diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-10-13 13:24:50 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-10-14 10:57:25 +0000 |
commit | af3d4809763ef308f08ced947a73b624729ac7ea (patch) | |
tree | 4402b911e30383f6c6dace1e8cf3b8e85355db3a /chromium/net/socket | |
parent | 0e8ff63a407fe323e215bb1a2c423c09a4747c8a (diff) | |
download | qtwebengine-chromium-af3d4809763ef308f08ced947a73b624729ac7ea.tar.gz |
BASELINE: Update Chromium to 47.0.2526.14
Also adding in sources needed for spellchecking.
Change-Id: Idd44170fa1616f26315188970a8d5ba7d472b18a
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
Diffstat (limited to 'chromium/net/socket')
36 files changed, 548 insertions, 531 deletions
diff --git a/chromium/net/socket/client_socket_factory.cc b/chromium/net/socket/client_socket_factory.cc index cb5d8510486..e0bc81d5e34 100644 --- a/chromium/net/socket/client_socket_factory.cc +++ b/chromium/net/socket/client_socket_factory.cc @@ -5,18 +5,17 @@ #include "net/socket/client_socket_factory.h" #include "base/lazy_instance.h" -#include "base/thread_task_runner_handle.h" -#include "base/threading/sequenced_worker_pool.h" #include "build/build_config.h" #include "net/cert/cert_database.h" #include "net/socket/client_socket_handle.h" +#include "net/socket/tcp_client_socket.h" +#include "net/udp/udp_client_socket.h" + #if defined(USE_OPENSSL) #include "net/socket/ssl_client_socket_openssl.h" -#elif defined(USE_NSS_CERTS) || defined(OS_MACOSX) || defined(OS_WIN) +#else #include "net/socket/ssl_client_socket_nss.h" #endif -#include "net/socket/tcp_client_socket.h" -#include "net/udp/udp_client_socket.h" namespace net { @@ -24,29 +23,10 @@ class X509Certificate; namespace { -// ChromeOS and Linux may require interaction with smart cards or TPMs, which -// may cause NSS functions to block for upwards of several seconds. To avoid -// blocking all activity on the current task runner, such as network or IPC -// traffic, run NSS SSL functions on a dedicated thread. -#if defined(OS_CHROMEOS) || defined(OS_LINUX) -bool g_use_dedicated_nss_thread = true; -#else -bool g_use_dedicated_nss_thread = false; -#endif - class DefaultClientSocketFactory : public ClientSocketFactory, public CertDatabase::Observer { public: DefaultClientSocketFactory() { - if (g_use_dedicated_nss_thread) { - // Use a single thread for the worker pool. - worker_pool_ = new base::SequencedWorkerPool(1, "NSS SSL Thread"); - nss_thread_task_runner_ = - worker_pool_->GetSequencedTaskRunnerWithShutdownBehavior( - worker_pool_->GetSequenceToken(), - base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN); - } - CertDatabase::GetInstance()->AddObserver(this); } @@ -89,42 +69,17 @@ class DefaultClientSocketFactory : public ClientSocketFactory, const HostPortPair& host_and_port, const SSLConfig& ssl_config, const SSLClientSocketContext& context) override { - // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is - // false or if the dedicated NSS thread failed to start. If so, cause NSS - // functions to execute on the current task runner. - // - // Note: The current task runner is obtained on each call due to unit - // tests, which may create and tear down the current thread's TaskRunner - // between each test. Because the DefaultClientSocketFactory is leaky, it - // may span multiple tests, and thus the current task runner may change - // from call to call. - scoped_refptr<base::SequencedTaskRunner> nss_task_runner( - nss_thread_task_runner_); - if (!nss_task_runner.get()) - nss_task_runner = base::ThreadTaskRunnerHandle::Get(); - #if defined(USE_OPENSSL) return scoped_ptr<SSLClientSocket>( new SSLClientSocketOpenSSL(transport_socket.Pass(), host_and_port, ssl_config, context)); -#elif defined(USE_NSS_CERTS) || defined(OS_MACOSX) || defined(OS_WIN) - return scoped_ptr<SSLClientSocket>( - new SSLClientSocketNSS(nss_task_runner.get(), - transport_socket.Pass(), - host_and_port, - ssl_config, - context)); #else - NOTIMPLEMENTED(); - return scoped_ptr<SSLClientSocket>(); + return scoped_ptr<SSLClientSocket>(new SSLClientSocketNSS( + transport_socket.Pass(), host_and_port, ssl_config, context)); #endif } void ClearSSLSessionCache() override { SSLClientSocket::ClearSessionCache(); } - - private: - scoped_refptr<base::SequencedWorkerPool> worker_pool_; - scoped_refptr<base::SequencedTaskRunner> nss_thread_task_runner_; }; static base::LazyInstance<DefaultClientSocketFactory>::Leaky diff --git a/chromium/net/socket/client_socket_pool_base.cc b/chromium/net/socket/client_socket_pool_base.cc index a42dfd45413..29de892a98d 100644 --- a/chromium/net/socket/client_socket_pool_base.cc +++ b/chromium/net/socket/client_socket_pool_base.cc @@ -27,7 +27,13 @@ namespace { // Indicate whether we should enable idle socket cleanup timer. When timer is // disabled, sockets are closed next time a socket request is made. +// Keep this enabled for windows as long as we support Windows XP, see the note +// in kCleanupInterval below. +#if defined(OS_WIN) bool g_cleanup_timer_enabled = true; +#else +bool g_cleanup_timer_enabled = false; +#endif // The timeout value, in seconds, used to clean up idle sockets that can't be // reused. diff --git a/chromium/net/socket/client_socket_pool_base.h b/chromium/net/socket/client_socket_pool_base.h index a1cc67d3576..2f21981969d 100644 --- a/chromium/net/socket/client_socket_pool_base.h +++ b/chromium/net/socket/client_socket_pool_base.h @@ -136,7 +136,7 @@ class NET_EXPORT_PRIVATE ConnectJob { // TODO(akalin): Support reprioritization. const RequestPriority priority_; // Timer to abort jobs that take too long. - base::OneShotTimer<ConnectJob> timer_; + base::OneShotTimer timer_; Delegate* delegate_; scoped_ptr<StreamSocket> socket_; BoundNetLog net_log_; @@ -346,8 +346,6 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper void OnIPAddressChanged() override; private: - friend class base::RefCounted<ClientSocketPoolBaseHelper>; - // Entry for a persistent socket which became idle at time |start_time|. struct IdleSocket { IdleSocket() : socket(NULL) {} @@ -496,7 +494,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper RequestQueue pending_requests_; int active_socket_count_; // number of active sockets used by clients // A timer for when to start the backup job. - base::OneShotTimer<Group> backup_job_timer_; + base::OneShotTimer backup_job_timer_; }; typedef std::map<std::string, Group*> GroupMap; @@ -617,7 +615,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper // Timer used to periodically prune idle sockets that timed out or can't be // reused. - base::RepeatingTimer<ClientSocketPoolBaseHelper> timer_; + base::RepeatingTimer timer_; // The total number of idle sockets in the system. int idle_socket_count_; @@ -761,18 +759,14 @@ class ClientSocketPoolBase { // RequestSockets bundles up the parameters into a Request and then forwards // to ClientSocketPoolBaseHelper::RequestSockets(). Note that it assigns the - // priority to DEFAULT_PRIORITY and specifies the NO_IDLE_SOCKETS flag. + // priority to IDLE and specifies the NO_IDLE_SOCKETS flag. void RequestSockets(const std::string& group_name, const scoped_refptr<SocketParams>& params, int num_sockets, const BoundNetLog& net_log) { - const Request request(NULL /* no handle */, - CompletionCallback(), - DEFAULT_PRIORITY, + const Request request(NULL /* no handle */, CompletionCallback(), IDLE, internal::ClientSocketPoolBaseHelper::NO_IDLE_SOCKETS, - params->ignore_limits(), - params, - net_log); + params->ignore_limits(), params, net_log); helper_.RequestSockets(group_name, request, num_sockets); } diff --git a/chromium/net/socket/client_socket_pool_manager.cc b/chromium/net/socket/client_socket_pool_manager.cc index 7820cf9d9ab..3066171fc4a 100644 --- a/chromium/net/socket/client_socket_pool_manager.cc +++ b/chromium/net/socket/client_socket_pool_manager.cc @@ -18,6 +18,7 @@ #include "net/socket/socks_client_socket_pool.h" #include "net/socket/ssl_client_socket_pool.h" #include "net/socket/transport_client_socket_pool.h" +#include "net/ssl/ssl_config.h" namespace net { @@ -127,8 +128,7 @@ int InitSocketPoolHelper(ClientSocketPoolManager::SocketGroupType group_type, // should be the same for all connections, whereas version_max may // change for version fallbacks. std::string prefix = "ssl/"; - if (ssl_config_for_origin.version_max != - SSLClientSocket::GetMaxSupportedSSLVersion()) { + if (ssl_config_for_origin.version_max != kDefaultSSLVersionMax) { switch (ssl_config_for_origin.version_max) { case SSL_PROTOCOL_VERSION_TLS1_2: prefix = "ssl(max:3.3)/"; diff --git a/chromium/net/socket/next_proto.cc b/chromium/net/socket/next_proto.cc index 8ef27ecd86a..0285044c21f 100644 --- a/chromium/net/socket/next_proto.cc +++ b/chromium/net/socket/next_proto.cc @@ -10,7 +10,6 @@ NextProtoVector NextProtosDefaults() { NextProtoVector next_protos; next_protos.push_back(kProtoHTTP11); next_protos.push_back(kProtoSPDY31); - next_protos.push_back(kProtoHTTP2_14); next_protos.push_back(kProtoHTTP2); return next_protos; } @@ -23,7 +22,6 @@ NextProtoVector NextProtosWithSpdyAndQuic(bool spdy_enabled, next_protos.push_back(kProtoQUIC1SPDY3); if (spdy_enabled) { next_protos.push_back(kProtoSPDY31); - next_protos.push_back(kProtoHTTP2_14); next_protos.push_back(kProtoHTTP2); } return next_protos; @@ -42,4 +40,15 @@ bool NextProtoIsSPDY(NextProto next_proto) { next_proto <= kProtoSPDYMaximumVersion; } +void DisableHTTP2(NextProtoVector* next_protos) { + for (NextProtoVector::iterator it = next_protos->begin(); + it != next_protos->end();) { + if (*it == kProtoHTTP2) { + it = next_protos->erase(it); + continue; + } + ++it; + } +} + } // namespace net diff --git a/chromium/net/socket/next_proto.h b/chromium/net/socket/next_proto.h index a96b677a2ee..06f31ba749e 100644 --- a/chromium/net/socket/next_proto.h +++ b/chromium/net/socket/next_proto.h @@ -28,14 +28,12 @@ enum NextProto { kProtoSPDYHistogramOffset = kProtoDeprecatedSPDY2, kProtoSPDY3 = 101, kProtoSPDY31 = 102, - kProtoHTTP2_14 = 103, // HTTP/2 draft-14, designated implementation draft. - kProtoHTTP2MinimumVersion = kProtoHTTP2_14, + // kProtoHTTP2_14 = 103, // HTTP/2 draft-14 // kProtoHTTP2_15 = 104, // HTTP/2 draft-15 // kProtoHTTP2_16 = 105, // HTTP/2 draft-16 // kProtoHTTP2_17 = 106, // HTTP/2 draft-17 kProtoHTTP2 = 107, // HTTP/2, see https://tools.ietf.org/html/rfc7540. - kProtoHTTP2MaximumVersion = kProtoHTTP2, - kProtoSPDYMaximumVersion = kProtoHTTP2MaximumVersion, + kProtoSPDYMaximumVersion = kProtoHTTP2, kProtoQUIC1SPDY3 = 200, @@ -60,6 +58,9 @@ NET_EXPORT NextProtoVector NextProtosWithSpdyAndQuic(bool spdy_enabled, // Returns true if |next_proto| is a version of SPDY or HTTP/2. bool NextProtoIsSPDY(NextProto next_proto); +// Remove HTTP/2 from |next_protos|. +NET_EXPORT void DisableHTTP2(NextProtoVector* next_protos); + } // namespace net #endif // NET_SOCKET_NEXT_PROTO_H_ diff --git a/chromium/net/socket/socket_libevent.cc b/chromium/net/socket/socket_posix.cc index 5f16c929ab2..657774a0b71 100644 --- a/chromium/net/socket/socket_libevent.cc +++ b/chromium/net/socket/socket_posix.