OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
563 CERTDistNames* ca_names, | 563 CERTDistNames* ca_names, |
564 CERTCertificate** result_certificate, | 564 CERTCertificate** result_certificate, |
565 SECKEYPrivateKey** result_private_key); | 565 SECKEYPrivateKey** result_private_key); |
566 | 566 |
567 // Called by NSS to determine if we can False Start. | 567 // Called by NSS to determine if we can False Start. |
568 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | 568 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. |
569 static SECStatus CanFalseStartCallback(PRFileDesc* socket, | 569 static SECStatus CanFalseStartCallback(PRFileDesc* socket, |
570 void* arg, | 570 void* arg, |
571 PRBool* can_false_start); | 571 PRBool* can_false_start); |
572 | 572 |
573 // Called by NSS once the handshake has completed. | 573 // Called by NSS each time a handshake completely finishes. |
574 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | 574 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. |
575 static void HandshakeCallback(PRFileDesc* socket, void* arg); | 575 static void HandshakeCallback(PRFileDesc* socket, void* arg); |
576 | 576 |
577 // Called once the handshake has succeeded. | 577 // Called once for each successful handshake. If the initial handshake false |
578 void HandshakeSucceeded(); | 578 // starts, it is called when it false starts and not when it completely |
| 579 // finishes. is_initial is true if this is the initial handshake. |
| 580 void HandshakeSucceeded(bool is_initial); |
579 | 581 |
580 // Handles an NSS error generated while handshaking or performing IO. | 582 // Handles an NSS error generated while handshaking or performing IO. |
581 // Returns a network error code mapped from the original NSS error. | 583 // Returns a network error code mapped from the original NSS error. |
582 int HandleNSSError(PRErrorCode error); | 584 int HandleNSSError(PRErrorCode error); |
583 | 585 |
584 int DoHandshakeLoop(int last_io_result); | 586 int DoHandshakeLoop(int last_io_result); |
585 int DoReadLoop(int result); | 587 int DoReadLoop(int result); |
586 int DoWriteLoop(int result); | 588 int DoWriteLoop(int result); |
587 | 589 |
588 int DoHandshake(); | 590 int DoHandshake(); |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
630 void UpdateConnectionStatus(); | 632 void UpdateConnectionStatus(); |
631 // Record histograms for channel id support during full handshakes - resumed | 633 // Record histograms for channel id support during full handshakes - resumed |
632 // handshakes are ignored. | 634 // handshakes are ignored. |
633 void RecordChannelIDSupportOnNSSTaskRunner(); | 635 void RecordChannelIDSupportOnNSSTaskRunner(); |
634 // UpdateNextProto gets any application-layer protocol that may have been | 636 // UpdateNextProto gets any application-layer protocol that may have been |
635 // negotiated by the TLS connection. | 637 // negotiated by the TLS connection. |
636 void UpdateNextProto(); | 638 void UpdateNextProto(); |
637 // Record TLS extension used for protocol negotiation (NPN or ALPN). | 639 // Record TLS extension used for protocol negotiation (NPN or ALPN). |
638 void UpdateExtensionUsed(); | 640 void UpdateExtensionUsed(); |
639 | 641 |
| 642 // Returns true if renegotiations are allowed. |
| 643 bool IsRenegotiationAllowed() const; |
| 644 |
640 //////////////////////////////////////////////////////////////////////////// | 645 //////////////////////////////////////////////////////////////////////////// |
641 // Methods that are ONLY called on the network task runner: | 646 // Methods that are ONLY called on the network task runner: |
642 //////////////////////////////////////////////////////////////////////////// | 647 //////////////////////////////////////////////////////////////////////////// |
643 int DoBufferRecv(IOBuffer* buffer, int len); | 648 int DoBufferRecv(IOBuffer* buffer, int len); |
644 int DoBufferSend(IOBuffer* buffer, int len); | 649 int DoBufferSend(IOBuffer* buffer, int len); |
645 int DoGetChannelID(const std::string& host); | 650 int DoGetChannelID(const std::string& host); |
646 | 651 |
647 void OnGetChannelIDComplete(int result); | 652 void OnGetChannelIDComplete(int result); |
648 void OnHandshakeStateUpdated(const HandshakeState& state); | 653 void OnHandshakeStateUpdated(const HandshakeState& state); |
