486 | SSL_set_connect_state(ssl_.get()); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 487 | |
rsleevi | adbd498 | 2016-06-13 22:10:27 | [diff] [blame] | 488 | next_handshake_state_ = STATE_HANDSHAKE; |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 489 | rv = DoHandshakeLoop(OK); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 490 | if (rv == ERR_IO_PENDING) { |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 491 | user_connect_callback_ = std::move(callback); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 492 | } else { |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 493 | LogConnectEndEvent(rv); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 494 | } |
| 495 | |
| 496 | return rv > OK ? OK : rv; |
| 497 | } |
| 498 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 499 | void SSLClientSocketImpl::Disconnect() { |
svaldez | 4af14d2 | 2015-08-20 13:48:24 | [diff] [blame] | 500 | disconnected_ = true; |
| 501 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 502 | // Shut down anything that may call us back. |
eroman | 7f9236a | 2015-05-11 21:23:43 | [diff] [blame] | 503 | cert_verifier_request_.reset(); |
davidben | 67e8391 | 2016-10-12 18:36:32 | [diff] [blame] | 504 | weak_factory_.InvalidateWeakPtrs(); |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 505 | transport_adapter_.reset(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 506 | |
davidben | 67e8391 | 2016-10-12 18:36:32 | [diff] [blame] | 507 | // Release user callbacks. |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 508 | user_connect_callback_.Reset(); |
| 509 | user_read_callback_.Reset(); |
| 510 | user_write_callback_.Reset(); |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 511 | user_read_buf_ = nullptr; |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 512 | user_read_buf_len_ = 0; |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 513 | user_write_buf_ = nullptr; |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 514 | user_write_buf_len_ = 0; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 515 | |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 516 | stream_socket_->Disconnect(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 517 | } |
| 518 | |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 519 | // ConfirmHandshake may only be called on a connected socket and, like other |
| 520 | // socket methods, there may only be one ConfirmHandshake operation in progress |
| 521 | // at once. |
| 522 | int SSLClientSocketImpl::ConfirmHandshake(CompletionOnceCallback callback) { |
| 523 | CHECK(completed_connect_); |
| 524 | CHECK(!in_confirm_handshake_); |
| 525 | if (!SSL_in_early_data(ssl_.get())) { |
| 526 | return OK; |
| 527 | } |
| 528 | |
| 529 | net_log_.BeginEvent(NetLogEventType::SSL_CONFIRM_HANDSHAKE); |
| 530 | next_handshake_state_ = STATE_HANDSHAKE; |
| 531 | in_confirm_handshake_ = true; |
| 532 | int rv = DoHandshakeLoop(OK); |
| 533 | if (rv == ERR_IO_PENDING) { |
| 534 | user_connect_callback_ = std::move(callback); |
| 535 | } else { |
| 536 | net_log_.EndEvent(NetLogEventType::SSL_CONFIRM_HANDSHAKE); |
| 537 | in_confirm_handshake_ = false; |
| 538 | } |
| 539 | |
| 540 | return rv > OK ? OK : rv; |
| 541 | } |
| 542 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 543 | bool SSLClientSocketImpl::IsConnected() const { |
davidben | 67e8391 | 2016-10-12 18:36:32 | [diff] [blame] | 544 | // If the handshake has not yet completed or the socket has been explicitly |
| 545 | // disconnected. |
| 546 | if (!completed_connect_ || disconnected_) |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 547 | return false; |
| 548 | // If an asynchronous operation is still pending. |
| 549 | if (user_read_buf_.get() || user_write_buf_.get()) |
| 550 | return true; |
| 551 | |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 552 | return stream_socket_->IsConnected(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 553 | } |
| 554 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 555 | bool SSLClientSocketImpl::IsConnectedAndIdle() const { |
davidben | 67e8391 | 2016-10-12 18:36:32 | [diff] [blame] | 556 | // If the handshake has not yet completed or the socket has been explicitly |
| 557 | // disconnected. |
| 558 | if (!completed_connect_ || disconnected_) |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 559 | return false; |
| 560 | // If an asynchronous operation is still pending. |
| 561 | if (user_read_buf_.get() || user_write_buf_.get()) |
| 562 | return false; |
davidben | fc9a6b8 | 2015-04-15 23:47:32 | [diff] [blame] | 563 | |
| 564 | // If there is data read from the network that has not yet been consumed, do |
| 565 | // not treat the connection as idle. |
| 566 | // |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 567 | // Note that this does not check whether there is ciphertext that has not yet |
| 568 | // been flushed to the network. |Write| returns early, so this can cause race |
| 569 | // conditions which cause a socket to not be treated reusable when it should |
| 570 | // be. See https://crbug.com/466147. |
| 571 | if (transport_adapter_->HasPendingReadData()) |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 572 | return false; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 573 | |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 574 | return stream_socket_->IsConnectedAndIdle(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 575 | } |
| 576 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 577 | int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 578 | return stream_socket_->GetPeerAddress(addressList); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 579 | } |
| 580 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 581 | int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 582 | return stream_socket_->GetLocalAddress(addressList); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 583 | } |
| 584 | |
tfarina | 42834111 | 2016-09-22 13:38:20 | [diff] [blame] | 585 | const NetLogWithSource& SSLClientSocketImpl::NetLog() const { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 586 | return net_log_; |
| 587 | } |
| 588 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 589 | bool SSLClientSocketImpl::WasEverUsed() const { |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 590 | return was_ever_used_; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 591 | } |
| 592 | |
tfarina | 2846404c | 2016-12-25 14:31:37 | [diff] [blame] | 593 | bool SSLClientSocketImpl::WasAlpnNegotiated() const { |
bnc | 3cf2a59 | 2016-08-11 14:48:36 | [diff] [blame] | 594 | return negotiated_protocol_ != kProtoUnknown; |
| 595 | } |
| 596 | |
| 597 | NextProto SSLClientSocketImpl::GetNegotiatedProtocol() const { |
| 598 | return negotiated_protocol_; |
| 599 | } |
| 600 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 601 | bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 602 | ssl_info->Reset(); |
davidben | c7e06c9 | 2017-03-07 18:54:11 | [diff] [blame] | 603 | if (!server_cert_) |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 604 | return false; |
| 605 | |
| 606 | ssl_info->cert = server_cert_verify_result_.verified_cert; |
estark | 03d644f | 2015-06-13 00:11:32 | [diff] [blame] | 607 | ssl_info->unverified_cert = server_cert_; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 608 | ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 609 | ssl_info->is_issued_by_known_root = |
| 610 | server_cert_verify_result_.is_issued_by_known_root; |
dadrian | df302c4 | 2016-06-10 18:48:59 | [diff] [blame] | 611 | ssl_info->pkp_bypassed = pkp_bypassed_; |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 612 | ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 613 | ssl_info->client_cert_sent = |
| 614 | ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
[email protected] | 8bd4e7a | 2014-08-09 14:49:17 | [diff] [blame] | 615 | ssl_info->pinning_failure_log = pinning_failure_log_; |
dadrian | 612337a | 2016-07-20 22:36:58 | [diff] [blame] | 616 | ssl_info->ocsp_result = server_cert_verify_result_.ocsp_result; |
Carlos IL | 8113338 | 2017-12-06 17:18:45 | [diff] [blame] | 617 | ssl_info->is_fatal_cert_error = is_fatal_cert_error_; |
estark | 723b5eeb | 2016-02-18 21:01:12 | [diff] [blame] | 618 | AddCTInfoToSSLInfo(ssl_info); |
davidben | eb5f8ef3 | 2014-09-04 14:14:32 | [diff] [blame] | 619 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 620 | const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_.get()); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 621 | CHECK(cipher); |
davidben | 3b00e40 | 2016-09-20 14:31:06 | [diff] [blame] | 622 | // Historically, the "group" was known as "curve". |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 623 | ssl_info->key_exchange_group = SSL_get_curve_id(ssl_.get()); |
David Benjamin | e7e073ef | 2018-10-25 01:26:06 | [diff] [blame] | 624 | ssl_info->peer_signature_algorithm = |
| 625 | SSL_get_peer_signature_algorithm(ssl_.get()); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 626 | |
ryanchung | 987b2ff | 2016-02-19 00:17:12 | [diff] [blame] | 627 | SSLConnectionStatusSetCipherSuite( |
| 628 | static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), |
| 629 | &ssl_info->connection_status); |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 630 | SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_.get()), |
ryanchung | 987b2ff | 2016-02-19 00:17:12 | [diff] [blame] | 631 | &ssl_info->connection_status); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 632 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 633 | ssl_info->handshake_type = SSL_session_reused(ssl_.get()) |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 634 | ? SSLInfo::HANDSHAKE_RESUME |
| 635 | : SSLInfo::HANDSHAKE_FULL; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 636 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 637 | return true; |
| 638 | } |
| 639 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 640 | void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { |
ttuttle | 23fdb7b | 2015-05-15 01:28:03 | [diff] [blame] | 641 | out->clear(); |
| 642 | } |
| 643 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 644 | int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 645 | return stream_socket_->GetTotalReceivedBytes(); |
tbansal | f82cc8e | 2015-10-14 20:05:49 | [diff] [blame] | 646 | } |
