| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_server_socket_impl.h" | 5 #include "net/socket/ssl_server_socket_impl.h" |
| 6 | 6 |
| 7 #include <openssl/err.h> | 7 #include <openssl/err.h> |
| 8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/callback_helpers.h" | 11 #include "base/callback_helpers.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 14 #include "crypto/openssl_util.h" | 14 #include "crypto/openssl_util.h" |
| 15 #include "crypto/rsa_private_key.h" | 15 #include "crypto/rsa_private_key.h" |
| 16 #include "crypto/scoped_openssl_types.h" | 16 #include "crypto/scoped_openssl_types.h" |
| 17 #include "net/base/net_errors.h" | 17 #include "net/base/net_errors.h" |
| 18 #include "net/cert/cert_verify_result.h" | 18 #include "net/cert/cert_verify_result.h" |
| 19 #include "net/cert/client_cert_verifier.h" | 19 #include "net/cert/client_cert_verifier.h" |
| 20 #include "net/cert/x509_util_openssl.h" | 20 #include "net/cert/x509_util_openssl.h" |
| 21 #include "net/log/net_log_event_type.h" |
| 21 #include "net/ssl/openssl_ssl_util.h" | 22 #include "net/ssl/openssl_ssl_util.h" |
| 22 #include "net/ssl/ssl_connection_status_flags.h" | 23 #include "net/ssl/ssl_connection_status_flags.h" |
| 23 #include "net/ssl/ssl_info.h" | 24 #include "net/ssl/ssl_info.h" |
| 24 | 25 |
| 25 #define GotoState(s) next_handshake_state_ = s | 26 #define GotoState(s) next_handshake_state_ = s |
| 26 | 27 |
| 27 namespace net { | 28 namespace net { |
| 28 | 29 |
| 29 namespace { | 30 namespace { |
| 30 | 31 |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 194 SSL_free(ssl_); | 195 SSL_free(ssl_); |
| 195 ssl_ = NULL; | 196 ssl_ = NULL; |
| 196 } | 197 } |
| 197 if (transport_bio_) { | 198 if (transport_bio_) { |
| 198 BIO_free_all(transport_bio_); | 199 BIO_free_all(transport_bio_); |
| 199 transport_bio_ = NULL; | 200 transport_bio_ = NULL; |
| 200 } | 201 } |
| 201 } | 202 } |
| 202 | 203 |
| 203 int SSLServerSocketImpl::Handshake(const CompletionCallback& callback) { | 204 int SSLServerSocketImpl::Handshake(const CompletionCallback& callback) { |
| 204 net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE); | 205 net_log_.BeginEvent(NetLogEventType::SSL_SERVER_HANDSHAKE); |
| 205 | 206 |
| 206 // Set up new ssl object. | 207 // Set up new ssl object. |
| 207 int rv = Init(); | 208 int rv = Init(); |
| 208 if (rv != OK) { | 209 if (rv != OK) { |
| 209 LOG(ERROR) << "Failed to initialize OpenSSL: rv=" << rv; | 210 LOG(ERROR) << "Failed to initialize OpenSSL: rv=" << rv; |
| 210 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | 211 net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_SERVER_HANDSHAKE, |
| 212 rv); |
| 211 return rv; | 213 return rv; |
| 212 } | 214 } |
| 213 | 215 |
| 214 // Set SSL to server mode. Handshake happens in the loop below. | 216 // Set SSL to server mode. Handshake happens in the loop below. |
| 215 SSL_set_accept_state(ssl_); | 217 SSL_set_accept_state(ssl_); |
| 216 | 218 |
| 217 GotoState(STATE_HANDSHAKE); | 219 GotoState(STATE_HANDSHAKE); |
| 218 rv = DoHandshakeLoop(OK); | 220 rv = DoHandshakeLoop(OK); |
| 219 if (rv == ERR_IO_PENDING) { | 221 if (rv == ERR_IO_PENDING) { |
| 220 user_handshake_callback_ = callback; | 222 user_handshake_callback_ = callback; |
| 221 } else { | 223 } else { |
| 222 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | 224 net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_SERVER_HANDSHAKE, |
| 225 rv); |
| 223 } | 226 } |
| 224 | 227 |
| 225 return rv > OK ? OK : rv; | 228 return rv > OK ? OK : rv; |
| 226 } | 229 } |
| 227 | 230 |
| 228 int SSLServerSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, | 231 int SSLServerSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, |
| 229 bool has_context, | 232 bool has_context, |
