Google Git
Sign in
chromium / chromium / src / b5a0f6c6bd8d4d0dc6339a6246cf60a5c95e7cdc / . / net / socket / ssl_client_socket_openssl.cc
blob: dd68b05669f188433389173b3224db1a61cd62f9 [file] [log] [blame]
[email protected]013c17c2012-01-21 19:09:01[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// OpenSSL binding for SSLClientSocket. The class layout and general principle
6// of operation is derived from SSLClientSocketNSS.
7
8#include "net/socket/ssl_client_socket_openssl.h"
9
[email protected]edfd0f42014-07-22 18:20:37[diff] [blame]10#include <errno.h>
davidben018aad62014-09-12 02:25:19[diff] [blame]11#include <openssl/bio.h>
nharper736ceda2015-11-07 00:16:59[diff] [blame]12#include <openssl/bytestring.h>
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]13#include <openssl/err.h>
nharper736ceda2015-11-07 00:16:59[diff] [blame]14#include <openssl/evp.h>
davidben121e9c962015-05-01 00:40:49[diff] [blame]15#include <openssl/mem.h>
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]16#include <openssl/ssl.h>
bnc67da3de2015-01-15 21:02:26[diff] [blame]17#include <string.h>
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]18
davidben752bcf22015-12-21 22:55:50[diff] [blame]19#include <utility>
20
[email protected]0f7804ec2011-10-07 20:04:18[diff] [blame]21#include "base/bind.h"
[email protected]f2da6ac2013-02-04 08:22:53[diff] [blame]22#include "base/callback_helpers.h"
davidben1d489522015-07-01 18:48:46[diff] [blame]23#include "base/lazy_instance.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]24#include "base/macros.h"
[email protected]3b63f8f42011-03-28 01:54:15[diff] [blame]25#include "base/memory/singleton.h"
asvitkinec3c93722015-06-17 14:48:37[diff] [blame]26#include "base/metrics/histogram_macros.h"
davidben4fe4f982015-11-11 22:00:12[diff] [blame]27#include "base/metrics/sparse_histogram.h"
vadimtb2a77c762014-11-21 19:49:22[diff] [blame]28#include "base/profiler/scoped_tracker.h"
nharper49b27d992016-02-09 18:28:51[diff] [blame]29#include "base/strings/string_number_conversions.h"
davidben018aad62014-09-12 02:25:19[diff] [blame]30#include "base/strings/string_piece.h"
[email protected]20305ec2011-01-21 04:55:52[diff] [blame]31#include "base/synchronization/lock.h"
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]32#include "base/threading/thread_local.h"
estade5e5529d2015-05-21 20:59:11[diff] [blame]33#include "base/values.h"
davidben7dad2a32016-03-01 23:47:47[diff] [blame]34#include "crypto/auto_cbb.h"
[email protected]ee0f2aa82013-10-25 11:59:26[diff] [blame]35#include "crypto/ec_private_key.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]36#include "crypto/openssl_util.h"
[email protected]cd9b75b2014-07-10 04:39:38[diff] [blame]37#include "crypto/scoped_openssl_types.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]38#include "net/base/ip_address.h"
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]39#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]40#include "net/cert/cert_verifier.h"
eranmefbd3132014-10-28 16:35:16[diff] [blame]41#include "net/cert/ct_ev_whitelist.h"
estark6f9b3d82016-01-12 21:37:05[diff] [blame]42#include "net/cert/ct_policy_enforcer.h"
estark723b5eeb2016-02-18 21:01:12[diff] [blame]43#include "net/cert/ct_policy_status.h"
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]44#include "net/cert/ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/x509_certificate_net_log_param.h"
davidben30798ed82014-09-19 19:28:20[diff] [blame]46#include "net/cert/x509_util_openssl.h"
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]47#include "net/http/transport_security_state.h"
davidbenc879af02015-02-20 07:57:21[diff] [blame]48#include "net/ssl/scoped_openssl_types.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]49#include "net/ssl/ssl_cert_request_info.h"
davidbendafe4e52015-04-08 22:53:52[diff] [blame]50#include "net/ssl/ssl_client_session_cache_openssl.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]51#include "net/ssl/ssl_connection_status_flags.h"
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]52#include "net/ssl/ssl_failure_state.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]53#include "net/ssl/ssl_info.h"
davidben1d489522015-07-01 18:48:46[diff] [blame]54#include "net/ssl/ssl_private_key.h"
nharperd5cddca2016-02-27 03:37:52[diff] [blame]55#include "net/ssl/token_binding.h"
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]56
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]57#if !defined(OS_NACL)
58#include "net/ssl/ssl_key_logger.h"
59#endif
60
svaldeza1714ab2016-03-18 20:47:53[diff] [blame]61#if defined(USE_NSS_VERIFIER)
davidbena477a70a2015-10-06 04:38:29[diff] [blame]62#include "net/cert_net/nss_ocsp.h"
63#endif
64
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]65namespace net {
66
67namespace {
68
69// Enable this to see logging for state machine state transitions.
70#if 0
[email protected]3b112772010-10-04 10:54:49[diff] [blame]71#define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]72 " jump to state " << s; \
73 next_handshake_state_ = s; } while (0)
74#else
75#define GotoState(s) next_handshake_state_ = s
76#endif
77
[email protected]4b768562013-02-16 04:10:07[diff] [blame]78// This constant can be any non-negative/non-zero value (eg: it does not
79// overlap with any value of the net::Error range, including net::OK).
davidben1d489522015-07-01 18:48:46[diff] [blame]80const int kNoPendingResult = 1;
[email protected]4b768562013-02-16 04:10:07[diff] [blame]81
[email protected]168a8412012-06-14 05:05:49[diff] [blame]82// If a client doesn't have a list of protocols that it supports, but
83// the server supports NPN, choosing "http/1.1" is the best answer.
84const char kDefaultSupportedNPNProtocol[] = "http/1.1";
85
haavardm2d92e722014-12-19 13:45:44[diff] [blame]86// Default size of the internal BoringSSL buffers.
87const int KDefaultOpenSSLBufferSize = 17 * 1024;
88
nharper736ceda2015-11-07 00:16:59[diff] [blame]89// TLS extension number use for Token Binding.
nharperb5ad8a802016-02-05 19:40:00[diff] [blame]90const unsigned int kTbExtNum = 24;
nharper736ceda2015-11-07 00:16:59[diff] [blame]91
92// Token Binding ProtocolVersions supported.
93const uint8_t kTbProtocolVersionMajor = 0;
nharperb5a0f6c2016-04-04 21:50:39[diff] [blame^]94const uint8_t kTbProtocolVersionMinor = 5;
nharper736ceda2015-11-07 00:16:59[diff] [blame]95const uint8_t kTbMinProtocolVersionMajor = 0;
nharper47d408a42016-01-28 23:00:38[diff] [blame]96const uint8_t kTbMinProtocolVersionMinor = 3;
nharper736ceda2015-11-07 00:16:59[diff] [blame]97
davidben1d489522015-07-01 18:48:46[diff] [blame]98bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
99 switch (EVP_MD_type(md)) {
100 case NID_md5_sha1:
101 *hash = SSLPrivateKey::Hash::MD5_SHA1;
102 return true;
103 case NID_sha1:
104 *hash = SSLPrivateKey::Hash::SHA1;
105 return true;
106 case NID_sha256:
107 *hash = SSLPrivateKey::Hash::SHA256;
108 return true;
109 case NID_sha384:
110 *hash = SSLPrivateKey::Hash::SHA384;
111 return true;
112 case NID_sha512:
113 *hash = SSLPrivateKey::Hash::SHA512;
114 return true;
115 default:
116 return false;
117 }
118}
119
davidben752bcf22015-12-21 22:55:50[diff] [blame]120scoped_ptr<base::Value> NetLogPrivateKeyOperationCallback(
121 SSLPrivateKey::Type type,
122 SSLPrivateKey::Hash hash,
123 NetLogCaptureMode mode) {
124 std::string type_str;
125 switch (type) {
126 case SSLPrivateKey::Type::RSA:
127 type_str = "RSA";
128 break;
129 case SSLPrivateKey::Type::ECDSA:
130 type_str = "ECDSA";
131 break;
132 }
133
134 std::string hash_str;
135 switch (hash) {
136 case SSLPrivateKey::Hash::MD5_SHA1:
137 hash_str = "MD5_SHA1";
138 break;
139 case SSLPrivateKey::Hash::SHA1:
140 hash_str = "SHA1";
141 break;
142 case SSLPrivateKey::Hash::SHA256:
143 hash_str = "SHA256";
144 break;
145 case SSLPrivateKey::Hash::SHA384:
146 hash_str = "SHA384";
147 break;
148 case SSLPrivateKey::Hash::SHA512:
149 hash_str = "SHA512";
150 break;
151 }
152
153 scoped_ptr<base::DictionaryValue> value(new base::DictionaryValue);
154 value->SetString("type", type_str);
155 value->SetString("hash", hash_str);
156 return std::move(value);
157}
158
nharper49b27d992016-02-09 18:28:51[diff] [blame]159scoped_ptr<base::Value> NetLogChannelIDLookupCallback(
160 ChannelIDService* channel_id_service,
161 NetLogCaptureMode capture_mode) {
162 ChannelIDStore* store = channel_id_service->GetChannelIDStore();
163 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
164 dict->SetBoolean("ephemeral", store->IsEphemeral());
165 dict->SetString("service", base::HexEncode(&channel_id_service,
166 sizeof(channel_id_service)));
167 dict->SetString("store", base::HexEncode(&store, sizeof(store)));
168 return std::move(dict);
169}
170
171scoped_ptr<base::Value> NetLogChannelIDLookupCompleteCallback(
172 crypto::ECPrivateKey* key,
173 int result,
174 NetLogCaptureMode capture_mode) {
175 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
176 dict->SetInteger("net_error", result);
177 std::string raw_key;
178 if (result == OK && key && key->ExportRawPublicKey(&raw_key)) {
179 std::string key_to_log = "redacted";
180 if (capture_mode.include_cookies_and_credentials()) {
181 key_to_log = base::HexEncode(raw_key.data(), raw_key.length());
182 }
183 dict->SetString("key", key_to_log);
184 }
185 return std::move(dict);
186}
187
[email protected]821e3bb2013-11-08 01:06:01[diff] [blame]188} // namespace
189
190class SSLClientSocketOpenSSL::SSLContext {
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]191 public:
olli.raula36aa8be2015-09-10 11:14:22[diff] [blame]192 static SSLContext* GetInstance() {
193 return base::Singleton<SSLContext>::get();
194 }
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]195 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); }
davidbendafe4e52015-04-08 22:53:52[diff] [blame]196 SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; }
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]197
[email protected]1279de12013-12-03 15:13:32[diff] [blame]198 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) {
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]199 DCHECK(ssl);
200 SSLClientSocketOpenSSL* socket = static_cast<SSLClientSocketOpenSSL*>(
201 SSL_get_ex_data(ssl, ssl_socket_data_index_));
202 DCHECK(socket);
203 return socket;
204 }
205
206 bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) {
207 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
208 }
209
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]210#if !defined(OS_NACL)
211 void SetSSLKeyLogFile(
212 const base::FilePath& path,
213 const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
214 DCHECK(!ssl_key_logger_);
215 ssl_key_logger_.reset(new SSLKeyLogger(path, task_runner));
216 SSL_CTX_set_keylog_callback(ssl_ctx_.get(), KeyLogCallback);
217 }
218#endif
219
davidben1d489522015-07-01 18:48:46[diff] [blame]220 static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod;
221
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]222 private:
olli.raula36aa8be2015-09-10 11:14:22[diff] [blame]223 friend struct base::DefaultSingletonTraits<SSLContext>;
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]224
davidbendafe4e52015-04-08 22:53:52[diff] [blame]225 SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) {
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]226 crypto::EnsureOpenSSLInit();
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]227 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
228 DCHECK_NE(ssl_socket_data_index_, -1);
229 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]230 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL);
[email protected]82c59022014-08-15 09:38:27[diff] [blame]231 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL);
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]232 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL);
haavardmc80b0ee32015-01-30 09:16:08[diff] [blame]233 // This stops |SSL_shutdown| from generating the close_notify message, which
234 // is currently not sent on the network.
235 // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed.
236 SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1);
bnc2d6bd0f2015-10-28 01:52:05[diff] [blame]237 // Note that SSL_OP_DISABLE_NPN is used to disable NPN if
238 // ssl_config_.next_proto is empty.
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]239 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
240 NULL);
davidbendafe4e52015-04-08 22:53:52[diff] [blame]241
242 // Disable the internal session cache. Session caching is handled
243 // externally (i.e. by SSLClientSessionCacheOpenSSL).
