Add support for restricting the cipher suites that SSLClientSocket(Mac,NSS) use

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 
+#include <algorithm>
+
 #include "base/mac/scoped_cftyperef.h"
 #include "base/singleton.h"
 #include "base/string_util.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/base/ssl_connection_status_flags.h"
 #include "net/base/ssl_info.h"
 #include "net/socket/client_socket_handle.h"
+#include "net/socket/ssl_error_params.h"
 
 // Welcome to Mac SSL. We've been waiting for you.
 //
 // The Mac SSL implementation is, like the Windows and NSS implementations, a
 // giant state machine. This design constraint is due to the asynchronous nature
 // of our underlying transport mechanism. We can call down to read/write on the
 // network, but what happens is that either it completes immediately or returns
 // saying that we'll get a callback sometime in the future. In that case, we
 // have to return to our caller but pick up where we left off when we
 // resume. Thus the fun.
@@ skipping 102 matching lines @@
   TLS_ECDH_anon_WITH_AES_256_CBC_SHA     = 0xC019,
 };
 #endif
 
 // For an explanation of the Mac OS X error codes, please refer to:
 // http://developer.apple.com/mac/library/documentation/Security/Reference/secureTransportRef/Reference/reference.html
 int NetErrorFromOSStatus(OSStatus status) {
   switch (status) {
     case errSSLWouldBlock:
       return ERR_IO_PENDING;
+    case paramErr:
     case errSSLBadCipherSuite:
     case errSSLBadConfiguration:
       return ERR_INVALID_ARGUMENT;
     case errSSLClosedNoNotify:
       return ERR_CONNECTION_RESET;
     case errSSLClosedAbort:
       return ERR_CONNECTION_ABORTED;
     case errSSLInternal:
       return ERR_UNEXPECTED;
     case errSSLBadRecordMac:
@@ skipping 37 matching lines @@
     //   certificate_expired
     //   certificate_revoked
     //   certificate_unknown
     //   unknown_ca
     case errSSLPeerCertUnknown...errSSLPeerBadCert:
     case errSSLPeerUnknownCA:
     case errSSLPeerAccessDenied:
       LOG(WARNING) << "Server rejected client cert (OSStatus=" << status << ")";
       return ERR_BAD_SSL_CLIENT_AUTH_CERT;
 
+    case errSSLNegotiation:
     case errSSLPeerInsufficientSecurity:
     case errSSLPeerProtocolVersion:
       return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
 
     case errSSLBufferOverflow:
     case errSSLModuleAttach:
-    case errSSLNegotiation:
     case errSSLSessionNotFound:
     default:
       LOG(WARNING) << "Unknown error " << status <<
           " mapped to net::ERR_FAILED";
       return ERR_FAILED;
   }
 }
 
 OSStatus OSStatusFromNetError(int net_error) {
   switch (net_error) {
@@ skipping 221 matching lines @@
 // Dynamically look up a pointer to a function exported by a bundle.
 template <typename FNTYPE>
 FNTYPE LookupFunction(CFStringRef bundleName, CFStringRef fnName) {
   CFBundleRef bundle = CFBundleGetBundleWithIdentifier(bundleName);
   if (!bundle)
     return NULL;
   return reinterpret_cast<FNTYPE>(
       CFBundleGetFunctionPointerForName(bundle, fnName));
 }
 
-// A class that wraps an array of enabled cipher suites that can be passed to
-// SSLSetEnabledCiphers.
-//
-// Used as a singleton.
+struct CipherSuiteIsDisabledFunctor {
+  explicit CipherSuiteIsDisabledFunctor(
+      const std::vector<uint16>& disabled_cipher_suites)
+      : disabled_cipher_suites_(disabled_cipher_suites) {}
+
+  // Returns true if the given |cipher_suite| appears within the set of
+  // |disabled_cipher_suites|.
+  bool operator()(SSLCipherSuite cipher_suite) const {
+    return binary_search(disabled_cipher_suites_.begin(),
+                         disabled_cipher_suites_.end(),
+                         static_cast<uint16>(cipher_suite));
+  }
+
+  const std::vector<uint16>& disabled_cipher_suites_;
+};
+
+// Class to determine what cipher suites are available and which cipher
+// suites should be enabled, based on the overall security policy.
 class EnabledCipherSuites {
  public:
-  EnabledCipherSuites();
-
-  const SSLCipherSuite* ciphers() const {
-    return ciphers_.empty() ? NULL : &ciphers_[0];
-  }
-  size_t num_ciphers() const { return ciphers_.size(); }
+  const std::vector<SSLCipherSuite>& ciphers() const { return ciphers_; }
 
  private:
+  friend struct DefaultSingletonTraits<EnabledCipherSuites>;
+  EnabledCipherSuites();
+  ~EnabledCipherSuites() {}
+
   std::vector<SSLCipherSuite> ciphers_;
 
   DISALLOW_COPY_AND_ASSIGN(EnabledCipherSuites);
 };
 
 EnabledCipherSuites::EnabledCipherSuites() {
   SSLContextRef ssl_context;
   OSStatus status = SSLNewContext(false, &ssl_context);
   if (status != noErr)
     return;
@@ skipping 38 matching lines @@
       user_read_callback_(NULL),
       user_write_callback_(NULL),
       user_read_buf_len_(0),
       user_write_buf_len_(0),
       next_handshake_state_(STATE_NONE),
       renegotiating_(false),
       client_cert_requested_(false),
       ssl_context_(NULL),
       pending_send_error_(OK),
       net_log_(transport_socket->socket()->NetLog()) {
+  // Sort the list of ciphers to disable, since disabling ciphers on Mac
+  // requires subtracting from a list of enabled ciphers while maintaining
+  // ordering, as opposed to merely needing to iterate them as with NSS.
+  sort(ssl_config_.disabled_cipher_suites.begin(),
+       ssl_config_.disabled_cipher_suites.end());
 }
 
