OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
11 #include <openssl/evp.h> | 11 #include <openssl/evp.h> |
12 #include <openssl/mem.h> | 12 #include <openssl/mem.h> |
13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
14 #include <string.h> | 14 #include <string.h> |
15 | 15 |
16 #include <utility> | 16 #include <utility> |
17 | 17 |
18 #include "base/bind.h" | 18 #include "base/bind.h" |
19 #include "base/callback_helpers.h" | 19 #include "base/callback_helpers.h" |
| 20 #include "base/feature_list.h" |
20 #include "base/lazy_instance.h" | 21 #include "base/lazy_instance.h" |
21 #include "base/macros.h" | 22 #include "base/macros.h" |
22 #include "base/memory/singleton.h" | 23 #include "base/memory/singleton.h" |
23 #include "base/metrics/histogram_macros.h" | 24 #include "base/metrics/histogram_macros.h" |
24 #include "base/metrics/sparse_histogram.h" | 25 #include "base/metrics/sparse_histogram.h" |
25 #include "base/profiler/scoped_tracker.h" | 26 #include "base/profiler/scoped_tracker.h" |
26 #include "base/strings/string_number_conversions.h" | 27 #include "base/strings/string_number_conversions.h" |
27 #include "base/strings/string_piece.h" | 28 #include "base/strings/string_piece.h" |
28 #include "base/synchronization/lock.h" | 29 #include "base/synchronization/lock.h" |
29 #include "base/threading/thread_local.h" | 30 #include "base/threading/thread_local.h" |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 | 78 |
78 // TLS extension number use for Token Binding. | 79 // TLS extension number use for Token Binding. |
79 const unsigned int kTbExtNum = 24; | 80 const unsigned int kTbExtNum = 24; |
80 | 81 |
81 // Token Binding ProtocolVersions supported. | 82 // Token Binding ProtocolVersions supported. |
82 const uint8_t kTbProtocolVersionMajor = 0; | 83 const uint8_t kTbProtocolVersionMajor = 0; |
83 const uint8_t kTbProtocolVersionMinor = 6; | 84 const uint8_t kTbProtocolVersionMinor = 6; |
84 const uint8_t kTbMinProtocolVersionMajor = 0; | 85 const uint8_t kTbMinProtocolVersionMajor = 0; |
85 const uint8_t kTbMinProtocolVersionMinor = 6; | 86 const uint8_t kTbMinProtocolVersionMinor = 6; |
86 | 87 |
| 88 #if !defined(OS_NACL) |
| 89 const base::Feature kPostQuantumExperiment{"SSLPostQuantumExperiment", |
| 90 base::FEATURE_DISABLED_BY_DEFAULT}; |
| 91 #endif |
| 92 |
87 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { | 93 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { |
88 switch (EVP_MD_type(md)) { | 94 switch (EVP_MD_type(md)) { |
89 case NID_md5_sha1: | 95 case NID_md5_sha1: |
90 *hash = SSLPrivateKey::Hash::MD5_SHA1; | 96 *hash = SSLPrivateKey::Hash::MD5_SHA1; |
91 return true; | 97 return true; |
92 case NID_sha1: | 98 case NID_sha1: |
93 *hash = SSLPrivateKey::Hash::SHA1; | 99 *hash = SSLPrivateKey::Hash::SHA1; |
94 return true; | 100 return true; |
95 case NID_sha256: | 101 case NID_sha256: |
96 *hash = SSLPrivateKey::Hash::SHA256; | 102 *hash = SSLPrivateKey::Hash::SHA256; |
(...skipping 862 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
959 mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback); | 965 mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback); |
960 | 966 |
961 SSL_set_mode(ssl_, mode.set_mask); | 967 SSL_set_mode(ssl_, mode.set_mask); |
962 SSL_clear_mode(ssl_, mode.clear_mask); | 968 SSL_clear_mode(ssl_, mode.clear_mask); |
963 | 969 |
964 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers | 970 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
965 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable | 971 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable |
966 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not | 972 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not |
967 // supported. As DHE is being deprecated, don't add a cipher only to remove it | 973 // supported. As DHE is being deprecated, don't add a cipher only to remove it |
968 // immediately. | 974 // immediately. |
969 std::string command( | 975 std::string command; |
970 "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); | 976 #if !defined(OS_NACL) |
| 977 if (base::FeatureList::IsEnabled(kPostQuantumExperiment)) { |
| 978 // These are experimental, non-standard ciphersuites. They are part of an |
| 979 // experiment in post-quantum cryptography. They're not intended to |
| 980 // represent a de-facto standard, and will be removed from BoringSSL in |
| 981 // ~2018. |
| 982 if (EVP_has_aes_hardware()) { |
| 983 command.append( |
| 984 "CECPQ1-RSA-AES256-GCM-SHA384:" |
| 985 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
| 986 } |
| 987 command.append( |
| 988 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" |
| 989 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); |
| 990 if (!EVP_has_aes_hardware()) { |
| 991 command.append( |
| 992 "CECPQ1-RSA-AES256-GCM-SHA384:" |
| 993 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
| 994 } |
| 995 } |
| 996 #endif |
| 997 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); |
971 | 998 |
972 if (ssl_config_.require_ecdhe) | 999 if (ssl_config_.require_ecdhe) |
973 command.append(":!kRSA:!kDHE"); | 1000 command.append(":!kRSA:!kDHE"); |
974 | 1001 |
975 if (!ssl_config_.deprecated_cipher_suites_enabled) { | 1002 if (!ssl_config_.deprecated_cipher_suites_enabled) { |
976 // Only offer DHE on the second handshake. https://crbug.com/538690 | 1003 // Only offer DHE on the second handshake. https://crbug.com/538690 |
977 command.append(":!kDHE"); | 1004 command.append(":!kDHE"); |
978 } | 1005 } |
979 | 1006 |
980 // Remove any disabled ciphers. | 1007 // Remove any disabled ciphers. |
(...skipping 1309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2290 if (rv != OK) { | 2317 if (rv != OK) { |
2291 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2318 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
2292 return; | 2319 return; |
2293 } | 2320 } |
2294 | 2321 |
2295 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2322 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
2296 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2323 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
2297 } | 2324 } |
2298 | 2325 |
2299 } // namespace net | 2326 } // namespace net |
OLD | NEW |