244 SSL_CTX_set_session_cache_mode(
245 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
davidben44aeae62015-06-24 20:47:43[diff] [blame]246 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback);
nharper736ceda2015-11-07 00:16:59[diff] [blame]247
248 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
249 &TokenBindingAddCallback,
250 &TokenBindingFreeCallback, nullptr,
251 &TokenBindingParseCallback, nullptr)) {
252 NOTREACHED();
253 }
254 }
255
256 static int TokenBindingAddCallback(SSL* ssl,
257 unsigned int extension_value,
258 const uint8_t** out,
259 size_t* out_len,
260 int* out_alert_value,
261 void* add_arg) {
262 DCHECK_EQ(extension_value, kTbExtNum);
263 SSLClientSocketOpenSSL* socket =
264 SSLClientSocketOpenSSL::SSLContext::GetInstance()
265 ->GetClientSocketFromSSL(ssl);
266 return socket->TokenBindingAdd(out, out_len, out_alert_value);
267 }
268
269 static void TokenBindingFreeCallback(SSL* ssl,
270 unsigned extension_value,
271 const uint8_t* out,
272 void* add_arg) {
273 DCHECK_EQ(extension_value, kTbExtNum);
274 OPENSSL_free(const_cast<unsigned char*>(out));
275 }
276
277 static int TokenBindingParseCallback(SSL* ssl,
278 unsigned int extension_value,
279 const uint8_t* contents,
280 size_t contents_len,
281 int* out_alert_value,
282 void* parse_arg) {
283 DCHECK_EQ(extension_value, kTbExtNum);
284 SSLClientSocketOpenSSL* socket =
285 SSLClientSocketOpenSSL::SSLContext::GetInstance()
286 ->GetClientSocketFromSSL(ssl);
287 return socket->TokenBindingParse(contents, contents_len, out_alert_value);
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]288 }
289
[email protected]82c59022014-08-15 09:38:27[diff] [blame]290 static int ClientCertRequestCallback(SSL* ssl, void* arg) {
[email protected]b29af7d2010-12-14 11:52:47[diff] [blame]291 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
[email protected]82c59022014-08-15 09:38:27[diff] [blame]292 DCHECK(socket);
293 return socket->ClientCertRequestCallback(ssl);
[email protected]718c9672010-12-02 10:04:10[diff] [blame]294 }
295
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]296 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
297 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
298 store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
299 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
300 CHECK(socket);
301
302 return socket->CertVerifyCallback(store_ctx);
303 }
304
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]305 static int SelectNextProtoCallback(SSL* ssl,
306 unsigned char** out, unsigned char* outlen,
307 const unsigned char* in,
308 unsigned int inlen, void* arg) {
[email protected]b29af7d2010-12-14 11:52:47[diff] [blame]309 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]310 return socket->SelectNextProtoCallback(out, outlen, in, inlen);
311 }
312
davidben44aeae62015-06-24 20:47:43[diff] [blame]313 static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
davidbendafe4e52015-04-08 22:53:52[diff] [blame]314 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
davidben44aeae62015-06-24 20:47:43[diff] [blame]315 return socket->NewSessionCallback(session);
davidbendafe4e52015-04-08 22:53:52[diff] [blame]316 }
317
davidben1d489522015-07-01 18:48:46[diff] [blame]318 static int PrivateKeyTypeCallback(SSL* ssl) {
319 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
320 return socket->PrivateKeyTypeCallback();
321 }
322
davidben1d489522015-07-01 18:48:46[diff] [blame]323 static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) {
324 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
325 return socket->PrivateKeyMaxSignatureLenCallback();
326 }
327
328 static ssl_private_key_result_t PrivateKeySignCallback(SSL* ssl,
329 uint8_t* out,
330 size_t* out_len,
331 size_t max_out,
332 const EVP_MD* md,
333 const uint8_t* in,
334 size_t in_len) {
335 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
336 return socket->PrivateKeySignCallback(out, out_len, max_out, md, in,
337 in_len);
338 }
339
340 static ssl_private_key_result_t PrivateKeySignCompleteCallback(
341 SSL* ssl,
342 uint8_t* out,
343 size_t* out_len,
344 size_t max_out) {
345 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
346 return socket->PrivateKeySignCompleteCallback(out, out_len, max_out);
347 }
348
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]349#if !defined(OS_NACL)
350 static void KeyLogCallback(const SSL* ssl, const char* line) {
351 GetInstance()->ssl_key_logger_->WriteLine(line);
352 }
353#endif
354
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]355 // This is the index used with SSL_get_ex_data to retrieve the owner
356 // SSLClientSocketOpenSSL object from an SSL instance.
357 int ssl_socket_data_index_;
358
davidbenc879af02015-02-20 07:57:21[diff] [blame]359 ScopedSSL_CTX ssl_ctx_;
davidbendafe4e52015-04-08 22:53:52[diff] [blame]360
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]361#if !defined(OS_NACL)
362 scoped_ptr<SSLKeyLogger> ssl_key_logger_;
363#endif
364
davidbendafe4e52015-04-08 22:53:52[diff] [blame]365 // TODO(davidben): Use a separate cache per URLRequestContext.
366 // https://crbug.com/458365
367 //
368 // TODO(davidben): Sessions should be invalidated on fatal
369 // alerts. https://crbug.com/466352
370 SSLClientSessionCacheOpenSSL session_cache_;
[email protected]1279de12013-12-03 15:13:32[diff] [blame]371};
372
davidben1d489522015-07-01 18:48:46[diff] [blame]373const SSL_PRIVATE_KEY_METHOD
374 SSLClientSocketOpenSSL::SSLContext::kPrivateKeyMethod = {
375 &SSLClientSocketOpenSSL::SSLContext::PrivateKeyTypeCallback,
davidben1d489522015-07-01 18:48:46[diff] [blame]376 &SSLClientSocketOpenSSL::SSLContext::PrivateKeyMaxSignatureLenCallback,
377 &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCallback,
378 &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCompleteCallback,
379};
380
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]381// PeerCertificateChain is a helper object which extracts the certificate
382// chain, as given by the server, from an OpenSSL socket and performs the needed
383// resource management. The first element of the chain is the leaf certificate
384// and the other elements are in the order given by the server.
385class SSLClientSocketOpenSSL::PeerCertificateChain {
386 public:
[email protected]76e85392014-03-20 17:54:14[diff] [blame]387 explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); }
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]388 PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
389 ~PeerCertificateChain() {}
390 PeerCertificateChain& operator=(const PeerCertificateChain& other);
391
[email protected]76e85392014-03-20 17:54:14[diff] [blame]392 // Resets the PeerCertificateChain to the set of certificates in|chain|,
393 // which may be NULL, indicating to empty the store certificates.
394 // Note: If an error occurs, such as being unable to parse the certificates,
395 // this will behave as if Reset(NULL) was called.
396 void Reset(STACK_OF(X509)* chain);
397
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]398 // Note that when USE_OPENSSL is defined, OSCertHandle is X509*
davidben30798ed82014-09-19 19:28:20[diff] [blame]399 scoped_refptr<X509Certificate> AsOSChain() const;
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]400
401 size_t size() const {
402 if (!openssl_chain_.get())
403 return 0;
404 return sk_X509_num(openssl_chain_.get());
405 }
406
davidben30798ed82014-09-19 19:28:20[diff] [blame]407 bool empty() const {
408 return size() == 0;
409 }
410
411 X509* Get(size_t index) const {
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]412 DCHECK_LT(index, size());
413 return sk_X509_value(openssl_chain_.get(), index);
414 }
415
416 private:
[email protected]cd9b75b2014-07-10 04:39:38[diff] [blame]417 ScopedX509Stack openssl_chain_;
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]418};
419
420SSLClientSocketOpenSSL::PeerCertificateChain&
421SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
422 const PeerCertificateChain& other) {
423 if (this == &other)
424 return *this;
425
[email protected]24176af2014-08-14 09:31:04[diff] [blame]426 openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get()));
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]427 return *this;
428}
429
[email protected]76e85392014-03-20 17:54:14[diff] [blame]430void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
431 STACK_OF(X509)* chain) {
davidben30798ed82014-09-19 19:28:20[diff] [blame]432 openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL);
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]433}
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]434
davidben30798ed82014-09-19 19:28:20[diff] [blame]435scoped_refptr<X509Certificate>
436SSLClientSocketOpenSSL::PeerCertificateChain::AsOSChain() const {
437#if defined(USE_OPENSSL_CERTS)
438 // When OSCertHandle is typedef'ed to X509, this implementation does a short
439 // cut to avoid converting back and forth between DER and the X509 struct.
440 X509Certificate::OSCertHandles intermediates;
441 for (size_t i = 1; i < sk_X509_num(openssl_chain_.get()); ++i) {
442 intermediates.push_back(sk_X509_value(openssl_chain_.get(), i));
443 }
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]444
svaldezc4b6f122016-01-20 22:13:59[diff] [blame]445 return X509Certificate::CreateFromHandle(
446 sk_X509_value(openssl_chain_.get(), 0), intermediates);
davidben30798ed82014-09-19 19:28:20[diff] [blame]447#else
448 // DER-encode the chain and convert to a platform certificate handle.
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]449 std::vector<base::StringPiece> der_chain;
[email protected]edfd0f42014-07-22 18:20:37[diff] [blame]450 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]451 X509* x = sk_X509_value(openssl_chain_.get(), i);
davidben30798ed82014-09-19 19:28:20[diff] [blame]452 base::StringPiece der;
453 if (!x509_util::GetDER(x, &der))
454 return NULL;
455 der_chain.push_back(der);
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]456 }
457
svaldezc4b6f122016-01-20 22:13:59[diff] [blame]458 return X509Certificate::CreateFromDERCertChain(der_chain);
davidben30798ed82014-09-19 19:28:20[diff] [blame]459#endif
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]460}
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]461
[email protected]1279de12013-12-03 15:13:32[diff] [blame]462// static
[email protected]c3456bb2011-12-12 22:22:19[diff] [blame]463void SSLClientSocket::ClearSessionCache() {
[email protected]821e3bb2013-11-08 01:06:01[diff] [blame]464 SSLClientSocketOpenSSL::SSLContext* context =
465 SSLClientSocketOpenSSL::SSLContext::GetInstance();
[email protected]c3456bb2011-12-12 22:22:19[diff] [blame]466 context->session_cache()->Flush();
467}
468
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]469SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
[email protected]18ccfdb2013-08-15 00:13:44[diff] [blame]470 scoped_ptr<ClientSocketHandle> transport_socket,
[email protected]055d7f22010-11-15 12:03:12[diff] [blame]471 const HostPortPair& host_and_port,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]472 const SSLConfig& ssl_config,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]473 const SSLClientSocketContext& context)
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]474 : transport_send_busy_(false),
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]475 transport_recv_busy_(false),
davidben1d489522015-07-01 18:48:46[diff] [blame]476 pending_read_error_(kNoPendingResult),
davidbenb8c23212014-10-28 00:12:16[diff] [blame]477 pending_read_ssl_error_(SSL_ERROR_NONE),
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]478 transport_read_error_(OK),
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]479 transport_write_error_(OK),
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]480 server_cert_chain_(new PeerCertificateChain(NULL)),
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]481 completed_connect_(false),
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]482 was_ever_used_(false),
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]483 cert_verifier_(context.cert_verifier),
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]484 cert_transparency_verifier_(context.cert_transparency_verifier),
[email protected]6b8a3c742014-07-25 00:25:35[diff] [blame]485 channel_id_service_(context.channel_id_service),
nharper736ceda2015-11-07 00:16:59[diff] [blame]486 tb_was_negotiated_(false),
487 tb_negotiated_param_(TB_PARAM_ECDSAP256),
nharperb7441ef2016-01-25 23:54:14[diff] [blame]488 tb_signed_ekm_map_(10),
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]489 ssl_(NULL),
490 transport_bio_(NULL),
dchengc7eeda422015-12-26 03:56:48[diff] [blame]491 transport_(std::move(transport_socket)),
[email protected]055d7f22010-11-15 12:03:12[diff] [blame]492 host_and_port_(host_and_port),
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]493 ssl_config_(ssl_config),
[email protected]c3456bb2011-12-12 22:22:19[diff] [blame]494 ssl_session_cache_shard_(context.ssl_session_cache_shard),
[email protected]013c17c2012-01-21 19:09:01[diff] [blame]495 next_handshake_state_(STATE_NONE),
svaldez4af14d22015-08-20 13:48:24[diff] [blame]496 disconnected_(false),
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]497 npn_status_(kNextProtoUnsupported),
davidben52053b382015-04-27 19:22:29[diff] [blame]498 channel_id_sent_(false),
davidben44aeae62015-06-24 20:47:43[diff] [blame]499 session_pending_(false),
davidbendafe4e52015-04-08 22:53:52[diff] [blame]500 certificate_verified_(false),
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]501 ssl_failure_state_(SSL_FAILURE_NONE),
davidben1d489522015-07-01 18:48:46[diff] [blame]502 signature_result_(kNoPendingResult),
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]503 transport_security_state_(context.transport_security_state),
estark6f9b3d82016-01-12 21:37:05[diff] [blame]504 policy_enforcer_(context.ct_policy_enforcer),
kulkarni.acd7b4462014-08-28 07:41:34[diff] [blame]505 net_log_(transport_->socket()->NetLog()),
506 weak_factory_(this) {
davidben9bbf3292015-04-24 21:50:06[diff] [blame]507 DCHECK(cert_verifier_);
[email protected]8e458552014-08-05 00:02:15[diff] [blame]508}
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]509
510SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
511 Disconnect();
512}
513
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]514#if !defined(OS_NACL)
zhongyi81f85c6d92015-10-16 19:34:14[diff] [blame]515void SSLClientSocketOpenSSL::SetSSLKeyLogFile(
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]516 const base::FilePath& ssl_keylog_file,
517 const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
518 SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner);
zhongyi81f85c6d92015-10-16 19:34:14[diff] [blame]519}
davidben2a811e4e2015-12-01 10:49:34[diff] [blame]520#endif
zhongyi81f85c6d92015-10-16 19:34:14[diff] [blame]521
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]522void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
523 SSLCertRequestInfo* cert_request_info) {
[email protected]791879c2013-12-17 07:22:41[diff] [blame]524 cert_request_info->host_and_port = host_and_port_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]525 cert_request_info->cert_authorities = cert_authorities_;
[email protected]c0787702014-05-20 21:51:44[diff] [blame]526 cert_request_info->cert_key_types = cert_key_types_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]527}
528
529SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
davidben6974bf72015-04-27 17:52:48[diff] [blame]530 std::string* proto) const {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]531 *proto = npn_proto_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]532 return npn_status_;
533}
534
[email protected]6b8a3c742014-07-25 00:25:35[diff] [blame]535ChannelIDService*
536SSLClientSocketOpenSSL::GetChannelIDService() const {
537 return channel_id_service_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]538}
539
nharperb7441ef2016-01-25 23:54:14[diff] [blame]540Error SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
541 crypto::ECPrivateKey* key,
542 std::vector<uint8_t>* out) {
543 // The same key will be used across multiple requests to sign the same value,
544 // so the signature is cached.