649 void OnNSSBufferUpdated(int amount_in_read_buffer); | 654 void OnNSSBufferUpdated(int amount_in_read_buffer); |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
734 std::vector<std::string> predicted_certs_; | 739 std::vector<std::string> predicted_certs_; |
735 | 740 |
736 State next_handshake_state_; | 741 State next_handshake_state_; |
737 | 742 |
738 // True if channel ID extension was negotiated. | 743 // True if channel ID extension was negotiated. |
739 bool channel_id_xtn_negotiated_; | 744 bool channel_id_xtn_negotiated_; |
740 // True if the handshake state machine was interrupted for channel ID. | 745 // True if the handshake state machine was interrupted for channel ID. |
741 bool channel_id_needed_; | 746 bool channel_id_needed_; |
742 // True if the handshake state machine was interrupted for client auth. | 747 // True if the handshake state machine was interrupted for client auth. |
743 bool client_auth_cert_needed_; | 748 bool client_auth_cert_needed_; |
744 // True if NSS has False Started. | 749 // True if NSS has False Started in the initial handshake, but the initial |
| 750 // handshake has not yet completely finished.. |
745 bool false_started_; | 751 bool false_started_; |
746 // True if NSS has called HandshakeCallback. | 752 // True if NSS has called HandshakeCallback. |
747 bool handshake_callback_called_; | 753 bool handshake_callback_called_; |
748 | 754 |
749 HandshakeState nss_handshake_state_; | 755 HandshakeState nss_handshake_state_; |
750 | 756 |
751 bool transport_recv_busy_; | 757 bool transport_recv_busy_; |
752 bool transport_recv_eof_; | 758 bool transport_recv_eof_; |
753 bool transport_send_busy_; | 759 bool transport_send_busy_; |
754 | 760 |
(...skipping 518 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1273 return SSL_RecommendedCanFalseStart(socket, can_false_start); | 1279 return SSL_RecommendedCanFalseStart(socket, can_false_start); |
1274 } | 1280 } |
1275 | 1281 |
1276 // static | 1282 // static |
1277 void SSLClientSocketNSS::Core::HandshakeCallback( | 1283 void SSLClientSocketNSS::Core::HandshakeCallback( |
1278 PRFileDesc* socket, | 1284 PRFileDesc* socket, |
1279 void* arg) { | 1285 void* arg) { |
1280 Core* core = reinterpret_cast<Core*>(arg); | 1286 Core* core = reinterpret_cast<Core*>(arg); |
1281 DCHECK(core->OnNSSTaskRunner()); | 1287 DCHECK(core->OnNSSTaskRunner()); |
1282 | 1288 |
| 1289 bool is_initial = !core->handshake_callback_called_; |
1283 core->handshake_callback_called_ = true; | 1290 core->handshake_callback_called_ = true; |
1284 if (core->false_started_) { | 1291 if (core->false_started_) { |
1285 core->false_started_ = false; | 1292 core->false_started_ = false; |
1286 // If the connection was False Started, then at the time of this callback, | 1293 // If the connection was False Started, then at the time of this callback, |
1287 // the peer's certificate will have been verified or the caller will have | 1294 // the peer's certificate will have been verified or the caller will have |
1288 // accepted the error. | 1295 // accepted the error. |
1289 // This is guaranteed when using False Start because this callback will | 1296 // This is guaranteed when using False Start because this callback will |
1290 // not be invoked until processing the peer's Finished message, which | 1297 // not be invoked until processing the peer's Finished message, which |
1291 // will only happen in a PR_Read/PR_Write call, which can only happen | 1298 // will only happen in a PR_Read/PR_Write call, which can only happen |
1292 // after the peer's certificate is verified. | 1299 // after the peer's certificate is verified. |
1293 SSL_CacheSessionUnlocked(socket); | 1300 SSL_CacheSessionUnlocked(socket); |
1294 | 1301 |
1295 // Additionally, when False Starting, DoHandshake() will have already | 1302 // Additionally, when False Starting, DoHandshake() will have already |
1296 // called HandshakeSucceeded(), so return now. | 1303 // called HandshakeSucceeded(), so return now. |
1297 return; | 1304 return; |
1298 } | 1305 } |
1299 core->HandshakeSucceeded(); | 1306 core->HandshakeSucceeded(is_initial); |
1300 } | 1307 } |
1301 | 1308 |
1302 void SSLClientSocketNSS::Core::HandshakeSucceeded() { | 1309 void SSLClientSocketNSS::Core::HandshakeSucceeded(bool is_initial) { |
1303 DCHECK(OnNSSTaskRunner()); | 1310 DCHECK(OnNSSTaskRunner()); |
1304 | 1311 |