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/socket/socket_libevent.h" +#include "net/socket/socket_posix.h" #include <errno.h> #include <netinet/in.h> @@ -53,18 +53,17 @@ int MapConnectError(int os_error) { } // namespace -SocketLibevent::SocketLibevent() +SocketPosix::SocketPosix() : socket_fd_(kInvalidSocket), read_buf_len_(0), write_buf_len_(0), - waiting_connect_(false) { -} + waiting_connect_(false) {} -SocketLibevent::~SocketLibevent() { +SocketPosix::~SocketPosix() { Close(); } -int SocketLibevent::Open(int address_family) { +int SocketPosix::Open(int address_family) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_EQ(kInvalidSocket, socket_fd_); DCHECK(address_family == AF_INET || @@ -89,8 +88,8 @@ int SocketLibevent::Open(int address_family) { return OK; } -int SocketLibevent::AdoptConnectedSocket(SocketDescriptor socket, - const SockaddrStorage& address) { +int SocketPosix::AdoptConnectedSocket(SocketDescriptor socket, + const SockaddrStorage& address) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_EQ(kInvalidSocket, socket_fd_); @@ -106,14 +105,14 @@ int SocketLibevent::AdoptConnectedSocket(SocketDescriptor socket, return OK; } -SocketDescriptor SocketLibevent::ReleaseConnectedSocket() { +SocketDescriptor SocketPosix::ReleaseConnectedSocket() { StopWatchingAndCleanUp(); SocketDescriptor socket_fd = socket_fd_; socket_fd_ = kInvalidSocket; return socket_fd; } -int SocketLibevent::Bind(const SockaddrStorage& address) { +int SocketPosix::Bind(const SockaddrStorage& address) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); @@ -126,7 +125,7 @@ int SocketLibevent::Bind(const SockaddrStorage& address) { return OK; } -int SocketLibevent::Listen(int backlog) { +int SocketPosix::Listen(int backlog) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK_LT(0, backlog); @@ -140,8 +139,8 @@ int SocketLibevent::Listen(int backlog) { return OK; } -int SocketLibevent::Accept(scoped_ptr<SocketLibevent>* socket, - const CompletionCallback& callback) { +int SocketPosix::Accept(scoped_ptr<SocketPosix>* socket, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(accept_callback_.is_null()); @@ -164,8 +163,8 @@ int SocketLibevent::Accept(scoped_ptr<SocketLibevent>* socket, return ERR_IO_PENDING; } -int SocketLibevent::Connect(const SockaddrStorage& address, - const CompletionCallback& callback) { +int SocketPosix::Connect(const SockaddrStorage& address, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(!waiting_connect_); @@ -189,7 +188,7 @@ int SocketLibevent::Connect(const SockaddrStorage& address, return ERR_IO_PENDING; } -bool SocketLibevent::IsConnected() const { +bool SocketPosix::IsConnected() const { DCHECK(thread_checker_.CalledOnValidThread()); if (socket_fd_ == kInvalidSocket || waiting_connect_) @@ -206,7 +205,7 @@ bool SocketLibevent::IsConnected() const { return true; } -bool SocketLibevent::IsConnectedAndIdle() const { +bool SocketPosix::IsConnectedAndIdle() const { DCHECK(thread_checker_.CalledOnValidThread()); if (socket_fd_ == kInvalidSocket || waiting_connect_) @@ -224,9 +223,9 @@ bool SocketLibevent::IsConnectedAndIdle() const { return true; } -int SocketLibevent::Read(IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int SocketPosix::Read(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(!waiting_connect_); @@ -252,9 +251,9 @@ int SocketLibevent::Read(IOBuffer* buf, return ERR_IO_PENDING; } -int SocketLibevent::Write(IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int SocketPosix::Write(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(!waiting_connect_); @@ -269,9 +268,9 @@ int SocketLibevent::Write(IOBuffer* buf, return rv; } -int SocketLibevent::WaitForWrite(IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int SocketPosix::WaitForWrite(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(write_callback_.is_null()); @@ -292,7 +291,7 @@ int SocketLibevent::WaitForWrite(IOBuffer* buf, return ERR_IO_PENDING; } -int SocketLibevent::GetLocalAddress(SockaddrStorage* address) const { +int SocketPosix::GetLocalAddress(SockaddrStorage* address) const { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK(address); @@ -301,7 +300,7 @@ int SocketLibevent::GetLocalAddress(SockaddrStorage* address) const { return OK; } -int SocketLibevent::GetPeerAddress(SockaddrStorage* address) const { +int SocketPosix::GetPeerAddress(SockaddrStorage* address) const { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK(address); @@ -312,7 +311,7 @@ int SocketLibevent::GetPeerAddress(SockaddrStorage* address) const { return OK; } -void SocketLibevent::SetPeerAddress(const SockaddrStorage& address) { +void SocketPosix::SetPeerAddress(const SockaddrStorage& address) { DCHECK(thread_checker_.CalledOnValidThread()); // |peer_address_| will be non-NULL if Connect() has been called. Unless // Close() is called to reset the internal state, a second call to Connect() @@ -325,12 +324,12 @@ void SocketLibevent::SetPeerAddress(const SockaddrStorage& address) { peer_address_.reset(new SockaddrStorage(address)); } -bool SocketLibevent::HasPeerAddress() const { +bool SocketPosix::HasPeerAddress() const { DCHECK(thread_checker_.CalledOnValidThread()); return peer_address_ != NULL; } -void SocketLibevent::Close() { +void SocketPosix::Close() { DCHECK(thread_checker_.CalledOnValidThread()); StopWatchingAndCleanUp(); @@ -342,7 +341,7 @@ void SocketLibevent::Close() { } } -void SocketLibevent::OnFileCanReadWithoutBlocking(int fd) { +void SocketPosix::OnFileCanReadWithoutBlocking(int fd) { DCHECK(!accept_callback_.is_null() || !read_callback_.is_null()); if (!accept_callback_.is_null()) { AcceptCompleted(); @@ -351,7 +350,7 @@ void SocketLibevent::OnFileCanReadWithoutBlocking(int fd) { } } -void SocketLibevent::OnFileCanWriteWithoutBlocking(int fd) { +void SocketPosix::OnFileCanWriteWithoutBlocking(int fd) { DCHECK(!write_callback_.is_null()); if (waiting_connect_) { ConnectCompleted(); @@ -360,7 +359,7 @@ void SocketLibevent::OnFileCanWriteWithoutBlocking(int fd) { } } -int SocketLibevent::DoAccept(scoped_ptr<SocketLibevent>* socket) { +int SocketPosix::DoAccept(scoped_ptr<SocketPosix>* socket) { SockaddrStorage new_peer_address; int new_socket = HANDLE_EINTR(accept(socket_fd_, new_peer_address.addr, @@ -368,7 +367,7 @@ int SocketLibevent::DoAccept(scoped_ptr<SocketLibevent>* socket) { if (new_socket < 0) return MapAcceptError(errno); - scoped_ptr<SocketLibevent> accepted_socket(new SocketLibevent); + scoped_ptr<SocketPosix> accepted_socket(new SocketPosix); int rv = accepted_socket->AdoptConnectedSocket(new_socket, new_peer_address); if (rv != OK) return rv; @@ -377,7 +376,7 @@ int SocketLibevent::DoAccept(scoped_ptr<SocketLibevent>* socket) { return OK; } -void SocketLibevent::AcceptCompleted() { +void SocketPosix::AcceptCompleted() { DCHECK(accept_socket_); int rv = DoAccept(accept_socket_); if (rv == ERR_IO_PENDING) @@ -389,7 +388,7 @@ void SocketLibevent::AcceptCompleted() { base::ResetAndReturn(&accept_callback_).Run(rv); } -int SocketLibevent::DoConnect() { +int SocketPosix::DoConnect() { int rv = HANDLE_EINTR(connect(socket_fd_, peer_address_->addr, peer_address_->addr_len)); @@ -397,12 +396,12 @@ int SocketLibevent::DoConnect() { return rv == 0 ? OK : MapConnectError(errno); } -void SocketLibevent::ConnectCompleted() { +void SocketPosix::ConnectCompleted() { // Get the error that connect() completed with. int os_error = 0; socklen_t len = sizeof(os_error); if (getsockopt(socket_fd_, SOL_SOCKET, SO_ERROR, &os_error, &len) == 0) { - // TCPSocketLibevent expects errno to be set. + // TCPSocketPosix expects errno to be set. errno = os_error; } @@ -416,12 +415,12 @@ void SocketLibevent::ConnectCompleted() { base::ResetAndReturn(&write_callback_).Run(rv); } -int SocketLibevent::DoRead(IOBuffer* buf, int buf_len) { +int SocketPosix::DoRead(IOBuffer* buf, int buf_len) { int rv = HANDLE_EINTR(read(socket_fd_, buf->data(), buf_len)); return rv >= 0 ? rv : MapSystemError(errno); } -void SocketLibevent::ReadCompleted() { +void SocketPosix::ReadCompleted() { int rv = DoRead(read_buf_.get(), read_buf_len_); if (rv == ERR_IO_PENDING) return; @@ -433,12 +432,12 @@ void SocketLibevent::ReadCompleted() { base::ResetAndReturn(&read_callback_).Run(rv); } -int SocketLibevent::DoWrite(IOBuffer* buf, int buf_len) { +int SocketPosix::DoWrite(IOBuffer* buf, int buf_len) { int rv = HANDLE_EINTR(write(socket_fd_, buf->data(), buf_len)); return rv >= 0 ? rv : MapSystemError(errno); } -void SocketLibevent::WriteCompleted() { +void SocketPosix::WriteCompleted() { int rv = DoWrite(write_buf_.get(), write_buf_len_); if (rv == ERR_IO_PENDING) return; @@ -450,7 +449,7 @@ void SocketLibevent::WriteCompleted() { base::ResetAndReturn(&write_callback_).Run(rv); } -void SocketLibevent::StopWatchingAndCleanUp() { +void SocketPosix::StopWatchingAndCleanUp() { bool ok = accept_socket_watcher_.StopWatchingFileDescriptor(); DCHECK(ok); ok = read_socket_watcher_.StopWatchingFileDescriptor(); diff --git a/chromium/net/socket/socket_libevent.h b/chromium/net/socket/socket_posix.h index 00a0ca6fa7c..6ded624579c 100644 --- a/chromium/net/socket/socket_libevent.h +++ b/chromium/net/socket/socket_posix.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_SOCKET_SOCKET_LIBEVENT_H_ -#define NET_SOCKET_SOCKET_LIBEVENT_H_ +#ifndef NET_SOCKET_SOCKET_POSIX_H_ +#define NET_SOCKET_SOCKET_POSIX_H_ #include "base/basictypes.h" #include "base/compiler_specific.h" @@ -23,11 +23,10 @@ class IPEndPoint; // Socket class to provide asynchronous read/write operations on top of the // posix socket api. It supports AF_INET, AF_INET6, and AF_UNIX addresses. -class NET_EXPORT_PRIVATE SocketLibevent - : public base::MessageLoopForIO::Watcher { +class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher { public: - SocketLibevent(); - ~SocketLibevent() override; + SocketPosix(); + ~SocketPosix() override; // Opens a socket and returns net::OK if |address_family| is AF_INET, AF_INET6 // or AF_UNIX. Otherwise, it does DCHECK() and returns a net error. @@ -41,7 +40,7 @@ class NET_EXPORT_PRIVATE SocketLibevent int Bind(const SockaddrStorage& address); int Listen(int backlog); - int Accept(scoped_ptr<SocketLibevent>* socket, + int Accept(scoped_ptr<SocketPosix>* socket, const CompletionCallback& callback); // Connects socket. On non-ERR_IO_PENDING error, sets errno and returns a net @@ -62,7 +61,7 @@ class NET_EXPORT_PRIVATE SocketLibevent int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); - // Waits for next write event. This is called by TCPsocketLibevent for TCP + // Waits for next write event. This is called by TCPSocketPosix for TCP // fastopen after sending first data. Returns ERR_IO_PENDING if it starts // waiting for write event successfully. Otherwise, returns a net error code. // It must not be called after Write() because Write() calls it internally. @@ -84,7 +83,7 @@ class NET_EXPORT_PRIVATE SocketLibevent void OnFileCanReadWithoutBlocking(int fd) override; void OnFileCanWriteWithoutBlocking(int fd) override; - int DoAccept(scoped_ptr<SocketLibevent>* socket); + int DoAccept(scoped_ptr<SocketPosix>* socket); void AcceptCompleted(); int DoConnect(); @@ -101,7 +100,7 @@ class NET_EXPORT_PRIVATE SocketLibevent SocketDescriptor socket_fd_; base::MessageLoopForIO::FileDescriptorWatcher accept_socket_watcher_; - scoped_ptr<SocketLibevent>* accept_socket_; + scoped_ptr<SocketPosix>* accept_socket_; CompletionCallback accept_callback_; base::MessageLoopForIO::FileDescriptorWatcher read_socket_watcher_; @@ -124,9 +123,9 @@ class NET_EXPORT_PRIVATE SocketLibevent base::ThreadChecker thread_checker_; - DISALLOW_COPY_AND_ASSIGN(SocketLibevent); + DISALLOW_COPY_AND_ASSIGN(SocketPosix); }; } // namespace net -#endif // NET_SOCKET_SOCKET_LIBEVENT_H_ +#endif // NET_SOCKET_SOCKET_POSIX_H_ diff --git a/chromium/net/socket/socket_test_util.cc b/chromium/net/socket/socket_test_util.cc index 98bf32235ec..1436b14a17e 100644 --- a/chromium/net/socket/socket_test_util.cc +++ b/chromium/net/socket/socket_test_util.cc @@ -1007,19 +1007,17 @@ int MockTCPClientSocket::Write(IOBuffer* buf, int buf_len, } void MockTCPClientSocket::GetConnectionAttempts(ConnectionAttempts* out) const { - int connect_result = data_->connect_data().result; - - out->clear(); - if (connected_ && connect_result != OK) - out->push_back(ConnectionAttempt(addresses_[0], connect_result)); + *out = connection_attempts_; } void MockTCPClientSocket::ClearConnectionAttempts() { - NOTIMPLEMENTED(); + connection_attempts_.clear(); } -void MockTCPClientSocket::AddConnectionAttempts(const ConnectionAttempts& in) { - NOTIMPLEMENTED(); +void MockTCPClientSocket::AddConnectionAttempts( + const ConnectionAttempts& attempts) { + connection_attempts_.insert(connection_attempts_.begin(), attempts.begin(), + attempts.end()); } int MockTCPClientSocket::Connect(const CompletionCallback& callback) { @@ -1027,18 +1025,29 @@ int MockTCPClientSocket::Connect(const CompletionCallback& callback) { return OK; connected_ = true; peer_closed_connection_ = false; - if (data_->connect_data().mode == ASYNC) { - if (data_->connect_data().result == ERR_IO_PENDING) - pending_read_callback_ = callback; - else - RunCallbackAsync(callback, data_->connect_data().result); - return ERR_IO_PENDING; + + int result = data_->connect_data().result; + IoMode mode = data_->connect_data().mode; + + if (result != OK && result != ERR_IO_PENDING) { + IPEndPoint address; + if (GetPeerAddress(&address) == OK) + connection_attempts_.push_back(ConnectionAttempt(address, result)); } - return data_->connect_data().result; + + if (mode == SYNCHRONOUS) + return result; + + if (result == ERR_IO_PENDING) + pending_connect_callback_ = callback; + else + RunCallbackAsync(callback, result); + return ERR_IO_PENDING; } void MockTCPClientSocket::Disconnect() { MockClientSocket::Disconnect(); + pending_connect_callback_.Reset(); pending_read_callback_.Reset(); } @@ -1102,7 +1111,7 @@ void MockTCPClientSocket::OnWriteComplete(int rv) { } void MockTCPClientSocket::OnConnectComplete(const MockConnect& data) { - CompletionCallback callback = pending_read_callback_; + CompletionCallback callback = pending_connect_callback_; RunCallback(callback, data.result); } @@ -2038,4 +2047,18 @@ const char kSOCKS5OkResponse[] = { 0x05, 0x00, 0x00, 0x01, 127, 0, 0, 1, 0x00, 0x50 }; const int kSOCKS5OkResponseLength = arraysize(kSOCKS5OkResponse); +int64_t CountReadBytes(const MockRead reads[], size_t reads_size) { + int64_t total = 0; + for (const MockRead* read = reads; read != reads + reads_size; ++read) + total += read->data_len; + return total; +} + +int64_t CountWriteBytes(const MockWrite writes[], size_t writes_size) { + int64_t total = 0; + for (const MockWrite* write = writes; write != writes + writes_size; ++write) + total += write->data_len; + return total; +} + } // namespace net diff --git a/chromium/net/socket/socket_test_util.h b/chromium/net/socket/socket_test_util.h index bd9725c3889..6b966dff560 100644 --- a/chromium/net/socket/socket_test_util.h +++ b/chromium/net/socket/socket_test_util.h @@ -5,6 +5,8 @@ #ifndef NET_SOCKET_SOCKET_TEST_UTIL_H_ #define NET_SOCKET_SOCKET_TEST_UTIL_H_ +#include <stdint.h> + #include <cstring> #include <deque> #include <string> @@ -28,6 +30,7 @@ #include "net/log/net_log.h" #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_handle.h" +#include "net/socket/connection_attempts.h" #include "net/socket/socks_client_socket_pool.h" #include "net/socket/ssl_client_socket.h" #include "net/socket/ssl_client_socket_pool.h" @@ -732,10 +735,13 @@ class MockTCPClientSocket : public MockClientSocket, public AsyncSocket { // While an asynchronous read is pending, we save our user-buffer state. scoped_refptr<IOBuffer> pending_read_buf_; int pending_read_buf_len_; + CompletionCallback pending_connect_callback_; CompletionCallback pending_read_callback_; CompletionCallback pending_write_callback_; bool was_used_to_convey_data_; + ConnectionAttempts connection_attempts_; + DISALLOW_COPY_AND_ASSIGN(MockTCPClientSocket); }; @@ -1237,6 +1243,12 @@ extern const int kSOCKS5OkRequestLength; extern const char kSOCKS5OkResponse[]; extern const int kSOCKS5OkResponseLength; +// Helper function to get the total data size of the MockReads in |reads|. +int64_t CountReadBytes(const MockRead reads[], size_t reads_size); + +// Helper function to get the total data size of the MockWrites in |writes|. +int64_t CountWriteBytes(const MockWrite writes[], size_t writes_size); + } // namespace net #endif // NET_SOCKET_SOCKET_TEST_UTIL_H_ diff --git a/chromium/net/socket/socks5_client_socket.h b/chromium/net/socket/socks5_client_socket.h index d54e790b0fd..bd9b5b48703 100644 --- a/chromium/net/socket/socks5_client_socket.h +++ b/chromium/net/socket/socks5_client_socket.h @@ -8,7 +8,6 @@ #include <string> #include "base/basictypes.h" -#include "base/gtest_prod_util.h" #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "net/base/address_list.h" diff --git a/chromium/net/socket/ssl_client_socket.cc b/chromium/net/socket/ssl_client_socket.cc index 8dd7a9d688d..3472fd023f2 100644 --- a/chromium/net/socket/ssl_client_socket.cc +++ b/chromium/net/socket/ssl_client_socket.cc @@ -34,10 +34,6 @@ NextProto SSLClientSocket::NextProtoFromString( return kProtoSPDY3; } else if (proto_string == "spdy/3.1") { return kProtoSPDY31; - } else if (proto_string == "h2-14") { - // For internal consistency, HTTP/2 is named SPDY4 within Chromium. - // This is the HTTP/2 draft-14 identifier. - return kProtoHTTP2_14; } else if (proto_string == "h2") { return kProtoHTTP2; } else if (proto_string == "quic/1+spdy/3") { @@ -58,10 +54,6 @@ const char* SSLClientSocket::NextProtoToString(NextProto next_proto) { return "spdy/3"; case kProtoSPDY31: return "spdy/3.1"; - case kProtoHTTP2_14: - // For internal consistency, HTTP/2 is named SPDY4 within Chromium. - // This is the HTTP/2 draft-14 identifier. - return "h2-14"; case kProtoHTTP2: return "h2"; case kProtoQUIC1SPDY3: @@ -197,14 +189,9 @@ bool SSLClientSocket::IsTLSVersionAdequateForHTTP2( // static std::vector<uint8_t> SSLClientSocket::SerializeNextProtos( - const NextProtoVector& next_protos, - bool can_advertise_http2) { + const NextProtoVector& next_protos) { std::vector<uint8_t> wire_protos; for (const NextProto next_proto : next_protos) { - if (!can_advertise_http2 && kProtoHTTP2MinimumVersion <= next_proto && - next_proto <= kProtoHTTP2MaximumVersion) { - continue; - } const std::string proto = NextProtoToString(next_proto); if (proto.size() > 255) { LOG(WARNING) << "Ignoring overlong NPN/ALPN protocol: " << proto; diff --git a/chromium/net/socket/ssl_client_socket.h b/chromium/net/socket/ssl_client_socket.h index 67800602ee4..1d38048d0c6 100644 --- a/chromium/net/socket/ssl_client_socket.h +++ b/chromium/net/socket/ssl_client_socket.h @@ -122,10 +122,6 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // sessions. static void ClearSessionCache(); - // Get the maximum SSL version supported by the underlying library and - // cryptographic implementation. - static uint16 GetMaxSupportedSSLVersion(); - // Returns the ChannelIDService used by this socket, or NULL if // channel ids are not supported. virtual ChannelIDService* GetChannelIDService() const = 0; @@ -178,12 +174,10 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // inadequate TLS version. static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config); - // Serializes |next_protos| in the wire format for ALPN: protocols are listed - // in order, each prefixed by a one-byte length. Any HTTP/2 protocols in - // |next_protos| are ignored if |can_advertise_http2| is false. + // Serialize |next_protos| in the wire format for ALPN and NPN: protocols are + // listed in order, each prefixed by a one-byte length. static std::vector<uint8_t> SerializeNextProtos( - const NextProtoVector& next_protos, - bool can_advertise_http2); + const NextProtoVector& next_protos); private: FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos); diff --git a/chromium/net/socket/ssl_client_socket_nss.cc b/chromium/net/socket/ssl_client_socket_nss.cc index 1f3dd594628..ecff0e5a6bf 100644 --- a/chromium/net/socket/ssl_client_socket_nss.cc +++ b/chromium/net/socket/ssl_client_socket_nss.cc @@ -68,6 +68,7 @@ #include "base/bind_helpers.h" #include "base/callback_helpers.h" #include "base/compiler_specific.h" +#include "base/location.h" #include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/single_thread_task_runner.h" @@ -87,6 +88,7 @@ #include "net/base/dns_util.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" +#include "net/base/net_util.h" #include "net/cert/asn1_util.h" #include "net/cert/cert_policy_enforcer.h" #include "net/cert/cert_status_flags.h" @@ -135,14 +137,6 @@ namespace net { } while (0) #endif -#if !defined(CKM_AES_GCM) -#define CKM_AES_GCM 0x00001087 -#endif - -#if !defined(CKM_NSS_CHACHA20_POLY1305) -#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 26) -#endif - namespace { // SSL plaintext fragments are shorter than 16KB. Although the record layer @@ -850,16 +844,11 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket, SECStatus rv = SECSuccess; if (!ssl_config_.next_protos.empty()) { + NextProtoVector next_protos = ssl_config_.next_protos; // TODO(bnc): Check ssl_config_.disabled_cipher_suites. - const bool adequate_encryption = - PK11_TokenExists(CKM_AES_GCM) || - PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305); - const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) || - PK11_TokenExists(CKM_ECDH1_DERIVE); - std::vector<uint8_t> wire_protos = - SerializeNextProtos(ssl_config_.next_protos, - adequate_encryption && adequate_key_agreement && - IsTLSVersionAdequateForHTTP2(ssl_config_)); + if (!IsTLSVersionAdequateForHTTP2(ssl_config_)) + DisableHTTP2(&next_protos); + std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); rv = SSL_SetNextProtoNego( nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], wire_protos.size()); @@ -2366,13 +2355,11 @@ void SSLClientSocketNSS::Core::SetChannelIDProvided() { } SSLClientSocketNSS::SSLClientSocketNSS( - base::SequencedTaskRunner* nss_task_runner, scoped_ptr<ClientSocketHandle> transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, const SSLClientSocketContext& context) - : nss_task_runner_(nss_task_runner), - transport_(transport_socket.Pass()), + : transport_(transport_socket.Pass()), host_and_port_(host_and_port), ssl_config_(ssl_config), cert_verifier_(context.cert_verifier), @@ -2381,6 +2368,7 @@ SSLClientSocketNSS::SSLClientSocketNSS( ssl_session_cache_shard_(context.ssl_session_cache_shard), completed_handshake_(false), next_handshake_state_(STATE_NONE), + disconnected_(false), nss_fd_(NULL), net_log_(transport_->socket()->NetLog()), transport_security_state_(context.transport_security_state), @@ -2409,20 +2397,6 @@ void SSLClientSocket::ClearSessionCache() { SSL_ClearSessionCache(); } -#if !defined(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) -#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) -#endif - -// static -uint16 SSLClientSocket::GetMaxSupportedSSLVersion() { - crypto::EnsureNSSInit(); - if (PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { - return SSL_PROTOCOL_VERSION_TLS1_2; - } else { - return SSL_PROTOCOL_VERSION_TLS1_1; - } -} - bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { EnterFunction(""); ssl_info->Reset(); @@ -2532,6 +2506,14 @@ int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { DCHECK(user_connect_callback_.is_null()); DCHECK(!callback.is_null()); + // Although StreamSocket does allow calling Connect() after Disconnect(), + // this has never worked for layered sockets. CHECK to detect any consumers + // reconnecting an SSL socket. + // + // TODO(davidben,mmenke): Remove this API feature. See + // https://crbug.com/499289. + CHECK(!disconnected_); + EnsureThreadIdAssigned(); net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); @@ -2577,6 +2559,8 @@ void SSLClientSocketNSS::Disconnect() { cert_verifier_request_.reset(); transport_->socket()->Disconnect(); + disconnected_ = true; + // Reset object state. user_connect_callback_.Reset(); server_cert_verify_result_.Reset(); @@ -2702,13 +2686,12 @@ int SSLClientSocketNSS::Init() { } void SSLClientSocketNSS::InitCore() { + // TODO(davidben): Both task runners are now always the same. Unwind this code + // further, although the entire class is due to be deleted eventually, so it + // may not be worth bothering. core_ = new Core(base::ThreadTaskRunnerHandle::Get().get(), - nss_task_runner_.get(), - transport_.get(), - host_and_port_, - ssl_config_, - &net_log_, - channel_id_service_); + base::ThreadTaskRunnerHandle::Get().get(), transport_.get(), + host_and_port_, ssl_config_, &net_log_, channel_id_service_); } int SSLClientSocketNSS::InitializeSSLOptions() { @@ -2986,6 +2969,7 @@ int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { int SSLClientSocketNSS::DoHandshake() { EnterFunction(""); + int rv = core_->Connect( base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, base::Unretained(this))); @@ -3026,6 +3010,12 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { GotoState(STATE_VERIFY_CERT_COMPLETE); + // NSS decoded the certificate, but the platform certificate implementation + // could not. This is treated as a fatal SSL-level protocol error rather than + // a certificate error. See https://crbug.com/91341. + if (!core_->state().server_cert.get()) + return ERR_SSL_SERVER_CERT_BAD_FORMAT; + // If the certificate is expected to be bad we can use the expectation as // the cert status. base::StringPiece der_cert( @@ -3042,14 +3032,6 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { return OK; } - // We may have failed to create X509Certificate object if we are - // running inside sandbox. - if (!core_->state().server_cert.get()) { - server_cert_verify_result_.Reset(); - server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; - return ERR_CERT_INVALID; - } - start_cert_verification_time_ = base::TimeTicks::Now(); return cert_verifier_->Verify( @@ -3090,10 +3072,11 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) { (result == OK || (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && !transport_security_state_->CheckPublicKeyPins( - host_and_port_.host(), - server_cert_verify_result_.is_issued_by_known_root, + host_and_port_, server_cert_verify_result_.is_issued_by_known_root, server_cert_verify_result_.public_key_hashes, - &pinning_failure_log_)) { + core_->state().server_cert.get(), + server_cert_verify_result_.verified_cert.get(), + TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; } @@ -3139,6 +3122,8 @@ void SSLClientSocketNSS::VerifyCT() { << server_cert_verify_result_.verified_cert->subject() .GetDisplayName() << " does not conform to CT policy, removing EV status."; + server_cert_verify_result_.cert_status |= + CERT_STATUS_CT_COMPLIANCE_FAILED; server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; } } diff --git a/chromium/net/socket/ssl_client_socket_nss.h b/chromium/net/socket/ssl_client_socket_nss.h index 4ba67995363..0cec7eb22c0 100644 --- a/chromium/net/socket/ssl_client_socket_nss.h +++ b/chromium/net/socket/ssl_client_socket_nss.h @@ -30,10 +30,6 @@ #include "net/ssl/channel_id_service.h" #include "net/ssl/ssl_config_service.h" -namespace base { -class SequencedTaskRunner; -} - namespace net { class BoundNetLog; @@ -54,14 +50,7 @@ class SSLClientSocketNSS : public SSLClientSocket { // authentication is requested, the host_and_port field of SSLCertRequestInfo // will be populated with |host_and_port|. |ssl_config| specifies // the SSL settings. - // - // Because calls to NSS may block, such as due to needing to access slow - // hardware or needing to synchronously unlock protected tokens, calls to - // NSS may optionally be run on a dedicated thread. If synchronous/blocking - // behaviour is desired, for performance or compatibility, the current task - // runner should be supplied instead. - SSLClientSocketNSS(base::SequencedTaskRunner* nss_task_runner, - scoped_ptr<ClientSocketHandle> transport_socket, + SSLClientSocketNSS(scoped_ptr<ClientSocketHandle> transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, const SSLClientSocketContext& context); @@ -155,8 +144,6 @@ class SSLClientSocketNSS : public SSLClientSocket { // the |ssl_info|.signed_certificate_timestamps list. void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const; - // The task runner used to perform NSS operations. - scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; scoped_ptr<ClientSocketHandle> transport_; HostPortPair host_and_port_; SSLConfig ssl_config_; @@ -187,6 +174,9 @@ class SSLClientSocketNSS : public SSLClientSocket { State next_handshake_state_; + // True if the socket has been disconnected. + bool disconnected_; + // The NSS SSL state machine. This is owned by |core_|. // TODO(rsleevi): http://crbug.com/130616 - Remove this member once // ExportKeyingMaterial is updated to be asynchronous. diff --git a/chromium/net/socket/ssl_client_socket_openssl.cc b/chromium/net/socket/ssl_client_socket_openssl.cc index 5489ead7e36..ade7ffd9ca1 100644 --- a/chromium/net/socket/ssl_client_socket_openssl.cc +++ b/chromium/net/socket/ssl_client_socket_openssl.cc @@ -51,12 +51,14 @@ #include "base/win/windows_version.h" #endif -#if defined(USE_OPENSSL_CERTS) -#include "net/ssl/openssl_client_key_store.h" -#else +#if !defined(OS_NACL) #include "net/ssl/ssl_platform_key.h" #endif +#if defined(USE_NSS_CERTS) || defined(OS_IOS) +#include "net/cert_net/nss_ocsp.h" +#endif + namespace net { namespace { @@ -87,11 +89,6 @@ void FreeX509Stack(STACK_OF(X509)* ptr) { using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>; -#if OPENSSL_VERSION_NUMBER < 0x1000103fL -// This method doesn't seem to have made it into the OpenSSL headers. -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; } -#endif - // Used for encoding the |connection_status| field of an SSLInfo object. int EncodeSSLConnectionStatus(uint16 cipher_suite, int compression, @@ -171,7 +168,7 @@ bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { } } -#if !defined(USE_OPENSSL_CERTS) +#if !defined(OS_NACL) class PlatformKeyTaskRunner { public: PlatformKeyTaskRunner() { @@ -196,13 +193,15 @@ class PlatformKeyTaskRunner { base::LazyInstance<PlatformKeyTaskRunner>::Leaky g_platform_key_task_runner = LAZY_INSTANCE_INITIALIZER; -#endif // !USE_OPENSSL_CERTS +#endif } // namespace class SSLClientSocketOpenSSL::SSLContext { public: - static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } + static SSLContext* GetInstance() { + return base::Singleton<SSLContext>::get(); + } SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; } @@ -221,7 +220,7 @@ class SSLClientSocketOpenSSL::SSLContext { static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod; private: - friend struct DefaultSingletonTraits<SSLContext>; + friend struct base::DefaultSingletonTraits<SSLContext>; SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) { crypto::EnsureOpenSSLInit(); @@ -240,7 +239,6 @@ class SSLClientSocketOpenSSL::SSLContext { // but that is an OpenSSL issue. SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, NULL); - ssl_ctx_->tlsext_channel_id_enabled_new = 1; // Disable the internal session cache. Session caching is handled // externally (i.e. by SSLClientSessionCacheOpenSSL). @@ -296,11 +294,6 @@ class SSLClientSocketOpenSSL::SSLContext { return socket->PrivateKeyTypeCallback(); } - static int PrivateKeySupportsDigestCallback(SSL* ssl, const EVP_MD* md) { - SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); - return socket->PrivateKeySupportsDigestCallback(md); - } - static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) { SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); return socket->PrivateKeyMaxSignatureLenCallback(); @@ -344,7 +337,6 @@ class SSLClientSocketOpenSSL::SSLContext { const SSL_PRIVATE_KEY_METHOD SSLClientSocketOpenSSL::SSLContext::kPrivateKeyMethod = { &SSLClientSocketOpenSSL::SSLContext::PrivateKeyTypeCallback, - &SSLClientSocketOpenSSL::SSLContext::PrivateKeySupportsDigestCallback, &SSLClientSocketOpenSSL::SSLContext::PrivateKeyMaxSignatureLenCallback, &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCallback, &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCompleteCallback, @@ -438,11 +430,6 @@ void SSLClientSocket::ClearSessionCache() { context->session_cache()->Flush(); } -// static -uint16 SSLClientSocket::GetMaxSupportedSSLVersion() { - return SSL_PROTOCOL_VERSION_TLS1_2; -} - SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( scoped_ptr<ClientSocketHandle> transport_socket, const HostPortPair& host_and_port, @@ -467,6 +454,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( ssl_config_(ssl_config), ssl_session_cache_shard_(context.ssl_session_cache_shard), next_handshake_state_(STATE_NONE), + disconnected_(false), npn_status_(kNextProtoUnsupported), channel_id_sent_(false), session_pending_(false), @@ -540,6 +528,14 @@ int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) { // TransportSecurityState. DCHECK(transport_security_state_); + // Although StreamSocket does allow calling Connect() after Disconnect(), + // this has never worked for layered sockets. CHECK to detect any consumers + // reconnecting an SSL socket. + // + // TODO(davidben,mmenke): Remove this API feature. See + // https://crbug.com/499289. + CHECK(!disconnected_); + net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); // Set up new ssl object. @@ -576,6 +572,8 @@ void SSLClientSocketOpenSSL::Disconnect() { transport_bio_ = NULL; } + disconnected_ = true; + // Shut down anything that may call us back. cert_verifier_request_.reset(); transport_->socket()->Disconnect(); @@ -717,6 +715,8 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); CHECK(cipher); ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); + ssl_info->key_exchange_info = + SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); ssl_info->connection_status = EncodeSSLConnectionStatus( static_cast<uint16>(SSL_CIPHER_get_id(cipher)), 0 /* no compression */, @@ -795,6 +795,14 @@ int SSLClientSocketOpenSSL::Init() { DCHECK(!ssl_); DCHECK(!transport_bio_); +#if defined(USE_NSS_CERTS) || defined(OS_IOS) + if (ssl_config_.cert_io_enabled) { + // TODO(davidben): Move this out of SSLClientSocket. See + // https://crbug.com/539520. + EnsureNSSHttpIOInit(); + } +#endif + SSLContext* context = SSLContext::GetInstance(); crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); @@ -876,10 +884,10 @@ int SSLClientSocketOpenSSL::Init() { STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_); DCHECK(ciphers); // See SSLConfig::disabled_cipher_suites for description of the suites - // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256 + // disabled by default. Note that SHA256 and SHA384 only select HMAC-SHA256 // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 // as the handshake hash. - std::string command("DEFAULT:!SHA256:!SHA384:!AESGCM+AES256:!aPSK"); + std::string command("DEFAULT:!SHA256:-SHA384:!AESGCM+AES256:!aPSK"); // Walk through all the installed ciphers, seeing if any need to be // appended to the cipher removal |command|. for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) { @@ -904,8 +912,15 @@ int SSLClientSocketOpenSSL::Init() { } } - if (!ssl_config_.enable_deprecated_cipher_suites) + if (!ssl_config_.enable_deprecated_cipher_suites) { command.append(":!RC4"); + } else { + // Add TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 under a fallback. This is + // believed to work around a bug in some out-of-date Microsoft IIS servers + // which cause them to require the version downgrade + // (https://crbug.com/433406). + command.append(":ECDHE-RSA-AES256-SHA384"); + } // Disable ECDSA cipher suites on platforms that do not support ECDSA // signed certificates, as servers may use the presence of such @@ -938,10 +953,12 @@ int SSLClientSocketOpenSSL::Init() { enabled_ciphers_vector.push_back(id); } - std::vector<uint8_t> wire_protos = - SerializeNextProtos(ssl_config_.next_protos, - HasCipherAdequateForHTTP2(enabled_ciphers_vector) && - IsTLSVersionAdequateForHTTP2(ssl_config_)); + NextProtoVector next_protos = ssl_config_.next_protos; + if (!HasCipherAdequateForHTTP2(enabled_ciphers_vector) || + !IsTLSVersionAdequateForHTTP2(ssl_config_)) { + DisableHTTP2(&next_protos); + } + std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], wire_protos.size()); } @@ -954,11 +971,6 @@ int SSLClientSocketOpenSSL::Init() { if (cert_verifier_->SupportsOCSPStapling()) SSL_enable_ocsp_stapling(ssl_); - // Enable fastradio padding. - SSL_enable_fastradio_padding(ssl_, - ssl_config_.fastradio_padding_enabled && - ssl_config_.fastradio_padding_eligible); - // By default, renegotiations are rejected. After the initial handshake // completes, some application protocols may re-enable it. SSL_set_reject_peer_renegotiations(ssl_, 1); @@ -1186,6 +1198,12 @@ int SSLClientSocketOpenSSL::DoVerifyCert(int result) { GotoState(STATE_VERIFY_CERT_COMPLETE); + // OpenSSL decoded the certificate, but the platform