545 std::string raw_public_key;
546 if (!key->ExportRawPublicKey(&raw_public_key))
547 return ERR_FAILED;
548 SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key);
549 if (it != tb_signed_ekm_map_.end()) {
550 *out = it->second;
551 return OK;
552 }
553
554 uint8_t tb_ekm_buf[32];
555 static const char kTokenBindingExporterLabel[] = "EXPORTER-Token-Binding";
556 if (!SSL_export_keying_material(ssl_, tb_ekm_buf, sizeof(tb_ekm_buf),
557 kTokenBindingExporterLabel,
558 strlen(kTokenBindingExporterLabel), nullptr,
559 0, false /* no context */)) {
560 return ERR_FAILED;
561 }
562
nharperd5cddca2016-02-27 03:37:52[diff] [blame]563 if (!SignTokenBindingEkm(
564 base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf),
565 sizeof(tb_ekm_buf)),
566 key, out))
nharperb7441ef2016-01-25 23:54:14[diff] [blame]567 return ERR_FAILED;
nharperb7441ef2016-01-25 23:54:14[diff] [blame]568
569 tb_signed_ekm_map_.Put(raw_public_key, *out);
570 return OK;
571}
572
nharperb36644f2016-02-22 23:14:43[diff] [blame]573crypto::ECPrivateKey* SSLClientSocketOpenSSL::GetChannelIDKey() const {
574 return channel_id_key_.get();
575}
576
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]577SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const {
578 return ssl_failure_state_;
579}
580
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]581int SSLClientSocketOpenSSL::ExportKeyingMaterial(
582 const base::StringPiece& label,
583 bool has_context, const base::StringPiece& context,
584 unsigned char* out, unsigned int outlen) {
davidben86935f72015-05-06 22:24:49[diff] [blame]585 if (!IsConnected())
586 return ERR_SOCKET_NOT_CONNECTED;
587
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]588 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
589
590 int rv = SSL_export_keying_material(
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]591 ssl_, out, outlen, label.data(), label.size(),
davidben866c3d4a72015-04-06 21:56:43[diff] [blame]592 reinterpret_cast<const unsigned char*>(context.data()), context.length(),
593 has_context ? 1 : 0);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]594
595 if (rv != 1) {
596 int ssl_error = SSL_get_error(ssl_, rv);
597 LOG(ERROR) << "Failed to export keying material;"
598 << " returned " << rv
599 << ", SSL error code " << ssl_error;
600 return MapOpenSSLError(ssl_error, err_tracer);
601 }
602 return OK;
603}
604
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]605int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]606 // It is an error to create an SSLClientSocket whose context has no
607 // TransportSecurityState.
608 DCHECK(transport_security_state_);
609
svaldez4af14d22015-08-20 13:48:24[diff] [blame]610 // Although StreamSocket does allow calling Connect() after Disconnect(),
611 // this has never worked for layered sockets. CHECK to detect any consumers
612 // reconnecting an SSL socket.
613 //
614 // TODO(davidben,mmenke): Remove this API feature. See
615 // https://crbug.com/499289.
616 CHECK(!disconnected_);
617
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]618 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT);
619
620 // Set up new ssl object.
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]621 int rv = Init();
622 if (rv != OK) {
623 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
624 return rv;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]625 }
626
627 // Set SSL to client mode. Handshake happens in the loop below.
628 SSL_set_connect_state(ssl_);
629
630 GotoState(STATE_HANDSHAKE);
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]631 rv = DoHandshakeLoop(OK);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]632 if (rv == ERR_IO_PENDING) {
633 user_connect_callback_ = callback;
634 } else {
635 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
636 }
637
638 return rv > OK ? OK : rv;
639}
640
641void SSLClientSocketOpenSSL::Disconnect() {
davidbened3764bb2016-03-14 19:53:16[diff] [blame]642 crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
643
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]644 if (ssl_) {
645 // Calling SSL_shutdown prevents the session from being marked as
646 // unresumable.
647 SSL_shutdown(ssl_);
648 SSL_free(ssl_);
649 ssl_ = NULL;
650 }
651 if (transport_bio_) {
652 BIO_free_all(transport_bio_);
653 transport_bio_ = NULL;
654 }
655
svaldez4af14d22015-08-20 13:48:24[diff] [blame]656 disconnected_ = true;
657
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]658 // Shut down anything that may call us back.
eroman7f9236a2015-05-11 21:23:43[diff] [blame]659 cert_verifier_request_.reset();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]660 transport_->socket()->Disconnect();
661
662 // Null all callbacks, delete all buffers.
663 transport_send_busy_ = false;
664 send_buffer_ = NULL;
665 transport_recv_busy_ = false;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]666 recv_buffer_ = NULL;
667
668 user_connect_callback_.Reset();
669 user_read_callback_.Reset();
670 user_write_callback_.Reset();
671 user_read_buf_ = NULL;
672 user_read_buf_len_ = 0;
673 user_write_buf_ = NULL;
674 user_write_buf_len_ = 0;
675
davidben1d489522015-07-01 18:48:46[diff] [blame]676 pending_read_error_ = kNoPendingResult;
davidbenb8c23212014-10-28 00:12:16[diff] [blame]677 pending_read_ssl_error_ = SSL_ERROR_NONE;
678 pending_read_error_info_ = OpenSSLErrorInfo();
679
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]680 transport_read_error_ = OK;
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]681 transport_write_error_ = OK;
682
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]683 server_cert_verify_result_.Reset();
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]684 completed_connect_ = false;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]685
686 cert_authorities_.clear();
[email protected]c0787702014-05-20 21:51:44[diff] [blame]687 cert_key_types_.clear();
[email protected]faff9852014-06-21 06:13:46[diff] [blame]688
davidben09c3d072014-08-25 20:33:58[diff] [blame]689 start_cert_verification_time_ = base::TimeTicks();
690
[email protected]abc44b752014-07-30 03:52:15[diff] [blame]691 npn_status_ = kNextProtoUnsupported;
692 npn_proto_.clear();
693
davidben52053b382015-04-27 19:22:29[diff] [blame]694 channel_id_sent_ = false;
nharper736ceda2015-11-07 00:16:59[diff] [blame]695 tb_was_negotiated_ = false;
davidben44aeae62015-06-24 20:47:43[diff] [blame]696 session_pending_ = false;
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]697 certificate_verified_ = false;
nharper75ade892015-06-10 19:05:35[diff] [blame]698 channel_id_request_.Cancel();
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]699 ssl_failure_state_ = SSL_FAILURE_NONE;
davidben1d489522015-07-01 18:48:46[diff] [blame]700
davidben1d489522015-07-01 18:48:46[diff] [blame]701 signature_result_ = kNoPendingResult;
702 signature_.clear();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]703}
704
705bool SSLClientSocketOpenSSL::IsConnected() const {
706 // If the handshake has not yet completed.
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]707 if (!completed_connect_)
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]708 return false;
709 // If an asynchronous operation is still pending.
710 if (user_read_buf_.get() || user_write_buf_.get())
711 return true;
712
713 return transport_->socket()->IsConnected();
714}
715
716bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const {
717 // If the handshake has not yet completed.
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]718 if (!completed_connect_)
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]719 return false;
720 // If an asynchronous operation is still pending.
721 if (user_read_buf_.get() || user_write_buf_.get())
722 return false;
davidbenfc9a6b82015-04-15 23:47:32[diff] [blame]723
724 // If there is data read from the network that has not yet been consumed, do
725 // not treat the connection as idle.
726 //
727 // Note that this does not check |BIO_pending|, whether there is ciphertext
728 // that has not yet been flushed to the network. |Write| returns early, so
729 // this can cause race conditions which cause a socket to not be treated
730 // reusable when it should be. See https://crbug.com/466147.
731 if (BIO_wpending(transport_bio_) > 0)
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]732 return false;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]733
734 return transport_->socket()->IsConnectedAndIdle();
735}
736
737int SSLClientSocketOpenSSL::GetPeerAddress(IPEndPoint* addressList) const {
738 return transport_->socket()->GetPeerAddress(addressList);
739}
740
741int SSLClientSocketOpenSSL::GetLocalAddress(IPEndPoint* addressList) const {
742 return transport_->socket()->GetLocalAddress(addressList);
743}
744
745const BoundNetLog& SSLClientSocketOpenSSL::NetLog() const {
746 return net_log_;
747}
748
749void SSLClientSocketOpenSSL::SetSubresourceSpeculation() {
750 if (transport_.get() && transport_->socket()) {
751 transport_->socket()->SetSubresourceSpeculation();
752 } else {
753 NOTREACHED();
754 }
755}
756
757void SSLClientSocketOpenSSL::SetOmniboxSpeculation() {
758 if (transport_.get() && transport_->socket()) {
759 transport_->socket()->SetOmniboxSpeculation();
760 } else {
761 NOTREACHED();
762 }
763}
764
765bool SSLClientSocketOpenSSL::WasEverUsed() const {
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]766 return was_ever_used_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]767}
768
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]769bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
770 ssl_info->Reset();
davidben30798ed82014-09-19 19:28:20[diff] [blame]771 if (server_cert_chain_->empty())
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]772 return false;
773
774 ssl_info->cert = server_cert_verify_result_.verified_cert;
estark03d644f2015-06-13 00:11:32[diff] [blame]775 ssl_info->unverified_cert = server_cert_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]776 ssl_info->cert_status = server_cert_verify_result_.cert_status;
777 ssl_info->is_issued_by_known_root =
778 server_cert_verify_result_.is_issued_by_known_root;
779 ssl_info->public_key_hashes =
780 server_cert_verify_result_.public_key_hashes;
781 ssl_info->client_cert_sent =
782 ssl_config_.send_client_cert && ssl_config_.client_cert.get();
davidben52053b382015-04-27 19:22:29[diff] [blame]783 ssl_info->channel_id_sent = channel_id_sent_;
nharper736ceda2015-11-07 00:16:59[diff] [blame]784 ssl_info->token_binding_negotiated = tb_was_negotiated_;
785 ssl_info->token_binding_key_param = tb_negotiated_param_;
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]786 ssl_info->pinning_failure_log = pinning_failure_log_;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]787
estark723b5eeb2016-02-18 21:01:12[diff] [blame]788 AddCTInfoToSSLInfo(ssl_info);
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]789
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]790 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
791 CHECK(cipher);
792 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL);
sigbjorn79cf3722015-09-18 09:15:20[diff] [blame]793 ssl_info->key_exchange_info =
794 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_));
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]795
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]796 SSLConnectionStatusSetCipherSuite(
797 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)),
798 &ssl_info->connection_status);
799 SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_),
800 &ssl_info->connection_status);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]801
davidben09c3d072014-08-25 20:33:58[diff] [blame]802 if (!SSL_get_secure_renegotiation_support(ssl_))
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]803 ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]804
805 if (ssl_config_.version_fallback)
806 ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
807
808 ssl_info->handshake_type = SSL_session_reused(ssl_) ?
809 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
810
811 DVLOG(3) << "Encoded connection status: cipher suite = "
812 << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
813 << " version = "
814 << SSLConnectionStatusToVersion(ssl_info->connection_status);
815 return true;
816}
817
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]818void SSLClientSocketOpenSSL::GetConnectionAttempts(
819 ConnectionAttempts* out) const {
820 out->clear();
821}
822
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]823int64_t SSLClientSocketOpenSSL::GetTotalReceivedBytes() const {
824 return transport_->socket()->GetTotalReceivedBytes();
825}
826
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]827int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
828 int buf_len,
829 const CompletionCallback& callback) {
830 user_read_buf_ = buf;
831 user_read_buf_len_ = buf_len;
832
davidben1b133ad2014-10-23 04:23:13[diff] [blame]833 int rv = DoReadLoop();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]834
835 if (rv == ERR_IO_PENDING) {
836 user_read_callback_ = callback;
837 } else {
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]838 if (rv > 0)
839 was_ever_used_ = true;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]840 user_read_buf_ = NULL;
841 user_read_buf_len_ = 0;
842 }
843
844 return rv;
845}
846
847int SSLClientSocketOpenSSL::Write(IOBuffer* buf,
848 int buf_len,
849 const CompletionCallback& callback) {
850 user_write_buf_ = buf;
851 user_write_buf_len_ = buf_len;
852
davidben1b133ad2014-10-23 04:23:13[diff] [blame]853 int rv = DoWriteLoop();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]854
855 if (rv == ERR_IO_PENDING) {
856 user_write_callback_ = callback;
857 } else {
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]858 if (rv > 0)
859 was_ever_used_ = true;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]860 user_write_buf_ = NULL;
861 user_write_buf_len_ = 0;
862 }
863
864 return rv;
865}
866
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]867int SSLClientSocketOpenSSL::SetReceiveBufferSize(int32_t size) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]868 return transport_->socket()->SetReceiveBufferSize(size);
869}
870
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]871int SSLClientSocketOpenSSL::SetSendBufferSize(int32_t size) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]872 return transport_->socket()->SetSendBufferSize(size);
873}
874
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]875int SSLClientSocketOpenSSL::Init() {
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]876 DCHECK(!ssl_);
877 DCHECK(!transport_bio_);
878
svaldeza1714ab2016-03-18 20:47:53[diff] [blame]879#if defined(USE_NSS_VERIFIER)
davidbena477a70a2015-10-06 04:38:29[diff] [blame]880 if (ssl_config_.cert_io_enabled) {
881 // TODO(davidben): Move this out of SSLClientSocket. See
882 // https://crbug.com/539520.
883 EnsureNSSHttpIOInit();
884 }
885#endif
886
[email protected]b29af7d2010-12-14 11:52:47[diff] [blame]887 SSLContext* context = SSLContext::GetInstance();
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]888 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]889
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]890 ssl_ = SSL_new(context->ssl_ctx());
891 if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this))
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]892 return ERR_UNEXPECTED;
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]893
davidben9bc0466f2015-06-16 22:21:27[diff] [blame]894 // SNI should only contain valid DNS hostnames, not IP addresses (see RFC
895 // 6066, Section 3).