| 647 | |
xunjieli | 998d247 | 2017-01-12 01:12:28 | [diff] [blame] | 648 | void SSLClientSocketImpl::DumpMemoryStats(SocketMemoryStats* stats) const { |
| 649 | if (transport_adapter_) |
| 650 | stats->buffer_size = transport_adapter_->GetAllocationSize(); |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 651 | const STACK_OF(CRYPTO_BUFFER)* server_cert_chain = |
| 652 | SSL_get0_peer_certificates(ssl_.get()); |
davidben | c7e06c9 | 2017-03-07 18:54:11 | [diff] [blame] | 653 | if (server_cert_chain) { |
David Benjamin | 8a4bc32b | 2018-03-30 15:24:53 | [diff] [blame] | 654 | for (const CRYPTO_BUFFER* cert : server_cert_chain) { |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 655 | stats->cert_size += CRYPTO_BUFFER_len(cert); |
xunjieli | 9f8c5fb5 | 2016-12-07 22:59:33 | [diff] [blame] | 656 | } |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 657 | stats->cert_count = sk_CRYPTO_BUFFER_num(server_cert_chain); |
xunjieli | 9f8c5fb5 | 2016-12-07 22:59:33 | [diff] [blame] | 658 | } |
xunjieli | ffe62df6 | 2017-02-23 18:22:41 | [diff] [blame] | 659 | stats->total_size = stats->buffer_size + stats->cert_size; |
xunjieli | 9f8c5fb5 | 2016-12-07 22:59:33 | [diff] [blame] | 660 | } |
| 661 | |
Bence Béky | dae8af5f | 2018-04-13 08:53:17 | [diff] [blame] | 662 | void SSLClientSocketImpl::GetSSLCertRequestInfo( |
| 663 | SSLCertRequestInfo* cert_request_info) const { |
| 664 | if (!ssl_) { |
| 665 | NOTREACHED(); |
| 666 | return; |
| 667 | } |
| 668 | |
| 669 | cert_request_info->host_and_port = host_and_port_; |
| 670 | |
| 671 | cert_request_info->cert_authorities.clear(); |
| 672 | const STACK_OF(CRYPTO_BUFFER)* authorities = |
| 673 | SSL_get0_server_requested_CAs(ssl_.get()); |
| 674 | for (const CRYPTO_BUFFER* ca_name : authorities) { |
| 675 | cert_request_info->cert_authorities.push_back( |
| 676 | std::string(reinterpret_cast<const char*>(CRYPTO_BUFFER_data(ca_name)), |
| 677 | CRYPTO_BUFFER_len(ca_name))); |
| 678 | } |
| 679 | |
| 680 | cert_request_info->cert_key_types.clear(); |
| 681 | const uint8_t* client_cert_types; |
| 682 | size_t num_client_cert_types = |
| 683 | SSL_get0_certificate_types(ssl_.get(), &client_cert_types); |
| 684 | for (size_t i = 0; i < num_client_cert_types; i++) { |
| 685 | cert_request_info->cert_key_types.push_back( |
| 686 | static_cast<SSLClientCertType>(client_cert_types[i])); |
| 687 | } |
| 688 | } |
| 689 | |
Paul Jensen | 0f49dec | 2017-12-12 23:39:58 | [diff] [blame] | 690 | void SSLClientSocketImpl::ApplySocketTag(const SocketTag& tag) { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 691 | return stream_socket_->ApplySocketTag(tag); |
Paul Jensen | 0f49dec | 2017-12-12 23:39:58 | [diff] [blame] | 692 | } |
| 693 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 694 | int SSLClientSocketImpl::Read(IOBuffer* buf, |
| 695 | int buf_len, |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 696 | CompletionOnceCallback callback) { |
| 697 | int rv = ReadIfReady(buf, buf_len, std::move(callback)); |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 698 | if (rv == ERR_IO_PENDING) { |
| 699 | user_read_buf_ = buf; |
| 700 | user_read_buf_len_ = buf_len; |
| 701 | } |
| 702 | return rv; |
| 703 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 704 | |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 705 | int SSLClientSocketImpl::ReadIfReady(IOBuffer* buf, |
| 706 | int buf_len, |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 707 | CompletionOnceCallback callback) { |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 708 | int rv = DoPayloadRead(buf, buf_len); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 709 | |
| 710 | if (rv == ERR_IO_PENDING) { |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 711 | user_read_callback_ = std::move(callback); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 712 | } else { |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 713 | if (rv > 0) |
| 714 | was_ever_used_ = true; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 715 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 716 | return rv; |
| 717 | } |
| 718 | |
Helen Li | 5f3d96a | 2018-08-10 20:37:24 | [diff] [blame] | 719 | int SSLClientSocketImpl::CancelReadIfReady() { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 720 | int result = stream_socket_->CancelReadIfReady(); |
Helen Li | 5f3d96a | 2018-08-10 20:37:24 | [diff] [blame] | 721 | // Cancel |user_read_callback_|, because caller does not expect the callback |
| 722 | // to be invoked after they have canceled the ReadIfReady. |
| 723 | user_read_callback_.Reset(); |
| 724 | return result; |
| 725 | } |
| 726 | |
[email protected] | a2b2cfc | 2017-12-06 09:06:08 | [diff] [blame] | 727 | int SSLClientSocketImpl::Write( |
| 728 | IOBuffer* buf, |
| 729 | int buf_len, |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 730 | CompletionOnceCallback callback, |
[email protected] | a2b2cfc | 2017-12-06 09:06:08 | [diff] [blame] | 731 | const NetworkTrafficAnnotationTag& traffic_annotation) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 732 | user_write_buf_ = buf; |
| 733 | user_write_buf_len_ = buf_len; |
| 734 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 735 | int rv = DoPayloadWrite(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 736 | |
| 737 | if (rv == ERR_IO_PENDING) { |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 738 | user_write_callback_ = std::move(callback); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 739 | } else { |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 740 | if (rv > 0) |
| 741 | was_ever_used_ = true; |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 742 | user_write_buf_ = nullptr; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 743 | user_write_buf_len_ = 0; |
| 744 | } |
| 745 | |
| 746 | return rv; |
| 747 | } |
| 748 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 749 | int SSLClientSocketImpl::SetReceiveBufferSize(int32_t size) { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 750 | return stream_socket_->SetReceiveBufferSize(size); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 751 | } |
| 752 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 753 | int SSLClientSocketImpl::SetSendBufferSize(int32_t size) { |
Matt Menke | fd95692 | 2019-02-04 23:44:03 | [diff] [blame] | 754 | return stream_socket_->SetSendBufferSize(size); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 755 | } |
| 756 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 757 | void SSLClientSocketImpl::OnReadReady() { |
| 758 | // During a renegotiation, either Read or Write calls may be blocked on a |
| 759 | // transport read. |
| 760 | RetryAllOperations(); |
| 761 | } |
| 762 | |
| 763 | void SSLClientSocketImpl::OnWriteReady() { |
| 764 | // During a renegotiation, either Read or Write calls may be blocked on a |
| 765 | // transport read. |
| 766 | RetryAllOperations(); |
| 767 | } |
| 768 | |
Steven Valdez | eec684e3e | 2018-12-13 16:28:23 | [diff] [blame] | 769 | static bool EnforceTLS13DowngradeForKnownRootsOnly() { |
| 770 | return base::FeatureList::IsEnabled(features::kEnforceTLS13Downgrade) && |
| 771 | base::GetFieldTrialParamByFeatureAsBool( |
| 772 | features::kEnforceTLS13Downgrade, "known_roots_only", true); |
| 773 | } |
| 774 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 775 | int SSLClientSocketImpl::Init() { |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 776 | DCHECK(!ssl_); |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 777 | |
[email protected] | b29af7d | 2010-12-14 11:52:47 | [diff] [blame] | 778 | SSLContext* context = SSLContext::GetInstance(); |
[email protected] | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 779 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 780 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 781 | ssl_.reset(SSL_new(context->ssl_ctx())); |
| 782 | if (!ssl_ || !context->SetClientSocketForSSL(ssl_.get(), this)) |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 783 | return ERR_UNEXPECTED; |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 784 | |
davidben | 9bc0466f | 2015-06-16 22:21:27 | [diff] [blame] | 785 | // SNI should only contain valid DNS hostnames, not IP addresses (see RFC |
| 786 | // 6066, Section 3). |
| 787 | // |
| 788 | // TODO(rsleevi): Should this code allow hostnames that violate the LDH rule? |
| 789 | // See https://crbug.com/496472 and https://crbug.com/496468 for discussion. |
martijn | a2e83bd | 2016-03-18 13:10:45 | [diff] [blame] | 790 | IPAddress unused; |
| 791 | if (!unused.AssignFromIPLiteral(host_and_port_.host()) && |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 792 | !SSL_set_tlsext_host_name(ssl_.get(), host_and_port_.host().c_str())) { |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 793 | return ERR_UNEXPECTED; |
davidben | 9bc0466f | 2015-06-16 22:21:27 | [diff] [blame] | 794 | } |
[email protected] | fbef1393 | 2010-11-23 12:38:53 | [diff] [blame] | 795 | |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 796 | if (IsCachingEnabled()) { |
Steven Valdez | e6112f4 | 2017-10-05 22:20:12 | [diff] [blame] | 797 | bssl::UniquePtr<SSL_SESSION> session = |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 798 | ssl_client_session_cache_->Lookup(GetSessionCacheKey()); |
David Benjamin | b3840f4 | 2017-08-03 15:50:16 | [diff] [blame] | 799 | if (session) |
| 800 | SSL_set_session(ssl_.get(), session.get()); |
| 801 | } |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 802 | |
Helen Li | f3aa962 | 2018-05-24 00:18:07 | [diff] [blame] | 803 | transport_adapter_.reset( |
Matt Menke | 841fc41 | 2019-03-05 23:20:12 | [diff] [blame] | 804 | new SocketBIOAdapter(stream_socket_.get(), kDefaultOpenSSLBufferSize, |
Helen Li | f3aa962 | 2018-05-24 00:18:07 | [diff] [blame] | 805 | kDefaultOpenSSLBufferSize, this)); |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 806 | BIO* transport_bio = transport_adapter_->bio(); |
mmenke | 1beda3d | 2016-07-22 03:33:45 | [diff] [blame] | 807 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 808 | BIO_up_ref(transport_bio); // SSL_set0_rbio takes ownership. |
| 809 | SSL_set0_rbio(ssl_.get(), transport_bio); |
haavardm | 2d92e72 | 2014-12-19 13:45:44 | [diff] [blame] | 810 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 811 | BIO_up_ref(transport_bio); // SSL_set0_wbio takes ownership. |