1305 PRBool last_handshake_resumed; | 1312 PRBool last_handshake_resumed; |
1306 SECStatus rv = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); | 1313 SECStatus rv = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); |
1307 if (rv == SECSuccess && last_handshake_resumed) { | 1314 if (rv == SECSuccess && last_handshake_resumed) { |
1308 nss_handshake_state_.resumed_handshake = true; | 1315 nss_handshake_state_.resumed_handshake = true; |
1309 } else { | 1316 } else { |
1310 nss_handshake_state_.resumed_handshake = false; | 1317 nss_handshake_state_.resumed_handshake = false; |
1311 } | 1318 } |
1312 | 1319 |
1313 RecordChannelIDSupportOnNSSTaskRunner(); | 1320 RecordChannelIDSupportOnNSSTaskRunner(); |
1314 UpdateServerCert(); | 1321 UpdateServerCert(); |
1315 UpdateSignedCertTimestamps(); | 1322 UpdateSignedCertTimestamps(); |
1316 UpdateStapledOCSPResponse(); | 1323 UpdateStapledOCSPResponse(); |
1317 UpdateConnectionStatus(); | 1324 UpdateConnectionStatus(); |
1318 UpdateNextProto(); | 1325 UpdateNextProto(); |
1319 UpdateExtensionUsed(); | 1326 UpdateExtensionUsed(); |
1320 | 1327 |
| 1328 if (is_initial && IsRenegotiationAllowed()) { |
| 1329 // For compatibility, do not enforce RFC 5746 support. Per section 4.1, |
| 1330 // enforcement falls largely on the server. |
| 1331 // |
| 1332 // This is done in a callback rather than after SSL_ForceHandshake returns |
| 1333 // because SSL_ForceHandshake will otherwise greedly consume renegotiations |
| 1334 // before returning if Finished and HelloRequest are in the same |
| 1335 // record. |
| 1336 // |
| 1337 // Note that SSL_OptionSet should only be called for an initial |
| 1338 // handshake. See https://crbug.com/125299. |
| 1339 SECStatus rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
| 1340 SSL_RENEGOTIATE_TRANSITIONAL); |
| 1341 DCHECK_EQ(SECSuccess, rv); |
| 1342 } |
| 1343 |
1321 // Update the network task runners view of the handshake state whenever | 1344 // Update the network task runners view of the handshake state whenever |
1322 // a handshake has completed. | 1345 // a handshake has completed. |
1323 PostOrRunCallback( | 1346 PostOrRunCallback( |
1324 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this, | 1347 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this, |
1325 nss_handshake_state_)); | 1348 nss_handshake_state_)); |
1326 } | 1349 } |
1327 | 1350 |
1328 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error) { | 1351 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error) { |
1329 DCHECK(OnNSSTaskRunner()); | 1352 DCHECK(OnNSSTaskRunner()); |
1330 | 1353 |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1441 } else if (client_auth_cert_needed_) { | 1464 } else if (client_auth_cert_needed_) { |
1442 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1465 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1443 PostOrRunCallback( | 1466 PostOrRunCallback( |
1444 FROM_HERE, | 1467 FROM_HERE, |
1445 base::Bind(&AddLogEventWithCallback, weak_net_log_, | 1468 base::Bind(&AddLogEventWithCallback, weak_net_log_, |
1446 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1469 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
1447 CreateNetLogSSLErrorCallback(net_error, 0))); | 1470 CreateNetLogSSLErrorCallback(net_error, 0))); |
1448 } else if (rv == SECSuccess) { | 1471 } else if (rv == SECSuccess) { |
1449 if (!handshake_callback_called_) { | 1472 if (!handshake_callback_called_) { |
1450 false_started_ = true; | 1473 false_started_ = true; |
1451 HandshakeSucceeded(); | 1474 HandshakeSucceeded(true); |
1452 } | 1475 } |
1453 } else { | 1476 } else { |
1454 PRErrorCode prerr = PR_GetError(); | 1477 PRErrorCode prerr = PR_GetError(); |
1455 net_error = HandleNSSError(prerr); | 1478 net_error = HandleNSSError(prerr); |
1456 | 1479 |
1457 // If not done, stay in this state | 1480 // If not done, stay in this state |
1458 if (net_error == ERR_IO_PENDING) { | 1481 if (net_error == ERR_IO_PENDING) { |
1459 GotoState(STATE_HANDSHAKE); | 1482 GotoState(STATE_HANDSHAKE); |
1460 } else { | 1483 } else { |
1461 PostOrRunCallback( | 1484 PostOrRunCallback( |
(...skipping 652 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2114 } else { | 2137 } else { |
2115 rv = SSL_HandshakeNegotiatedExtension(nss_fd_, | 2138 rv = SSL_HandshakeNegotiatedExtension(nss_fd_, |
2116 ssl_next_proto_nego_xtn, | 2139 ssl_next_proto_nego_xtn, |