896 //
897 // TODO(rsleevi): Should this code allow hostnames that violate the LDH rule?
898 // See https://crbug.com/496472 and https://crbug.com/496468 for discussion.
martijna2e83bd2016-03-18 13:10:45[diff] [blame]899 IPAddress unused;
900 if (!unused.AssignFromIPLiteral(host_and_port_.host()) &&
davidben9bc0466f2015-06-16 22:21:27[diff] [blame]901 !SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str())) {
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]902 return ERR_UNEXPECTED;
davidben9bc0466f2015-06-16 22:21:27[diff] [blame]903 }
[email protected]fbef13932010-11-23 12:38:53[diff] [blame]904
davidbenf4c9a6122015-10-20 02:45:29[diff] [blame]905 ScopedSSL_SESSION session =
906 context->session_cache()->Lookup(GetSessionCacheKey());
907 if (session)
908 SSL_set_session(ssl_, session.get());
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]909
haavardm2d92e722014-12-19 13:45:44[diff] [blame]910 send_buffer_ = new GrowableIOBuffer();
911 send_buffer_->SetCapacity(KDefaultOpenSSLBufferSize);
912 recv_buffer_ = new GrowableIOBuffer();
913 recv_buffer_->SetCapacity(KDefaultOpenSSLBufferSize);
914
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]915 BIO* ssl_bio = NULL;
haavardm2d92e722014-12-19 13:45:44[diff] [blame]916
917 // SSLClientSocketOpenSSL retains ownership of the BIO buffers.
918 if (!BIO_new_bio_pair_external_buf(
919 &ssl_bio, send_buffer_->capacity(),
920 reinterpret_cast<uint8_t*>(send_buffer_->data()), &transport_bio_,
921 recv_buffer_->capacity(),
922 reinterpret_cast<uint8_t*>(recv_buffer_->data())))
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]923 return ERR_UNEXPECTED;
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]924 DCHECK(ssl_bio);
925 DCHECK(transport_bio_);
926
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]927 // Install a callback on OpenSSL's end to plumb transport errors through.
rsleevif020edc2015-03-16 19:31:24[diff] [blame]928 BIO_set_callback(ssl_bio, &SSLClientSocketOpenSSL::BIOCallback);
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]929 BIO_set_callback_arg(ssl_bio, reinterpret_cast<char*>(this));
930
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]931 SSL_set_bio(ssl_, ssl_bio, ssl_bio);
932
davidbenb937d6c2015-05-14 04:53:42[diff] [blame]933 DCHECK_LT(SSL3_VERSION, ssl_config_.version_min);
934 DCHECK_LT(SSL3_VERSION, ssl_config_.version_max);
935 SSL_set_min_version(ssl_, ssl_config_.version_min);
936 SSL_set_max_version(ssl_, ssl_config_.version_max);
937
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]938 // OpenSSL defaults some options to on, others to off. To avoid ambiguity,
939 // set everything we care about to an absolute value.
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]940 SslSetClearMask options;
[email protected]d0f00492012-08-03 22:35:13[diff] [blame]941 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true);
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]942
943 // TODO(joth): Set this conditionally, see http://crbug.com/55410
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]944 options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true);
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]945
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]946 SSL_set_options(ssl_, options.set_mask);
947 SSL_clear_options(ssl_, options.clear_mask);
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]948
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]949 // Same as above, this time for the SSL mode.
950 SslSetClearMask mode;
[email protected]9e733f32010-10-04 18:19:08[diff] [blame]951
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]952 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true);
ishermane5c05e12014-09-09 20:32:15[diff] [blame]953 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true);
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]954
davidben818d93b2015-02-19 22:27:32[diff] [blame]955 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START,
[email protected]b788de02014-04-23 18:06:07[diff] [blame]956 ssl_config_.false_start_enabled);
957
davidben6b8131c2015-02-25 23:30:14[diff] [blame]958 mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback);
959
[email protected]fb10e2282010-12-01 17:08:48[diff] [blame]960 SSL_set_mode(ssl_, mode.set_mask);
961 SSL_clear_mode(ssl_, mode.clear_mask);
[email protected]109805a2010-12-07 18:17:06[diff] [blame]962
davidbenb3c2d972016-03-11 22:36:17[diff] [blame]963 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
964 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable
965 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
966 // supported. As DHE is being deprecated, don't add a cipher only to remove it
967 // immediately.
968 std::string command(
969 "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK");
davidben9b4a9b9c2015-10-12 18:46:51[diff] [blame]970
971 if (ssl_config_.require_ecdhe)
972 command.append(":!kRSA:!kDHE");
davidben8ecc3072014-09-03 23:19:09[diff] [blame]973
davidben45e87482015-12-11 00:09:38[diff] [blame]974 if (!(ssl_config_.rc4_enabled &&
975 ssl_config_.deprecated_cipher_suites_enabled)) {
davidbena4c9d062015-04-03 22:34:25[diff] [blame]976 command.append(":!RC4");
davidben45e87482015-12-11 00:09:38[diff] [blame]977 }
davidben14b1a532015-10-30 16:01:09[diff] [blame]978
davidben68dcc582016-01-12 22:09:36[diff] [blame]979 if (!ssl_config_.deprecated_cipher_suites_enabled) {
davidben01d8e332015-11-20 17:08:58[diff] [blame]980 // Only offer DHE on the second handshake. https://crbug.com/538690
981 command.append(":!kDHE");
davidben91585692015-09-28 23:46:08[diff] [blame]982 }
davidbena4c9d062015-04-03 22:34:25[diff] [blame]983
davidben9b4a9b9c2015-10-12 18:46:51[diff] [blame]984 // Remove any disabled ciphers.
985 for (uint16_t id : ssl_config_.disabled_cipher_suites) {
986 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id);
987 if (cipher) {
988 command.append(":!");
989 command.append(SSL_CIPHER_get_name(cipher));
990 }
991 }
992
[email protected]109805a2010-12-07 18:17:06[diff] [blame]993 int rv = SSL_set_cipher_list(ssl_, command.c_str());
994 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
995 // This will almost certainly result in the socket failing to complete the
996 // handshake at which point the appropriate error is bubbled up to the client.
997 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
998 "returned " << rv;
[email protected]ee0f2aa82013-10-25 11:59:26[diff] [blame]999
1000 // TLS channel ids.
[email protected]6b8a3c742014-07-25 00:25:35[diff] [blame]1001 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
[email protected]ee0f2aa82013-10-25 11:59:26[diff] [blame]1002 SSL_enable_tls_channel_id(ssl_);
1003 }
1004
bnc1f295372015-10-21 23:24:22[diff] [blame]1005 if (!ssl_config_.alpn_protos.empty()) {
bnc1e757502014-12-13 02:20:16[diff] [blame]1006 // Get list of ciphers that are enabled.
1007 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_);
1008 DCHECK(enabled_ciphers);
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]1009 std::vector<uint16_t> enabled_ciphers_vector;
bnc1e757502014-12-13 02:20:16[diff] [blame]1010 for (size_t i = 0; i < sk_SSL_CIPHER_num(enabled_ciphers); ++i) {
1011 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(enabled_ciphers, i);
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]1012 const uint16_t id = static_cast<uint16_t>(SSL_CIPHER_get_id(cipher));
bnc1e757502014-12-13 02:20:16[diff] [blame]1013 enabled_ciphers_vector.push_back(id);
1014 }
1015
bnc1f295372015-10-21 23:24:22[diff] [blame]1016 NextProtoVector alpn_protos = ssl_config_.alpn_protos;
bncf76254d622015-09-29 00:03:44[diff] [blame]1017 if (!HasCipherAdequateForHTTP2(enabled_ciphers_vector) ||
1018 !IsTLSVersionAdequateForHTTP2(ssl_config_)) {
bnc1f295372015-10-21 23:24:22[diff] [blame]1019 DisableHTTP2(&alpn_protos);
bncf76254d622015-09-29 00:03:44[diff] [blame]1020 }
bnc1f295372015-10-21 23:24:22[diff] [blame]1021 std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos);
[email protected]abc44b752014-07-30 03:52:15[diff] [blame]1022 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0],
1023 wire_protos.size());
1024 }
1025
bnc2d6bd0f2015-10-28 01:52:05[diff] [blame]1026 if (ssl_config_.npn_protos.empty())
1027 SSL_set_options(ssl_, SSL_OP_DISABLE_NPN);
1028
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1029 if (ssl_config_.signed_cert_timestamps_enabled) {
1030 SSL_enable_signed_cert_timestamps(ssl_);
1031 SSL_enable_ocsp_stapling(ssl_);
1032 }
1033
davidben15f57132015-04-27 18:08:36[diff] [blame]1034 if (cert_verifier_->SupportsOCSPStapling())
davidbend1fb2f12014-11-08 02:51:00[diff] [blame]1035 SSL_enable_ocsp_stapling(ssl_);
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1036
[email protected]c8a80e92014-05-17 16:02:08[diff] [blame]1037 return OK;
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]1038}
1039
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1040void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
1041 // Since Run may result in Read being called, clear |user_read_callback_|
1042 // up front.
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]1043 if (rv > 0)
1044 was_ever_used_ = true;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1045 user_read_buf_ = NULL;
1046 user_read_buf_len_ = 0;
1047 base::ResetAndReturn(&user_read_callback_).Run(rv);
1048}
1049
1050void SSLClientSocketOpenSSL::DoWriteCallback(int rv) {
1051 // Since Run may result in Write being called, clear |user_write_callback_|
1052 // up front.
[email protected]0dc88b32014-03-26 20:12:28[diff] [blame]1053 if (rv > 0)
1054 was_ever_used_ = true;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1055 user_write_buf_ = NULL;
1056 user_write_buf_len_ = 0;
1057 base::ResetAndReturn(&user_write_callback_).Run(rv);
1058}
1059
1060bool SSLClientSocketOpenSSL::DoTransportIO() {
1061 bool network_moved = false;
1062 int rv;
1063 // Read and write as much data as possible. The loop is necessary because
1064 // Write() may return synchronously.
1065 do {
1066 rv = BufferSend();
1067 if (rv != ERR_IO_PENDING && rv != 0)
1068 network_moved = true;
1069 } while (rv > 0);
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]1070 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING)
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1071 network_moved = true;
1072 return network_moved;
1073}
1074
pkasting379234c2015-04-08 04:42:12[diff] [blame]1075// TODO(cbentzel): Remove including "base/threading/thread_local.h" and
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]1076// g_first_run_completed once crbug.com/424386 is fixed.
1077base::LazyInstance<base::ThreadLocalBoolean>::Leaky g_first_run_completed =
1078 LAZY_INSTANCE_INITIALIZER;
1079
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1080int SSLClientSocketOpenSSL::DoHandshake() {
1081 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
vadimt5a243282014-12-24 00:26:16[diff] [blame]1082
1083 int rv;
1084
pkasting379234c2015-04-08 04:42:12[diff] [blame]1085 // TODO(cbentzel): Leave only 1 call to SSL_do_handshake once crbug.com/424386
vadimt5a243282014-12-24 00:26:16[diff] [blame]1086 // is fixed.
1087 if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) {
vadimt5a243282014-12-24 00:26:16[diff] [blame]1088 rv = SSL_do_handshake(ssl_);
1089 } else {
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]1090 if (g_first_run_completed.Get().Get()) {
pkasting379234c2015-04-08 04:42:12[diff] [blame]1091 // TODO(cbentzel): Remove ScopedTracker below once crbug.com/424386 is
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]1092 // fixed.
pkasting379234c2015-04-08 04:42:12[diff] [blame]1093 tracked_objects::ScopedTracker tracking_profile(
1094 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 SSL_do_handshake()"));
vadimt5a243282014-12-24 00:26:16[diff] [blame]1095
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]1096 rv = SSL_do_handshake(ssl_);
1097 } else {
1098 g_first_run_completed.Get().Set(true);
vadimt6b43dec22015-01-06 01:59:58[diff] [blame]1099 rv = SSL_do_handshake(ssl_);
1100 }
vadimt5a243282014-12-24 00:26:16[diff] [blame]1101 }
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1102
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1103 int net_error = OK;
1104 if (rv <= 0) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1105 int ssl_error = SSL_get_error(ssl_, rv);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1106 if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) {
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1107 // The server supports channel ID. Stop to look one up before returning to
1108 // the handshake.
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1109 GotoState(STATE_CHANNEL_ID_LOOKUP);
1110 return OK;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1111 }
davidbenced4aa9b2015-05-12 21:22:35[diff] [blame]1112 if (ssl_error == SSL_ERROR_WANT_X509_LOOKUP &&
1113 !ssl_config_.send_client_cert) {
1114 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
1115 }
davidben1d489522015-07-01 18:48:46[diff] [blame]1116 if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) {
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1117 DCHECK(ssl_config_.client_private_key);
davidben1d489522015-07-01 18:48:46[diff] [blame]1118 DCHECK_NE(kNoPendingResult, signature_result_);
1119 GotoState(STATE_HANDSHAKE);
1120 return ERR_IO_PENDING;
1121 }
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1122
davidbena4409c62014-08-27 17:05:51[diff] [blame]1123 OpenSSLErrorInfo error_info;
1124 net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1125 if (net_error == ERR_IO_PENDING) {
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1126 // If not done, stay in this state
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1127 GotoState(STATE_HANDSHAKE);
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1128 return ERR_IO_PENDING;
1129 }
1130
1131 LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
1132 << ssl_error << ", net_error " << net_error;
1133 net_log_.AddEvent(
1134 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1135 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]1136
1137 // Classify the handshake failure. This is used to determine causes of the
1138 // TLS version fallback.
1139
1140 // |cipher| is the current outgoing cipher suite, so it is non-null iff
1141 // ChangeCipherSpec was sent.