| 812 | SSL_set0_wbio(ssl_.get(), transport_bio); |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 813 | |
davidben | b937d6c | 2015-05-14 04:53:42 | [diff] [blame] | 814 | DCHECK_LT(SSL3_VERSION, ssl_config_.version_min); |
| 815 | DCHECK_LT(SSL3_VERSION, ssl_config_.version_max); |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 816 | if (!SSL_set_min_proto_version(ssl_.get(), ssl_config_.version_min) || |
| 817 | !SSL_set_max_proto_version(ssl_.get(), ssl_config_.version_max)) { |
davidben | 952bdf2 | 2016-09-21 23:42:16 | [diff] [blame] | 818 | return ERR_UNEXPECTED; |
| 819 | } |
davidben | b937d6c | 2015-05-14 04:53:42 | [diff] [blame] | 820 | |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 821 | SSL_set_early_data_enabled(ssl_.get(), ssl_config_.early_data_enabled); |
| 822 | |
Steven Valdez | 50a3d2c9 | 2018-11-14 19:45:59 | [diff] [blame] | 823 | if (!base::FeatureList::IsEnabled(features::kEnforceTLS13Downgrade) || |
Steven Valdez | eec684e3e | 2018-12-13 16:28:23 | [diff] [blame] | 824 | EnforceTLS13DowngradeForKnownRootsOnly()) { |
David Benjamin | 570460e | 2018-10-16 06:01:29 | [diff] [blame] | 825 | SSL_set_ignore_tls13_downgrade(ssl_.get(), 1); |
| 826 | } |
| 827 | |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 828 | // OpenSSL defaults some options to on, others to off. To avoid ambiguity, |
| 829 | // set everything we care about to an absolute value. |
[email protected] | fb10e228 | 2010-12-01 17:08:48 | [diff] [blame] | 830 | SslSetClearMask options; |
[email protected] | d0f0049 | 2012-08-03 22:35:13 | [diff] [blame] | 831 | options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true); |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 832 | |
| 833 | // TODO(joth): Set this conditionally, see http://crbug.com/55410 |
[email protected] | fb10e228 | 2010-12-01 17:08:48 | [diff] [blame] | 834 | options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true); |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 835 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 836 | SSL_set_options(ssl_.get(), options.set_mask); |
| 837 | SSL_clear_options(ssl_.get(), options.clear_mask); |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 838 | |
[email protected] | fb10e228 | 2010-12-01 17:08:48 | [diff] [blame] | 839 | // Same as above, this time for the SSL mode. |
| 840 | SslSetClearMask mode; |
[email protected] | 9e733f3 | 2010-10-04 18:19:08 | [diff] [blame] | 841 | |
[email protected] | fb10e228 | 2010-12-01 17:08:48 | [diff] [blame] | 842 | mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
isherman | e5c05e1 | 2014-09-09 20:32:15 | [diff] [blame] | 843 | mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); |
[email protected] | fb10e228 | 2010-12-01 17:08:48 | [diff] [blame] | 844 | |
davidben | 818d93b | 2015-02-19 22:27:32 | [diff] [blame] | 845 | mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, |
[email protected] | b788de0 | 2014-04-23 18:06:07 | [diff] [blame] | 846 | ssl_config_.false_start_enabled); |
| 847 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 848 | SSL_set_mode(ssl_.get(), mode.set_mask); |
| 849 | SSL_clear_mode(ssl_.get(), mode.clear_mask); |
[email protected] | 109805a | 2010-12-07 18:17:06 | [diff] [blame] | 850 | |
Steven Valdez | 99a85a6 | 2018-05-03 18:13:45 | [diff] [blame] | 851 | // Use BoringSSL defaults, but disable HMAC-SHA1 ciphers in ECDSA. These are |
| 852 | // the remaining CBC-mode ECDSA ciphers. |
| 853 | std::string command("ALL::!aPSK:!ECDSA+SHA1"); |
davidben | 9b4a9b9c | 2015-10-12 18:46:51 | [diff] [blame] | 854 | |
| 855 | if (ssl_config_.require_ecdhe) |
davidben | 1863716b | 2017-05-03 20:06:20 | [diff] [blame] | 856 | command.append(":!kRSA"); |
davidben | 8ecc307 | 2014-09-03 23:19:09 | [diff] [blame] | 857 | |
davidben | 9b4a9b9c | 2015-10-12 18:46:51 | [diff] [blame] | 858 | // Remove any disabled ciphers. |
| 859 | for (uint16_t id : ssl_config_.disabled_cipher_suites) { |
| 860 | const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); |
| 861 | if (cipher) { |
| 862 | command.append(":!"); |
| 863 | command.append(SSL_CIPHER_get_name(cipher)); |
| 864 | } |
| 865 | } |
| 866 | |
davidben | 1863716b | 2017-05-03 20:06:20 | [diff] [blame] | 867 | if (!SSL_set_strict_cipher_list(ssl_.get(), command.c_str())) { |
| 868 | LOG(ERROR) << "SSL_set_cipher_list('" << command << "') failed"; |
| 869 | return ERR_UNEXPECTED; |
| 870 | } |
[email protected] | ee0f2aa8 | 2013-10-25 11:59:26 | [diff] [blame] | 871 | |
bnc | 1f29537 | 2015-10-21 23:24:22 | [diff] [blame] | 872 | if (!ssl_config_.alpn_protos.empty()) { |
bnc | 988e68d | 2016-06-27 14:03:21 | [diff] [blame] | 873 | std::vector<uint8_t> wire_protos = |
| 874 | SerializeNextProtos(ssl_config_.alpn_protos); |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 875 | SSL_set_alpn_protos(ssl_.get(), |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 876 | wire_protos.empty() ? nullptr : &wire_protos[0], |
[email protected] | abc44b75 | 2014-07-30 03:52:15 | [diff] [blame] | 877 | wire_protos.size()); |
| 878 | } |
| 879 | |
Ryan Sleevi | d1a894e | 2018-04-03 20:24:07 | [diff] [blame] | 880 | SSL_enable_signed_cert_timestamps(ssl_.get()); |
| 881 | SSL_enable_ocsp_stapling(ssl_.get()); |
davidben | eb5f8ef3 | 2014-09-04 14:14:32 | [diff] [blame] | 882 | |
davidben | 971a681a | 2017-02-16 18:57:46 | [diff] [blame] | 883 | // Configure BoringSSL to allow renegotiations. Once the initial handshake |
| 884 | // completes, if renegotiations are not allowed, the default reject value will |
| 885 | // be restored. This is done in this order to permit a BoringSSL |
| 886 | // optimization. See https://crbug.com/boringssl/123. |
| 887 | SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely); |
| 888 | |
David Benjamin | 8373dea | 2018-05-07 15:39:10 | [diff] [blame] | 889 | SSL_set_shed_handshake_config(ssl_.get(), 1); |
[email protected] | c8a80e9 | 2014-05-17 16:02:08 | [diff] [blame] | 890 | return OK; |
[email protected] | d518cd9 | 2010-09-29 12:27:44 | [diff] [blame] | 891 | } |
| 892 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 893 | void SSLClientSocketImpl::DoReadCallback(int rv) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 894 | // Since Run may result in Read being called, clear |user_read_callback_| |
| 895 | // up front. |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 896 | if (rv > 0) |
| 897 | was_ever_used_ = true; |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 898 | user_read_buf_ = nullptr; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 899 | user_read_buf_len_ = 0; |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 900 | std::move(user_read_callback_).Run(rv); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 901 | } |
| 902 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 903 | void SSLClientSocketImpl::DoWriteCallback(int rv) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 904 | // Since Run may result in Write being called, clear |user_write_callback_| |
| 905 | // up front. |
[email protected] | 0dc88b3 | 2014-03-26 20:12:28 | [diff] [blame] | 906 | if (rv > 0) |
| 907 | was_ever_used_ = true; |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 908 | user_write_buf_ = nullptr; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 909 | user_write_buf_len_ = 0; |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 910 | std::move(user_write_callback_).Run(rv); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 911 | } |
| 912 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 913 | int SSLClientSocketImpl::DoHandshake() { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 914 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
vadimt | 5a24328 | 2014-12-24 00:26:16 | [diff] [blame] | 915 | |
David Benjamin | 5f98efe | 2018-04-12 07:32:41 | [diff] [blame] | 916 | int rv = SSL_do_handshake(ssl_.get()); |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 917 | int net_error = OK; |
| 918 | if (rv <= 0) { |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 919 | int ssl_error = SSL_get_error(ssl_.get(), rv); |
davidben | ced4aa9b | 2015-05-12 21:22:35 | [diff] [blame] | 920 | if (ssl_error == SSL_ERROR_WANT_X509_LOOKUP && |
| 921 | !ssl_config_.send_client_cert) { |
| 922 | return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 923 | } |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 924 | if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) { |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 925 | DCHECK(ssl_config_.client_private_key); |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 926 | DCHECK_NE(kSSLClientSocketNoPendingResult, signature_result_); |
rsleevi | adbd498 | 2016-06-13 22:10:27 | [diff] [blame] | 927 | next_handshake_state_ = STATE_HANDSHAKE; |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 928 | return ERR_IO_PENDING; |
| 929 | } |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 930 | if (ssl_error == SSL_ERROR_WANT_CERTIFICATE_VERIFY) { |
| 931 | DCHECK(cert_verifier_request_); |
| 932 | next_handshake_state_ = STATE_HANDSHAKE; |
| 933 | return ERR_IO_PENDING; |
| 934 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 935 | |
davidben | a4409c6 | 2014-08-27 17:05:51 | [diff] [blame] | 936 | OpenSSLErrorInfo error_info; |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 937 | net_error = MapLastOpenSSLError(ssl_error, err_tracer, &error_info); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 938 | if (net_error == ERR_IO_PENDING) { |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 939 | // If not done, stay in this state |
rsleevi | adbd498 | 2016-06-13 22:10:27 | [diff] [blame] | 940 | next_handshake_state_ = STATE_HANDSHAKE; |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 941 | return ERR_IO_PENDING; |
| 942 | } |
| 943 | |
| 944 | LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " |
| 945 | << ssl_error << ", net_error " << net_error; |
| 946 | net_log_.AddEvent( |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 947 | NetLogEventType::SSL_HANDSHAKE_ERROR, |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 948 | CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 949 | } |
| 950 | |
rsleevi | adbd498 | 2016-06-13 22:10:27 | [diff] [blame] | 951 | next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 952 | return net_error; |
| 953 | } |