 SSLClientSocketMac::~SSLClientSocketMac() {
   Disconnect();
 }
 
 int SSLClientSocketMac::Connect(CompletionCallback* callback) {
   DCHECK(transport_.get());
   DCHECK(next_handshake_state_ == STATE_NONE);
   DCHECK(!user_connect_callback_);
@@ skipping 221 matching lines @@
                                         ssl_config_.ssl3_enabled);
   if (status)
     return NetErrorFromOSStatus(status);
 
   status = SSLSetProtocolVersionEnabled(ssl_context_,
                                         kTLSProtocol1,
                                         ssl_config_.tls1_enabled);
   if (status)
     return NetErrorFromOSStatus(status);
 
-  const EnabledCipherSuites* enabled_ciphers =
-      Singleton<EnabledCipherSuites>::get();
-  status = SSLSetEnabledCiphers(ssl_context_, enabled_ciphers->ciphers(),
-                                enabled_ciphers->num_ciphers());
+  std::vector<SSLCipherSuite> enabled_ciphers =
+      Singleton<EnabledCipherSuites>::get()->ciphers();
+
+  CipherSuiteIsDisabledFunctor is_disabled_cipher(
+      ssl_config_.disabled_cipher_suites);
+  std::vector<SSLCipherSuite>::iterator new_end =
+      std::remove_if(enabled_ciphers.begin(), enabled_ciphers.end(),
+                     is_disabled_cipher);
+  if (new_end != enabled_ciphers.end())
+    enabled_ciphers.erase(new_end, enabled_ciphers.end());
+
+  status = SSLSetEnabledCiphers(
+      ssl_context_,
+      enabled_ciphers.empty() ? NULL : &enabled_ciphers[0],
+      enabled_ciphers.size());
+
   if (status)
     return NetErrorFromOSStatus(status);
 
   status = SSLSetIOFuncs(ssl_context_, SSLReadCallback, SSLWriteCallback);
   if (status)
     return NetErrorFromOSStatus(status);
 
   status = SSLSetConnection(ssl_context_, this);
   if (status)
     return NetErrorFromOSStatus(status);
@@ skipping 185 matching lines @@
   client_cert_requested_ = false;
 
   OSStatus status = SSLHandshake(ssl_context_);
 
   SSLClientCertificateState client_cert_state;
   if (SSLGetClientCertificateState(ssl_context_, &client_cert_state) != noErr)
     client_cert_state = kSSLClientCertNone;
   if (client_cert_state > kSSLClientCertNone)
     client_cert_requested_ = true;
 
+  int net_error = ERR_FAILED;
   switch (status) {
     case noErr:
       return DidCompleteHandshake();
     case errSSLWouldBlock:
       next_handshake_state_ = STATE_HANDSHAKE;
-      break;
+      return ERR_IO_PENDING;
     case errSSLClosedGraceful:
       // The server unexpectedly closed on us.
-      return ERR_SSL_PROTOCOL_ERROR;
+      net_error = ERR_SSL_PROTOCOL_ERROR;
+      break;
     case errSSLClosedAbort:
     case errSSLPeerHandshakeFail:
       if (client_cert_requested_) {
-        // See if the server aborted due to client cert checking.
         if (!ssl_config_.send_client_cert) {
+          // The server aborted, likely due to requiring a client certificate
+          // and one wasn't sent.
           VLOG(1) << "Server requested SSL cert during handshake";
-          return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
+          net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
+        } else {
+          // The server aborted, likely due to not liking the client
+          // certificate that was sent.
+          LOG(WARNING) << "Server aborted SSL handshake";
+          net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT;
         }
-        LOG(WARNING) << "Server aborted SSL handshake";
-        return ERR_BAD_SSL_CLIENT_AUTH_CERT;
+        // Don't fall through - the error was intentionally remapped.
+        break;
+      }
+      // Fall through if a client cert wasn't requested.
+    default:
+      net_error = NetErrorFromOSStatus(status);
+      DCHECK(!IsCertificateError(net_error));
+      if (!ssl_config_.send_client_cert &&
+         (client_cert_state == kSSLClientCertRejected ||
+          net_error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
+        // The server unexpectedly sent a peer certificate error alert when no
+        // certificate had been sent.
+        net_error = ERR_SSL_PROTOCOL_ERROR;
       }
       break;
   }
 
-  int net_error = NetErrorFromOSStatus(status);
-  DCHECK(!IsCertificateError(net_error));
-
-  if (!ssl_config_.send_client_cert &&
-     (client_cert_state == kSSLClientCertRejected ||
-      net_error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
-    // The server unexpectedly sent a peer certificate error alert when no
-    // certificate had been sent.
-    net_error = ERR_SSL_PROTOCOL_ERROR;
-  }
+  net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
+                    new SSLErrorParams(net_error, status));
   return net_error;
 }
 
 int SSLClientSocketMac::DoVerifyCert() {
   next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE;
 
   DCHECK(server_cert_);
 
   VLOG(1) << "DoVerifyCert...";
   int flags = 0;
@@ skipping 257 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net