1142 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
1143 if (SSL_get_state(ssl_) == SSL3_ST_CR_SRVR_HELLO_A) {
1144 ssl_failure_state_ = SSL_FAILURE_CLIENT_HELLO;
1145 } else if (cipher && (SSL_CIPHER_get_id(cipher) ==
1146 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
1147 SSL_CIPHER_get_id(cipher) ==
1148 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256)) {
1149 ssl_failure_state_ = SSL_FAILURE_BUGGY_GCM;
1150 } else if (cipher && ssl_config_.send_client_cert) {
1151 ssl_failure_state_ = SSL_FAILURE_CLIENT_AUTH;
1152 } else if (ERR_GET_LIB(error_info.error_code) == ERR_LIB_SSL &&
1153 ERR_GET_REASON(error_info.error_code) ==
1154 SSL_R_OLD_SESSION_VERSION_NOT_RETURNED) {
1155 ssl_failure_state_ = SSL_FAILURE_SESSION_MISMATCH;
1156 } else if (cipher && npn_status_ != kNextProtoUnsupported) {
1157 ssl_failure_state_ = SSL_FAILURE_NEXT_PROTO;
1158 } else {
1159 ssl_failure_state_ = SSL_FAILURE_UNKNOWN;
1160 }
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1161 }
1162
1163 GotoState(STATE_HANDSHAKE_COMPLETE);
1164 return net_error;
1165}
1166
1167int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
1168 if (result < 0)
1169 return result;
1170
1171 if (ssl_config_.version_fallback &&
1172 ssl_config_.version_max < ssl_config_.version_fallback_min) {
1173 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
1174 }
1175
nharper736ceda2015-11-07 00:16:59[diff] [blame]1176 // Check that if token binding was negotiated, then extended master secret
1177 // must also be negotiated.
1178 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_))
1179 return ERR_SSL_PROTOCOL_ERROR;
1180
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1181 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was.
1182 if (npn_status_ == kNextProtoUnsupported) {
1183 const uint8_t* alpn_proto = NULL;
1184 unsigned alpn_len = 0;
1185 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len);
1186 if (alpn_len > 0) {
1187 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len);
1188 npn_status_ = kNextProtoNegotiated;
1189 set_negotiation_extension(kExtensionALPN);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1190 }
1191 }
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1192
1193 RecordNegotiationExtension();
1194 RecordChannelIDSupport(channel_id_service_, channel_id_sent_,
davidben24bb5a42015-10-15 22:13:22[diff] [blame]1195 ssl_config_.channel_id_enabled);
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1196
1197 // Only record OCSP histograms if OCSP was requested.
1198 if (ssl_config_.signed_cert_timestamps_enabled ||
1199 cert_verifier_->SupportsOCSPStapling()) {
1200 const uint8_t* ocsp_response;
1201 size_t ocsp_response_len;
1202 SSL_get0_ocsp_response(ssl_, &ocsp_response, &ocsp_response_len);
1203
1204 set_stapled_ocsp_response_received(ocsp_response_len != 0);
1205 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_response_len != 0);
1206 }
1207
1208 const uint8_t* sct_list;
1209 size_t sct_list_len;
1210 SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list, &sct_list_len);
1211 set_signed_cert_timestamps_received(sct_list_len != 0);
1212
1213 if (IsRenegotiationAllowed())
davidben0635886ab2015-11-04 19:24:04[diff] [blame]1214 SSL_set_renegotiate_mode(ssl_, ssl_renegotiate_freely);
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1215
davidben4fe4f982015-11-11 22:00:12[diff] [blame]1216 uint8_t server_key_exchange_hash = SSL_get_server_key_exchange_hash(ssl_);
1217 if (server_key_exchange_hash != TLSEXT_hash_none) {
1218 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLServerKeyExchangeHash",
1219 server_key_exchange_hash);
1220 }
1221
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1222 // Verify the certificate.
1223 UpdateServerCert();
1224 GotoState(STATE_VERIFY_CERT);
1225 return OK;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1226}
1227
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1228int SSLClientSocketOpenSSL::DoChannelIDLookup() {
nharper49b27d992016-02-09 18:28:51[diff] [blame]1229 NetLog::ParametersCallback callback = base::Bind(
1230 &NetLogChannelIDLookupCallback, base::Unretained(channel_id_service_));
1231 net_log_.BeginEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID, callback);
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1232 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
[email protected]6b8a3c742014-07-25 00:25:35[diff] [blame]1233 return channel_id_service_->GetOrCreateChannelID(
nharper2e171cf2015-06-01 20:29:23[diff] [blame]1234 host_and_port_.host(), &channel_id_key_,
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1235 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
1236 base::Unretained(this)),
nharper75ade892015-06-10 19:05:35[diff] [blame]1237 &channel_id_request_);
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1238}
1239
1240int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
nharper49b27d992016-02-09 18:28:51[diff] [blame]1241 net_log_.EndEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID,
1242 base::Bind(&NetLogChannelIDLookupCompleteCallback,
1243 channel_id_key_.get(), result));
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1244 if (result < 0)
1245 return result;
1246
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1247 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key
1248 // type.
davidben8a208fc2016-01-22 17:08:08[diff] [blame]1249 DCHECK(channel_id_key_);
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1250 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
nharper2e171cf2015-06-01 20:29:23[diff] [blame]1251 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1252 if (!rv) {
1253 LOG(ERROR) << "Failed to set Channel ID.";
1254 int err = SSL_get_error(ssl_, rv);
1255 return MapOpenSSLError(err, err_tracer);
1256 }
1257
1258 // Return to the handshake.
davidben52053b382015-04-27 19:22:29[diff] [blame]1259 channel_id_sent_ = true;
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1260 GotoState(STATE_HANDSHAKE);
1261 return OK;
1262}
1263
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1264int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
davidben30798ed82014-09-19 19:28:20[diff] [blame]1265 DCHECK(!server_cert_chain_->empty());
davidben09c3d072014-08-25 20:33:58[diff] [blame]1266 DCHECK(start_cert_verification_time_.is_null());
davidben30798ed82014-09-19 19:28:20[diff] [blame]1267
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1268 GotoState(STATE_VERIFY_CERT_COMPLETE);
1269
davidbenc6435a72015-08-17 18:28:52[diff] [blame]1270 // OpenSSL decoded the certificate, but the platform certificate
1271 // implementation could not. This is treated as a fatal SSL-level protocol
1272 // error rather than a certificate error. See https://crbug.com/91341.
1273 if (!server_cert_.get())
1274 return ERR_SSL_SERVER_CERT_BAD_FORMAT;
1275
davidben30798ed82014-09-19 19:28:20[diff] [blame]1276 // If the certificate is bad and has been previously accepted, use
1277 // the previous status and bypass the error.
1278 base::StringPiece der_cert;
1279 if (!x509_util::GetDER(server_cert_chain_->Get(0), &der_cert)) {
1280 NOTREACHED();
1281 return ERR_CERT_INVALID;
1282 }
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1283 CertStatus cert_status;
davidben30798ed82014-09-19 19:28:20[diff] [blame]1284 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1285 VLOG(1) << "Received an expected bad cert with status: " << cert_status;
1286 server_cert_verify_result_.Reset();
1287 server_cert_verify_result_.cert_status = cert_status;
1288 server_cert_verify_result_.verified_cert = server_cert_;
1289 return OK;
1290 }
1291
davidben15f57132015-04-27 18:08:36[diff] [blame]1292 std::string ocsp_response;
1293 if (cert_verifier_->SupportsOCSPStapling()) {
1294 const uint8_t* ocsp_response_raw;
1295 size_t ocsp_response_len;
1296 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);
1297 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw),
1298 ocsp_response_len);
1299 }
1300
davidben09c3d072014-08-25 20:33:58[diff] [blame]1301 start_cert_verification_time_ = base::TimeTicks::Now();
1302
eroman7f9236a2015-05-11 21:23:43[diff] [blame]1303 return cert_verifier_->Verify(
rtenneti807f9ea2015-06-24 16:26:31[diff] [blame]1304 server_cert_.get(), host_and_port_.host(), ocsp_response,
1305 ssl_config_.GetCertVerifyFlags(),
[email protected]591cffcd2014-08-18 20:02:30[diff] [blame]1306 // TODO(davidben): Route the CRLSet through SSLConfig so
1307 // SSLClientSocket doesn't depend on SSLConfigService.
davidben15f57132015-04-27 18:08:36[diff] [blame]1308 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_,
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1309 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
1310 base::Unretained(this)),
eroman7f9236a2015-05-11 21:23:43[diff] [blame]1311 &cert_verifier_request_, net_log_);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1312}
1313
1314int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
eroman7f9236a2015-05-11 21:23:43[diff] [blame]1315 cert_verifier_request_.reset();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1316
davidben09c3d072014-08-25 20:33:58[diff] [blame]1317 if (!start_cert_verification_time_.is_null()) {
1318 base::TimeDelta verify_time =
1319 base::TimeTicks::Now() - start_cert_verification_time_;
1320 if (result == OK) {
1321 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
1322 } else {
1323 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
1324 }
1325 }
1326
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]1327 const CertStatus cert_status = server_cert_verify_result_.cert_status;
1328 if (transport_security_state_ &&
1329 (result == OK ||
1330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
1331 !transport_security_state_->CheckPublicKeyPins(
estark1a66df72015-07-28 15:24:00[diff] [blame]1332 host_and_port_, server_cert_verify_result_.is_issued_by_known_root,
1333 server_cert_verify_result_.public_key_hashes, server_cert_.get(),
1334 server_cert_verify_result_.verified_cert.get(),
1335 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) {
[email protected]8bd4e7a2014-08-09 14:49:17[diff] [blame]1336 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
1337 }
1338
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1339 if (result == OK) {
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1340 // Only check Certificate Transparency if there were no other errors with
1341 // the connection.
1342 VerifyCT();
1343
davidbendafe4e52015-04-08 22:53:52[diff] [blame]1344 DCHECK(!certificate_verified_);
1345 certificate_verified_ = true;
1346 MaybeCacheSession();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1347 } else {
1348 DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result)
1349 << " (" << result << ")";
1350 }
1351
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]1352 completed_connect_ = true;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1353 // Exit DoHandshakeLoop and return the result to the caller to Connect.
1354 DCHECK_EQ(STATE_NONE, next_handshake_state_);
1355 return result;
1356}
1357
1358void SSLClientSocketOpenSSL::DoConnectCallback(int rv) {
1359 if (!user_connect_callback_.is_null()) {
1360 CompletionCallback c = user_connect_callback_;
1361 user_connect_callback_.Reset();
1362 c.Run(rv > OK ? OK : rv);
1363 }
1364}
1365
davidben30798ed82014-09-19 19:28:20[diff] [blame]1366void SSLClientSocketOpenSSL::UpdateServerCert() {
[email protected]76e85392014-03-20 17:54:14[diff] [blame]1367 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_));
[email protected]7f38da8a2014-03-17 16:44:26[diff] [blame]1368 server_cert_ = server_cert_chain_->AsOSChain();
davidben30798ed82014-09-19 19:28:20[diff] [blame]1369 if (server_cert_.get()) {
1370 net_log_.AddEvent(
1371 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
1372 base::Bind(&NetLogX509CertificateCallback,
1373 base::Unretained(server_cert_.get())));
1374 }
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1375}
1376
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1377void SSLClientSocketOpenSSL::VerifyCT() {
1378 if (!cert_transparency_verifier_)
1379 return;
1380
davidben54015aa2014-12-02 22:16:23[diff] [blame]1381 const uint8_t* ocsp_response_raw;
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1382 size_t ocsp_response_len;
1383 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);
1384 std::string ocsp_response;
1385 if (ocsp_response_len > 0) {
1386 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw),
1387 ocsp_response_len);
1388 }
1389
davidben54015aa2014-12-02 22:16:23[diff] [blame]1390 const uint8_t* sct_list_raw;
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1391 size_t sct_list_len;
1392 SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list_raw, &sct_list_len);
1393 std::string sct_list;
1394 if (sct_list_len > 0)
1395 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len);
1396
1397 // Note that this is a completely synchronous operation: The CT Log Verifier
1398 // gets all the data it needs for SCT verification and does not do any
1399 // external communication.
eranm6571b2b2014-12-03 15:53:23[diff] [blame]1400 cert_transparency_verifier_->Verify(
1401 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list,
1402 &ct_verify_result_, net_log_);
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1403
estark723b5eeb2016-02-18 21:01:12[diff] [blame]1404 ct_verify_result_.ct_policies_applied = (policy_enforcer_ != nullptr);
1405 ct_verify_result_.ev_policy_compliance =
1406 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;
estark0fc8d0782016-02-25 20:41:20[diff] [blame]1407 if (policy_enforcer_) {
1408 if ((server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) {
1409 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
1410 SSLConfigService::GetEVCertsWhitelist();
1411 ct::EVPolicyCompliance ev_policy_compliance =
1412 policy_enforcer_->DoesConformToCTEVPolicy(
1413 server_cert_verify_result_.verified_cert.get(),
1414 ev_whitelist.get(), ct_verify_result_.verified_scts, net_log_);
1415 ct_verify_result_.ev_policy_compliance = ev_policy_compliance;
1416 if (ev_policy_compliance !=
1417 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY &&
1418 ev_policy_compliance !=
1419 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST &&
1420 ev_policy_compliance !=
1421 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) {
1422 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
1423 VLOG(1) << "EV certificate for "
1424 << server_cert_verify_result_.verified_cert->subject()
1425 .GetDisplayName()
1426 << " does not conform to CT policy, removing EV status.";
1427 server_cert_verify_result_.cert_status |=
1428 CERT_STATUS_CT_COMPLIANCE_FAILED;
1429 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
1430 }
eranm6571b2b2014-12-03 15:53:23[diff] [blame]1431 }
estark0fc8d0782016-02-25 20:41:20[diff] [blame]1432 ct_verify_result_.cert_policy_compliance =
1433 policy_enforcer_->DoesConformToCertPolicy(
1434 server_cert_verify_result_.verified_cert.get(),
1435 ct_verify_result_.verified_scts, net_log_);
eranm6571b2b2014-12-03 15:53:23[diff] [blame]1436 }
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]1437}
1438
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1439void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {
1440 int rv = DoHandshakeLoop(result);
1441 if (rv != ERR_IO_PENDING) {
1442 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
1443 DoConnectCallback(rv);
1444 }
1445}
1446
1447void SSLClientSocketOpenSSL::OnSendComplete(int result) {
1448 if (next_handshake_state_ == STATE_HANDSHAKE) {
1449 // In handshake phase.