| 954 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 955 | int SSLClientSocketImpl::DoHandshakeComplete(int result) { |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 956 | if (result < 0) |
| 957 | return result; |
| 958 | |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 959 | if (in_confirm_handshake_) { |
| 960 | next_handshake_state_ = STATE_NONE; |
| 961 | return OK; |
| 962 | } |
| 963 | |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 964 | if (IsCachingEnabled()) { |
| 965 | ssl_client_session_cache_->ResetLookupCount(GetSessionCacheKey()); |
David Benjamin | b3840f4 | 2017-08-03 15:50:16 | [diff] [blame] | 966 | } |
| 967 | |
Raul Tambre | 94493c65 | 2019-03-11 17:18:35 | [diff] [blame] | 968 | const uint8_t* alpn_proto = nullptr; |
bnc | ce6ea24 | 2016-09-15 20:22:32 | [diff] [blame] | 969 | unsigned alpn_len = 0; |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 970 | SSL_get0_alpn_selected(ssl_.get(), &alpn_proto, &alpn_len); |
bnc | ce6ea24 | 2016-09-15 20:22:32 | [diff] [blame] | 971 | if (alpn_len > 0) { |
| 972 | base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto), |
| 973 | alpn_len); |
| 974 | negotiated_protocol_ = NextProtoFromString(proto); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 975 | } |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 976 | |
bnc | bd442c2 | 2016-09-14 20:49:16 | [diff] [blame] | 977 | RecordNegotiatedProtocol(); |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 978 | |
dadrian | d476e65 | 2016-07-26 21:33:24 | [diff] [blame] | 979 | const uint8_t* ocsp_response_raw; |
| 980 | size_t ocsp_response_len; |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 981 | SSL_get0_ocsp_response(ssl_.get(), &ocsp_response_raw, &ocsp_response_len); |
dadrian | d476e65 | 2016-07-26 21:33:24 | [diff] [blame] | 982 | set_stapled_ocsp_response_received(ocsp_response_len != 0); |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 983 | |
| 984 | const uint8_t* sct_list; |
| 985 | size_t sct_list_len; |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 986 | SSL_get0_signed_cert_timestamp_list(ssl_.get(), &sct_list, &sct_list_len); |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 987 | set_signed_cert_timestamps_received(sct_list_len != 0); |
| 988 | |
davidben | 971a681a | 2017-02-16 18:57:46 | [diff] [blame] | 989 | if (!IsRenegotiationAllowed()) |
| 990 | SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_never); |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 991 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 992 | uint16_t signature_algorithm = SSL_get_peer_signature_algorithm(ssl_.get()); |
davidben | 0653c8d | 2016-07-08 02:16:17 | [diff] [blame] | 993 | if (signature_algorithm != 0) { |
Ilya Sherman | 0eb3980 | 2017-12-08 20:58:18 | [diff] [blame] | 994 | base::UmaHistogramSparse("Net.SSLSignatureAlgorithm", signature_algorithm); |
davidben | 4fe4f98 | 2015-11-11 22:00:12 | [diff] [blame] | 995 | } |
| 996 | |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 997 | SSLInfo ssl_info; |
| 998 | bool ok = GetSSLInfo(&ssl_info); |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 999 | // Ensure the verify callback was called, and got far enough to fill |
| 1000 | // in server_cert_. |
| 1001 | CHECK(ok); |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1002 | |
| 1003 | // See how feasible enforcing RSA key usage would be. See |
| 1004 | // https://crbug.com/795089. |
| 1005 | RSAKeyUsage rsa_key_usage = |
| 1006 | CheckRSAKeyUsage(server_cert_.get(), SSL_get_current_cipher(ssl_.get())); |
| 1007 | if (rsa_key_usage != RSAKeyUsage::kNotRSA) { |
| 1008 | if (server_cert_verify_result_.is_issued_by_known_root) { |
| 1009 | UMA_HISTOGRAM_ENUMERATION("Net.SSLRSAKeyUsage.KnownRoot", rsa_key_usage, |
| 1010 | static_cast<int>(RSAKeyUsage::kLastValue) + 1); |
| 1011 | } else { |
| 1012 | UMA_HISTOGRAM_ENUMERATION("Net.SSLRSAKeyUsage.UnknownRoot", rsa_key_usage, |
| 1013 | static_cast<int>(RSAKeyUsage::kLastValue) + 1); |
| 1014 | } |
| 1015 | } |
| 1016 | |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1017 | if (!base::FeatureList::IsEnabled(features::kEnforceTLS13Downgrade) || |
Steven Valdez | eec684e3e | 2018-12-13 16:28:23 | [diff] [blame] | 1018 | EnforceTLS13DowngradeForKnownRootsOnly()) { |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1019 | // Record metrics on the TLS 1.3 anti-downgrade mechanism. This is only |
| 1020 | // recorded when enforcement is disabled. (When enforcement is enabled, |
| 1021 | // the connection will fail with ERR_TLS13_DOWNGRADE_DETECTED.) See |
| 1022 | // https://crbug.com/boringssl/226. |
| 1023 | // |
| 1024 | // Record metrics for both servers overall and the TLS 1.3 experiment |
| 1025 | // set. These metrics are only useful on TLS 1.3 servers, so the latter |
| 1026 | // is more precise, but there is a large enough TLS 1.3 deployment that |
| 1027 | // the overall numbers may be more robust. In particular, the |
| 1028 | // DowngradeType metrics do not need to be filtered. |
| 1029 | bool is_downgrade = !!SSL_is_tls13_downgrade(ssl_.get()); |
| 1030 | UMA_HISTOGRAM_BOOLEAN("Net.SSLTLS13Downgrade", is_downgrade); |
| 1031 | bool is_tls13_experiment_host = |
| 1032 | IsTLS13ExperimentHost(host_and_port_.host()); |
| 1033 | if (is_tls13_experiment_host) { |
| 1034 | UMA_HISTOGRAM_BOOLEAN("Net.SSLTLS13DowngradeTLS13Experiment", |
| 1035 | is_downgrade); |
| 1036 | } |
| 1037 | |
| 1038 | if (is_downgrade) { |
| 1039 | // Record whether connections which hit the downgrade used known vs |
| 1040 | // unknown roots and which key exchange type. |
| 1041 | |
| 1042 | // This enum is persisted into histograms. Values may not be |
| 1043 | // renumbered. |
| 1044 | enum class DowngradeType { |
| 1045 | kKnownRootRSA = 0, |
| 1046 | kKnownRootECDHE = 1, |
| 1047 | kUnknownRootRSA = 2, |
| 1048 | kUnknownRootECDHE = 3, |
| 1049 | kMaxValue = kUnknownRootECDHE, |
| 1050 | }; |
| 1051 | |
| 1052 | DowngradeType type; |
| 1053 | int kx_nid = SSL_CIPHER_get_kx_nid(SSL_get_current_cipher(ssl_.get())); |
| 1054 | DCHECK(kx_nid == NID_kx_rsa || kx_nid == NID_kx_ecdhe); |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 1055 | if (server_cert_verify_result_.is_issued_by_known_root) { |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1056 | type = kx_nid == NID_kx_rsa ? DowngradeType::kKnownRootRSA |
| 1057 | : DowngradeType::kKnownRootECDHE; |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 1058 | } else { |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1059 | type = kx_nid == NID_kx_rsa ? DowngradeType::kUnknownRootRSA |
| 1060 | : DowngradeType::kUnknownRootECDHE; |
| 1061 | } |
| 1062 | UMA_HISTOGRAM_ENUMERATION("Net.SSLTLS13DowngradeType", type); |
| 1063 | if (is_tls13_experiment_host) { |
| 1064 | UMA_HISTOGRAM_ENUMERATION("Net.SSLTLS13DowngradeTypeTLS13Experiment", |
| 1065 | type); |
David Benjamin | f8ebd2b | 2017-12-15 19:22:41 | [diff] [blame] | 1066 | } |
David Benjamin | 570460e | 2018-10-16 06:01:29 | [diff] [blame] | 1067 | |
Steven Valdez | eec684e3e | 2018-12-13 16:28:23 | [diff] [blame] | 1068 | if (EnforceTLS13DowngradeForKnownRootsOnly() && |
Steven Valdez | bf059c75 | 2018-12-12 16:32:53 | [diff] [blame] | 1069 | server_cert_verify_result_.is_issued_by_known_root) { |
| 1070 | // Exit DoHandshakeLoop and return the result to the caller to |
| 1071 | // Connect. |
| 1072 | DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| 1073 | return ERR_TLS13_DOWNGRADE_DETECTED; |
| 1074 | } |
David Benjamin | 570460e | 2018-10-16 06:01:29 | [diff] [blame] | 1075 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1076 | } |
| 1077 | |
[email protected] | 64b5c89 | 2014-08-08 09:39:26 | [diff] [blame] | 1078 | completed_connect_ = true; |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 1079 | next_handshake_state_ = STATE_NONE; |
Jesse Selover | daf8790 | 2018-12-03 20:44:30 | [diff] [blame] | 1080 | return OK; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1081 | } |
| 1082 | |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 1083 | ssl_verify_result_t SSLClientSocketImpl::VerifyCertCallback( |
| 1084 | SSL* ssl, |
| 1085 | uint8_t* out_alert) { |
| 1086 | SSLClientSocketImpl* socket = |
| 1087 | SSLContext::GetInstance()->GetClientSocketFromSSL(ssl); |
| 1088 | DCHECK(socket); |
| 1089 | return socket->VerifyCert(); |
| 1090 | } |
| 1091 | |
| 1092 | // This function is called by BoringSSL, so it has to return an |
| 1093 | // ssl_verify_result_t. When specific //net errors need to be |
| 1094 | // returned, use OpenSSLPutNetError to add them directly to the |
| 1095 | // OpenSSL error queue. |
| 1096 | ssl_verify_result_t SSLClientSocketImpl::VerifyCert() { |
| 1097 | if (cert_verification_result_ != kCertVerifyPending) { |
| 1098 | // The certificate verifier updates cert_verification_result_ when |
| 1099 | // it returns asynchronously. If there is a result in |
| 1100 | // cert_verification_result_, return it instead of triggering |
| 1101 | // another verify. |
| 1102 | return HandleVerifyResult(); |
| 1103 | } |
| 1104 | |
| 1105 | // In this configuration, BoringSSL will perform exactly one certificate |
| 1106 | // verification, so there cannot be state from a previous verification. |
| 1107 | CHECK(!server_cert_); |
| 1108 | server_cert_ = x509_util::CreateX509CertificateFromBuffers( |
| 1109 | SSL_get0_peer_certificates(ssl_.get())); |
| 1110 | |
| 1111 | // OpenSSL decoded the certificate, but the X509Certificate implementation |
| 1112 | // could not. This is treated as a fatal SSL-level protocol error rather than |
| 1113 | // a certificate error. See https://crbug.com/91341. |
| 1114 | if (!server_cert_) { |
| 1115 | OpenSSLPutNetError(FROM_HERE, ERR_SSL_SERVER_CERT_BAD_FORMAT); |
| 1116 | return ssl_verify_invalid; |
| 1117 | } |
| 1118 | |
| 1119 | net_log_.AddEvent(NetLogEventType::SSL_CERTIFICATES_RECEIVED, |
| 1120 | base::Bind(&NetLogX509CertificateCallback, |
| 1121 | base::Unretained(server_cert_.get()))); |
| 1122 | |
| 1123 | // If the certificate is bad and has been previously accepted, use |
| 1124 | // the previous status and bypass the error. |
| 1125 | CertStatus cert_status; |
| 1126 | if (ssl_config_.IsAllowedBadCert(server_cert_.get(), &cert_status)) { |
| 1127 | server_cert_verify_result_.Reset(); |
| 1128 | server_cert_verify_result_.cert_status = cert_status; |
| 1129 | server_cert_verify_result_.verified_cert = server_cert_; |