certificate + // implementation could not. This is treated as a fatal SSL-level protocol + // error rather than a certificate error. See https://crbug.com/91341. + if (!server_cert_.get()) + return ERR_SSL_SERVER_CERT_BAD_FORMAT; + // If the certificate is bad and has been previously accepted, use // the previous status and bypass the error. base::StringPiece der_cert; @@ -1202,15 +1220,6 @@ int SSLClientSocketOpenSSL::DoVerifyCert(int result) { return OK; } - // When running in a sandbox, it may not be possible to create an - // X509Certificate*, as that may depend on OS functionality blocked - // in the sandbox. - if (!server_cert_.get()) { - server_cert_verify_result_.Reset(); - server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; - return ERR_CERT_INVALID; - } - std::string ocsp_response; if (cert_verifier_->SupportsOCSPStapling()) { const uint8_t* ocsp_response_raw; @@ -1261,10 +1270,10 @@ int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { (result == OK || (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && !transport_security_state_->CheckPublicKeyPins( - host_and_port_.host(), - server_cert_verify_result_.is_issued_by_known_root, - server_cert_verify_result_.public_key_hashes, - &pinning_failure_log_)) { + host_and_port_, server_cert_verify_result_.is_issued_by_known_root, + server_cert_verify_result_.public_key_hashes, server_cert_.get(), + server_cert_verify_result_.verified_cert.get(), + TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; } @@ -1345,6 +1354,8 @@ void SSLClientSocketOpenSSL::VerifyCT() { << server_cert_verify_result_.verified_cert->subject() .GetDisplayName() << " does not conform to CT policy, removing EV status."; + server_cert_verify_result_.cert_status |= + CERT_STATUS_CT_COMPLIANCE_FAILED; server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; } } @@ -1801,24 +1812,10 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) { return -1; } -#if defined(USE_OPENSSL_CERTS) - // TODO(davidben): Move Android to the SSLPrivateKey codepath and disable - // client auth on NaCl altogether. - crypto::ScopedEVP_PKEY privkey = - OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( - ssl_config_.client_cert.get()); - if (!privkey) { - // Could not find the private key. Fail the handshake and surface an - // appropriate error to the caller. - LOG(WARNING) << "Client cert found without private key"; +#if defined(OS_NACL) OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); return -1; - } - if (!SSL_use_PrivateKey(ssl_, privkey.get())) { - LOG(WARNING) << "Failed to set private key"; - return -1; - } -#else // !USE_OPENSSL_CERTS +#else // TODO(davidben): Lift this call up to the embedder so we can actually test // this code. https://crbug.com/394131 private_key_ = FetchClientCertPrivateKey( @@ -1833,7 +1830,35 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) { } SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod); -#endif // USE_OPENSSL_CERTS + + std::vector<SSLPrivateKey::Hash> digest_prefs = + private_key_->GetDigestPreferences(); + + size_t digests_len = digest_prefs.size(); + std::vector<int> digests; + for (size_t i = 0; i < digests_len; i++) { + switch (digest_prefs[i]) { + case SSLPrivateKey::Hash::SHA1: + digests.push_back(NID_sha1); + break; + case SSLPrivateKey::Hash::SHA256: + digests.push_back(NID_sha256); + break; + case SSLPrivateKey::Hash::SHA384: + digests.push_back(NID_sha384); + break; + case SSLPrivateKey::Hash::SHA512: + digests.push_back(NID_sha512); + break; + case SSLPrivateKey::Hash::MD5_SHA1: + // MD5-SHA1 is not used in TLS 1.2. + break; + } + } + + SSL_set_private_key_digest_prefs(ssl_, vector_as_array(&digests), + digests.size()); +#endif // !OS_NACL int cert_count = 1 + sk_X509_num(chain.get()); net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, @@ -2070,11 +2095,6 @@ int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() { return EVP_PKEY_NONE; } -int SSLClientSocketOpenSSL::PrivateKeySupportsDigestCallback(const EVP_MD* md) { - SSLPrivateKey::Hash hash; - return EVP_MDToPrivateKeyHash(md, &hash) && private_key_->SupportsHash(hash); -} - size_t SSLClientSocketOpenSSL::PrivateKeyMaxSignatureLenCallback() { return private_key_->GetMaxSignatureLengthInBytes(); } diff --git a/chromium/net/socket/ssl_client_socket_openssl.h b/chromium/net/socket/ssl_client_socket_openssl.h index 645aaf41899..228214b42d6 100644 --- a/chromium/net/socket/ssl_client_socket_openssl.h +++ b/chromium/net/socket/ssl_client_socket_openssl.h @@ -191,7 +191,6 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { // Callbacks for operations with the private key. int PrivateKeyTypeCallback(); - int PrivateKeySupportsDigestCallback(const EVP_MD* md); size_t PrivateKeyMaxSignatureLenCallback(); ssl_private_key_result_t PrivateKeySignCallback(uint8_t* out, size_t* out_len, @@ -300,6 +299,10 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { STATE_VERIFY_CERT_COMPLETE, }; State next_handshake_state_; + + // True if the socket has been disconnected. + bool disconnected_; + NextProtoStatus npn_status_; std::string npn_proto_; // Written by the |channel_id_service_|. diff --git a/chromium/net/socket/ssl_client_socket_pool.cc b/chromium/net/socket/ssl_client_socket_pool.cc index 3ef329ca3dd..b16eeedd2f8 100644 --- a/chromium/net/socket/ssl_client_socket_pool.cc +++ b/chromium/net/socket/ssl_client_socket_pool.cc @@ -21,6 +21,7 @@ #include "net/socket/ssl_client_socket.h" #include "net/socket/transport_client_socket_pool.h" #include "net/ssl/ssl_cert_request_info.h" +#include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" @@ -371,9 +372,28 @@ int SSLConnectJob::DoSSLConnectComplete(int result) { ssl_info.connection_status), SSL_CONNECTION_VERSION_MAX); - UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", - SSLConnectionStatusToCipherSuite( - ssl_info.connection_status)); + uint16 cipher_suite = + SSLConnectionStatusToCipherSuite(ssl_info.connection_status); + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", cipher_suite); + + const char *str, *cipher_str, *mac_str; + bool is_aead; + SSLCipherSuiteToStrings(&str, &cipher_str, &mac_str, &is_aead, + cipher_suite); + // UMA_HISTOGRAM_... macros cache the Histogram instance and thus only work + // if the histogram name is constant, so don't generate it dynamically. + if (strcmp(str, "RSA") == 0) { + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.RSA", + ssl_info.key_exchange_info); + } else if (strncmp(str, "DHE_", 4) == 0) { + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.DHE", + ssl_info.key_exchange_info); + } else if (strncmp(str, "ECDHE_", 6) == 0) { + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.ECDHE", + ssl_info.key_exchange_info); + } else { + NOTREACHED(); + } if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) { UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake", @@ -418,10 +438,6 @@ int SSLConnectJob::DoSSLConnectComplete(int result) { } UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(result)); - if (params_->ssl_config().fastradio_padding_eligible) { - UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_FastRadioPadding", - std::abs(result)); - } if (result == OK || IsCertificateError(result)) { SetSocket(ssl_socket_.Pass()); diff --git a/chromium/net/socket/ssl_client_socket_pool_unittest.cc b/chromium/net/socket/ssl_client_socket_pool_unittest.cc index 28a6f09d186..48d667025b5 100644 --- a/chromium/net/socket/ssl_client_socket_pool_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_pool_unittest.cc @@ -205,7 +205,6 @@ class SSLClientSocketPoolTest INSTANTIATE_TEST_CASE_P(NextProto, SSLClientSocketPoolTest, testing::Values(kProtoSPDY31, - kProtoHTTP2_14, kProtoHTTP2)); TEST_P(SSLClientSocketPoolTest, TCPFail) { diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc index 8eec65792cf..f27151c24e1 100644 --- a/chromium/net/socket/ssl_client_socket_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_unittest.cc @@ -42,21 +42,6 @@ #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" -#if !defined(USE_OPENSSL) -#include <pk11pub.h> -#include "crypto/nss_util.h" - -#if !defined(CKM_AES_GCM) -#define CKM_AES_GCM 0x00001087 -#endif - -#if !defined(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) -#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) -#endif -#endif - -//----------------------------------------------------------------------------- - using testing::_; using testing::Return; using testing::Truly; @@ -961,18 +946,6 @@ class SSLClientSocketChannelIDTest : public SSLClientSocketTest { scoped_ptr<ChannelIDService> channel_id_service_; }; -//----------------------------------------------------------------------------- - -bool SupportsAESGCM() { -#if defined(USE_OPENSSL) - return true; -#else - crypto::EnsureNSSInit(); - return PK11_TokenExists(CKM_AES_GCM) && - PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); -#endif -} - } // namespace TEST_F(SSLClientSocketTest, Connect) { @@ -1102,6 +1075,27 @@ TEST_F(SSLClientSocketTest, ConnectMismatched) { EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); } +#if defined(OS_WIN) +// Tests that certificates parsable by SSLClientSocket's internal SSL +// implementation, but not X509Certificate are treated as fatal non-certificate +// errors. This is regression test for https://crbug.com/91341. +TEST_F(SSLClientSocketTest, ConnectBadValidity) { + SpawnedTestServer::SSLOptions ssl_options( + SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY); + ASSERT_TRUE(ConnectToTestServer(ssl_options)); + SSLConfig ssl_config; + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + + EXPECT_EQ(ERR_SSL_SERVER_CERT_BAD_FORMAT, rv); + EXPECT_FALSE(IsCertificateError(rv)); + + SSLInfo ssl_info; + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_FALSE(ssl_info.cert); +} +#endif // defined(OS_WIN) + // Attempt to connect to a page which requests a client certificate. It should // return an error code on connect. TEST_F(SSLClientSocketTest, ConnectClientAuthCertRequested) { @@ -2352,7 +2346,7 @@ TEST(SSLClientSocket, SerializeNextProtos) { next_protos.push_back(kProtoHTTP11); next_protos.push_back(kProtoSPDY31); static std::vector<uint8_t> serialized = - SSLClientSocket::SerializeNextProtos(next_protos, true); + SSLClientSocket::SerializeNextProtos(next_protos); ASSERT_EQ(18u, serialized.size()); EXPECT_EQ(8, serialized[0]); // length("http/1.1") EXPECT_EQ('h', serialized[1]); @@ -3138,18 +3132,13 @@ TEST_F(SSLClientSocketTest, RequireECDHE) { } TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - // False Start requires NPN/ALPN, ECDHE, and an AEAD. SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); SSLConfig client_config; client_config.next_protos.push_back(kProtoHTTP11); ASSERT_NO_FATAL_FAILURE( @@ -3158,11 +3147,6 @@ TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { // Test that False Start is disabled without NPN. TEST_F(SSLClientSocketFalseStartTest, NoNPN) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; @@ -3176,17 +3160,12 @@ TEST_F(SSLClientSocketFalseStartTest, NoNPN) { // Test that False Start is disabled with plain RSA ciphers. TEST_F(SSLClientSocketFalseStartTest, RSA) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); SSLConfig client_config; client_config.next_protos.push_back(kProtoHTTP11); ASSERT_NO_FATAL_FAILURE( @@ -3195,17 +3174,12 @@ TEST_F(SSLClientSocketFalseStartTest, RSA) { // Test that False Start is disabled with DHE_RSA ciphers. TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); SSLConfig client_config; client_config.next_protos.push_back(kProtoHTTP11); ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); @@ -3218,7 +3192,7 @@ TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); SSLConfig client_config; client_config.next_protos.push_back(kProtoHTTP11); ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); @@ -3226,18 +3200,13 @@ TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { // Test that sessions are resumable after receiving the server Finished message. TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - // Start