1450 OnHandshakeIOComplete(result);
1451 return;
1452 }
1453
davidben1d489522015-07-01 18:48:46[diff] [blame]1454 // During a renegotiation, a Read call may also be blocked on a transport
1455 // write, so retry both operations.
1456 PumpReadWriteEvents();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1457}
1458
1459void SSLClientSocketOpenSSL::OnRecvComplete(int result) {
1460 if (next_handshake_state_ == STATE_HANDSHAKE) {
1461 // In handshake phase.
1462 OnHandshakeIOComplete(result);
1463 return;
1464 }
1465
1466 // Network layer received some data, check if client requested to read
1467 // decrypted data.
1468 if (!user_read_buf_.get())
1469 return;
1470
davidben1b133ad2014-10-23 04:23:13[diff] [blame]1471 int rv = DoReadLoop();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1472 if (rv != ERR_IO_PENDING)
1473 DoReadCallback(rv);
1474}
1475
1476int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
1477 int rv = last_io_result;
1478 do {
1479 // Default to STATE_NONE for next state.
1480 // (This is a quirk carried over from the windows
1481 // implementation. It makes reading the logs a bit harder.)
1482 // State handlers can and often do call GotoState just
1483 // to stay in the current state.
1484 State state = next_handshake_state_;
1485 GotoState(STATE_NONE);
1486 switch (state) {
1487 case STATE_HANDSHAKE:
1488 rv = DoHandshake();
1489 break;
davidbenc4212c02015-05-12 22:30:18[diff] [blame]1490 case STATE_HANDSHAKE_COMPLETE:
1491 rv = DoHandshakeComplete(rv);
1492 break;
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1493 case STATE_CHANNEL_ID_LOOKUP:
1494 DCHECK_EQ(OK, rv);
1495 rv = DoChannelIDLookup();
1496 break;
1497 case STATE_CHANNEL_ID_LOOKUP_COMPLETE:
1498 rv = DoChannelIDLookupComplete(rv);
1499 break;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1500 case STATE_VERIFY_CERT:
[email protected]faff9852014-06-21 06:13:46[diff] [blame]1501 DCHECK_EQ(OK, rv);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1502 rv = DoVerifyCert(rv);
1503 break;
1504 case STATE_VERIFY_CERT_COMPLETE:
1505 rv = DoVerifyCertComplete(rv);
1506 break;
1507 case STATE_NONE:
1508 default:
1509 rv = ERR_UNEXPECTED;
1510 NOTREACHED() << "unexpected state" << state;
1511 break;
1512 }
1513
1514 bool network_moved = DoTransportIO();
1515 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
1516 // In general we exit the loop if rv is ERR_IO_PENDING. In this
1517 // special case we keep looping even if rv is ERR_IO_PENDING because
1518 // the transport IO may allow DoHandshake to make progress.
1519 rv = OK; // This causes us to stay in the loop.
1520 }
1521 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
1522 return rv;
1523}
1524
davidben1b133ad2014-10-23 04:23:13[diff] [blame]1525int SSLClientSocketOpenSSL::DoReadLoop() {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1526 bool network_moved;
1527 int rv;
1528 do {
1529 rv = DoPayloadRead();
1530 network_moved = DoTransportIO();
1531 } while (rv == ERR_IO_PENDING && network_moved);
1532
1533 return rv;
1534}
1535
davidben1b133ad2014-10-23 04:23:13[diff] [blame]1536int SSLClientSocketOpenSSL::DoWriteLoop() {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1537 bool network_moved;
1538 int rv;
1539 do {
1540 rv = DoPayloadWrite();
1541 network_moved = DoTransportIO();
1542 } while (rv == ERR_IO_PENDING && network_moved);
1543
1544 return rv;
1545}
1546
1547int SSLClientSocketOpenSSL::DoPayloadRead() {
1548 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
1549
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1550 DCHECK_LT(0, user_read_buf_len_);
1551 DCHECK(user_read_buf_.get());
1552
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1553 int rv;
davidben1d489522015-07-01 18:48:46[diff] [blame]1554 if (pending_read_error_ != kNoPendingResult) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1555 rv = pending_read_error_;
davidben1d489522015-07-01 18:48:46[diff] [blame]1556 pending_read_error_ = kNoPendingResult;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1557 if (rv == 0) {
1558 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
1559 rv, user_read_buf_->data());
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1560 } else {
1561 net_log_.AddEvent(
1562 NetLog::TYPE_SSL_READ_ERROR,
1563 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
1564 pending_read_error_info_));
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1565 }
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1566 pending_read_ssl_error_ = SSL_ERROR_NONE;
1567 pending_read_error_info_ = OpenSSLErrorInfo();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1568 return rv;
1569 }
1570
1571 int total_bytes_read = 0;
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1572 int ssl_ret;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1573 do {
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1574 ssl_ret = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read,
1575 user_read_buf_len_ - total_bytes_read);
1576 if (ssl_ret > 0)
1577 total_bytes_read += ssl_ret;
1578 } while (total_bytes_read < user_read_buf_len_ && ssl_ret > 0);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1579
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1580 // Although only the final SSL_read call may have failed, the failure needs to
1581 // processed immediately, while the information still available in OpenSSL's
1582 // error queue.
davidbenced4aa9b2015-05-12 21:22:35[diff] [blame]1583 if (ssl_ret <= 0) {
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1584 // A zero return from SSL_read may mean any of:
1585 // - The underlying BIO_read returned 0.
1586 // - The peer sent a close_notify.
1587 // - Any arbitrary error. https://crbug.com/466303
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1588 //
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1589 // TransportReadComplete converts the first to an ERR_CONNECTION_CLOSED
1590 // error, so it does not occur. The second and third are distinguished by
1591 // SSL_ERROR_ZERO_RETURN.
1592 pending_read_ssl_error_ = SSL_get_error(ssl_, ssl_ret);
1593 if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) {
1594 pending_read_error_ = 0;
davidbenced4aa9b2015-05-12 21:22:35[diff] [blame]1595 } else if (pending_read_ssl_error_ == SSL_ERROR_WANT_X509_LOOKUP &&
1596 !ssl_config_.send_client_cert) {
1597 pending_read_error_ = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
davidben1d489522015-07-01 18:48:46[diff] [blame]1598 } else if (pending_read_ssl_error_ ==
1599 SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) {
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1600 DCHECK(ssl_config_.client_private_key);
davidben1d489522015-07-01 18:48:46[diff] [blame]1601 DCHECK_NE(kNoPendingResult, signature_result_);
1602 pending_read_error_ = ERR_IO_PENDING;
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1603 } else {
1604 pending_read_error_ = MapOpenSSLErrorWithDetails(
1605 pending_read_ssl_error_, err_tracer, &pending_read_error_info_);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1606 }
1607
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1608 // Many servers do not reliably send a close_notify alert when shutting down
1609 // a connection, and instead terminate the TCP connection. This is reported
1610 // as ERR_CONNECTION_CLOSED. Because of this, map the unclean shutdown to a
1611 // graceful EOF, instead of treating it as an error as it should be.
1612 if (pending_read_error_ == ERR_CONNECTION_CLOSED)
1613 pending_read_error_ = 0;
1614 }
davidbenbe6ce7ec2014-10-20 19:15:56[diff] [blame]1615
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1616 if (total_bytes_read > 0) {
1617 // Return any bytes read to the caller. The error will be deferred to the
1618 // next call of DoPayloadRead.
1619 rv = total_bytes_read;
davidbenbe6ce7ec2014-10-20 19:15:56[diff] [blame]1620
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1621 // Do not treat insufficient data as an error to return in the next call to
1622 // DoPayloadRead() - instead, let the call fall through to check SSL_read()
1623 // again. This is because DoTransportIO() may complete in between the next
1624 // call to DoPayloadRead(), and thus it is important to check SSL_read() on
1625 // subsequent invocations to see if a complete record may now be read.
1626 if (pending_read_error_ == ERR_IO_PENDING)
davidben1d489522015-07-01 18:48:46[diff] [blame]1627 pending_read_error_ = kNoPendingResult;
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1628 } else {
1629 // No bytes were returned. Return the pending read error immediately.
davidben1d489522015-07-01 18:48:46[diff] [blame]1630 DCHECK_NE(kNoPendingResult, pending_read_error_);
davidben7e555daf2015-03-25 17:03:29[diff] [blame]1631 rv = pending_read_error_;
davidben1d489522015-07-01 18:48:46[diff] [blame]1632 pending_read_error_ = kNoPendingResult;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1633 }
1634
1635 if (rv >= 0) {
1636 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
1637 user_read_buf_->data());
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1638 } else if (rv != ERR_IO_PENDING) {
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1639 net_log_.AddEvent(
1640 NetLog::TYPE_SSL_READ_ERROR,
1641 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
1642 pending_read_error_info_));
1643 pending_read_ssl_error_ = SSL_ERROR_NONE;
1644 pending_read_error_info_ = OpenSSLErrorInfo();
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1645 }
1646 return rv;
1647}
1648
1649int SSLClientSocketOpenSSL::DoPayloadWrite() {
1650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
1651 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
rsleevif020edc2015-03-16 19:31:24[diff] [blame]1652
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1653 if (rv >= 0) {
1654 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
1655 user_write_buf_->data());
1656 return rv;
1657 }
1658
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1659 int ssl_error = SSL_get_error(ssl_, rv);
davidben1d489522015-07-01 18:48:46[diff] [blame]1660 if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION)
1661 return ERR_IO_PENDING;
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1662 OpenSSLErrorInfo error_info;
1663 int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
1664 &error_info);
1665
1666 if (net_error != ERR_IO_PENDING) {
davidbenb8c23212014-10-28 00:12:16[diff] [blame]1667 net_log_.AddEvent(
1668 NetLog::TYPE_SSL_WRITE_ERROR,
1669 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
1670 }
1671 return net_error;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1672}
1673
davidben1d489522015-07-01 18:48:46[diff] [blame]1674void SSLClientSocketOpenSSL::PumpReadWriteEvents() {
1675 int rv_read = ERR_IO_PENDING;
1676 int rv_write = ERR_IO_PENDING;
1677 bool network_moved;
1678 do {
1679 if (user_read_buf_.get())
1680 rv_read = DoPayloadRead();
1681 if (user_write_buf_.get())
1682 rv_write = DoPayloadWrite();
1683 network_moved = DoTransportIO();
1684 } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING &&
1685 (user_read_buf_.get() || user_write_buf_.get()) && network_moved);
1686
1687 // Performing the Read callback may cause |this| to be deleted. If this
1688 // happens, the Write callback should not be invoked. Guard against this by
1689 // holding a WeakPtr to |this| and ensuring it's still valid.
1690 base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr());
1691 if (user_read_buf_.get() && rv_read != ERR_IO_PENDING)
1692 DoReadCallback(rv_read);
1693
1694 if (!guard.get())
1695 return;
1696
1697 if (user_write_buf_.get() && rv_write != ERR_IO_PENDING)
1698 DoWriteCallback(rv_write);
1699}
1700
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1701int SSLClientSocketOpenSSL::BufferSend(void) {
1702 if (transport_send_busy_)
1703 return ERR_IO_PENDING;
1704
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1705 size_t buffer_read_offset;
1706 uint8_t* read_buf;
1707 size_t max_read;
1708 int status = BIO_zero_copy_get_read_buf(transport_bio_, &read_buf,
1709 &buffer_read_offset, &max_read);
1710 DCHECK_EQ(status, 1); // Should never fail.
1711 if (!max_read)
1712 return 0; // Nothing pending in the OpenSSL write BIO.
1713 CHECK_EQ(read_buf, reinterpret_cast<uint8_t*>(send_buffer_->StartOfBuffer()));
1714 CHECK_LT(buffer_read_offset, static_cast<size_t>(send_buffer_->capacity()));
1715 send_buffer_->set_offset(buffer_read_offset);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1716
1717 int rv = transport_->socket()->Write(
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1718 send_buffer_.get(), max_read,
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1719 base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete,
1720 base::Unretained(this)));
1721 if (rv == ERR_IO_PENDING) {
1722 transport_send_busy_ = true;
1723 } else {
1724 TransportWriteComplete(rv);
1725 }
1726 return rv;
1727}
1728
1729int SSLClientSocketOpenSSL::BufferRecv(void) {
1730 if (transport_recv_busy_)
1731 return ERR_IO_PENDING;
1732
1733 // Determine how much was requested from |transport_bio_| that was not
1734 // actually available.
1735 size_t requested = BIO_ctrl_get_read_request(transport_bio_);
1736 if (requested == 0) {
1737 // This is not a perfect match of error codes, as no operation is
1738 // actually pending. However, returning 0 would be interpreted as
1739 // a possible sign of EOF, which is also an inappropriate match.
1740 return ERR_IO_PENDING;
1741 }
1742
1743 // Known Issue: While only reading |requested| data is the more correct
1744 // implementation, it has the downside of resulting in frequent reads:
1745 // One read for the SSL record header (~5 bytes) and one read for the SSL
1746 // record body. Rather than issuing these reads to the underlying socket
1747 // (and constantly allocating new IOBuffers), a single Read() request to
1748 // fill |transport_bio_| is issued. As long as an SSL client socket cannot
1749 // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL
1750 // traffic, this over-subscribed Read()ing will not cause issues.
