diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-05-03 13:42:47 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-05-15 10:27:51 +0000 |
commit | 8c5c43c7b138c9b4b0bf56d946e61d3bbc111bec (patch) | |
tree | d29d987c4d7b173cf853279b79a51598f104b403 /chromium/net/socket/ssl_client_socket_impl.cc | |
parent | 830c9e163d31a9180fadca926b3e1d7dfffb5021 (diff) | |
download | qtwebengine-chromium-8c5c43c7b138c9b4b0bf56d946e61d3bbc111bec.tar.gz |
BASELINE: Update Chromium to 66.0.3359.156
Change-Id: I0c9831ad39911a086b6377b16f995ad75a51e441
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/net/socket/ssl_client_socket_impl.cc')
-rw-r--r-- | chromium/net/socket/ssl_client_socket_impl.cc | 218 |
1 files changed, 26 insertions, 192 deletions
diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc index c584e8e0f77..550267a7569 100644 --- a/chromium/net/socket/ssl_client_socket_impl.cc +++ b/chromium/net/socket/ssl_client_socket_impl.cc @@ -34,6 +34,7 @@ #include "net/base/ip_address.h" #include "net/base/net_errors.h" #include "net/base/trace_constants.h" +#include "net/base/url_util.h" #include "net/cert/cert_verifier.h" #include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_policy_status.h" @@ -80,15 +81,6 @@ const int kNoPendingResult = 1; // Default size of the internal BoringSSL buffers. const int kDefaultOpenSSLBufferSize = 17 * 1024; -// TLS extension number use for Token Binding. -const unsigned int kTbExtNum = 24; - -// Token Binding ProtocolVersions supported. -const uint8_t kTbProtocolVersionMajor = 0; -const uint8_t kTbProtocolVersionMinor = 13; -const uint8_t kTbMinProtocolVersionMajor = 0; -const uint8_t kTbMinProtocolVersionMinor = 10; - const base::Feature kPostQuantumPadding{"PostQuantumPadding", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -352,47 +344,6 @@ class SSLClientSocketImpl::SSLContext { SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); SSL_CTX_set_msg_callback(ssl_ctx_.get(), MessageCallback); - - if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, - &TokenBindingAddCallback, - &TokenBindingFreeCallback, nullptr, - &TokenBindingParseCallback, nullptr)) { - NOTREACHED(); - } - } - - static int TokenBindingAddCallback(SSL* ssl, - unsigned int extension_value, - const uint8_t** out, - size_t* out_len, - int* out_alert_value, - void* add_arg) { - DCHECK_EQ(extension_value, kTbExtNum); - SSLClientSocketImpl* socket = - SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL( - ssl); - return socket->TokenBindingAdd(out, out_len, out_alert_value); - } - - static void TokenBindingFreeCallback(SSL* ssl, - unsigned extension_value, - const uint8_t* out, - void* add_arg) { - DCHECK_EQ(extension_value, kTbExtNum); - OPENSSL_free(const_cast<unsigned char*>(out)); - } - - static int TokenBindingParseCallback(SSL* ssl, - unsigned int extension_value, - const uint8_t* contents, - size_t contents_len, - int* out_alert_value, - void* parse_arg) { - DCHECK_EQ(extension_value, kTbExtNum); - SSLClientSocketImpl* socket = - SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL( - ssl); - return socket->TokenBindingParse(contents, contents_len, out_alert_value); } static int ClientCertRequestCallback(SSL* ssl, void* arg) { @@ -492,8 +443,6 @@ SSLClientSocketImpl::SSLClientSocketImpl( cert_verifier_(context.cert_verifier), cert_transparency_verifier_(context.cert_transparency_verifier), channel_id_service_(context.channel_id_service), - tb_was_negotiated_(false), - tb_negotiated_param_(TB_PARAM_ECDSAP256), tb_signature_map_(10), transport_(std::move(transport_socket)), host_and_port_(host_and_port), @@ -767,8 +716,10 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->client_cert_sent = ssl_config_.send_client_cert && ssl_config_.client_cert.get(); ssl_info->channel_id_sent = channel_id_sent_; - ssl_info->token_binding_negotiated = tb_was_negotiated_; - ssl_info->token_binding_key_param = tb_negotiated_param_; + ssl_info->token_binding_negotiated = + SSL_is_token_binding_negotiated(ssl_.get()); + ssl_info->token_binding_key_param = static_cast<net::TokenBindingParam>( + SSL_get_negotiated_token_binding_param(ssl_.get())); ssl_info->pinning_failure_log = pinning_failure_log_; ssl_info->ocsp_result = server_cert_verify_result_.ocsp_result; ssl_info->is_fatal_cert_error = is_fatal_cert_error_; @@ -948,15 +899,9 @@ int SSLClientSocketImpl::Init() { } switch (ssl_config_.tls13_variant) { - case kTLS13VariantDraft22: - SSL_set_tls13_variant(ssl_.get(), tls13_draft22); - break; case kTLS13VariantDraft23: SSL_set_tls13_variant(ssl_.get(), tls13_default); break; - case kTLS13VariantExperiment2: - SSL_set_tls13_variant(ssl_.get(), tls13_experiment2); - break; } const int dummy_pq_padding_len = base::GetFieldTrialParamByFeatureAsInt( @@ -1016,6 +961,12 @@ int SSLClientSocketImpl::Init() { SSL_enable_tls_channel_id(ssl_.get()); } + if (!ssl_config_.token_binding_params.empty()) { + std::vector<uint8_t> params(ssl_config_.token_binding_params.begin(), + ssl_config_.token_binding_params.end()); + SSL_set_token_binding_params(ssl_.get(), params.data(), params.size()); + } + if (!ssl_config_.alpn_protos.empty()) { std::vector<uint8_t> wire_protos = SerializeNextProtos(ssl_config_.alpn_protos); @@ -1169,14 +1120,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { GetSessionCacheKey()); } - // Check that if token binding was negotiated, then extended master secret - // and renegotiation indication must also be negotiated. - if (tb_was_negotiated_ && - !(SSL_get_extms_support(ssl_.get()) && - SSL_get_secure_renegotiation_support(ssl_.get()))) { - return ERR_SSL_PROTOCOL_ERROR; - } - const uint8_t* alpn_proto = NULL; unsigned alpn_len = 0; SSL_get0_alpn_selected(ssl_.get(), &alpn_proto, &alpn_len); @@ -1187,7 +1130,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { } RecordNegotiatedProtocol(); - RecordChannelIDSupport(); const uint8_t* ocsp_response_raw; size_t ocsp_response_len; @@ -1208,6 +1150,16 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { base::UmaHistogramSparse("Net.SSLSignatureAlgorithm", signature_algorithm); } + if (IsTLS13ExperimentHost(host_and_port_.host())) { + // To measure the effects of TLS 1.3's anti-downgrade mechanism, record + // whether the codepath would have been blocked against servers known to + // implement draft TLS 1.3. This should be a safe security measure to + // enable, but some middleboxes have non-compliant behavior here. See + // https://crbug.com/boringssl/226. + UMA_HISTOGRAM_BOOLEAN("Net.SSLDraftDowngradeTLS13Experiment", + !!SSL_is_draft_downgrade(ssl_.get())); + } + // Verify the certificate. next_handshake_state_ = STATE_VERIFY_CERT; return OK; @@ -1328,7 +1280,7 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { break; case TransportSecurityState::PKPStatus::BYPASSED: pkp_bypassed_ = true; - // Fall through. + FALLTHROUGH; case TransportSecurityState::PKPStatus::OK: // Do nothing. break; @@ -1383,9 +1335,7 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { void SSLClientSocketImpl::DoConnectCallback(int rv) { if (!user_connect_callback_.is_null()) { - CompletionCallback c = user_connect_callback_; - user_connect_callback_.Reset(); - c.Run(rv > OK ? OK : rv); + base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv); } } @@ -1795,7 +1745,7 @@ std::string SSLClientSocketImpl::GetSessionCacheKey() const { } bool SSLClientSocketImpl::IsRenegotiationAllowed() const { - if (tb_was_negotiated_) + if (SSL_is_token_binding_negotiated(ssl_.get())) return false; if (negotiated_protocol_ == kProtoUnknown) @@ -1826,8 +1776,8 @@ ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback( signature_result_ = ERR_IO_PENDING; ssl_config_.client_private_key->Sign( algorithm, base::make_span(in, in_len), - base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete, - weak_factory_.GetWeakPtr())); + base::BindOnce(&SSLClientSocketImpl::OnPrivateKeyComplete, + weak_factory_.GetWeakPtr())); return ssl_private_key_retry; } @@ -1888,103 +1838,11 @@ void SSLClientSocketImpl::MessageCallback(int is_write, : NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED, base::Bind(&NetLogSSLMessageCallback, !!is_write, buf, len)); break; - case