OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
11 #include <openssl/evp.h> | 11 #include <openssl/evp.h> |
12 #include <openssl/mem.h> | 12 #include <openssl/mem.h> |
13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
14 #include <string.h> | 14 #include <string.h> |
15 | 15 |
16 #include <utility> | 16 #include <utility> |
17 | 17 |
18 #include "base/bind.h" | 18 #include "base/bind.h" |
19 #include "base/callback_helpers.h" | 19 #include "base/callback_helpers.h" |
20 #include "base/feature_list.h" | |
21 #include "base/lazy_instance.h" | 20 #include "base/lazy_instance.h" |
22 #include "base/macros.h" | 21 #include "base/macros.h" |
23 #include "base/memory/singleton.h" | 22 #include "base/memory/singleton.h" |
24 #include "base/metrics/field_trial.h" | 23 #include "base/metrics/field_trial.h" |
25 #include "base/metrics/histogram_macros.h" | 24 #include "base/metrics/histogram_macros.h" |
26 #include "base/metrics/sparse_histogram.h" | 25 #include "base/metrics/sparse_histogram.h" |
27 #include "base/profiler/scoped_tracker.h" | 26 #include "base/profiler/scoped_tracker.h" |
28 #include "base/strings/string_number_conversions.h" | 27 #include "base/strings/string_number_conversions.h" |
29 #include "base/strings/string_piece.h" | 28 #include "base/strings/string_piece.h" |
30 #include "base/synchronization/lock.h" | 29 #include "base/synchronization/lock.h" |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
79 | 78 |
80 // TLS extension number use for Token Binding. | 79 // TLS extension number use for Token Binding. |
81 const unsigned int kTbExtNum = 24; | 80 const unsigned int kTbExtNum = 24; |
82 | 81 |
83 // Token Binding ProtocolVersions supported. | 82 // Token Binding ProtocolVersions supported. |
84 const uint8_t kTbProtocolVersionMajor = 0; | 83 const uint8_t kTbProtocolVersionMajor = 0; |
85 const uint8_t kTbProtocolVersionMinor = 8; | 84 const uint8_t kTbProtocolVersionMinor = 8; |
86 const uint8_t kTbMinProtocolVersionMajor = 0; | 85 const uint8_t kTbMinProtocolVersionMajor = 0; |
87 const uint8_t kTbMinProtocolVersionMinor = 6; | 86 const uint8_t kTbMinProtocolVersionMinor = 6; |
88 | 87 |
89 #if !defined(OS_NACL) | |
90 const base::Feature kPostQuantumExperiment{"SSLPostQuantumExperiment", | |
91 base::FEATURE_DISABLED_BY_DEFAULT}; | |
92 #endif | |
93 | |
94 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { | 88 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { |
95 switch (EVP_MD_type(md)) { | 89 switch (EVP_MD_type(md)) { |
96 case NID_md5_sha1: | 90 case NID_md5_sha1: |
97 *hash = SSLPrivateKey::Hash::MD5_SHA1; | 91 *hash = SSLPrivateKey::Hash::MD5_SHA1; |
98 return true; | 92 return true; |
99 case NID_sha1: | 93 case NID_sha1: |
100 *hash = SSLPrivateKey::Hash::SHA1; | 94 *hash = SSLPrivateKey::Hash::SHA1; |
101 return true; | 95 return true; |
102 case NID_sha256: | 96 case NID_sha256: |
103 *hash = SSLPrivateKey::Hash::SHA256; | 97 *hash = SSLPrivateKey::Hash::SHA256; |
(...skipping 897 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1001 | 995 |
1002 SSL_set_mode(ssl_, mode.set_mask); | 996 SSL_set_mode(ssl_, mode.set_mask); |
1003 SSL_clear_mode(ssl_, mode.clear_mask); | 997 SSL_clear_mode(ssl_, mode.clear_mask); |
1004 | 998 |
1005 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers | 999 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
1006 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable | 1000 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable |
1007 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not | 1001 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not |
1008 // supported. As DHE is being deprecated, don't add a cipher only to remove it | 1002 // supported. As DHE is being deprecated, don't add a cipher only to remove it |
1009 // immediately. | 1003 // immediately. |
1010 std::string command; | 1004 std::string command; |
1011 #if !defined(OS_NACL) | 1005 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) { |
1012 if (base::FeatureList::IsEnabled(kPostQuantumExperiment)) { | |
1013 // These are experimental, non-standard ciphersuites. They are part of an | 1006 // These are experimental, non-standard ciphersuites. They are part of an |
1014 // experiment in post-quantum cryptography. They're not intended to | 1007 // experiment in post-quantum cryptography. They're not intended to |
1015 // represent a de-facto standard, and will be removed from BoringSSL in | 1008 // represent a de-facto standard, and will be removed from BoringSSL in |
1016 // ~2018. | 1009 // ~2018. |
1017 if (EVP_has_aes_hardware()) { | 1010 if (EVP_has_aes_hardware()) { |
1018 command.append( | 1011 command.append( |
1019 "CECPQ1-RSA-AES256-GCM-SHA384:" | 1012 "CECPQ1-RSA-AES256-GCM-SHA384:" |
1020 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); | 1013 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
1021 } | 1014 } |
1022 command.append( | 1015 command.append( |
1023 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" | 1016 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" |
1024 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); | 1017 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); |
1025 if (!EVP_has_aes_hardware()) { | 1018 if (!EVP_has_aes_hardware()) { |
1026 command.append( | 1019 command.append( |
1027 "CECPQ1-RSA-AES256-GCM-SHA384:" | 1020 "CECPQ1-RSA-AES256-GCM-SHA384:" |
1028 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); | 1021 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
1029 } | 1022 } |
1030 } | 1023 } |
1031 #endif | |
1032 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); | 1024 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); |
1033 | 1025 |
1034 if (ssl_config_.require_ecdhe) | 1026 if (ssl_config_.require_ecdhe) |
1035 command.append(":!kRSA:!kDHE"); | 1027 command.append(":!kRSA:!kDHE"); |
1036 | 1028 |
1037 if (!ssl_config_.deprecated_cipher_suites_enabled) { | 1029 if (!ssl_config_.deprecated_cipher_suites_enabled) { |
1038 // Only offer DHE on the second handshake. https://crbug.com/538690 | 1030 // Only offer DHE on the second handshake. https://crbug.com/538690 |
1039 command.append(":!kDHE"); | 1031 command.append(":!kDHE"); |
1040 } | 1032 } |
1041 | 1033 |
(...skipping 1344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2386 } | 2378 } |
2387 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2379 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
2388 CHANNEL_ID_USAGE_MAX); | 2380 CHANNEL_ID_USAGE_MAX); |
2389 } | 2381 } |
2390 | 2382 |
2391 bool SSLClientSocketImpl::IsChannelIDEnabled() const { | 2383 bool SSLClientSocketImpl::IsChannelIDEnabled() const { |
2392 return ssl_config_.channel_id_enabled && channel_id_service_; | 2384 return ssl_config_.channel_id_enabled && channel_id_service_; |
2393 } | 2385 } |
2394 | 2386 |
2395 } // namespace net | 2387 } // namespace net |
OLD | NEW |