summaryrefslogtreecommitdiff
path: root/chromium/net/socket/ssl_client_socket_impl.cc
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2018-05-03 13:42:47 +0200
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2018-05-15 10:27:51 +0000
commit8c5c43c7b138c9b4b0bf56d946e61d3bbc111bec (patch)
treed29d987c4d7b173cf853279b79a51598f104b403 /chromium/net/socket/ssl_client_socket_impl.cc
parent830c9e163d31a9180fadca926b3e1d7dfffb5021 (diff)
downloadqtwebengine-chromium-8c5c43c7b138c9b4b0bf56d946e61d3bbc111bec.tar.gz
BASELINE: Update Chromium to 66.0.3359.156
Change-Id: I0c9831ad39911a086b6377b16f995ad75a51e441 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/net/socket/ssl_client_socket_impl.cc')
-rw-r--r--chromium/net/socket/ssl_client_socket_impl.cc218
1 files changed, 26 insertions, 192 deletions
diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc
index c584e8e0f77..550267a7569 100644
--- a/chromium/net/socket/ssl_client_socket_impl.cc
+++ b/chromium/net/socket/ssl_client_socket_impl.cc
@@ -34,6 +34,7 @@
#include "net/base/ip_address.h"
#include "net/base/net_errors.h"
#include "net/base/trace_constants.h"
+#include "net/base/url_util.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_policy_enforcer.h"
#include "net/cert/ct_policy_status.h"
@@ -80,15 +81,6 @@ const int kNoPendingResult = 1;
// Default size of the internal BoringSSL buffers.
const int kDefaultOpenSSLBufferSize = 17 * 1024;
-// TLS extension number use for Token Binding.
-const unsigned int kTbExtNum = 24;
-
-// Token Binding ProtocolVersions supported.
-const uint8_t kTbProtocolVersionMajor = 0;
-const uint8_t kTbProtocolVersionMinor = 13;
-const uint8_t kTbMinProtocolVersionMajor = 0;
-const uint8_t kTbMinProtocolVersionMinor = 10;
-
const base::Feature kPostQuantumPadding{"PostQuantumPadding",
base::FEATURE_DISABLED_BY_DEFAULT};
@@ -352,47 +344,6 @@ class SSLClientSocketImpl::SSLContext {
SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool());
SSL_CTX_set_msg_callback(ssl_ctx_.get(), MessageCallback);
-
- if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
- &TokenBindingAddCallback,
- &TokenBindingFreeCallback, nullptr,
- &TokenBindingParseCallback, nullptr)) {
- NOTREACHED();
- }
- }
-
- static int TokenBindingAddCallback(SSL* ssl,
- unsigned int extension_value,
- const uint8_t** out,
- size_t* out_len,
- int* out_alert_value,
- void* add_arg) {
- DCHECK_EQ(extension_value, kTbExtNum);
- SSLClientSocketImpl* socket =
- SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
- ssl);
- return socket->TokenBindingAdd(out, out_len, out_alert_value);
- }
-
- static void TokenBindingFreeCallback(SSL* ssl,
- unsigned extension_value,
- const uint8_t* out,
- void* add_arg) {
- DCHECK_EQ(extension_value, kTbExtNum);
- OPENSSL_free(const_cast<unsigned char*>(out));
- }
-
- static int TokenBindingParseCallback(SSL* ssl,
- unsigned int extension_value,
- const uint8_t* contents,
- size_t contents_len,
- int* out_alert_value,
- void* parse_arg) {
- DCHECK_EQ(extension_value, kTbExtNum);
- SSLClientSocketImpl* socket =
- SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
- ssl);
- return socket->TokenBindingParse(contents, contents_len, out_alert_value);
}
static int ClientCertRequestCallback(SSL* ssl, void* arg) {
@@ -492,8 +443,6 @@ SSLClientSocketImpl::SSLClientSocketImpl(
cert_verifier_(context.cert_verifier),
cert_transparency_verifier_(context.cert_transparency_verifier),
channel_id_service_(context.channel_id_service),
- tb_was_negotiated_(false),
- tb_negotiated_param_(TB_PARAM_ECDSAP256),
tb_signature_map_(10),
transport_(std::move(transport_socket)),
host_and_port_(host_and_port),
@@ -767,8 +716,10 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->client_cert_sent =
ssl_config_.send_client_cert && ssl_config_.client_cert.get();
ssl_info->channel_id_sent = channel_id_sent_;
- ssl_info->token_binding_negotiated = tb_was_negotiated_;
- ssl_info->token_binding_key_param = tb_negotiated_param_;
+ ssl_info->token_binding_negotiated =
+ SSL_is_token_binding_negotiated(ssl_.get());
+ ssl_info->token_binding_key_param = static_cast<net::TokenBindingParam>(
+ SSL_get_negotiated_token_binding_param(ssl_.get()));
ssl_info->pinning_failure_log = pinning_failure_log_;
