OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
7 | 7 |
8 #include <openssl/base.h> | 8 #include <openssl/base.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #include <stddef.h> | 10 #include <stddef.h> |
11 #include <stdint.h> | 11 #include <stdint.h> |
12 | 12 |
13 #include <memory> | 13 #include <memory> |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
(...skipping 22 matching lines...) Expand all Loading... |
39 | 39 |
40 namespace net { | 40 namespace net { |
41 | 41 |
42 class CertVerifier; | 42 class CertVerifier; |
43 class CTVerifier; | 43 class CTVerifier; |
44 class SSLCertRequestInfo; | 44 class SSLCertRequestInfo; |
45 class SSLInfo; | 45 class SSLInfo; |
46 | 46 |
47 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>; | 47 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>; |
48 | 48 |
49 // An SSL client socket implemented with OpenSSL. | 49 class SSLClientSocketImpl : public SSLClientSocket { |
50 class SSLClientSocketOpenSSL : public SSLClientSocket { | |
51 public: | 50 public: |
52 // Takes ownership of the transport_socket, which may already be connected. | 51 // Takes ownership of the transport_socket, which may already be connected. |
53 // The given hostname will be compared with the name(s) in the server's | 52 // The given hostname will be compared with the name(s) in the server's |
54 // certificate during the SSL handshake. ssl_config specifies the SSL | 53 // certificate during the SSL handshake. ssl_config specifies the SSL |
55 // settings. | 54 // settings. |
56 SSLClientSocketOpenSSL(std::unique_ptr<ClientSocketHandle> transport_socket, | 55 SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket, |
57 const HostPortPair& host_and_port, | 56 const HostPortPair& host_and_port, |
58 const SSLConfig& ssl_config, | 57 const SSLConfig& ssl_config, |
59 const SSLClientSocketContext& context); | 58 const SSLClientSocketContext& context); |
60 ~SSLClientSocketOpenSSL() override; | 59 ~SSLClientSocketImpl() override; |
61 | 60 |
62 const HostPortPair& host_and_port() const { return host_and_port_; } | 61 const HostPortPair& host_and_port() const { return host_and_port_; } |
63 const std::string& ssl_session_cache_shard() const { | 62 const std::string& ssl_session_cache_shard() const { |
64 return ssl_session_cache_shard_; | 63 return ssl_session_cache_shard_; |
65 } | 64 } |
66 | 65 |
67 #if !defined(OS_NACL) | 66 #if !defined(OS_NACL) |
68 // Log SSL key material to |path| on |task_runner|. Must be called before any | 67 // Log SSL key material to |path| on |task_runner|. Must be called before any |
69 // SSLClientSockets are created. | 68 // SSLClientSockets are created. |
70 static void SetSSLKeyLogFile( | 69 static void SetSSLKeyLogFile( |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 void TransportWriteComplete(int result); | 157 void TransportWriteComplete(int result); |
159 int TransportReadComplete(int result); | 158 int TransportReadComplete(int result); |
160 | 159 |
161 // Callback from the SSL layer that indicates the remote server is requesting | 160 // Callback from the SSL layer that indicates the remote server is requesting |
162 // a certificate for this client. | 161 // a certificate for this client. |
163 int ClientCertRequestCallback(SSL* ssl); | 162 int ClientCertRequestCallback(SSL* ssl); |
164 | 163 |
165 // CertVerifyCallback is called to verify the server's certificates. We do | 164 // CertVerifyCallback is called to verify the server's certificates. We do |
166 // verification after the handshake so this function only enforces that the | 165 // verification after the handshake so this function only enforces that the |
167 // certificates don't change during renegotiation. | 166 // certificates don't change during renegotiation. |
168 int CertVerifyCallback(X509_STORE_CTX *store_ctx); | 167 int CertVerifyCallback(X509_STORE_CTX* store_ctx); |
169 | 168 |
170 // Callback from the SSL layer to check which NPN protocol we are supporting | 169 // Callback from the SSL layer to check which NPN protocol we are supporting |
171 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, | 170 int SelectNextProtoCallback(unsigned char** out, |
172 const unsigned char* in, unsigned int inlen); | 171 unsigned char* outlen, |
| 172 const unsigned char* in, |
| 173 unsigned int inlen); |
173 | 174 |
174 // Called during an operation on |transport_bio_|'s peer. Checks saved | 175 // Called during an operation on |transport_bio_|'s peer. Checks saved |
175 // transport error state and, if appropriate, returns an error through | 176 // transport error state and, if appropriate, returns an error through |
