OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
11 #include <openssl/evp.h> | 11 #include <openssl/evp.h> |
12 #include <openssl/mem.h> | 12 #include <openssl/mem.h> |
13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
14 #include <string.h> | 14 #include <string.h> |
15 | 15 |
16 #include <utility> | 16 #include <utility> |
17 | 17 |
18 #include "base/bind.h" | 18 #include "base/bind.h" |
19 #include "base/callback_helpers.h" | 19 #include "base/callback_helpers.h" |
20 #include "base/feature_list.h" | |
21 #include "base/lazy_instance.h" | 20 #include "base/lazy_instance.h" |
22 #include "base/macros.h" | 21 #include "base/macros.h" |
23 #include "base/memory/singleton.h" | 22 #include "base/memory/singleton.h" |
24 #include "base/metrics/field_trial.h" | 23 #include "base/metrics/field_trial.h" |
25 #include "base/metrics/histogram_macros.h" | 24 #include "base/metrics/histogram_macros.h" |
26 #include "base/metrics/sparse_histogram.h" | 25 #include "base/metrics/sparse_histogram.h" |
27 #include "base/profiler/scoped_tracker.h" | 26 #include "base/profiler/scoped_tracker.h" |
28 #include "base/strings/string_number_conversions.h" | 27 #include "base/strings/string_number_conversions.h" |
29 #include "base/strings/string_piece.h" | 28 #include "base/strings/string_piece.h" |
30 #include "base/synchronization/lock.h" | 29 #include "base/synchronization/lock.h" |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
79 | 78 |
80 // TLS extension number use for Token Binding. | 79 // TLS extension number use for Token Binding. |
81 const unsigned int kTbExtNum = 24; | 80 const unsigned int kTbExtNum = 24; |
82 | 81 |
83 // Token Binding ProtocolVersions supported. | 82 // Token Binding ProtocolVersions supported. |
84 const uint8_t kTbProtocolVersionMajor = 0; | 83 const uint8_t kTbProtocolVersionMajor = 0; |
85 const uint8_t kTbProtocolVersionMinor = 8; | 84 const uint8_t kTbProtocolVersionMinor = 8; |
86 const uint8_t kTbMinProtocolVersionMajor = 0; | 85 const uint8_t kTbMinProtocolVersionMajor = 0; |
87 const uint8_t kTbMinProtocolVersionMinor = 6; | 86 const uint8_t kTbMinProtocolVersionMinor = 6; |
88 | 87 |
89 #if !defined(OS_NACL) | |
90 const base::Feature kPostQuantumExperiment{"SSLPostQuantumExperiment", | |
91 base::FEATURE_DISABLED_BY_DEFAULT}; | |
92 #endif | |
93 | |
94 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { | 88 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { |
95 switch (EVP_MD_type(md)) { | 89 switch (EVP_MD_type(md)) { |
96 case NID_md5_sha1: | 90 case NID_md5_sha1: |
97 *hash = SSLPrivateKey::Hash::MD5_SHA1; | 91 *hash = SSLPrivateKey::Hash::MD5_SHA1; |
98 return true; | 92 return true; |
99 case NID_sha1: | 93 case NID_sha1: |
100 *hash = SSLPrivateKey::Hash::SHA1; | 94 *hash = SSLPrivateKey::Hash::SHA1; |
101 return true; | 95 return true; |
102 case NID_sha256: | 96 case NID_sha256: |
103 *hash = SSLPrivateKey::Hash::SHA256; | 97 *hash = SSLPrivateKey::Hash::SHA256; |
(...skipping 894 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
998 | 992 |
999 SSL_set_mode(ssl_, mode.set_mask); | 993 SSL_set_mode(ssl_, mode.set_mask); |
1000 SSL_clear_mode(ssl_, mode.clear_mask); | 994 SSL_clear_mode(ssl_, mode.clear_mask); |
1001 | 995 |
1002 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers | 996 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
1003 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable | 997 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable |
1004 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not | 998 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not |
1005 // supported. As DHE is being deprecated, don't add a cipher only to remove it | 999 // supported. As DHE is being deprecated, don't add a cipher only to remove it |
1006 // immediately. | 1000 // immediately. |
1007 std::string command; | 1001 std::string command; |
1008 #if !defined(OS_NACL) | 1002 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) { |
1009 if (base::FeatureList::IsEnabled(kPostQuantumExperiment)) { | |
1010 // These are experimental, non-standard ciphersuites. They are part of an | 1003 // These are experimental, non-standard ciphersuites. They are part of an |
1011 // experiment in post-quantum cryptography. They're not intended to | 1004 // experiment in post-quantum cryptography. They're not intended to |
1012 // represent a de-facto standard, and will be removed from BoringSSL in | 1005 // represent a de-facto standard, and will be removed from BoringSSL in |
1013 // ~2018. | 1006 // ~2018. |
1014 if (EVP_has_aes_hardware()) { | 1007 if (EVP_has_aes_hardware()) { |
1015 command.append( | 1008 command.append( |
1016 "CECPQ1-RSA-AES256-GCM-SHA384:" | 1009 "CECPQ1-RSA-AES256-GCM-SHA384:" |
1017 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); | 1010 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
1018 } | 1011 } |
1019 command.append( | 1012 command.append( |
1020 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" | 1013 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" |
1021 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); | 1014 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); |
1022 if (!EVP_has_aes_hardware()) { | 1015 if (!EVP_has_aes_hardware()) { |
1023 command.append( | 1016 command.append( |
1024 "CECPQ1-RSA-AES256-GCM-SHA384:" | 1017 "CECPQ1-RSA-AES256-GCM-SHA384:" |
1025 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); | 1018 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); |
1026 } | 1019 } |
1027 } | 1020 } |
1028 #endif | |
1029 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); | 1021 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); |
1030 | 1022 |
1031 if (ssl_config_.require_ecdhe) | 1023 if (ssl_config_.require_ecdhe) |
1032 command.append(":!kRSA:!kDHE"); | 1024 command.append(":!kRSA:!kDHE"); |
1033 | 1025 |
1034 if (!ssl_config_.deprecated_cipher_suites_enabled) { | 1026 if (!ssl_config_.deprecated_cipher_suites_enabled) { |
1035 // Only offer DHE on the second handshake. https://crbug.com/538690 | 1027 // Only offer DHE on the second handshake. https://crbug.com/538690 |
1036 command.append(":!kDHE"); | 1028 command.append(":!kDHE"); |
1037 } | 1029 } |
1038 | 1030 |
(...skipping 1293 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2332 if (rv != OK) { | 2324 if (rv != OK) { |
2333 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2325 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
2334 return; | 2326 return; |
2335 } | 2327 } |
2336 | 2328 |
2337 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2329 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
2338 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2330 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
2339 } | 2331 } |
2340 | 2332 |
2341 } // namespace net | 2333 } // namespace net |
OLD | NEW |