| 1130 | cert_verification_result_ = OK; |
| 1131 | return HandleVerifyResult(); |
| 1132 | } |
| 1133 | |
| 1134 | start_cert_verification_time_ = base::TimeTicks::Now(); |
| 1135 | |
| 1136 | const uint8_t* ocsp_response_raw; |
| 1137 | size_t ocsp_response_len; |
| 1138 | SSL_get0_ocsp_response(ssl_.get(), &ocsp_response_raw, &ocsp_response_len); |
| 1139 | base::StringPiece ocsp_response( |
| 1140 | reinterpret_cast<const char*>(ocsp_response_raw), ocsp_response_len); |
| 1141 | |
Matt Mueller | 7d5464b | 2019-05-15 20:18:45 | [diff] [blame] | 1142 | const uint8_t* sct_list_raw; |
| 1143 | size_t sct_list_len; |
| 1144 | SSL_get0_signed_cert_timestamp_list(ssl_.get(), &sct_list_raw, &sct_list_len); |
| 1145 | base::StringPiece sct_list(reinterpret_cast<const char*>(sct_list_raw), |
| 1146 | sct_list_len); |
| 1147 | |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 1148 | cert_verification_result_ = cert_verifier_->Verify( |
Matt Mueller | 7d5464b | 2019-05-15 20:18:45 | [diff] [blame] | 1149 | CertVerifier::RequestParams( |
| 1150 | server_cert_, host_and_port_.host(), ssl_config_.GetCertVerifyFlags(), |
| 1151 | ocsp_response.as_string(), sct_list.as_string()), |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 1152 | &server_cert_verify_result_, |
| 1153 | base::BindOnce(&SSLClientSocketImpl::OnVerifyComplete, |
| 1154 | base::Unretained(this)), |
| 1155 | &cert_verifier_request_, net_log_); |
| 1156 | |
Jesse Selover | 4ae157d | 2019-04-10 21:06:37 | [diff] [blame] | 1157 | // Enforce keyUsage extension for RSA leaf certificates chaining up to known |
| 1158 | // roots. |
| 1159 | // TODO(795089): Enforce this unconditionally. |
| 1160 | if (server_cert_verify_result_.is_issued_by_known_root) { |
| 1161 | SSL_set_enforce_rsa_key_usage(ssl_.get(), 1); |
| 1162 | } |
| 1163 | |
Jesse Selover | 94c9a94 | 2019-01-16 01:18:04 | [diff] [blame] | 1164 | return HandleVerifyResult(); |
| 1165 | } |
| 1166 | |
| 1167 | void SSLClientSocketImpl::OnVerifyComplete(int result) { |
| 1168 | cert_verification_result_ = result; |
| 1169 | // In handshake phase. The parameter to OnHandshakeIOComplete is unused. |
| 1170 | OnHandshakeIOComplete(OK); |
| 1171 | } |
| 1172 | |
| 1173 | ssl_verify_result_t SSLClientSocketImpl::HandleVerifyResult() { |
| 1174 | // Verification is in progress. Inform BoringSSL it should retry the |
| 1175 | // callback later. The next call to VerifyCertCallback will be a |
| 1176 | // continuation of the same verification, so leave |
| 1177 | // cert_verification_result_ as-is. |
| 1178 | if (cert_verification_result_ == ERR_IO_PENDING) |
| 1179 | return ssl_verify_retry; |
| 1180 | |
| 1181 | // In BoringSSL's calling convention for asynchronous callbacks, |
| 1182 | // after a callback returns a non-retry value, the operation has |
| 1183 | // completed. Subsequent calls are of new operations with potentially |
| 1184 | // different arguments. Reset cert_verification_result_ to inform |
| 1185 | // VerifyCertCallback not to replay the result on subsequent calls. |
| 1186 | int result = cert_verification_result_; |
| 1187 | cert_verification_result_ = kCertVerifyPending; |
| 1188 | |
| 1189 | cert_verifier_request_.reset(); |
| 1190 | |
| 1191 | if (!start_cert_verification_time_.is_null()) { |
| 1192 | base::TimeDelta verify_time = |
| 1193 | base::TimeTicks::Now() - start_cert_verification_time_; |
| 1194 | if (result == OK) { |
| 1195 | UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| 1196 | } else { |
| 1197 | UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| 1198 | } |
| 1199 | } |
| 1200 | |
| 1201 | // If the connection was good, check HPKP and CT status simultaneously, |
| 1202 | // but prefer to treat the HPKP error as more serious, if there was one. |
| 1203 | if ((result == OK || |
| 1204 | (IsCertificateError(result) && |
| 1205 | IsCertStatusMinorError(server_cert_verify_result_.cert_status)))) { |
| 1206 | int ct_result = VerifyCT(); |
| 1207 | TransportSecurityState::PKPStatus pin_validity = |
| 1208 | transport_security_state_->CheckPublicKeyPins( |
| 1209 | host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
| 1210 | server_cert_verify_result_.public_key_hashes, server_cert_.get(), |
| 1211 | server_cert_verify_result_.verified_cert.get(), |
| 1212 | TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_); |
| 1213 | switch (pin_validity) { |
| 1214 | case TransportSecurityState::PKPStatus::VIOLATED: |
| 1215 | server_cert_verify_result_.cert_status |= |
| 1216 | CERT_STATUS_PINNED_KEY_MISSING; |
| 1217 | result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 1218 | break; |
| 1219 | case TransportSecurityState::PKPStatus::BYPASSED: |
| 1220 | pkp_bypassed_ = true; |
| 1221 | FALLTHROUGH; |
| 1222 | case TransportSecurityState::PKPStatus::OK: |
| 1223 | // Do nothing. |
| 1224 | break; |
| 1225 | } |
| 1226 | if (result != ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN && ct_result != OK) |
| 1227 | result = ct_result; |
| 1228 | } |
| 1229 | |
| 1230 | is_fatal_cert_error_ = |
| 1231 | IsCertStatusError(server_cert_verify_result_.cert_status) && |
| 1232 | !IsCertStatusMinorError(server_cert_verify_result_.cert_status) && |
| 1233 | transport_security_state_->ShouldSSLErrorsBeFatal(host_and_port_.host()); |
| 1234 | |
| 1235 | if (IsCertificateError(result) && ssl_config_.ignore_certificate_errors) { |
| 1236 | result = OK; |
| 1237 | } |
| 1238 | |
| 1239 | if (result == OK) { |
| 1240 | return ssl_verify_ok; |
| 1241 | } |
| 1242 | |
| 1243 | OpenSSLPutNetError(FROM_HERE, result); |
| 1244 | return ssl_verify_invalid; |
| 1245 | } |
| 1246 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1247 | void SSLClientSocketImpl::DoConnectCallback(int rv) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1248 | if (!user_connect_callback_.is_null()) { |
Brad Lassey | 3a81417 | 2018-04-26 03:30:21 | [diff] [blame] | 1249 | std::move(user_connect_callback_).Run(rv > OK ? OK : rv); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1250 | } |
| 1251 | } |
| 1252 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1253 | void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1254 | int rv = DoHandshakeLoop(result); |
| 1255 | if (rv != ERR_IO_PENDING) { |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 1256 | if (in_confirm_handshake_) { |
| 1257 | in_confirm_handshake_ = false; |
| 1258 | net_log_.EndEvent(NetLogEventType::SSL_CONFIRM_HANDSHAKE); |
| 1259 | } else { |
| 1260 | LogConnectEndEvent(rv); |
| 1261 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1262 | DoConnectCallback(rv); |
| 1263 | } |
| 1264 | } |
| 1265 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1266 | int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { |
Alexandr Ilin | 3312663 | 2018-11-14 14:48:17 | [diff] [blame] | 1267 | TRACE_EVENT0(NetTracingCategory(), "SSLClientSocketImpl::DoHandshakeLoop"); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1268 | int rv = last_io_result; |
| 1269 | do { |
| 1270 | // Default to STATE_NONE for next state. |
| 1271 | // (This is a quirk carried over from the windows |
| 1272 | // implementation. It makes reading the logs a bit harder.) |
| 1273 | // State handlers can and often do call GotoState just |
| 1274 | // to stay in the current state. |
| 1275 | State state = next_handshake_state_; |
rsleevi | adbd498 | 2016-06-13 22:10:27 | [diff] [blame] | 1276 | next_handshake_state_ = STATE_NONE; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1277 | switch (state) { |
| 1278 | case STATE_HANDSHAKE: |
| 1279 | rv = DoHandshake(); |
| 1280 | break; |
davidben | c4212c0 | 2015-05-12 22:30:18 | [diff] [blame] | 1281 | case STATE_HANDSHAKE_COMPLETE: |
| 1282 | rv = DoHandshakeComplete(rv); |
| 1283 | break; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1284 | case STATE_NONE: |
| 1285 | default: |
| 1286 | rv = ERR_UNEXPECTED; |
| 1287 | NOTREACHED() << "unexpected state" << state; |
| 1288 | break; |
| 1289 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1290 | } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); |
| 1291 | return rv; |
| 1292 | } |
| 1293 | |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1294 | int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1295 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1296 | |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1297 | DCHECK_LT(0, buf_len); |
| 1298 | DCHECK(buf); |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1299 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1300 | int rv; |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1301 | if (pending_read_error_ != kSSLClientSocketNoPendingResult) { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1302 | rv = pending_read_error_; |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1303 | pending_read_error_ = kSSLClientSocketNoPendingResult; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1304 | if (rv == 0) { |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1305 | net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1306 | rv, buf->data()); |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1307 | } else { |
| 1308 | net_log_.AddEvent( |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1309 | NetLogEventType::SSL_READ_ERROR, |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1310 | CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| 1311 | pending_read_error_info_)); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1312 | } |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1313 | pending_read_ssl_error_ = SSL_ERROR_NONE; |
| 1314 | pending_read_error_info_ = OpenSSLErrorInfo(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1315 | return rv; |
| 1316 | } |
| 1317 | |
| 1318 | int total_bytes_read = 0; |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1319 | int ssl_ret; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1320 | do { |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1321 | ssl_ret = SSL_read(ssl_.get(), buf->data() + total_bytes_read, |
| 1322 | buf_len - total_bytes_read); |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1323 | if (ssl_ret > 0) |
| 1324 | total_bytes_read += ssl_ret; |
davidben | 8ea6b17 | 2017-03-07 23:53:50 | [diff] [blame] | 1325 | // Continue processing records as long as there is more data available |
| 1326 | // synchronously. |