a server. SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); SSLConfig client_config; client_config.next_protos.push_back(kProtoHTTP11); @@ -3264,18 +3233,13 @@ TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { // Test that False Started sessions are not resumable before receiving the // server Finished message. TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - // Start a server. SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); ASSERT_TRUE(StartTestServer(server_options)); SSLConfig client_config; @@ -3327,18 +3291,13 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { // Test that False Started sessions are not resumable if the server Finished // message was bad. TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { - if (!SupportsAESGCM()) { - LOG(WARNING) << "Skipping test because AES-GCM is not supported."; - return; - } - // Start a server. SpawnedTestServer::SSLOptions server_options; server_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; server_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; - server_options.enable_npn = true; + server_options.npn_protocols.push_back(std::string("http/1.1")); ASSERT_TRUE(StartTestServer(server_options)); SSLConfig client_config; @@ -3459,4 +3418,96 @@ TEST_F(SSLClientSocketChannelIDTest, FailingChannelIDAsync) { EXPECT_FALSE(sock_->IsConnected()); } +TEST_F(SSLClientSocketTest, NPN) { + SpawnedTestServer::SSLOptions server_options; + server_options.npn_protocols.push_back(std::string("spdy/3.1")); + server_options.npn_protocols.push_back(std::string("h2")); + ASSERT_TRUE(ConnectToTestServer(server_options)); + + SSLConfig client_config; + client_config.next_protos.push_back(kProtoHTTP2); + client_config.next_protos.push_back(kProtoHTTP11); + + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_EQ(OK, rv); + + std::string proto; + EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); + EXPECT_EQ("h2", proto); +} + +// In case of no overlap between client and server list, SSLClientSocket should +// fall back to first one on the client list. +TEST_F(SSLClientSocketTest, NPNNoOverlap) { + SpawnedTestServer::SSLOptions server_options; + server_options.npn_protocols.push_back(std::string("http/1.1")); + ASSERT_TRUE(ConnectToTestServer(server_options)); + + SSLConfig client_config; + client_config.next_protos.push_back(kProtoHTTP2); + client_config.next_protos.push_back(kProtoSPDY31); + + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_EQ(OK, rv); + + std::string proto; + EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto)); + EXPECT_EQ("h2", proto); +} + +// Server preference should be respected. The list is in decreasing order of +// preference. +TEST_F(SSLClientSocketTest, NPNServerPreference) { + SpawnedTestServer::SSLOptions server_options; + server_options.npn_protocols.push_back(std::string("spdy/3.1")); + server_options.npn_protocols.push_back(std::string("h2")); + ASSERT_TRUE(ConnectToTestServer(server_options)); + + SSLConfig client_config; + client_config.next_protos.push_back(kProtoHTTP2); + client_config.next_protos.push_back(kProtoSPDY31); + + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_EQ(OK, rv); + + std::string proto; + EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); + EXPECT_EQ("spdy/3.1", proto); +} + +TEST_F(SSLClientSocketTest, NPNClientDisabled) { + SpawnedTestServer::SSLOptions server_options; + server_options.npn_protocols.push_back(std::string("http/1.1")); + ASSERT_TRUE(ConnectToTestServer(server_options)); + + SSLConfig client_config; + + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_EQ(OK, rv); + + std::string proto; + EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, + sock_->GetNextProto(&proto)); +} + +TEST_F(SSLClientSocketTest, NPNServerDisabled) { + SpawnedTestServer::SSLOptions server_options; + ASSERT_TRUE(ConnectToTestServer(server_options)); + + SSLConfig client_config; + client_config.next_protos.push_back(kProtoHTTP11); + + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_EQ(OK, rv); + + std::string proto; + EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, + sock_->GetNextProto(&proto)); +} + } // namespace net diff --git a/chromium/net/socket/ssl_server_socket_nss.cc b/chromium/net/socket/ssl_server_socket_nss.cc index c48c04cb0bc..614265e45ee 100644 --- a/chromium/net/socket/ssl_server_socket_nss.cc +++ b/chromium/net/socket/ssl_server_socket_nss.cc @@ -69,7 +69,7 @@ class NSSSSLServerInitSingleton { } }; -static base::LazyInstance<NSSSSLServerInitSingleton> +static base::LazyInstance<NSSSSLServerInitSingleton>::Leaky g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER; } // namespace diff --git a/chromium/net/socket/ssl_server_socket_unittest.cc b/chromium/net/socket/ssl_server_socket_unittest.cc index b99f8343af8..24b30905be5 100644 --- a/chromium/net/socket/ssl_server_socket_unittest.cc +++ b/chromium/net/socket/ssl_server_socket_unittest.cc @@ -52,17 +52,6 @@ #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" -#if !defined(USE_OPENSSL) -#include <pk11pub.h> - -#if !defined(CKM_AES_GCM) -#define CKM_AES_GCM 0x00001087 -#endif -#if !defined(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) -#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) -#endif -#endif - namespace net { namespace { @@ -412,14 +401,7 @@ TEST_F(SSLServerSocketTest, Handshake) { bool is_aead; SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite); EXPECT_STREQ("ECDHE_RSA", key_exchange); -#if defined(USE_OPENSSL) - bool supports_aead = true; -#else - bool supports_aead = - PK11_TokenExists(CKM_AES_GCM) && - PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); -#endif - EXPECT_TRUE(!supports_aead || is_aead); + EXPECT_TRUE(is_aead); } TEST_F(SSLServerSocketTest, DataTransfer) { diff --git a/chromium/net/socket/tcp_server_socket_unittest.cc b/chromium/net/socket/tcp_server_socket_unittest.cc index 2f6491bf8cf..19c715bfc91 100644 --- a/chromium/net/socket/tcp_server_socket_unittest.cc +++ b/chromium/net/socket/tcp_server_socket_unittest.cc @@ -50,7 +50,9 @@ class TCPServerSocketTest : public PlatformTest { *success = true; } - void ParseAddress(std::string ip_str, uint16 port, IPEndPoint* address) { + void ParseAddress(const std::string& ip_str, + uint16 port, + IPEndPoint* address) { IPAddressNumber ip_number; bool rv = ParseIPLiteralToNumber(ip_str, &ip_number); if (!rv) diff --git a/chromium/net/socket/tcp_socket.h b/chromium/net/socket/tcp_socket.h index 04fd7d2ba6f..58797bb0851 100644 --- a/chromium/net/socket/tcp_socket.h +++ b/chromium/net/socket/tcp_socket.h @@ -11,7 +11,7 @@ #if defined(OS_WIN) #include "net/socket/tcp_socket_win.h" #elif defined(OS_POSIX) -#include "net/socket/tcp_socket_libevent.h" +#include "net/socket/tcp_socket_posix.h" #endif namespace net { @@ -25,7 +25,7 @@ namespace net { #if defined(OS_WIN) typedef TCPSocketWin TCPSocket; #elif defined(OS_POSIX) -typedef TCPSocketLibevent TCPSocket; +typedef TCPSocketPosix TCPSocket; #endif // Check if TCP FastOpen is supported by the OS. diff --git a/chromium/net/socket/tcp_socket_libevent.cc b/chromium/net/socket/tcp_socket_posix.cc index 0eef1f5fbef..653eb82445d 100644 --- a/chromium/net/socket/tcp_socket_libevent.cc +++ b/chromium/net/socket/tcp_socket_posix.cc @@ -24,8 +24,8 @@ #include "net/base/net_util.h" #include "net/base/network_activity_monitor.h" #include "net/base/network_change_notifier.h" -#include "net/socket/socket_libevent.h" #include "net/socket/socket_net_log_params.h" +#include "net/socket/socket_posix.h" // If we don't have a definition for TCPI_OPT_SYN_DATA, create one. #ifndef TCPI_OPT_SYN_DATA @@ -146,8 +146,7 @@ void CheckSupportAndMaybeEnableTCPFastOpen(bool user_enabled) { #endif } -TCPSocketLibevent::TCPSocketLibevent(NetLog* net_log, - const NetLog::Source& source) +TCPSocketPosix::TCPSocketPosix(NetLog* net_log, const NetLog::Source& source) : use_tcp_fastopen_(false), tcp_fastopen_write_attempted_(false), tcp_fastopen_connected_(false), @@ -158,22 +157,22 @@ TCPSocketLibevent::TCPSocketLibevent(NetLog* net_log, source.ToEventParametersCallback()); } -TCPSocketLibevent::~TCPSocketLibevent() { +TCPSocketPosix::~TCPSocketPosix() { net_log_.EndEvent(NetLog::TYPE_SOCKET_ALIVE); Close(); } -int TCPSocketLibevent::Open(AddressFamily family) { +int TCPSocketPosix::Open(AddressFamily family) { DCHECK(!socket_); - socket_.reset(new SocketLibevent); + socket_.reset(new SocketPosix); int rv = socket_->Open(ConvertAddressFamily(family)); if (rv != OK) socket_.reset(); return rv; } -int TCPSocketLibevent::AdoptConnectedSocket(int socket_fd, - const IPEndPoint& peer_address) { +int TCPSocketPosix::AdoptConnectedSocket(int socket_fd, + const IPEndPoint& peer_address) { DCHECK(!socket_); SockaddrStorage storage; @@ -183,14 +182,14 @@ int TCPSocketLibevent::AdoptConnectedSocket(int socket_fd, return ERR_ADDRESS_INVALID; } - socket_.reset(new SocketLibevent); + socket_.reset(new SocketPosix); int rv = socket_->AdoptConnectedSocket(socket_fd, storage); if (rv != OK) socket_.reset(); return rv; } -int TCPSocketLibevent::Bind(const IPEndPoint& address) { +int TCPSocketPosix::Bind(const IPEndPoint& address) { DCHECK(socket_); SockaddrStorage storage; @@ -200,14 +199,14 @@ int TCPSocketLibevent::Bind(const IPEndPoint& address) { return socket_->Bind(storage); } -int TCPSocketLibevent::Listen(int backlog) { +int TCPSocketPosix::Listen(int backlog) { DCHECK(socket_); return socket_->Listen(backlog); } -int TCPSocketLibevent::Accept(scoped_ptr<TCPSocketLibevent>* tcp_socket, - IPEndPoint* address, - const CompletionCallback& callback) { +int TCPSocketPosix::Accept(scoped_ptr<TCPSocketPosix>* tcp_socket, + IPEndPoint* address, + const CompletionCallback& callback) { DCHECK(tcp_socket); DCHECK(!callback.is_null()); DCHECK(socket_); @@ -217,15 +216,15 @@ int TCPSocketLibevent::Accept(scoped_ptr<TCPSocketLibevent>* tcp_socket, int rv = socket_->Accept( &accept_socket_, - base::Bind(&TCPSocketLibevent::AcceptCompleted, - base::Unretained(this), tcp_socket, address, callback)); + base::Bind(&TCPSocketPosix::AcceptCompleted, base::Unretained(this), + tcp_socket, address, callback)); if (rv != ERR_IO_PENDING) rv = HandleAcceptCompleted(tcp_socket, address, rv); return rv; } -int TCPSocketLibevent::Connect(const IPEndPoint& address, - const CompletionCallback& callback) { +int TCPSocketPosix::Connect(const IPEndPoint& address, + const CompletionCallback& callback) { DCHECK(socket_); if (!logging_multiple_connect_attempts_) @@ -245,15 +244,15 @@ int TCPSocketLibevent::Connect(const IPEndPoint& address, return OK; } - int rv = socket_->Connect(storage, - base::Bind(&TCPSocketLibevent::ConnectCompleted, - base::Unretained(this), callback)); + int rv = + socket_->Connect(storage, base::Bind(&TCPSocketPosix::ConnectCompleted, + base::Unretained(this), callback)); if (rv != ERR_IO_PENDING) rv = HandleConnectCompleted(rv); return rv; } -bool TCPSocketLibevent::IsConnected() const { +bool TCPSocketPosix::IsConnected() const { if (!socket_) return false; @@ -267,21 +266,21 @@ bool TCPSocketLibevent::IsConnected() const { return socket_->IsConnected(); } -bool TCPSocketLibevent::IsConnectedAndIdle() const { +bool TCPSocketPosix::IsConnectedAndIdle() const { // TODO(wtc): should we also handle the TCP FastOpen case here, // as we do in IsConnected()? return socket_ && socket_->IsConnectedAndIdle(); } -int TCPSocketLibevent::Read(IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int TCPSocketPosix::Read(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(socket_); DCHECK(!callback.is_null()); int rv = socket_->Read( buf, buf_len, - base::Bind(&TCPSocketLibevent::ReadCompleted, + base::Bind(&TCPSocketPosix::ReadCompleted, // Grab a reference to |buf| so that ReadCompleted() can still // use it when Read() completes, as otherwise, this transfers // ownership of buf to socket. @@ -291,14 +290,14 @@ int TCPSocketLibevent::Read(IOBuffer* buf, return rv; } -int TCPSocketLibevent::Write(IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int