ssl_info->ocsp_result = server_cert_verify_result_.ocsp_result;
ssl_info->is_fatal_cert_error = is_fatal_cert_error_;
@@ -948,15 +899,9 @@ int SSLClientSocketImpl::Init() {
}
switch (ssl_config_.tls13_variant) {
- case kTLS13VariantDraft22:
- SSL_set_tls13_variant(ssl_.get(), tls13_draft22);
- break;
case kTLS13VariantDraft23:
SSL_set_tls13_variant(ssl_.get(), tls13_default);
break;
- case kTLS13VariantExperiment2:
- SSL_set_tls13_variant(ssl_.get(), tls13_experiment2);
- break;
}
const int dummy_pq_padding_len = base::GetFieldTrialParamByFeatureAsInt(
@@ -1016,6 +961,12 @@ int SSLClientSocketImpl::Init() {
SSL_enable_tls_channel_id(ssl_.get());
}
+ if (!ssl_config_.token_binding_params.empty()) {
+ std::vector<uint8_t> params(ssl_config_.token_binding_params.begin(),
+ ssl_config_.token_binding_params.end());
+ SSL_set_token_binding_params(ssl_.get(), params.data(), params.size());
+ }
+
if (!ssl_config_.alpn_protos.empty()) {
std::vector<uint8_t> wire_protos =
SerializeNextProtos(ssl_config_.alpn_protos);
@@ -1169,14 +1120,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
GetSessionCacheKey());
}
- // Check that if token binding was negotiated, then extended master secret
- // and renegotiation indication must also be negotiated.
- if (tb_was_negotiated_ &&
- !(SSL_get_extms_support(ssl_.get()) &&
- SSL_get_secure_renegotiation_support(ssl_.get()))) {
- return ERR_SSL_PROTOCOL_ERROR;
- }
-
const uint8_t* alpn_proto = NULL;
unsigned alpn_len = 0;
SSL_get0_alpn_selected(ssl_.get(), &alpn_proto, &alpn_len);
@@ -1187,7 +1130,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
}
RecordNegotiatedProtocol();
- RecordChannelIDSupport();
const uint8_t* ocsp_response_raw;
size_t ocsp_response_len;
@@ -1208,6 +1150,16 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
base::UmaHistogramSparse("Net.SSLSignatureAlgorithm", signature_algorithm);
}
+ if (IsTLS13ExperimentHost(host_and_port_.host())) {
+ // To measure the effects of TLS 1.3's anti-downgrade mechanism, record
+ // whether the codepath would have been blocked against servers known to
+ // implement draft TLS 1.3. This should be a safe security measure to
+ // enable, but some middleboxes have non-compliant behavior here. See
+ // https://crbug.com/boringssl/226.
+ UMA_HISTOGRAM_BOOLEAN("Net.SSLDraftDowngradeTLS13Experiment",
+ !!SSL_is_draft_downgrade(ssl_.get()));
+ }
+
// Verify the certificate.
next_handshake_state_ = STATE_VERIFY_CERT;
return OK;
@@ -1328,7 +1280,7 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
break;
case TransportSecurityState::PKPStatus::BYPASSED:
pkp_bypassed_ = true;
- // Fall through.
+ FALLTHROUGH;
case TransportSecurityState::PKPStatus::OK:
// Do nothing.
break;
@@ -1383,9 +1335,7 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
void SSLClientSocketImpl::DoConnectCallback(int rv) {
if (!user_connect_callback_.is_null()) {
- CompletionCallback c = user_connect_callback_;
- user_connect_callback_.Reset();
- c.Run(rv > OK ? OK : rv);
+ base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv);
}
}
@@ -1795,7 +1745,7 @@ std::string SSLClientSocketImpl::GetSessionCacheKey() const {
}
bool SSLClientSocketImpl::IsRenegotiationAllowed() const {
- if (tb_was_negotiated_)
+ if (SSL_is_token_binding_negotiated(ssl_.get()))
return false;
if (negotiated_protocol_ == kProtoUnknown)
@@ -1826,8 +1776,8 @@ ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback(
signature_result_ = ERR_IO_PENDING;
ssl_config_.client_private_key->Sign(
algorithm, base::make_span(in, in_len),
- base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete,
- weak_factory_.GetWeakPtr()));
+ base::BindOnce(&SSLClientSocketImpl::OnPrivateKeyComplete,
+ weak_factory_.GetWeakPtr()));
return ssl_private_key_retry;
}
@@ -1888,103 +1838,11 @@ void SSLClientSocketImpl::MessageCallback(int is_write,
: NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED,
base::Bind(&NetLogSSLMessageCallback, !!is_write, buf, len));
break;
- case SSL3_RT_HEADER: {
- if (is_write)
- return;
- if (len != 5) {
- NOTREACHED();
- return;
- }
- const uint8_t* buf_bytes = reinterpret_cast<const uint8_t*>(buf);
- uint16_t record_len = (uint16_t(buf_bytes[3]) << 8) | buf_bytes[4];
- // See RFC 5246 section 6.2.3 for the maximum record size in TLS.