| 1327 | } while (total_bytes_read < buf_len && ssl_ret > 0 && |
| 1328 | transport_adapter_->HasPendingReadData()); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1329 | |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1330 | // Although only the final SSL_read call may have failed, the failure needs to |
| 1331 | // processed immediately, while the information still available in OpenSSL's |
| 1332 | // error queue. |
davidben | ced4aa9b | 2015-05-12 21:22:35 | [diff] [blame] | 1333 | if (ssl_ret <= 0) { |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1334 | pending_read_ssl_error_ = SSL_get_error(ssl_.get(), ssl_ret); |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1335 | if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) { |
| 1336 | pending_read_error_ = 0; |
davidben | ced4aa9b | 2015-05-12 21:22:35 | [diff] [blame] | 1337 | } else if (pending_read_ssl_error_ == SSL_ERROR_WANT_X509_LOOKUP && |
| 1338 | !ssl_config_.send_client_cert) { |
| 1339 | pending_read_error_ = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1340 | } else if (pending_read_ssl_error_ == |
| 1341 | SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) { |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 1342 | DCHECK(ssl_config_.client_private_key); |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1343 | DCHECK_NE(kSSLClientSocketNoPendingResult, signature_result_); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1344 | pending_read_error_ = ERR_IO_PENDING; |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1345 | } else { |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 1346 | pending_read_error_ = MapLastOpenSSLError( |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1347 | pending_read_ssl_error_, err_tracer, &pending_read_error_info_); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1348 | } |
| 1349 | |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1350 | // Many servers do not reliably send a close_notify alert when shutting down |
| 1351 | // a connection, and instead terminate the TCP connection. This is reported |
| 1352 | // as ERR_CONNECTION_CLOSED. Because of this, map the unclean shutdown to a |
| 1353 | // graceful EOF, instead of treating it as an error as it should be. |
| 1354 | if (pending_read_error_ == ERR_CONNECTION_CLOSED) |
| 1355 | pending_read_error_ = 0; |
| 1356 | } |
davidben | be6ce7ec | 2014-10-20 19:15:56 | [diff] [blame] | 1357 | |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1358 | if (total_bytes_read > 0) { |
| 1359 | // Return any bytes read to the caller. The error will be deferred to the |
| 1360 | // next call of DoPayloadRead. |
| 1361 | rv = total_bytes_read; |
davidben | be6ce7ec | 2014-10-20 19:15:56 | [diff] [blame] | 1362 | |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1363 | // Do not treat insufficient data as an error to return in the next call to |
| 1364 | // DoPayloadRead() - instead, let the call fall through to check SSL_read() |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1365 | // again. The transport may have data available by then. |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1366 | if (pending_read_error_ == ERR_IO_PENDING) |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1367 | pending_read_error_ = kSSLClientSocketNoPendingResult; |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1368 | } else { |
| 1369 | // No bytes were returned. Return the pending read error immediately. |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1370 | DCHECK_NE(kSSLClientSocketNoPendingResult, pending_read_error_); |
davidben | 7e555daf | 2015-03-25 17:03:29 | [diff] [blame] | 1371 | rv = pending_read_error_; |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1372 | pending_read_error_ = kSSLClientSocketNoPendingResult; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1373 | } |
| 1374 | |
| 1375 | if (rv >= 0) { |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1376 | net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1377 | rv, buf->data()); |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1378 | } else if (rv != ERR_IO_PENDING) { |
| 1379 | net_log_.AddEvent( |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1380 | NetLogEventType::SSL_READ_ERROR, |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1381 | CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| 1382 | pending_read_error_info_)); |
| 1383 | pending_read_ssl_error_ = SSL_ERROR_NONE; |
| 1384 | pending_read_error_info_ = OpenSSLErrorInfo(); |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1385 | } |
| 1386 | return rv; |
| 1387 | } |
| 1388 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1389 | int SSLClientSocketImpl::DoPayloadWrite() { |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1390 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1391 | int rv = SSL_write(ssl_.get(), user_write_buf_->data(), user_write_buf_len_); |
rsleevi | f020edc | 2015-03-16 19:31:24 | [diff] [blame] | 1392 | |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1393 | if (rv >= 0) { |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1394 | net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_SENT, rv, |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1395 | user_write_buf_->data()); |
Adam Langley | 68df3af | 2019-01-19 00:37:10 | [diff] [blame] | 1396 | if (first_post_handshake_write_ && SSL_is_init_finished(ssl_.get())) { |
| 1397 | if (base::FeatureList::IsEnabled(features::kTLS13KeyUpdate) && |
| 1398 | SSL_version(ssl_.get()) == TLS1_3_VERSION) { |
| 1399 | const int ok = SSL_key_update(ssl_.get(), SSL_KEY_UPDATE_REQUESTED); |
| 1400 | DCHECK(ok); |
| 1401 | } |
| 1402 | first_post_handshake_write_ = false; |
| 1403 | } |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1404 | return rv; |
| 1405 | } |
| 1406 | |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1407 | int ssl_error = SSL_get_error(ssl_.get(), rv); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1408 | if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) |
| 1409 | return ERR_IO_PENDING; |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1410 | OpenSSLErrorInfo error_info; |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 1411 | int net_error = MapLastOpenSSLError(ssl_error, err_tracer, &error_info); |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1412 | |
| 1413 | if (net_error != ERR_IO_PENDING) { |
| 1414 | net_log_.AddEvent( |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1415 | NetLogEventType::SSL_WRITE_ERROR, |
davidben | b8c2321 | 2014-10-28 00:12:16 | [diff] [blame] | 1416 | CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 1417 | } |
| 1418 | return net_error; |
[email protected] | b9b651f | 2013-11-09 04:32:22 | [diff] [blame] | 1419 | } |
| 1420 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1421 | void SSLClientSocketImpl::RetryAllOperations() { |
| 1422 | // SSL_do_handshake, SSL_read, and SSL_write may all be retried when blocked, |
| 1423 | // so retry all operations for simplicity. (Otherwise, SSL_get_error for each |
| 1424 | // operation may be remembered to retry only the blocked ones.) |
| 1425 | |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 1426 | // Performing these callbacks may cause |this| to be deleted. If this |
| 1427 | // happens, the other callbacks should not be invoked. Guard against this by |
| 1428 | // holding a WeakPtr to |this| and ensuring it's still valid. |
| 1429 | base::WeakPtr<SSLClientSocketImpl> guard(weak_factory_.GetWeakPtr()); |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1430 | if (next_handshake_state_ == STATE_HANDSHAKE) { |
| 1431 | // In handshake phase. The parameter to OnHandshakeIOComplete is unused. |
| 1432 | OnHandshakeIOComplete(OK); |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1433 | } |
| 1434 | |
Steven Valdez | 6af02df | 2018-07-15 21:52:33 | [diff] [blame] | 1435 | if (!guard.get()) |
| 1436 | return; |
| 1437 | |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1438 | int rv_read = ERR_IO_PENDING; |
| 1439 | int rv_write = ERR_IO_PENDING; |
xunjieli | 321a96f3 | 2017-03-07 19:42:17 | [diff] [blame] | 1440 | if (user_read_buf_) { |
| 1441 | rv_read = DoPayloadRead(user_read_buf_.get(), user_read_buf_len_); |
| 1442 | } else if (!user_read_callback_.is_null()) { |
| 1443 | // ReadIfReady() is called by the user. Skip DoPayloadRead() and just let |
| 1444 | // the user know that read can be retried. |
| 1445 | rv_read = OK; |
| 1446 | } |
| 1447 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1448 | if (user_write_buf_) |
| 1449 | rv_write = DoPayloadWrite(); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1450 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1451 | if (rv_read != ERR_IO_PENDING) |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1452 | DoReadCallback(rv_read); |
| 1453 | |
| 1454 | if (!guard.get()) |
| 1455 | return; |
| 1456 | |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1457 | if (rv_write != ERR_IO_PENDING) |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1458 | DoWriteCallback(rv_write); |
| 1459 | } |
| 1460 | |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1461 | int SSLClientSocketImpl::VerifyCT() { |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1462 | const uint8_t* sct_list_raw; |
| 1463 | size_t sct_list_len; |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1464 | SSL_get0_signed_cert_timestamp_list(ssl_.get(), &sct_list_raw, &sct_list_len); |
rsleevi | 22cae167 | 2016-12-28 01:53:36 | [diff] [blame] | 1465 | base::StringPiece sct_list(reinterpret_cast<const char*>(sct_list_raw), |
| 1466 | sct_list_len); |
| 1467 | |
| 1468 | const uint8_t* ocsp_response_raw; |
| 1469 | size_t ocsp_response_len; |
| 1470 | SSL_get0_ocsp_response(ssl_.get(), &ocsp_response_raw, &ocsp_response_len); |
| 1471 | base::StringPiece ocsp_response( |
| 1472 | reinterpret_cast<const char*>(ocsp_response_raw), ocsp_response_len); |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1473 | |
| 1474 | // Note that this is a completely synchronous operation: The CT Log Verifier |
| 1475 | // gets all the data it needs for SCT verification and does not do any |
| 1476 | // external communication. |
| 1477 | cert_transparency_verifier_->Verify( |
Rob Percival | bc658a2 | 2017-12-13 08:24:42 | [diff] [blame] | 1478 | host_and_port().host(), server_cert_verify_result_.verified_cert.get(), |