TCPSocketPosix::Write(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(socket_); DCHECK(!callback.is_null()); CompletionCallback write_callback = - base::Bind(&TCPSocketLibevent::WriteCompleted, + base::Bind(&TCPSocketPosix::WriteCompleted, // Grab a reference to |buf| so that WriteCompleted() can still // use it when Write() completes, as otherwise, this transfers // ownership of buf to socket. @@ -316,7 +315,7 @@ int TCPSocketLibevent::Write(IOBuffer* buf, return rv; } -int TCPSocketLibevent::GetLocalAddress(IPEndPoint* address) const { +int TCPSocketPosix::GetLocalAddress(IPEndPoint* address) const { DCHECK(address); if (!socket_) @@ -333,7 +332,7 @@ int TCPSocketLibevent::GetLocalAddress(IPEndPoint* address) const { return OK; } -int TCPSocketLibevent::GetPeerAddress(IPEndPoint* address) const { +int TCPSocketPosix::GetPeerAddress(IPEndPoint* address) const { DCHECK(address); if (!IsConnected()) @@ -350,12 +349,12 @@ int TCPSocketLibevent::GetPeerAddress(IPEndPoint* address) const { return OK; } -int TCPSocketLibevent::SetDefaultOptionsForServer() { +int TCPSocketPosix::SetDefaultOptionsForServer() { DCHECK(socket_); return SetAddressReuse(true); } -void TCPSocketLibevent::SetDefaultOptionsForClient() { +void TCPSocketPosix::SetDefaultOptionsForClient() { DCHECK(socket_); // This mirrors the behaviour on Windows. See the comment in @@ -381,7 +380,7 @@ void TCPSocketLibevent::SetDefaultOptionsForClient() { #endif } -int TCPSocketLibevent::SetAddressReuse(bool allow) { +int TCPSocketPosix::SetAddressReuse(bool allow) { DCHECK(socket_); // SO_REUSEADDR is useful for server sockets to bind to a recently unbound @@ -405,31 +404,31 @@ int TCPSocketLibevent::SetAddressReuse(bool allow) { return OK; } -int TCPSocketLibevent::SetReceiveBufferSize(int32 size) { +int TCPSocketPosix::SetReceiveBufferSize(int32 size) { DCHECK(socket_); int rv = setsockopt(socket_->socket_fd(), SOL_SOCKET, SO_RCVBUF, reinterpret_cast<const char*>(&size), sizeof(size)); return (rv == 0) ? OK : MapSystemError(errno); } -int TCPSocketLibevent::SetSendBufferSize(int32 size) { +int TCPSocketPosix::SetSendBufferSize(int32 size) { DCHECK(socket_); int rv = setsockopt(socket_->socket_fd(), SOL_SOCKET, SO_SNDBUF, reinterpret_cast<const char*>(&size), sizeof(size)); return (rv == 0) ? OK : MapSystemError(errno); } -bool TCPSocketLibevent::SetKeepAlive(bool enable, int delay) { +bool TCPSocketPosix::SetKeepAlive(bool enable, int delay) { DCHECK(socket_); return SetTCPKeepAlive(socket_->socket_fd(), enable, delay); } -bool TCPSocketLibevent::SetNoDelay(bool no_delay) { +bool TCPSocketPosix::SetNoDelay(bool no_delay) { DCHECK(socket_); return SetTCPNoDelay(socket_->socket_fd(), no_delay); } -void TCPSocketLibevent::Close() { +void TCPSocketPosix::Close() { socket_.reset(); // Record and reset TCP FastOpen state. @@ -444,11 +443,11 @@ void TCPSocketLibevent::Close() { tcp_fastopen_status_ = TCP_FASTOPEN_STATUS_UNKNOWN; } -bool TCPSocketLibevent::UsingTCPFastOpen() const { +bool TCPSocketPosix::UsingTCPFastOpen() const { return use_tcp_fastopen_; } -void TCPSocketLibevent::EnableTCPFastOpenIfSupported() { +void TCPSocketPosix::EnableTCPFastOpenIfSupported() { if (!IsTCPFastOpenSupported()) return; @@ -462,11 +461,11 @@ void TCPSocketLibevent::EnableTCPFastOpenIfSupported() { tcp_fastopen_status_ = TCP_FASTOPEN_PREVIOUSLY_FAILED; } -bool TCPSocketLibevent::IsValid() const { +bool TCPSocketPosix::IsValid() const { return socket_ != NULL && socket_->socket_fd() != kInvalidSocket; } -void TCPSocketLibevent::StartLoggingMultipleConnectAttempts( +void TCPSocketPosix::StartLoggingMultipleConnectAttempts( const AddressList& addresses) { if (!logging_multiple_connect_attempts_) { logging_multiple_connect_attempts_ = true; @@ -476,7 +475,7 @@ void TCPSocketLibevent::StartLoggingMultipleConnectAttempts( } } -void TCPSocketLibevent::EndLoggingMultipleConnectAttempts(int net_error) { +void TCPSocketPosix::EndLoggingMultipleConnectAttempts(int net_error) { if (logging_multiple_connect_attempts_) { LogConnectEnd(net_error); logging_multiple_connect_attempts_ = false; @@ -485,21 +484,20 @@ void TCPSocketLibevent::EndLoggingMultipleConnectAttempts(int net_error) { } } -void TCPSocketLibevent::AcceptCompleted( - scoped_ptr<TCPSocketLibevent>* tcp_socket, - IPEndPoint* address, - const CompletionCallback& callback, - int rv) { +void TCPSocketPosix::AcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket, + IPEndPoint* address, + const CompletionCallback& callback, + int rv) { DCHECK_NE(ERR_IO_PENDING, rv); callback.Run(HandleAcceptCompleted(tcp_socket, address, rv)); } -int TCPSocketLibevent::HandleAcceptCompleted( - scoped_ptr<TCPSocketLibevent>* tcp_socket, +int TCPSocketPosix::HandleAcceptCompleted( + scoped_ptr<TCPSocketPosix>* tcp_socket, IPEndPoint* address, int rv) { if (rv == OK) - rv = BuildTcpSocketLibevent(tcp_socket, address); + rv = BuildTcpSocketPosix(tcp_socket, address); if (rv == OK) { net_log_.EndEvent(NetLog::TYPE_TCP_ACCEPT, @@ -511,9 +509,8 @@ int TCPSocketLibevent::HandleAcceptCompleted( return rv; } -int TCPSocketLibevent::BuildTcpSocketLibevent( - scoped_ptr<TCPSocketLibevent>* tcp_socket, - IPEndPoint* address) { +int TCPSocketPosix::BuildTcpSocketPosix(scoped_ptr<TCPSocketPosix>* tcp_socket, + IPEndPoint* address) { DCHECK(accept_socket_); SockaddrStorage storage; @@ -523,19 +520,18 @@ int TCPSocketLibevent::BuildTcpSocketLibevent( return ERR_ADDRESS_INVALID; } - tcp_socket->reset(new TCPSocketLibevent(net_log_.net_log(), - net_log_.source())); + tcp_socket->reset(new TCPSocketPosix(net_log_.net_log(), net_log_.source())); (*tcp_socket)->socket_.reset(accept_socket_.release()); return OK; } -void TCPSocketLibevent::ConnectCompleted(const CompletionCallback& callback, - int rv) const { +void TCPSocketPosix::ConnectCompleted(const CompletionCallback& callback, + int rv) const { DCHECK_NE(ERR_IO_PENDING, rv); callback.Run(HandleConnectCompleted(rv)); } -int TCPSocketLibevent::HandleConnectCompleted(int rv) const { +int TCPSocketPosix::HandleConnectCompleted(int rv) const { // Log the end of this attempt (and any OS error it threw). if (rv != OK) { net_log_.EndEvent(NetLog::TYPE_TCP_CONNECT_ATTEMPT, @@ -554,12 +550,12 @@ int TCPSocketLibevent::HandleConnectCompleted(int rv) const { return rv; } -void TCPSocketLibevent::LogConnectBegin(const AddressList& addresses) const { +void TCPSocketPosix::LogConnectBegin(const AddressList& addresses) const { net_log_.BeginEvent(NetLog::TYPE_TCP_CONNECT, addresses.CreateNetLogCallback()); } -void TCPSocketLibevent::LogConnectEnd(int net_error) const { +void TCPSocketPosix::LogConnectEnd(int net_error) const { if (net_error != OK) { net_log_.EndEventWithNetErrorCode(NetLog::TYPE_TCP_CONNECT, net_error); return; @@ -581,14 +577,14 @@ void TCPSocketLibevent::LogConnectEnd(int net_error) const { storage.addr_len)); } -void TCPSocketLibevent::ReadCompleted(const scoped_refptr<IOBuffer>& buf, - const CompletionCallback& callback, - int rv) { +void TCPSocketPosix::ReadCompleted(const scoped_refptr<IOBuffer>& buf, + const CompletionCallback& callback, + int rv) { DCHECK_NE(ERR_IO_PENDING, rv); callback.Run(HandleReadCompleted(buf.get(), rv)); } -int TCPSocketLibevent::HandleReadCompleted(IOBuffer* buf, int rv) { +int TCPSocketPosix::HandleReadCompleted(IOBuffer* buf, int rv) { if (tcp_fastopen_write_attempted_ && !tcp_fastopen_connected_) { // A TCP FastOpen connect-with-write was attempted. This read was a // subsequent read, which either succeeded or failed. If the read @@ -618,14 +614,14 @@ int TCPSocketLibevent::HandleReadCompleted(IOBuffer* buf, int rv) { return rv; } -void TCPSocketLibevent::WriteCompleted(const scoped_refptr<IOBuffer>& buf, - const CompletionCallback& callback, - int rv) { +void TCPSocketPosix::WriteCompleted(const scoped_refptr<IOBuffer>& buf, + const CompletionCallback& callback, + int rv) { DCHECK_NE(ERR_IO_PENDING, rv); callback.Run(HandleWriteCompleted(buf.get(), rv)); } -int TCPSocketLibevent::HandleWriteCompleted(IOBuffer* buf, int rv) { +int TCPSocketPosix::HandleWriteCompleted(IOBuffer* buf, int rv) { if (rv < 0) { if (tcp_fastopen_write_attempted_ && !tcp_fastopen_connected_) { // TCP FastOpen connect-with-write was attempted, and the write failed @@ -648,10 +644,9 @@ int TCPSocketLibevent::HandleWriteCompleted(IOBuffer* buf, int rv) { return rv; } -int TCPSocketLibevent::TcpFastOpenWrite( - IOBuffer* buf, - int buf_len, - const CompletionCallback& callback) { +int TCPSocketPosix::TcpFastOpenWrite(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { SockaddrStorage storage; int rv = socket_->GetPeerAddress(&storage); if (rv != OK) @@ -710,7 +705,7 @@ int TCPSocketLibevent::TcpFastOpenWrite( return socket_->WaitForWrite(buf, buf_len, callback); } -void TCPSocketLibevent::UpdateTCPFastOpenStatusAfterRead() { +void TCPSocketPosix::UpdateTCPFastOpenStatusAfterRead() { DCHECK(tcp_fastopen_status_ == TCP_FASTOPEN_FAST_CONNECT_RETURN || tcp_fastopen_status_ == TCP_FASTOPEN_SLOW_CONNECT_RETURN); @@ -751,8 +746,7 @@ void TCPSocketLibevent::UpdateTCPFastOpenStatusAfterRead() { } } -bool TCPSocketLibevent::GetEstimatedRoundTripTime( - base::TimeDelta* out_rtt) const { +bool TCPSocketPosix::GetEstimatedRoundTripTime(base::TimeDelta* out_rtt) const { DCHECK(out_rtt); if (!socket_) return false; diff --git a/chromium/net/socket/tcp_socket_libevent.h b/chromium/net/socket/tcp_socket_posix.h index 479b3a62f4d..de9487c35f7 100644 --- a/chromium/net/socket/tcp_socket_libevent.h +++ b/chromium/net/socket/tcp_socket_posix.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_SOCKET_TCP_SOCKET_LIBEVENT_H_ -#define NET_SOCKET_TCP_SOCKET_LIBEVENT_H_ +#ifndef NET_SOCKET_TCP_SOCKET_POSIX_H_ +#define NET_SOCKET_TCP_SOCKET_POSIX_H_ #include "base/basictypes.h" #include "base/callback.h" @@ -20,12 +20,12 @@ namespace net { class AddressList; class IOBuffer; class IPEndPoint; -class SocketLibevent; +class SocketPosix; -class NET_EXPORT TCPSocketLibevent { +class NET_EXPORT TCPSocketPosix { public: - TCPSocketLibevent(NetLog* net_log, const NetLog::Source& source); - virtual ~TCPSocketLibevent(); + TCPSocketPosix(NetLog* net_log, const NetLog::Source& source); + virtual ~TCPSocketPosix(); int Open(AddressFamily family); // Takes ownership of |socket_fd|. @@ -34,7 +34,7 @@ class NET_EXPORT TCPSocketLibevent { int Bind(const IPEndPoint& address); int Listen(int backlog); - int Accept(scoped_ptr<TCPSocketLibevent>* socket, + int Accept(scoped_ptr<TCPSocketPosix>* socket, IPEndPoint* address, const CompletionCallback& callback); @@ -162,15 +162,15 @@ class NET_EXPORT TCPSocketLibevent { TCP_FASTOPEN_MAX_VALUE }; - void AcceptCompleted(scoped_ptr<TCPSocketLibevent>* tcp_socket, + void AcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket, IPEndPoint* address, const CompletionCallback& callback, int rv); - int HandleAcceptCompleted(scoped_ptr<TCPSocketLibevent>* tcp_socket, + int HandleAcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket, IPEndPoint* address, int rv); - int BuildTcpSocketLibevent(scoped_ptr<TCPSocketLibevent>* tcp_socket, - IPEndPoint* address); + int BuildTcpSocketPosix(scoped_ptr<TCPSocketPosix>* tcp_socket, + IPEndPoint* address); void ConnectCompleted(const CompletionCallback& callback, int rv) const; int HandleConnectCompleted(int rv) const; @@ -193,8 +193,8 @@ class NET_EXPORT TCPSocketLibevent { // Called after the first read completes on a TCP FastOpen socket. void UpdateTCPFastOpenStatusAfterRead(); - scoped_ptr<SocketLibevent> socket_; - scoped_ptr<SocketLibevent> accept_socket_; + scoped_ptr<SocketPosix> socket_; + scoped_ptr<SocketPosix> accept_socket_; // Enables experimental TCP FastOpen option. bool use_tcp_fastopen_; @@ -212,9 +212,9 @@ class NET_EXPORT TCPSocketLibevent { BoundNetLog net_log_; - DISALLOW_COPY_AND_ASSIGN(TCPSocketLibevent); + DISALLOW_COPY_AND_ASSIGN(TCPSocketPosix); }; } // namespace net -#endif // NET_SOCKET_TCP_SOCKET_LIBEVENT_H_ +#endif // NET_SOCKET_TCP_SOCKET_POSIX_H_ diff --git a/chromium/net/socket/tcp_socket_win.cc b/chromium/net/socket/tcp_socket_win.cc