176 // OpenSSL's error system. | 177 // OpenSSL's error system. |
177 long MaybeReplayTransportError(BIO *bio, | 178 long MaybeReplayTransportError(BIO* bio, |
178 int cmd, | 179 int cmd, |
179 const char *argp, int argi, long argl, | 180 const char* argp, |
| 181 int argi, |
| 182 long argl, |
180 long retvalue); | 183 long retvalue); |
181 | 184 |
182 // Callback from the SSL layer when an operation is performed on | 185 // Callback from the SSL layer when an operation is performed on |
183 // |transport_bio_|'s peer. | 186 // |transport_bio_|'s peer. |
184 static long BIOCallback(BIO *bio, | 187 static long BIOCallback(BIO* bio, |
185 int cmd, | 188 int cmd, |
186 const char *argp, int argi, long argl, | 189 const char* argp, |
| 190 int argi, |
| 191 long argl, |
187 long retvalue); | 192 long retvalue); |
188 | 193 |
189 // Called after the initial handshake completes and after the server | 194 // Called after the initial handshake completes and after the server |
190 // certificate has been verified. The order of handshake completion and | 195 // certificate has been verified. The order of handshake completion and |
191 // certificate verification depends on whether the connection was false | 196 // certificate verification depends on whether the connection was false |
192 // started. After both have happened (thus calling this twice), the session is | 197 // started. After both have happened (thus calling this twice), the session is |
193 // safe to cache and will be cached. | 198 // safe to cache and will be cached. |
194 void MaybeCacheSession(); | 199 void MaybeCacheSession(); |
195 | 200 |
196 // Called from the SSL layer whenever a new session is established. | 201 // Called from the SSL layer whenever a new session is established. |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
230 int TokenBindingAdd(const uint8_t** out, | 235 int TokenBindingAdd(const uint8_t** out, |
231 size_t* out_len, | 236 size_t* out_len, |
232 int* out_alert_value); | 237 int* out_alert_value); |
233 int TokenBindingParse(const uint8_t* contents, | 238 int TokenBindingParse(const uint8_t* contents, |
234 size_t contents_len, | 239 size_t contents_len, |
235 int* out_alert_value); | 240 int* out_alert_value); |
236 | 241 |
237 bool transport_send_busy_; | 242 bool transport_send_busy_; |
238 bool transport_recv_busy_; | 243 bool transport_recv_busy_; |
239 | 244 |
240 // Buffers which are shared by BoringSSL and SSLClientSocketOpenSSL. | 245 // Buffers which are shared by BoringSSL and SSLClientSocketImpl. |
241 // GrowableIOBuffer is used to keep ownership and setting offset. | 246 // GrowableIOBuffer is used to keep ownership and setting offset. |
242 scoped_refptr<GrowableIOBuffer> send_buffer_; | 247 scoped_refptr<GrowableIOBuffer> send_buffer_; |
243 scoped_refptr<GrowableIOBuffer> recv_buffer_; | 248 scoped_refptr<GrowableIOBuffer> recv_buffer_; |
244 | 249 |
245 CompletionCallback user_connect_callback_; | 250 CompletionCallback user_connect_callback_; |
246 CompletionCallback user_read_callback_; | 251 CompletionCallback user_read_callback_; |
247 CompletionCallback user_write_callback_; | 252 CompletionCallback user_write_callback_; |
248 | 253 |
249 // Used by Read function. | 254 // Used by Read function. |
250 scoped_refptr<IOBuffer> user_read_buf_; | 255 scoped_refptr<IOBuffer> user_read_buf_; |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
357 TransportSecurityState* transport_security_state_; | 362 TransportSecurityState* transport_security_state_; |
358 | 363 |
359 CTPolicyEnforcer* const policy_enforcer_; | 364 CTPolicyEnforcer* const policy_enforcer_; |
360 | 365 |
361 // pinning_failure_log contains a message produced by | 366 // pinning_failure_log contains a message produced by |
362 // TransportSecurityState::CheckPublicKeyPins in the event of a | 367 // TransportSecurityState::CheckPublicKeyPins in the event of a |
363 // pinning failure. It is a (somewhat) human-readable string. | 368 // pinning failure. It is a (somewhat) human-readable string. |
364 std::string pinning_failure_log_; | 369 std::string pinning_failure_log_; |
365 | 370 |
366 BoundNetLog net_log_; | 371 BoundNetLog net_log_; |
367 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; | 372 base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_; |
368 }; | 373 }; |
369 | 374 |
370 } // namespace net | 375 } // namespace net |
371 | 376 |
372 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 377 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
OLD | NEW |