SSL3_RT_HEADER: { - if (is_write) - return; - if (len != 5) { - NOTREACHED(); - return; - } - const uint8_t* buf_bytes = reinterpret_cast<const uint8_t*>(buf); - uint16_t record_len = (uint16_t(buf_bytes[3]) << 8) | buf_bytes[4]; - // See RFC 5246 section 6.2.3 for the maximum record size in TLS. - UMA_HISTOGRAM_CUSTOM_COUNTS("Net.SSLRecordSizeRead", record_len, 1, - 16384 + 2048, 50); - } default: return; } } -int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out, - size_t* out_len, - int* out_alert_value) { - if (ssl_config_.token_binding_params.empty()) { - return 0; - } - bssl::ScopedCBB output; - CBB parameters_list; - if (!CBB_init(output.get(), 7) || - !CBB_add_u8(output.get(), kTbProtocolVersionMajor) || - !CBB_add_u8(output.get(), kTbProtocolVersionMinor) || - !CBB_add_u8_length_prefixed(output.get(), ¶meters_list)) { - *out_alert_value = SSL_AD_INTERNAL_ERROR; - return -1; - } - for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { - if (!CBB_add_u8(¶meters_list, ssl_config_.token_binding_params[i])) { - *out_alert_value = SSL_AD_INTERNAL_ERROR; - return -1; - } - } - // |*out| will be freed by TokenBindingFreeCallback. - if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) { - *out_alert_value = SSL_AD_INTERNAL_ERROR; - return -1; - } - - return 1; -} - -int SSLClientSocketImpl::TokenBindingParse(const uint8_t* contents, - size_t contents_len, - int* out_alert_value) { - if (completed_connect_) { - // Token Binding may only be negotiated on the initial handshake. - *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - CBS extension; - CBS_init(&extension, contents, contents_len); - - CBS parameters_list; - uint8_t version_major, version_minor, param; - if (!CBS_get_u8(&extension, &version_major) || - !CBS_get_u8(&extension, &version_minor) || - !CBS_get_u8_length_prefixed(&extension, ¶meters_list) || - !CBS_get_u8(¶meters_list, ¶m) || CBS_len(¶meters_list) > 0 || - CBS_len(&extension) > 0) { - *out_alert_value = SSL_AD_DECODE_ERROR; - return 0; - } - // The server-negotiated version must be less than or equal to our version. - if (version_major > kTbProtocolVersionMajor || - (version_minor > kTbProtocolVersionMinor && - version_major == kTbProtocolVersionMajor)) { - *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - // If the version the server negotiated is older than we support, don't fail - // parsing the extension, but also don't set |negotiated_|. - if (version_major < kTbMinProtocolVersionMajor || - (version_minor < kTbMinProtocolVersionMinor && - version_major == kTbMinProtocolVersionMajor)) { - return 1; - } - - for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) { - if (param == ssl_config_.token_binding_params[i]) { - tb_negotiated_param_ = ssl_config_.token_binding_params[i]; - tb_was_negotiated_ = true; - return 1; - } - } - - *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; - return 0; -} - void SSLClientSocketImpl::LogConnectEndEvent(int rv) { if (rv != OK) { net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_CONNECT, rv); @@ -2000,30 +1858,6 @@ void SSLClientSocketImpl::RecordNegotiatedProtocol() const { negotiated_protocol_, kProtoLast + 1); } -void SSLClientSocketImpl::RecordChannelIDSupport() const { - // Since this enum is used for a histogram, do not change or re-use values. - enum { - DISABLED = 0, - CLIENT_ONLY = 1, - CLIENT_AND_SERVER = 2, - // CLIENT_NO_ECC is unused now. - // CLIENT_BAD_SYSTEM_TIME is unused now. - CLIENT_BAD_SYSTEM_TIME = 4, - CLIENT_NO_CHANNEL_ID_SERVICE = 5, - CHANNEL_ID_USAGE_MAX - } supported = DISABLED; - if (channel_id_sent_) { - supported = CLIENT_AND_SERVER; - } else if (ssl_config_.channel_id_enabled) { - if (!channel_id_service_) - supported = CLIENT_NO_CHANNEL_ID_SERVICE; - else - supported = CLIENT_ONLY; - } - UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, - CHANNEL_ID_USAGE_MAX); -} - bool SSLClientSocketImpl::IsChannelIDEnabled() const { return ssl_config_.channel_id_enabled && channel_id_service_; } |