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1751
1752 size_t buffer_write_offset;
1753 uint8_t* write_buf;
1754 size_t max_write;
1755 int status = BIO_zero_copy_get_write_buf(transport_bio_, &write_buf,
1756 &buffer_write_offset, &max_write);
1757 DCHECK_EQ(status, 1); // Should never fail.
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1758 if (!max_write)
1759 return ERR_IO_PENDING;
1760
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1761 CHECK_EQ(write_buf,
1762 reinterpret_cast<uint8_t*>(recv_buffer_->StartOfBuffer()));
1763 CHECK_LT(buffer_write_offset, static_cast<size_t>(recv_buffer_->capacity()));
1764
1765 recv_buffer_->set_offset(buffer_write_offset);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1766 int rv = transport_->socket()->Read(
1767 recv_buffer_.get(),
1768 max_write,
1769 base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete,
1770 base::Unretained(this)));
1771 if (rv == ERR_IO_PENDING) {
1772 transport_recv_busy_ = true;
1773 } else {
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]1774 rv = TransportReadComplete(rv);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1775 }
1776 return rv;
1777}
1778
1779void SSLClientSocketOpenSSL::BufferSendComplete(int result) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1780 TransportWriteComplete(result);
1781 OnSendComplete(result);
1782}
1783
1784void SSLClientSocketOpenSSL::BufferRecvComplete(int result) {
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]1785 result = TransportReadComplete(result);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1786 OnRecvComplete(result);
1787}
1788
1789void SSLClientSocketOpenSSL::TransportWriteComplete(int result) {
1790 DCHECK(ERR_IO_PENDING != result);
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1791 int bytes_written = 0;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1792 if (result < 0) {
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]1793 // Record the error. Save it to be reported in a future read or write on
1794 // transport_bio_'s peer.
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]1795 transport_write_error_ = result;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1796 } else {
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1797 bytes_written = result;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1798 }
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1799 DCHECK_GE(send_buffer_->RemainingCapacity(), bytes_written);
1800 int ret = BIO_zero_copy_get_read_buf_done(transport_bio_, bytes_written);
1801 DCHECK_EQ(1, ret);
1802 transport_send_busy_ = false;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1803}
1804
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]1805int SSLClientSocketOpenSSL::TransportReadComplete(int result) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1806 DCHECK(ERR_IO_PENDING != result);
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]1807 // If an EOF, canonicalize to ERR_CONNECTION_CLOSED here so MapOpenSSLError
1808 // does not report success.
1809 if (result == 0)
1810 result = ERR_CONNECTION_CLOSED;
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1811 int bytes_read = 0;
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]1812 if (result < 0) {
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1813 DVLOG(1) << "TransportReadComplete result " << result;
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]1814 // Received an error. Save it to be reported in a future read on
1815 // transport_bio_'s peer.
1816 transport_read_error_ = result;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1817 } else {
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1818 bytes_read = result;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1819 }
haavardm2d92e722014-12-19 13:45:44[diff] [blame]1820 DCHECK_GE(recv_buffer_->RemainingCapacity(), bytes_read);
1821 int ret = BIO_zero_copy_get_write_buf_done(transport_bio_, bytes_read);
1822 DCHECK_EQ(1, ret);
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1823 transport_recv_busy_ = false;
[email protected]3e5c6922014-02-06 02:42:16[diff] [blame]1824 return result;
[email protected]b9b651f2013-11-09 04:32:22[diff] [blame]1825}
1826
[email protected]82c59022014-08-15 09:38:27[diff] [blame]1827int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
[email protected]5ac981e182010-12-06 17:56:27[diff] [blame]1828 DVLOG(3) << "OpenSSL ClientCertRequestCallback called";
1829 DCHECK(ssl == ssl_);
[email protected]82c59022014-08-15 09:38:27[diff] [blame]1830
davidbenaf42cbe2014-11-13 03:27:46[diff] [blame]1831 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED);
1832
[email protected]82c59022014-08-15 09:38:27[diff] [blame]1833 // Clear any currently configured certificates.
1834 SSL_certs_clear(ssl_);
[email protected]97a854f2014-07-29 07:51:36[diff] [blame]1835
1836#if defined(OS_IOS)
1837 // TODO(droger): Support client auth on iOS. See http://crbug.com/145954).
1838 LOG(WARNING) << "Client auth is not supported";
1839#else // !defined(OS_IOS)
[email protected]5ac981e182010-12-06 17:56:27[diff] [blame]1840 if (!ssl_config_.send_client_cert) {
[email protected]515adc22013-01-09 16:01:23[diff] [blame]1841 // First pass: we know that a client certificate is needed, but we do not
1842 // have one at hand.
[email protected]515adc22013-01-09 16:01:23[diff] [blame]1843 STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
[email protected]edfd0f42014-07-22 18:20:37[diff] [blame]1844 for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) {
[email protected]515adc22013-01-09 16:01:23[diff] [blame]1845 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
1846 unsigned char* str = NULL;
1847 int length = i2d_X509_NAME(ca_name, &str);
1848 cert_authorities_.push_back(std::string(
1849 reinterpret_cast<const char*>(str),
1850 static_cast<size_t>(length)));
1851 OPENSSL_free(str);
1852 }
1853
[email protected]c0787702014-05-20 21:51:44[diff] [blame]1854 const unsigned char* client_cert_types;
[email protected]e7e883e2014-07-25 06:03:08[diff] [blame]1855 size_t num_client_cert_types =
1856 SSL_get0_certificate_types(ssl, &client_cert_types);
[email protected]c0787702014-05-20 21:51:44[diff] [blame]1857 for (size_t i = 0; i < num_client_cert_types; i++) {
1858 cert_key_types_.push_back(
1859 static_cast<SSLClientCertType>(client_cert_types[i]));
1860 }
1861
davidbenced4aa9b2015-05-12 21:22:35[diff] [blame]1862 // Suspends handshake. SSL_get_error will return SSL_ERROR_WANT_X509_LOOKUP.
1863 return -1;
[email protected]5ac981e182010-12-06 17:56:27[diff] [blame]1864 }
1865
1866 // Second pass: a client certificate should have been selected.
[email protected]13914c92013-06-13 22:42:42[diff] [blame]1867 if (ssl_config_.client_cert.get()) {
[email protected]6bad5052014-07-12 01:25:13[diff] [blame]1868 ScopedX509 leaf_x509 =
1869 OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle());
1870 if (!leaf_x509) {
1871 LOG(WARNING) << "Failed to import certificate";
1872 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT);
1873 return -1;
1874 }
1875
[email protected]82c59022014-08-15 09:38:27[diff] [blame]1876 ScopedX509Stack chain = OSCertHandlesToOpenSSL(
1877 ssl_config_.client_cert->GetIntermediateCertificates());
1878 if (!chain) {
1879 LOG(WARNING) << "Failed to import intermediate certificates";
1880 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT);
1881 return -1;
1882 }
1883
davidben1d489522015-07-01 18:48:46[diff] [blame]1884 if (!SSL_use_certificate(ssl_, leaf_x509.get()) ||
1885 !SSL_set1_chain(ssl_, chain.get())) {
1886 LOG(WARNING) << "Failed to set client certificate";
1887 return -1;
1888 }
1889
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1890 if (!ssl_config_.client_private_key) {
1891 // The caller supplied a null private key. Fail the handshake and surface
1892 // an appropriate error to the caller.
davidben1d489522015-07-01 18:48:46[diff] [blame]1893 LOG(WARNING) << "Client cert found without private key";
1894 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY);
1895 return -1;
1896 }
1897
1898 SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod);
svaldezf3db006f2015-09-29 16:43:58[diff] [blame]1899
1900 std::vector<SSLPrivateKey::Hash> digest_prefs =
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1901 ssl_config_.client_private_key->GetDigestPreferences();
svaldezf3db006f2015-09-29 16:43:58[diff] [blame]1902
1903 size_t digests_len = digest_prefs.size();
1904 std::vector<int> digests;
1905 for (size_t i = 0; i < digests_len; i++) {
1906 switch (digest_prefs[i]) {
1907 case SSLPrivateKey::Hash::SHA1:
1908 digests.push_back(NID_sha1);
1909 break;
1910 case SSLPrivateKey::Hash::SHA256:
1911 digests.push_back(NID_sha256);
1912 break;
1913 case SSLPrivateKey::Hash::SHA384:
1914 digests.push_back(NID_sha384);
1915 break;
1916 case SSLPrivateKey::Hash::SHA512:
1917 digests.push_back(NID_sha512);
1918 break;
1919 case SSLPrivateKey::Hash::MD5_SHA1:
1920 // MD5-SHA1 is not used in TLS 1.2.
1921 break;
1922 }
1923 }
1924
davidben5f8b6bc2015-11-25 03:19:54[diff] [blame]1925 SSL_set_private_key_digest_prefs(ssl_, digests.data(), digests.size());
davidbenaf42cbe2014-11-13 03:27:46[diff] [blame]1926
1927 int cert_count = 1 + sk_X509_num(chain.get());
1928 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
tfarina5e24b242015-10-27 13:11:28[diff] [blame]1929 NetLog::IntCallback("cert_count", cert_count));
[email protected]6bad5052014-07-12 01:25:13[diff] [blame]1930 return 1;
[email protected]c0787702014-05-20 21:51:44[diff] [blame]1931 }
[email protected]97a854f2014-07-29 07:51:36[diff] [blame]1932#endif // defined(OS_IOS)
[email protected]5ac981e182010-12-06 17:56:27[diff] [blame]1933
1934 // Send no client certificate.
davidbenaf42cbe2014-11-13 03:27:46[diff] [blame]1935 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
tfarina5e24b242015-10-27 13:11:28[diff] [blame]1936 NetLog::IntCallback("cert_count", 0));
[email protected]82c59022014-08-15 09:38:27[diff] [blame]1937 return 1;
[email protected]5ac981e182010-12-06 17:56:27[diff] [blame]1938}
1939
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]1940int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
[email protected]64b5c892014-08-08 09:39:26[diff] [blame]1941 if (!completed_connect_) {
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]1942 // If the first handshake hasn't completed then we accept any certificates
1943 // because we verify after the handshake.
1944 return 1;
1945 }
1946
davidben30798ed82014-09-19 19:28:20[diff] [blame]1947 // Disallow the server certificate to change in a renegotiation.
1948 if (server_cert_chain_->empty()) {
[email protected]76e85392014-03-20 17:54:14[diff] [blame]1949 LOG(ERROR) << "Received invalid certificate chain between handshakes";
davidben30798ed82014-09-19 19:28:20[diff] [blame]1950 return 0;
1951 }
1952 base::StringPiece old_der, new_der;
1953 if (store_ctx->cert == NULL ||
1954 !x509_util::GetDER(server_cert_chain_->Get(0), &old_der) ||
1955 !x509_util::GetDER(store_ctx->cert, &new_der)) {
1956 LOG(ERROR) << "Failed to encode certificates";
1957 return 0;
1958 }
1959 if (old_der != new_der) {
[email protected]76e85392014-03-20 17:54:14[diff] [blame]1960 LOG(ERROR) << "Server certificate changed between handshakes";
davidben30798ed82014-09-19 19:28:20[diff] [blame]1961 return 0;
1962 }
1963
1964 return 1;
[email protected]b051cdb62014-02-28 02:20:16[diff] [blame]1965}
1966
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1967// SelectNextProtoCallback is called by OpenSSL during the handshake. If the
1968// server supports NPN, selects a protocol from the list that the server
thestigc23b8ec42016-01-08 01:41:12[diff] [blame]1969// provides. According to third_party/boringssl/src/ssl/ssl_lib.c, the
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1970// callback can assume that |in| is syntactically valid.
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]1971int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
1972 unsigned char* outlen,
1973 const unsigned char* in,
1974 unsigned int inlen) {
bnc1f295372015-10-21 23:24:22[diff] [blame]1975 if (ssl_config_.npn_protos.empty()) {
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]1976 *out = reinterpret_cast<uint8_t*>(
[email protected]168a8412012-06-14 05:05:49[diff] [blame]1977 const_cast<char*>(kDefaultSupportedNPNProtocol));
1978 *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
1979 npn_status_ = kNextProtoUnsupported;
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]1980 return SSL_TLSEXT_ERR_OK;
1981 }
1982
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1983 // Assume there's no overlap between our protocols and the server's list.
[email protected]168a8412012-06-14 05:05:49[diff] [blame]1984 npn_status_ = kNextProtoNoOverlap;
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1985
1986 // For each protocol in server preference order, see if we support it.
1987 for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
bnc1f295372015-10-21 23:24:22[diff] [blame]1988 for (NextProto next_proto : ssl_config_.npn_protos) {
bnc0d23cf42014-12-11 14:09:46[diff] [blame]1989 const std::string proto = NextProtoToString(next_proto);
1990 if (in[i] == proto.size() &&
1991 memcmp(&in[i + 1], proto.data(), in[i]) == 0) {
[email protected]168a8412012-06-14 05:05:49[diff] [blame]1992 // We found a match.
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1993 *out = const_cast<unsigned char*>(in) + i + 1;
1994 *outlen = in[i];
[email protected]168a8412012-06-14 05:05:49[diff] [blame]1995 npn_status_ = kNextProtoNegotiated;
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]1996 break;
1997 }
1998 }
[email protected]168a8412012-06-14 05:05:49[diff] [blame]1999 if (npn_status_ == kNextProtoNegotiated)
[email protected]ae7c9f42011-11-21 11:41:16[diff] [blame]2000 break;
2001 }
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]2002
bncde27dae2015-10-06 07:11:02[diff] [blame]2003 // If we didn't find a protocol, we select the last one from our list.