index 592c00dc1c2..b14475cd4e6 100644 --- a/chromium/net/socket/tcp_socket_win.cc +++ b/chromium/net/socket/tcp_socket_win.cc @@ -235,14 +235,14 @@ void TCPSocketWin::Core::WatchForRead() { // We grab an extra reference because there is an IO operation in progress. // Balanced in ReadDelegate::OnObjectSignaled(). AddRef(); - read_watcher_.StartWatching(read_overlapped_.hEvent, &reader_); + read_watcher_.StartWatchingOnce(read_overlapped_.hEvent, &reader_); } void TCPSocketWin::Core::WatchForWrite() { // We grab an extra reference because there is an IO operation in progress. // Balanced in WriteDelegate::OnObjectSignaled(). AddRef(); - write_watcher_.StartWatching(write_overlapped_.hEvent, &writer_); + write_watcher_.StartWatchingOnce(write_overlapped_.hEvent, &writer_); } void TCPSocketWin::Core::ReadDelegate::OnObjectSignaled(HANDLE object) { @@ -402,7 +402,7 @@ int TCPSocketWin::Accept(scoped_ptr<TCPSocketWin>* socket, if (result == ERR_IO_PENDING) { // Start watching. WSAEventSelect(socket_, accept_event_, FD_ACCEPT); - accept_watcher_.StartWatching(accept_event_, this); + accept_watcher_.StartWatchingOnce(accept_event_, this); accept_socket_ = socket; accept_address_ = address; @@ -425,7 +425,7 @@ int TCPSocketWin::Connect(const IPEndPoint& address, // completed and failed. Although it is allowed to connect the same |socket_| // again after a connection attempt failed on Windows, it results in // unspecified behavior according to POSIX. Therefore, we make it behave in - // the same way as TCPSocketLibevent. + // the same way as TCPSocketPosix. DCHECK(!peer_address_ && !core_.get()); if (!logging_multiple_connect_attempts_) @@ -772,7 +772,7 @@ void TCPSocketWin::OnObjectSignaled(HANDLE object) { // Start watching the next FD_ACCEPT event. WSAEventSelect(socket_, accept_event_, FD_ACCEPT); - accept_watcher_.StartWatching(accept_event_, this); + accept_watcher_.StartWatchingOnce(accept_event_, this); } } diff --git a/chromium/net/socket/transport_client_socket_pool.h b/chromium/net/socket/transport_client_socket_pool.h index f2016708f6e..036fd9fcddd 100644 --- a/chromium/net/socket/transport_client_socket_pool.h +++ b/chromium/net/socket/transport_client_socket_pool.h @@ -206,7 +206,7 @@ class NET_EXPORT_PRIVATE TransportConnectJob : public ConnectJob { scoped_ptr<StreamSocket> fallback_transport_socket_; scoped_ptr<AddressList> fallback_addresses_; base::TimeTicks fallback_connect_start_time_; - base::OneShotTimer<TransportConnectJob> fallback_timer_; + base::OneShotTimer fallback_timer_; // Track the interval between this connect and previous connect. ConnectInterval interval_between_connects_; diff --git a/chromium/net/socket/unix_domain_client_socket_posix.cc b/chromium/net/socket/unix_domain_client_socket_posix.cc index 79aa275bf4b..5e55a92db2c 100644 --- a/chromium/net/socket/unix_domain_client_socket_posix.cc +++ b/chromium/net/socket/unix_domain_client_socket_posix.cc @@ -12,7 +12,7 @@ #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" #include "net/base/net_util.h" -#include "net/socket/socket_libevent.h" +#include "net/socket/socket_posix.h" namespace net { @@ -22,11 +22,8 @@ UnixDomainClientSocket::UnixDomainClientSocket(const std::string& socket_path, use_abstract_namespace_(use_abstract_namespace) { } -UnixDomainClientSocket::UnixDomainClientSocket( - scoped_ptr<SocketLibevent> socket) - : use_abstract_namespace_(false), - socket_(socket.Pass()) { -} +UnixDomainClientSocket::UnixDomainClientSocket(scoped_ptr<SocketPosix> socket) + : use_abstract_namespace_(false), socket_(socket.Pass()) {} UnixDomainClientSocket::~UnixDomainClientSocket() { Disconnect(); @@ -77,7 +74,7 @@ int UnixDomainClientSocket::Connect(const CompletionCallback& callback) { if (!FillAddress(socket_path_, use_abstract_namespace_, &address)) return ERR_ADDRESS_INVALID; - socket_.reset(new SocketLibevent); + socket_.reset(new SocketPosix); int rv = socket_->Open(AF_UNIX); DCHECK_NE(ERR_IO_PENDING, rv); if (rv != OK) diff --git a/chromium/net/socket/unix_domain_client_socket_posix.h b/chromium/net/socket/unix_domain_client_socket_posix.h index 77ef9d57944..4e2c17d5db6 100644 --- a/chromium/net/socket/unix_domain_client_socket_posix.h +++ b/chromium/net/socket/unix_domain_client_socket_posix.h @@ -18,7 +18,7 @@ namespace net { -class SocketLibevent; +class SocketPosix; struct SockaddrStorage; // A client socket that uses unix domain socket as the transport layer. @@ -28,9 +28,9 @@ class NET_EXPORT UnixDomainClientSocket : public StreamSocket { // to connect to a server socket. UnixDomainClientSocket(const std::string& socket_path, bool use_abstract_namespace); - // Builds a client socket with socket libevent which is already connected. + // Builds a client socket with SocketPosix which is already connected. // UnixDomainServerSocket uses this after it accepts a connection. - explicit UnixDomainClientSocket(scoped_ptr<SocketLibevent> socket); + explicit UnixDomainClientSocket(scoped_ptr<SocketPosix> socket); ~UnixDomainClientSocket() override; @@ -77,7 +77,7 @@ class NET_EXPORT UnixDomainClientSocket : public StreamSocket { private: const std::string socket_path_; const bool use_abstract_namespace_; - scoped_ptr<SocketLibevent> socket_; + scoped_ptr<SocketPosix> socket_; // This net log is just to comply StreamSocket::NetLog(). It throws away // everything. BoundNetLog net_log_; diff --git a/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc b/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc index 651cd72dd5b..fca4ad1d3cc 100644 --- a/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc +++ b/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc @@ -14,7 +14,7 @@ #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" -#include "net/socket/socket_libevent.h" +#include "net/socket/socket_posix.h" #include "net/socket/unix_domain_server_socket_posix.h" #include "testing/gtest/include/gtest/gtest.h" @@ -182,7 +182,7 @@ TEST_F(UnixDomainClientSocketTest, ConnectWithSocketDescriptor) { // to be sure it hasn't gotten accidentally closed. SockaddrStorage addr; ASSERT_TRUE(UnixDomainClientSocket::FillAddress(socket_path_, false, &addr)); - scoped_ptr<SocketLibevent> adopter(new SocketLibevent); + scoped_ptr<SocketPosix> adopter(new SocketPosix); adopter->AdoptConnectedSocket(client_socket_fd, addr); UnixDomainClientSocket rewrapped_socket(adopter.Pass()); EXPECT_TRUE(rewrapped_socket.IsConnected()); @@ -281,7 +281,7 @@ TEST_F(UnixDomainClientSocketTest, DisconnectFromClient) { // Connection closed by peer. EXPECT_EQ(0 /* EOF */, read_callback.WaitForResult()); // Note that read callback won't be called when the connection is closed - // locally before the peer closes it. SocketLibevent just clears callbacks. + // locally before the peer closes it. SocketPosix just clears callbacks. } TEST_F(UnixDomainClientSocketTest, DisconnectFromServer) { @@ -314,7 +314,7 @@ TEST_F(UnixDomainClientSocketTest, DisconnectFromServer) { // Connection closed by peer. EXPECT_EQ(0 /* EOF */, read_callback.WaitForResult()); // Note that read callback won't be called when the connection is closed - // locally before the peer closes it. SocketLibevent just clears callbacks. + // locally before the peer closes it. SocketPosix just clears callbacks. } TEST_F(UnixDomainClientSocketTest, ReadAfterWrite) { diff --git a/chromium/net/socket/unix_domain_server_socket_posix.cc b/chromium/net/socket/unix_domain_server_socket_posix.cc index ee327ac0eb5..6b3cc9407e9 100644 --- a/chromium/net/socket/unix_domain_server_socket_posix.cc +++ b/chromium/net/socket/unix_domain_server_socket_posix.cc @@ -11,7 +11,7 @@ #include "base/logging.h" #include "net/base/net_errors.h" -#include "net/socket/socket_libevent.h" +#include "net/socket/socket_posix.h" #include "net/socket/unix_domain_client_socket_posix.h" namespace net { @@ -20,12 +20,12 @@ namespace { // Intended for use as SetterCallbacks in Accept() helper methods. void SetStreamSocket(scoped_ptr<StreamSocket>* socket, - scoped_ptr<SocketLibevent> accepted_socket) { + scoped_ptr<SocketPosix> accepted_socket) { socket->reset(new UnixDomainClientSocket(accepted_socket.Pass())); } void SetSocketDescriptor(SocketDescriptor* socket, - scoped_ptr<SocketLibevent> accepted_socket) { + scoped_ptr<SocketPosix> accepted_socket) { *socket = accepted_socket->ReleaseConnectedSocket(); } @@ -78,7 +78,7 @@ int UnixDomainServerSocket::ListenWithAddressAndPort( return ERR_ADDRESS_INVALID; } - scoped_ptr<SocketLibevent> socket(new SocketLibevent); + scoped_ptr<SocketPosix> socket(new SocketPosix); int rv = socket->Open(AF_UNIX); DCHECK_NE(ERR_IO_PENDING, rv); if (rv != OK) diff --git a/chromium/net/socket/unix_domain_server_socket_posix.h b/chromium/net/socket/unix_domain_server_socket_posix.h index 1097548c513..7dd5c1a82b1 100644 --- a/chromium/net/socket/unix_domain_server_socket_posix.h +++ b/chromium/net/socket/unix_domain_server_socket_posix.h @@ -19,7 +19,7 @@ namespace net { -class SocketLibevent; +class SocketPosix; // Unix Domain Server Socket Implementation. Supports abstract namespaces on // Linux and Android. @@ -68,7 +68,7 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket { // A callback to wrap the setting of the out-parameter to Accept(). // This allows the internal machinery of that call to be implemented in // a manner that's agnostic to the caller's desired output. - typedef base::Callback<void(scoped_ptr<SocketLibevent>)> SetterCallback; + typedef base::Callback<void(scoped_ptr<SocketPosix>)> SetterCallback; int DoAccept(const SetterCallback& setter_callback, const CompletionCallback& callback); @@ -77,11 +77,11 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket { int rv); bool AuthenticateAndGetStreamSocket(const SetterCallback& setter_callback); - scoped_ptr<SocketLibevent> listen_socket_; + scoped_ptr<SocketPosix> listen_socket_; const AuthCallback auth_callback_; const bool use_abstract_namespace_; - scoped_ptr<SocketLibevent> accept_socket_; + scoped_ptr<SocketPosix> accept_socket_; DISALLOW_COPY_AND_ASSIGN(UnixDomainServerSocket); }; diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.cc b/chromium/net/socket/websocket_endpoint_lock_manager.cc index 8a218dfb649..42dab824d5b 100644 --- a/chromium/net/socket/websocket_endpoint_lock_manager.cc +++ b/chromium/net/socket/websocket_endpoint_lock_manager.cc @@ -33,7 +33,7 @@ WebSocketEndpointLockManager::Waiter::~Waiter() { } WebSocketEndpointLockManager* WebSocketEndpointLockManager::GetInstance() { - return Singleton<WebSocketEndpointLockManager>::get(); + return base::Singleton<WebSocketEndpointLockManager>::get(); } int WebSocketEndpointLockManager::LockEndpoint(const IPEndPoint& endpoint, diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.h b/chromium/net/socket/websocket_endpoint_lock_manager.h index bddd5455ccf..f3887b8cd89 100644 --- a/chromium/net/socket/websocket_endpoint_lock_manager.h +++ b/chromium/net/socket/websocket_endpoint_lock_manager.h @@ -146,7 +146,7 @@ class NET_EXPORT_PRIVATE WebSocketEndpointLockManager { // object. base::WeakPtrFactory<WebSocketEndpointLockManager> weak_factory_; - friend struct DefaultSingletonTraits<WebSocketEndpointLockManager>; + friend struct base::DefaultSingletonTraits<WebSocketEndpointLockManager>; DISALLOW_COPY_AND_ASSIGN(WebSocketEndpointLockManager); }; diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.h b/chromium/net/socket/websocket_transport_client_socket_pool.h index 21fe8dd5877..4eed5981c83 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.h +++ b/chromium/net/socket/websocket_transport_client_socket_pool.h @@ -100,7 +100,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportConnectJob : public ConnectJob { scoped_ptr<WebSocketTransportConnectSubJob> ipv4_job_; scoped_ptr<WebSocketTransportConnectSubJob> ipv6_job_; - base::OneShotTimer<WebSocketTransportConnectJob> fallback_timer_; + base::OneShotTimer fallback_timer_; TransportConnectJobHelper::ConnectionLatencyHistogram race_result_; ClientSocketHandle* const handle_; CompletionCallback callback_; |