- UMA_HISTOGRAM_CUSTOM_COUNTS("Net.SSLRecordSizeRead", record_len, 1,
- 16384 + 2048, 50);
- }
default:
return;
}
}
-int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out,
- size_t* out_len,
- int* out_alert_value) {
- if (ssl_config_.token_binding_params.empty()) {
- return 0;
- }
- bssl::ScopedCBB output;
- CBB parameters_list;
- if (!CBB_init(output.get(), 7) ||
- !CBB_add_u8(output.get(), kTbProtocolVersionMajor) ||
- !CBB_add_u8(output.get(), kTbProtocolVersionMinor) ||
- !CBB_add_u8_length_prefixed(output.get(), &parameters_list)) {
- *out_alert_value = SSL_AD_INTERNAL_ERROR;
- return -1;
- }
- for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) {
- if (!CBB_add_u8(&parameters_list, ssl_config_.token_binding_params[i])) {
- *out_alert_value = SSL_AD_INTERNAL_ERROR;
- return -1;
- }
- }
- // |*out| will be freed by TokenBindingFreeCallback.
- if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) {
- *out_alert_value = SSL_AD_INTERNAL_ERROR;
- return -1;
- }
-
- return 1;
-}
-
-int SSLClientSocketImpl::TokenBindingParse(const uint8_t* contents,
- size_t contents_len,
- int* out_alert_value) {
- if (completed_connect_) {
- // Token Binding may only be negotiated on the initial handshake.
- *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
-
- CBS extension;
- CBS_init(&extension, contents, contents_len);
-
- CBS parameters_list;
- uint8_t version_major, version_minor, param;
- if (!CBS_get_u8(&extension, &version_major) ||
- !CBS_get_u8(&extension, &version_minor) ||
- !CBS_get_u8_length_prefixed(&extension, &parameters_list) ||
- !CBS_get_u8(&parameters_list, &param) || CBS_len(&parameters_list) > 0 ||
- CBS_len(&extension) > 0) {
- *out_alert_value = SSL_AD_DECODE_ERROR;
- return 0;
- }
- // The server-negotiated version must be less than or equal to our version.
- if (version_major > kTbProtocolVersionMajor ||
- (version_minor > kTbProtocolVersionMinor &&
- version_major == kTbProtocolVersionMajor)) {
- *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- // If the version the server negotiated is older than we support, don't fail
- // parsing the extension, but also don't set |negotiated_|.
- if (version_major < kTbMinProtocolVersionMajor ||
- (version_minor < kTbMinProtocolVersionMinor &&
- version_major == kTbMinProtocolVersionMajor)) {
- return 1;
- }
-
- for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) {
- if (param == ssl_config_.token_binding_params[i]) {
- tb_negotiated_param_ = ssl_config_.token_binding_params[i];
- tb_was_negotiated_ = true;
- return 1;
- }
- }
-
- *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
-}
-
void SSLClientSocketImpl::LogConnectEndEvent(int rv) {
if (rv != OK) {
net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_CONNECT, rv);
@@ -2000,30 +1858,6 @@ void SSLClientSocketImpl::RecordNegotiatedProtocol() const {
negotiated_protocol_, kProtoLast + 1);
}
-void SSLClientSocketImpl::RecordChannelIDSupport() const {
- // Since this enum is used for a histogram, do not change or re-use values.
- enum {
- DISABLED = 0,
- CLIENT_ONLY = 1,
- CLIENT_AND_SERVER = 2,
- // CLIENT_NO_ECC is unused now.
- // CLIENT_BAD_SYSTEM_TIME is unused now.
- CLIENT_BAD_SYSTEM_TIME = 4,
- CLIENT_NO_CHANNEL_ID_SERVICE = 5,
- CHANNEL_ID_USAGE_MAX
- } supported = DISABLED;
- if (channel_id_sent_) {
- supported = CLIENT_AND_SERVER;
- } else if (ssl_config_.channel_id_enabled) {
- if (!channel_id_service_)
- supported = CLIENT_NO_CHANNEL_ID_SERVICE;
- else
- supported = CLIENT_ONLY;
- }
- UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
- CHANNEL_ID_USAGE_MAX);
-}
-
bool SSLClientSocketImpl::IsChannelIDEnabled() const {
return ssl_config_.channel_id_enabled && channel_id_service_;
}
View Lorry Controller Status