2117 &negotiated_extension); | 2140 &negotiated_extension); |
2118 if (rv == SECSuccess && negotiated_extension) { | 2141 if (rv == SECSuccess && negotiated_extension) { |
2119 nss_handshake_state_.negotiation_extension_ = kExtensionNPN; | 2142 nss_handshake_state_.negotiation_extension_ = kExtensionNPN; |
2120 } | 2143 } |
2121 } | 2144 } |
2122 } | 2145 } |
2123 | 2146 |
| 2147 bool SSLClientSocketNSS::Core::IsRenegotiationAllowed() const { |
| 2148 DCHECK(OnNSSTaskRunner()); |
| 2149 |
| 2150 if (nss_handshake_state_.next_proto_status == kNextProtoUnsupported) |
| 2151 return ssl_config_.renego_allowed_default; |
| 2152 |
| 2153 NextProto next_proto = NextProtoFromString(nss_handshake_state_.next_proto); |
| 2154 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { |
| 2155 if (next_proto == allowed) |
| 2156 return true; |
| 2157 } |
| 2158 return false; |
| 2159 } |
| 2160 |
2124 void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() { | 2161 void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() { |
2125 DCHECK(OnNSSTaskRunner()); | 2162 DCHECK(OnNSSTaskRunner()); |
2126 if (nss_handshake_state_.resumed_handshake) | 2163 if (nss_handshake_state_.resumed_handshake) |
2127 return; | 2164 return; |
2128 | 2165 |
2129 // Copy the NSS task runner-only state to the network task runner and | 2166 // Copy the NSS task runner-only state to the network task runner and |
2130 // log histograms from there, since the histograms also need access to the | 2167 // log histograms from there, since the histograms also need access to the |
2131 // network task runner state. | 2168 // network task runner state. |
2132 PostOrRunCallback( | 2169 PostOrRunCallback( |
2133 FROM_HERE, | 2170 FROM_HERE, |
(...skipping 651 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2785 if (rv != SECSuccess) { | 2822 if (rv != SECSuccess) { |
2786 LogFailedNSSFunction( | 2823 LogFailedNSSFunction( |
2787 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | 2824 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); |
2788 } | 2825 } |
2789 | 2826 |
2790 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | 2827 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, |
2791 ssl_config_.false_start_enabled); | 2828 ssl_config_.false_start_enabled); |
2792 if (rv != SECSuccess) | 2829 if (rv != SECSuccess) |
2793 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | 2830 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); |
2794 | 2831 |
2795 // We allow servers to request renegotiation. Since we're a client, | 2832 // By default, renegotiations are rejected. After the initial handshake |
2796 // prohibiting this is rather a waste of time. Only servers are in a | 2833 // completes, some application protocols may re-enable it. |
2797 // position to prevent renegotiation attacks. | 2834 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_NEVER); |
2798 // http://extendedsubset.com/?p=8 | |
2799 | |
2800 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
2801 SSL_RENEGOTIATE_TRANSITIONAL); | |
2802 if (rv != SECSuccess) { | 2835 if (rv != SECSuccess) { |
2803 LogFailedNSSFunction( | 2836 LogFailedNSSFunction( |
2804 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); | 2837 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); |
2805 } | 2838 } |
2806 | 2839 |
2807 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE); | 2840 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE); |
2808 if (rv != SECSuccess) | 2841 if (rv != SECSuccess) |
2809 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); | 2842 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); |
2810 | 2843 |
2811 // Added in NSS 3.15 | 2844 // Added in NSS 3.15 |
(...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3175 scoped_refptr<X509Certificate> | 3208 scoped_refptr<X509Certificate> |
3176 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3209 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
3177 return core_->state().server_cert.get(); | 3210 return core_->state().server_cert.get(); |
3178 } | 3211 } |
3179 | 3212 |
3180 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3213 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
3181 return channel_id_service_; | 3214 return channel_id_service_; |
3182 } | 3215 } |
3183 | 3216 |
3184 } // namespace net | 3217 } // namespace net |
OLD | NEW |