| 1479 | ocsp_response, sct_list, &ct_verify_result_.scts, net_log_); |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1480 | |
Ryan Sleevi | 8a9c9c1 | 2018-05-09 02:36:23 | [diff] [blame] | 1481 | ct::SCTList verified_scts = |
eranm | 4bed0b57 | 2016-08-14 21:00:35 | [diff] [blame] | 1482 | ct::SCTsMatchingStatus(ct_verify_result_.scts, ct::SCT_STATUS_OK); |
| 1483 | |
Emily Stark | 627238f | 2017-11-29 03:29:54 | [diff] [blame] | 1484 | ct_verify_result_.policy_compliance = policy_enforcer_->CheckCompliance( |
| 1485 | server_cert_verify_result_.verified_cert.get(), verified_scts, net_log_); |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1486 | if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
Emily Stark | 627238f | 2017-11-29 03:29:54 | [diff] [blame] | 1487 | if (ct_verify_result_.policy_compliance != |
Ryan Sleevi | 8a9c9c1 | 2018-05-09 02:36:23 | [diff] [blame] | 1488 | ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS && |
| 1489 | ct_verify_result_.policy_compliance != |
| 1490 | ct::CTPolicyCompliance::CT_POLICY_BUILD_NOT_TIMELY) { |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1491 | server_cert_verify_result_.cert_status |= |
| 1492 | CERT_STATUS_CT_COMPLIANCE_FAILED; |
| 1493 | server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1494 | } |
| 1495 | |
| 1496 | // Record the CT compliance status for connections with EV certificates, to |
| 1497 | // distinguish how often EV status is being dropped due to failing CT |
| 1498 | // compliance. |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1499 | if (server_cert_verify_result_.is_issued_by_known_root) { |
| 1500 | UMA_HISTOGRAM_ENUMERATION("Net.CertificateTransparency.EVCompliance2.SSL", |
| 1501 | ct_verify_result_.policy_compliance, |
Kunihiko Sakamoto | 3646973 | 2018-09-27 03:33:45 | [diff] [blame] | 1502 | ct::CTPolicyCompliance::CT_POLICY_COUNT); |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1503 | } |
rsleevi | cd7390e | 2017-06-14 10:18:26 | [diff] [blame] | 1504 | } |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1505 | |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1506 | // Record the CT compliance of every connection to get an overall picture of |
| 1507 | // how many connections are CT-compliant. |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1508 | if (server_cert_verify_result_.is_issued_by_known_root) { |
| 1509 | UMA_HISTOGRAM_ENUMERATION( |
| 1510 | "Net.CertificateTransparency.ConnectionComplianceStatus2.SSL", |
| 1511 | ct_verify_result_.policy_compliance, |
Kunihiko Sakamoto | 3646973 | 2018-09-27 03:33:45 | [diff] [blame] | 1512 | ct::CTPolicyCompliance::CT_POLICY_COUNT); |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1513 | } |
Emily Stark | c96e9bc | 2017-10-10 00:10:39 | [diff] [blame] | 1514 | |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1515 | TransportSecurityState::CTRequirementsStatus ct_requirement_status = |
| 1516 | transport_security_state_->CheckCTRequirements( |
estark | bf1b5296 | 2017-05-05 17:05:25 | [diff] [blame] | 1517 | host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
| 1518 | server_cert_verify_result_.public_key_hashes, |
| 1519 | server_cert_verify_result_.verified_cert.get(), server_cert_.get(), |
| 1520 | ct_verify_result_.scts, |
| 1521 | TransportSecurityState::ENABLE_EXPECT_CT_REPORTS, |
Emily Stark | 627238f | 2017-11-29 03:29:54 | [diff] [blame] | 1522 | ct_verify_result_.policy_compliance); |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1523 | if (ct_requirement_status != TransportSecurityState::CT_NOT_REQUIRED) { |
Emily Stark | 8b411de0 | 2017-11-23 20:21:27 | [diff] [blame] | 1524 | ct_verify_result_.policy_compliance_required = true; |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1525 | if (server_cert_verify_result_.is_issued_by_known_root) { |
| 1526 | // Record the CT compliance of connections for which compliance is |
| 1527 | // required; this helps answer the question: "Of all connections that are |
| 1528 | // supposed to be serving valid CT information, how many fail to do so?" |
| 1529 | UMA_HISTOGRAM_ENUMERATION( |
| 1530 | "Net.CertificateTransparency.CTRequiredConnectionComplianceStatus2." |
| 1531 | "SSL", |
| 1532 | ct_verify_result_.policy_compliance, |
Kunihiko Sakamoto | 3646973 | 2018-09-27 03:33:45 | [diff] [blame] | 1533 | ct::CTPolicyCompliance::CT_POLICY_COUNT); |
Emily Stark | efce783 | 2017-11-30 03:16:16 | [diff] [blame] | 1534 | } |
Emily Stark | 8b411de0 | 2017-11-23 20:21:27 | [diff] [blame] | 1535 | } else { |
| 1536 | ct_verify_result_.policy_compliance_required = false; |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1537 | } |
| 1538 | |
Emily Stark | 0d9809e | 2017-10-18 08:29:15 | [diff] [blame] | 1539 | switch (ct_requirement_status) { |
| 1540 | case TransportSecurityState::CT_REQUIREMENTS_NOT_MET: |
| 1541 | server_cert_verify_result_.cert_status |= |
| 1542 | CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1543 | return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1544 | case TransportSecurityState::CT_REQUIREMENTS_MET: |
| 1545 | case TransportSecurityState::CT_NOT_REQUIRED: |
| 1546 | return OK; |
| 1547 | } |
| 1548 | |
| 1549 | NOTREACHED(); |
rsleevi | 4a6ca8c | 2016-06-24 03:05:22 | [diff] [blame] | 1550 | return OK; |
| 1551 | } |
| 1552 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1553 | int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1554 | DCHECK(ssl == ssl_.get()); |
[email protected] | 82c5902 | 2014-08-15 09:38:27 | [diff] [blame] | 1555 | |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1556 | net_log_.AddEvent(NetLogEventType::SSL_CLIENT_CERT_REQUESTED); |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 1557 | certificate_requested_ = true; |
davidben | af42cbe | 2014-11-13 03:27:46 | [diff] [blame] | 1558 | |
[email protected] | 82c5902 | 2014-08-15 09:38:27 | [diff] [blame] | 1559 | // Clear any currently configured certificates. |
davidben | d80c12c | 2016-10-11 00:13:49 | [diff] [blame] | 1560 | SSL_certs_clear(ssl_.get()); |
[email protected] | 97a854f | 2014-07-29 07:51:36 | [diff] [blame] | 1561 | |
| 1562 | #if defined(OS_IOS) |
| 1563 | // TODO(droger): Support client auth on iOS. See http://crbug.com/145954). |
| 1564 | LOG(WARNING) << "Client auth is not supported"; |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1565 | #else // !defined(OS_IOS) |
[email protected] | 5ac981e18 | 2010-12-06 17:56:27 | [diff] [blame] | 1566 | if (!ssl_config_.send_client_cert) { |
[email protected] | 515adc2 | 2013-01-09 16:01:23 | [diff] [blame] | 1567 | // First pass: we know that a client certificate is needed, but we do not |
davidben | b11fd21 | 2017-01-12 17:08:03 | [diff] [blame] | 1568 | // have one at hand. Suspend the handshake. SSL_get_error will return |
| 1569 | // SSL_ERROR_WANT_X509_LOOKUP. |
davidben | ced4aa9b | 2015-05-12 21:22:35 | [diff] [blame] | 1570 | return -1; |
[email protected] | 5ac981e18 | 2010-12-06 17:56:27 | [diff] [blame] | 1571 | } |
| 1572 | |
| 1573 | // Second pass: a client certificate should have been selected. |
[email protected] | 13914c9 | 2013-06-13 22:42:42 | [diff] [blame] | 1574 | if (ssl_config_.client_cert.get()) { |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 1575 | if (!ssl_config_.client_private_key) { |
| 1576 | // The caller supplied a null private key. Fail the handshake and surface |
| 1577 | // an appropriate error to the caller. |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1578 | LOG(WARNING) << "Client cert found without private key"; |
| 1579 | OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); |
| 1580 | return -1; |
| 1581 | } |
| 1582 | |
David Benjamin | b8ab385 | 2017-08-04 00:17:32 | [diff] [blame] | 1583 | if (!SetSSLChainAndKey(ssl_.get(), ssl_config_.client_cert.get(), nullptr, |
| 1584 | &SSLContext::kPrivateKeyMethod)) { |
davidben | a35b40c3 | 2017-03-09 17:33:45 | [diff] [blame] | 1585 | OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); |
| 1586 | return -1; |
| 1587 | } |
svaldez | f3db006f | 2015-09-29 16:43:58 | [diff] [blame] | 1588 | |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 1589 | std::vector<uint16_t> preferences = |
| 1590 | ssl_config_.client_private_key->GetAlgorithmPreferences(); |
| 1591 | SSL_set_signing_algorithm_prefs(ssl_.get(), preferences.data(), |
| 1592 | preferences.size()); |
davidben | af42cbe | 2014-11-13 03:27:46 | [diff] [blame] | 1593 | |
David Benjamin | b8ab385 | 2017-08-04 00:17:32 | [diff] [blame] | 1594 | net_log_.AddEvent( |
| 1595 | NetLogEventType::SSL_CLIENT_CERT_PROVIDED, |
| 1596 | NetLog::IntCallback( |
| 1597 | "cert_count", |
Raul Tambre | 8335a6d | 2019-02-21 16:57:43 | [diff] [blame] | 1598 | base::checked_cast<int>( |
| 1599 | 1 + ssl_config_.client_cert->intermediate_buffers().size()))); |
[email protected] | 6bad505 | 2014-07-12 01:25:13 | [diff] [blame] | 1600 | return 1; |
[email protected] | c078770 | 2014-05-20 21:51:44 | [diff] [blame] | 1601 | } |
[email protected] | 97a854f | 2014-07-29 07:51:36 | [diff] [blame] | 1602 | #endif // defined(OS_IOS) |
[email protected] | 5ac981e18 | 2010-12-06 17:56:27 | [diff] [blame] | 1603 | |
| 1604 | // Send no client certificate. |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1605 | net_log_.AddEvent(NetLogEventType::SSL_CLIENT_CERT_PROVIDED, |
tfarina | 5e24b24 | 2015-10-27 13:11:28 | [diff] [blame] | 1606 | NetLog::IntCallback("cert_count", 0)); |
[email protected] | 82c5902 | 2014-08-15 09:38:27 | [diff] [blame] | 1607 | return 1; |
[email protected] | 5ac981e18 | 2010-12-06 17:56:27 | [diff] [blame] | 1608 | } |
| 1609 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1610 | int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 1611 | if (!IsCachingEnabled()) |
David Benjamin | b3840f4 | 2017-08-03 15:50:16 | [diff] [blame] | 1612 | return 0; |
| 1613 | |
David Benjamin | 6617c39 | 2019-02-12 18:08:57 | [diff] [blame] | 1614 | // OpenSSL optionally passes ownership of |session|. Returning one signals |
| 1615 | // that this function has claimed it. |
| 1616 | ssl_client_session_cache_->Insert(GetSessionCacheKey(), |
| 1617 | bssl::UniquePtr<SSL_SESSION>(session)); |
| 1618 | return 1; |
davidben | dafe4e5 | 2015-04-08 22:53:52 | [diff] [blame] | 1619 | } |
| 1620 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1621 | void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