[email protected]168a8412012-06-14 05:05:49[diff] [blame]2004 if (npn_status_ == kNextProtoNoOverlap) {
bnc67da3de2015-01-15 21:02:26[diff] [blame]2005 // NextProtoToString returns a pointer to a static string.
bnc1f295372015-10-21 23:24:22[diff] [blame]2006 const char* proto = NextProtoToString(ssl_config_.npn_protos.back());
bnc67da3de2015-01-15 21:02:26[diff] [blame]2007 *out = reinterpret_cast<unsigned char*>(const_cast<char*>(proto));
2008 *outlen = strlen(proto);
[email protected]168a8412012-06-14 05:05:49[diff] [blame]2009 }
2010
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]2011 npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
[email protected]32e1dee2010-12-09 18:36:24[diff] [blame]2012 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
bnc0d28ea52014-10-13 15:15:38[diff] [blame]2013 set_negotiation_extension(kExtensionNPN);
[email protected]ea4a1c6a2010-12-09 13:33:28[diff] [blame]2014 return SSL_TLSEXT_ERR_OK;
2015}
2016
[email protected]5aea79182014-07-14 20:43:41[diff] [blame]2017long SSLClientSocketOpenSSL::MaybeReplayTransportError(
2018 BIO *bio,
2019 int cmd,
2020 const char *argp, int argi, long argl,
2021 long retvalue) {
2022 if (cmd == (BIO_CB_READ|BIO_CB_RETURN) && retvalue <= 0) {
2023 // If there is no more data in the buffer, report any pending errors that
2024 // were observed. Note that both the readbuf and the writebuf are checked
2025 // for errors, since the application may have encountered a socket error
2026 // while writing that would otherwise not be reported until the application
2027 // attempted to write again - which it may never do. See
2028 // https://crbug.com/249848.
2029 if (transport_read_error_ != OK) {
2030 OpenSSLPutNetError(FROM_HERE, transport_read_error_);
2031 return -1;
2032 }
2033 if (transport_write_error_ != OK) {
2034 OpenSSLPutNetError(FROM_HERE, transport_write_error_);
2035 return -1;
2036 }
2037 } else if (cmd == BIO_CB_WRITE) {
2038 // Because of the write buffer, this reports a failure from the previous
2039 // write payload. If the current payload fails to write, the error will be
2040 // reported in a future write or read to |bio|.
2041 if (transport_write_error_ != OK) {
2042 OpenSSLPutNetError(FROM_HERE, transport_write_error_);
2043 return -1;
2044 }
2045 }
2046 return retvalue;
2047}
2048
2049// static
2050long SSLClientSocketOpenSSL::BIOCallback(
2051 BIO *bio,
2052 int cmd,
2053 const char *argp, int argi, long argl,
2054 long retvalue) {
2055 SSLClientSocketOpenSSL* socket = reinterpret_cast<SSLClientSocketOpenSSL*>(
2056 BIO_get_callback_arg(bio));
2057 CHECK(socket);
2058 return socket->MaybeReplayTransportError(
2059 bio, cmd, argp, argi, argl, retvalue);
2060}
2061
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2062void SSLClientSocketOpenSSL::MaybeCacheSession() {
davidben44aeae62015-06-24 20:47:43[diff] [blame]2063 // Only cache the session once both a new session has been established and the
2064 // certificate has been verified. Due to False Start, these events may happen
2065 // in either order.
2066 if (!session_pending_ || !certificate_verified_)
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2067 return;
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2068
2069 SSLContext::GetInstance()->session_cache()->Insert(GetSessionCacheKey(),
2070 SSL_get_session(ssl_));
davidben44aeae62015-06-24 20:47:43[diff] [blame]2071 session_pending_ = false;
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2072}
2073
davidben44aeae62015-06-24 20:47:43[diff] [blame]2074int SSLClientSocketOpenSSL::NewSessionCallback(SSL_SESSION* session) {
2075 DCHECK_EQ(session, SSL_get_session(ssl_));
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2076
davidben44aeae62015-06-24 20:47:43[diff] [blame]2077 // Only sessions from the initial handshake get cached. Note this callback may
2078 // be signaled on abbreviated handshakes if the ticket was renewed.
2079 session_pending_ = true;
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2080 MaybeCacheSession();
davidben44aeae62015-06-24 20:47:43[diff] [blame]2081
2082 // OpenSSL passes a reference to |session|, but the session cache does not
2083 // take this reference, so release it.
2084 SSL_SESSION_free(session);
2085 return 1;
davidbendafe4e52015-04-08 22:53:52[diff] [blame]2086}
2087
estark723b5eeb2016-02-18 21:01:12[diff] [blame]2088void SSLClientSocketOpenSSL::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
2089 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_);
davidbeneb5f8ef32014-09-04 14:14:32[diff] [blame]2090}
2091
rsleevif020edc2015-03-16 19:31:24[diff] [blame]2092std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const {
2093 std::string result = host_and_port_.ToString();
2094 result.append("/");
2095 result.append(ssl_session_cache_shard_);
2096
2097 // Shard the session cache based on maximum protocol version. This causes
2098 // fallback connections to use a separate session cache.
2099 result.append("/");
2100 switch (ssl_config_.version_max) {
rsleevif020edc2015-03-16 19:31:24[diff] [blame]2101 case SSL_PROTOCOL_VERSION_TLS1:
2102 result.append("tls1");
2103 break;
2104 case SSL_PROTOCOL_VERSION_TLS1_1:
2105 result.append("tls1.1");
2106 break;
2107 case SSL_PROTOCOL_VERSION_TLS1_2:
2108 result.append("tls1.2");
2109 break;
2110 default:
2111 NOTREACHED();
2112 }
2113
davidbena4c9d062015-04-03 22:34:25[diff] [blame]2114 result.append("/");
davidben14b1a532015-10-30 16:01:09[diff] [blame]2115 if (ssl_config_.deprecated_cipher_suites_enabled)
davidbena4c9d062015-04-03 22:34:25[diff] [blame]2116 result.append("deprecated");
2117
davidbenee39de02015-10-16 19:53:18[diff] [blame]2118 result.append("/");
2119 if (ssl_config_.channel_id_enabled)
2120 result.append("channelid");
2121
rsleevif020edc2015-03-16 19:31:24[diff] [blame]2122 return result;
2123}
2124
davidben421116c2015-05-12 19:56:51[diff] [blame]2125bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const {
nharper736ceda2015-11-07 00:16:59[diff] [blame]2126 if (tb_was_negotiated_)
2127 return false;
2128
davidben421116c2015-05-12 19:56:51[diff] [blame]2129 if (npn_status_ == kNextProtoUnsupported)
2130 return ssl_config_.renego_allowed_default;
2131
2132 NextProto next_proto = NextProtoFromString(npn_proto_);
2133 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) {
2134 if (next_proto == allowed)
2135 return true;
2136 }
2137 return false;
2138}
2139
davidben1d489522015-07-01 18:48:46[diff] [blame]2140int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2141 switch (ssl_config_.client_private_key->GetType()) {
davidben1d489522015-07-01 18:48:46[diff] [blame]2142 case SSLPrivateKey::Type::RSA:
2143 return EVP_PKEY_RSA;
2144 case SSLPrivateKey::Type::ECDSA:
2145 return EVP_PKEY_EC;
2146 }
2147 NOTREACHED();
2148 return EVP_PKEY_NONE;
2149}
2150
davidben1d489522015-07-01 18:48:46[diff] [blame]2151size_t SSLClientSocketOpenSSL::PrivateKeyMaxSignatureLenCallback() {
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2152 return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
davidben1d489522015-07-01 18:48:46[diff] [blame]2153}
2154
2155ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
2156 uint8_t* out,
2157 size_t* out_len,
2158 size_t max_out,
2159 const EVP_MD* md,
2160 const uint8_t* in,
2161 size_t in_len) {
2162 DCHECK_EQ(kNoPendingResult, signature_result_);
2163 DCHECK(signature_.empty());
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2164 DCHECK(ssl_config_.client_private_key);
davidben1d489522015-07-01 18:48:46[diff] [blame]2165
davidben1d489522015-07-01 18:48:46[diff] [blame]2166 SSLPrivateKey::Hash hash;
2167 if (!EVP_MDToPrivateKeyHash(md, &hash)) {
2168 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
2169 return ssl_private_key_failure;
2170 }
2171
davidben752bcf22015-12-21 22:55:50[diff] [blame]2172 net_log_.BeginEvent(
2173 NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
2174 base::Bind(&NetLogPrivateKeyOperationCallback,
2175 ssl_config_.client_private_key->GetType(), hash));
2176
davidben1d489522015-07-01 18:48:46[diff] [blame]2177 signature_result_ = ERR_IO_PENDING;
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2178 ssl_config_.client_private_key->SignDigest(
davidben1d489522015-07-01 18:48:46[diff] [blame]2179 hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
2180 base::Bind(&SSLClientSocketOpenSSL::OnPrivateKeySignComplete,
2181 weak_factory_.GetWeakPtr()));
2182 return ssl_private_key_retry;
2183}
2184
2185ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCompleteCallback(
2186 uint8_t* out,
2187 size_t* out_len,
2188 size_t max_out) {
2189 DCHECK_NE(kNoPendingResult, signature_result_);
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2190 DCHECK(ssl_config_.client_private_key);
davidben1d489522015-07-01 18:48:46[diff] [blame]2191
2192 if (signature_result_ == ERR_IO_PENDING)
2193 return ssl_private_key_retry;
2194 if (signature_result_ != OK) {
2195 OpenSSLPutNetError(FROM_HERE, signature_result_);
2196 return ssl_private_key_failure;
2197 }
2198 if (signature_.size() > max_out) {
2199 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
2200 return ssl_private_key_failure;
2201 }
davidben5f8b6bc2015-11-25 03:19:54[diff] [blame]2202 memcpy(out, signature_.data(), signature_.size());
davidben1d489522015-07-01 18:48:46[diff] [blame]2203 *out_len = signature_.size();
2204 signature_.clear();
2205 return ssl_private_key_success;
2206}
2207
2208void SSLClientSocketOpenSSL::OnPrivateKeySignComplete(
2209 Error error,
2210 const std::vector<uint8_t>& signature) {
2211 DCHECK_EQ(ERR_IO_PENDING, signature_result_);
2212 DCHECK(signature_.empty());
svaldez7872fd02015-11-19 21:10:54[diff] [blame]2213 DCHECK(ssl_config_.client_private_key);
davidben1d489522015-07-01 18:48:46[diff] [blame]2214
2215 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
2216 error);
2217
2218 signature_result_ = error;
2219 if (signature_result_ == OK)
2220 signature_ = signature;
2221
2222 if (next_handshake_state_ == STATE_HANDSHAKE) {
2223 OnHandshakeIOComplete(signature_result_);
2224 return;
2225 }
2226
2227 // During a renegotiation, either Read or Write calls may be blocked on an
2228 // asynchronous private key operation.
2229 PumpReadWriteEvents();
2230}
2231
nharper736ceda2015-11-07 00:16:59[diff] [blame]2232int SSLClientSocketOpenSSL::TokenBindingAdd(const uint8_t** out,
2233 size_t* out_len,
2234 int* out_alert_value) {
2235 if (ssl_config_.token_binding_params.empty()) {
2236 return 0;
2237 }
davidben7dad2a32016-03-01 23:47:47[diff] [blame]2238 crypto::AutoCBB output;
nharper736ceda2015-11-07 00:16:59[diff] [blame]2239 CBB parameters_list;
2240 if (!CBB_init(output.get(), 7) ||
2241 !CBB_add_u8(output.get(), kTbProtocolVersionMajor) ||
2242 !CBB_add_u8(output.get(), kTbProtocolVersionMinor) ||
2243 !CBB_add_u8_length_prefixed(output.get(), &parameters_list)) {
2244 *out_alert_value = SSL_AD_INTERNAL_ERROR;
2245 return -1;
2246 }
2247 for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) {
2248 if (!CBB_add_u8(&parameters_list, ssl_config_.token_binding_params[i])) {
2249 *out_alert_value = SSL_AD_INTERNAL_ERROR;
2250 return -1;
2251 }
2252 }
2253 // |*out| will be freed by TokenBindingFreeCallback.
2254 if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) {
2255 *out_alert_value = SSL_AD_INTERNAL_ERROR;
2256 return -1;
2257 }
2258
2259 return 1;
2260}
2261
2262int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents,
2263 size_t contents_len,
2264 int* out_alert_value) {
2265 if (completed_connect_) {
2266 // Token Binding may only be negotiated on the initial handshake.
2267 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
2268 return 0;
2269 }
2270
2271 CBS extension;
2272 CBS_init(&extension, contents, contents_len);
2273
2274 CBS parameters_list;
2275 uint8_t version_major, version_minor, param;
2276 if (!CBS_get_u8(&extension, &version_major) ||
2277 !CBS_get_u8(&extension, &version_minor) ||
2278 !CBS_get_u8_length_prefixed(&extension, &parameters_list) ||
2279 !CBS_get_u8(&parameters_list, &param) || CBS_len(&parameters_list) > 0 ||
2280 CBS_len(&extension) > 0) {
2281 *out_alert_value = SSL_AD_DECODE_ERROR;
2282 return 0;
2283 }
2284 // The server-negotiated version must be less than or equal to our version.
2285 if (version_major > kTbProtocolVersionMajor ||
2286 (version_minor > kTbProtocolVersionMinor &&
2287 version_major == kTbProtocolVersionMajor)) {
2288 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
2289 return 0;
2290 }
2291 // If the version the server negotiated is older than we support, don't fail
2292 // parsing the extension, but also don't set |negotiated_|.
2293 if (version_major < kTbMinProtocolVersionMajor ||
2294 (version_minor < kTbMinProtocolVersionMinor &&
2295 version_major == kTbMinProtocolVersionMajor)) {
2296 return 1;
2297 }
2298
2299 for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) {
2300 if (param == ssl_config_.token_binding_params[i]) {
2301 tb_negotiated_param_ = ssl_config_.token_binding_params[i];
2302 tb_was_negotiated_ = true;
2303 return 1;
2304 }
2305 }
2306
2307 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
2308 return 0;
2309}
2310
[email protected]7e5dd49f2010-12-08 18:33:49[diff] [blame]2311} // namespace net