estark | 723b5eeb | 2016-02-18 21:01:12 | [diff] [blame] | 1622 | ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
davidben | eb5f8ef3 | 2014-09-04 14:14:32 | [diff] [blame] | 1623 | } |
| 1624 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1625 | std::string SSLClientSocketImpl::GetSessionCacheKey() const { |
David Benjamin | 6f2da65 | 2019-06-26 23:36:35 | [diff] [blame^] | 1626 | if (base::FeatureList::IsEnabled( |
| 1627 | features::kPartitionSSLSessionsByNetworkIsolationKey)) { |
| 1628 | return host_and_port_.ToString() + '/' + |
| 1629 | ssl_config_.network_isolation_key.ToString(); |
| 1630 | } |
David Benjamin | d61bd53 | 2019-04-23 21:11:37 | [diff] [blame] | 1631 | return host_and_port_.ToString(); |
rsleevi | f020edc | 2015-03-16 19:31:24 | [diff] [blame] | 1632 | } |
| 1633 | |
svaldez | e83af29 | 2016-04-26 14:33:37 | [diff] [blame] | 1634 | bool SSLClientSocketImpl::IsRenegotiationAllowed() const { |
bnc | ce6ea24 | 2016-09-15 20:22:32 | [diff] [blame] | 1635 | if (negotiated_protocol_ == kProtoUnknown) |
davidben | 421116c | 2015-05-12 19:56:51 | [diff] [blame] | 1636 | return ssl_config_.renego_allowed_default; |
| 1637 | |
davidben | 421116c | 2015-05-12 19:56:51 | [diff] [blame] | 1638 | for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { |
bnc | 3cf2a59 | 2016-08-11 14:48:36 | [diff] [blame] | 1639 | if (negotiated_protocol_ == allowed) |
davidben | 421116c | 2015-05-12 19:56:51 | [diff] [blame] | 1640 | return true; |
| 1641 | } |
| 1642 | return false; |
| 1643 | } |
| 1644 | |
Daniel McArdle | 3a663d6 | 2019-01-31 00:48:47 | [diff] [blame] | 1645 | bool SSLClientSocketImpl::IsCachingEnabled() const { |
| 1646 | return ssl_client_session_cache_ != nullptr; |
| 1647 | } |
| 1648 | |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 1649 | ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback( |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1650 | uint8_t* out, |
| 1651 | size_t* out_len, |
| 1652 | size_t max_out, |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 1653 | uint16_t algorithm, |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1654 | const uint8_t* in, |
| 1655 | size_t in_len) { |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1656 | DCHECK_EQ(kSSLClientSocketNoPendingResult, signature_result_); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1657 | DCHECK(signature_.empty()); |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 1658 | DCHECK(ssl_config_.client_private_key); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1659 | |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 1660 | net_log_.BeginEvent( |
| 1661 | NetLogEventType::SSL_PRIVATE_KEY_OP, |
David Benjamin | b65b073 | 2018-11-09 20:33:53 | [diff] [blame] | 1662 | base::BindRepeating( |
| 1663 | &NetLogPrivateKeyOperationCallback, algorithm, |
| 1664 | // Pass the SSLPrivateKey pointer to avoid making copies of the |
| 1665 | // provider name in the common case with logging disabled. |
| 1666 | base::Unretained(ssl_config_.client_private_key.get()))); |
David Benjamin | b9bafbe | 2017-11-07 21:41:38 | [diff] [blame] | 1667 | |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1668 | signature_result_ = ERR_IO_PENDING; |
David Benjamin | 9ba36b0 | 2017-11-10 19:01:53 | [diff] [blame] | 1669 | ssl_config_.client_private_key->Sign( |
| 1670 | algorithm, base::make_span(in, in_len), |
David Benjamin | 8f2d2c1 | 2018-02-27 00:08:26 | [diff] [blame] | 1671 | base::BindOnce(&SSLClientSocketImpl::OnPrivateKeyComplete, |
| 1672 | weak_factory_.GetWeakPtr())); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1673 | return ssl_private_key_retry; |
| 1674 | } |
| 1675 | |
davidben | 0bca07fd | 2016-07-18 15:12:03 | [diff] [blame] | 1676 | ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback( |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1677 | uint8_t* out, |
| 1678 | size_t* out_len, |
| 1679 | size_t max_out) { |
Oscar Johansson | d49464e | 2018-07-02 09:35:45 | [diff] [blame] | 1680 | DCHECK_NE(kSSLClientSocketNoPendingResult, signature_result_); |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 1681 | DCHECK(ssl_config_.client_private_key); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1682 | |
| 1683 | if (signature_result_ == ERR_IO_PENDING) |
| 1684 | return ssl_private_key_retry; |
| 1685 | if (signature_result_ != OK) { |
| 1686 | OpenSSLPutNetError(FROM_HERE, signature_result_); |
| 1687 | return ssl_private_key_failure; |
| 1688 | } |
| 1689 | if (signature_.size() > max_out) { |
| 1690 | OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 1691 | return ssl_private_key_failure; |
| 1692 | } |
davidben | 5f8b6bc | 2015-11-25 03:19:54 | [diff] [blame] | 1693 | memcpy(out, signature_.data(), signature_.size()); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1694 | *out_len = signature_.size(); |
| 1695 | signature_.clear(); |
| 1696 | return ssl_private_key_success; |
| 1697 | } |
| 1698 | |
davidben | 0bca07fd | 2016-07-18 15:12:03 | [diff] [blame] | 1699 | void SSLClientSocketImpl::OnPrivateKeyComplete( |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1700 | Error error, |
| 1701 | const std::vector<uint8_t>& signature) { |
| 1702 | DCHECK_EQ(ERR_IO_PENDING, signature_result_); |
| 1703 | DCHECK(signature_.empty()); |
svaldez | 7872fd0 | 2015-11-19 21:10:54 | [diff] [blame] | 1704 | DCHECK(ssl_config_.client_private_key); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1705 | |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1706 | net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_PRIVATE_KEY_OP, error); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1707 | |
| 1708 | signature_result_ = error; |
| 1709 | if (signature_result_ == OK) |
| 1710 | signature_ = signature; |
| 1711 | |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1712 | // During a renegotiation, either Read or Write calls may be blocked on an |
| 1713 | // asynchronous private key operation. |
davidben | 3418e81f | 2016-10-19 00:09:45 | [diff] [blame] | 1714 | RetryAllOperations(); |
davidben | 1d48952 | 2015-07-01 18:48:46 | [diff] [blame] | 1715 | } |
| 1716 | |
David Benjamin | 7a8e4dfa | 2018-06-12 23:07:21 | [diff] [blame] | 1717 | void SSLClientSocketImpl::InfoCallback(int type, int value) { |
| 1718 | if (type == SSL_CB_HANDSHAKE_START && completed_connect_) { |
| 1719 | UMA_HISTOGRAM_BOOLEAN("Net.SSLSecureRenegotiation", |
| 1720 | SSL_get_secure_renegotiation_support(ssl_.get())); |
| 1721 | } |
| 1722 | } |
| 1723 | |
davidben | cef9e21 | 2017-04-19 15:00:10 | [diff] [blame] | 1724 | void SSLClientSocketImpl::MessageCallback(int is_write, |
| 1725 | int content_type, |
| 1726 | const void* buf, |
| 1727 | size_t len) { |
| 1728 | switch (content_type) { |
| 1729 | case SSL3_RT_ALERT: |
| 1730 | net_log_.AddEvent(is_write ? NetLogEventType::SSL_ALERT_SENT |
| 1731 | : NetLogEventType::SSL_ALERT_RECEIVED, |
| 1732 | base::Bind(&NetLogSSLAlertCallback, buf, len)); |
| 1733 | break; |
| 1734 | case SSL3_RT_HANDSHAKE: |
| 1735 | net_log_.AddEvent( |
| 1736 | is_write ? NetLogEventType::SSL_HANDSHAKE_MESSAGE_SENT |
| 1737 | : NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED, |
| 1738 | base::Bind(&NetLogSSLMessageCallback, !!is_write, buf, len)); |
| 1739 | break; |
| 1740 | default: |
| 1741 | return; |
| 1742 | } |
| 1743 | } |
| 1744 | |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 1745 | void SSLClientSocketImpl::LogConnectEndEvent(int rv) { |
| 1746 | if (rv != OK) { |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1747 | net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_CONNECT, rv); |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 1748 | return; |
| 1749 | } |
| 1750 | |
mikecirone | 8b85c43 | 2016-09-08 19:11:00 | [diff] [blame] | 1751 | net_log_.EndEvent(NetLogEventType::SSL_CONNECT, |
davidben | 281d13f0 | 2016-04-27 20:43:28 | [diff] [blame] | 1752 | base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 1753 | } |
| 1754 | |
bnc | bd442c2 | 2016-09-14 20:49:16 | [diff] [blame] | 1755 | void SSLClientSocketImpl::RecordNegotiatedProtocol() const { |
| 1756 | UMA_HISTOGRAM_ENUMERATION("Net.SSLNegotiatedAlpnProtocol", |
| 1757 | negotiated_protocol_, kProtoLast + 1); |
bnc | 3cf2a59 | 2016-08-11 14:48:36 | [diff] [blame] | 1758 | } |
| 1759 | |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 1760 | int SSLClientSocketImpl::MapLastOpenSSLError( |
| 1761 | int ssl_error, |
| 1762 | const crypto::OpenSSLErrStackTracer& tracer, |
| 1763 | OpenSSLErrorInfo* info) { |
| 1764 | int net_error = MapOpenSSLErrorWithDetails(ssl_error, tracer, info); |
| 1765 | |
| 1766 | if (ssl_error == SSL_ERROR_SSL && |
| 1767 | ERR_GET_LIB(info->error_code) == ERR_LIB_SSL) { |
| 1768 | // TLS does not provide an alert for missing client certificates, so most |
| 1769 | // servers send a generic handshake_failure alert. Detect this case by |
| 1770 | // checking if we have received a CertificateRequest but sent no |
| 1771 | // certificate. See https://crbug.com/646567. |
| 1772 | if (ERR_GET_REASON(info->error_code) == |
| 1773 | SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE && |
| 1774 | certificate_requested_ && ssl_config_.send_client_cert && |
| 1775 | !ssl_config_.client_cert) { |
| 1776 | net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 1777 | } |
| 1778 | |
| 1779 | // Per spec, access_denied is only for client-certificate-based access |
| 1780 | // control, but some buggy firewalls use it when blocking a page. To avoid a |
| 1781 | // confusing error, map it to a generic protocol error if no |
| 1782 | // CertificateRequest was sent. See https://crbug.com/630883. |
| 1783 | if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 1784 | !certificate_requested_) { |
| 1785 | net_error = ERR_SSL_PROTOCOL_ERROR; |
| 1786 | } |
David Benjamin | 5b4410e | 2017-11-10 21:50:23 | [diff] [blame] | 1787 | |
| 1788 | // This error is specific to the client, so map it here. |
| 1789 | if (ERR_GET_REASON(info->error_code) == |
| 1790 | SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS) { |
| 1791 | net_error = ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS; |
| 1792 | } |
davidben | fe132d9 | 2016-09-27 18:07:21 | [diff] [blame] | 1793 | } |
| 1794 | |
| 1795 | return net_error; |
| 1796 | } |
| 1797 | |
[email protected] | 7e5dd49f | 2010-12-08 18:33:49 | [diff] [blame] | 1798 | } // namespace net |