| 230 const base::StringPiece& context, | 233 const base::StringPiece& context, |
| 231 unsigned char* out, | 234 unsigned char* out, |
| 232 unsigned int outlen) { | 235 unsigned int outlen) { |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 432 int rv = DoReadLoop(result); | 435 int rv = DoReadLoop(result); |
| 433 if (rv != ERR_IO_PENDING) | 436 if (rv != ERR_IO_PENDING) |
| 434 DoReadCallback(rv); | 437 DoReadCallback(rv); |
| 435 } | 438 } |
| 436 | 439 |
| 437 void SSLServerSocketImpl::OnHandshakeIOComplete(int result) { | 440 void SSLServerSocketImpl::OnHandshakeIOComplete(int result) { |
| 438 int rv = DoHandshakeLoop(result); | 441 int rv = DoHandshakeLoop(result); |
| 439 if (rv == ERR_IO_PENDING) | 442 if (rv == ERR_IO_PENDING) |
| 440 return; | 443 return; |
| 441 | 444 |
| 442 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | 445 net_log_.EndEventWithNetErrorCode(NetLogEventType::SSL_SERVER_HANDSHAKE, rv); |
| 443 if (!user_handshake_callback_.is_null()) | 446 if (!user_handshake_callback_.is_null()) |
| 444 DoHandshakeCallback(rv); | 447 DoHandshakeCallback(rv); |
| 445 } | 448 } |
| 446 | 449 |
| 447 // Return 0 for EOF, | 450 // Return 0 for EOF, |
| 448 // > 0 for bytes transferred immediately, | 451 // > 0 for bytes transferred immediately, |
| 449 // < 0 for error (or the non-error ERR_IO_PENDING). | 452 // < 0 for error (or the non-error ERR_IO_PENDING). |
| 450 int SSLServerSocketImpl::BufferSend() { | 453 int SSLServerSocketImpl::BufferSend() { |
| 451 if (transport_send_busy_) | 454 if (transport_send_busy_) |
| 452 return ERR_IO_PENDING; | 455 return ERR_IO_PENDING; |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 601 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 604 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 602 int rv = SSL_read(ssl_, user_read_buf_->data(), user_read_buf_len_); | 605 int rv = SSL_read(ssl_, user_read_buf_->data(), user_read_buf_len_); |
| 603 if (rv >= 0) | 606 if (rv >= 0) |
| 604 return rv; | 607 return rv; |
| 605 int ssl_error = SSL_get_error(ssl_, rv); | 608 int ssl_error = SSL_get_error(ssl_, rv); |
| 606 OpenSSLErrorInfo error_info; | 609 OpenSSLErrorInfo error_info; |
| 607 int net_error = | 610 int net_error = |
| 608 MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); | 611 MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); |
| 609 if (net_error != ERR_IO_PENDING) { | 612 if (net_error != ERR_IO_PENDING) { |
| 610 net_log_.AddEvent( | 613 net_log_.AddEvent( |
| 611 NetLog::TYPE_SSL_READ_ERROR, | 614 NetLogEventType::SSL_READ_ERROR, |
| 612 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | 615 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 613 } | 616 } |
| 614 return net_error; | 617 return net_error; |
| 615 } | 618 } |
| 616 | 619 |
| 617 int SSLServerSocketImpl::DoPayloadWrite() { | 620 int SSLServerSocketImpl::DoPayloadWrite() { |
| 618 DCHECK(user_write_buf_); | 621 DCHECK(user_write_buf_); |
| 619 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 622 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 620 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 623 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| 621 if (rv >= 0) | 624 if (rv >= 0) |
| 622 return rv; | 625 return rv; |
| 623 int ssl_error = SSL_get_error(ssl_, rv); | 626 int ssl_error = SSL_get_error(ssl_, rv); |
| 624 OpenSSLErrorInfo error_info; | 627 OpenSSLErrorInfo error_info; |
| 625 int net_error = | 628 int net_error = |
| 626 MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); | 629 MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); |
| 627 if (net_error != ERR_IO_PENDING) { | 630 if (net_error != ERR_IO_PENDING) { |
| 628 net_log_.AddEvent( | 631 net_log_.AddEvent( |
| 629 NetLog::TYPE_SSL_WRITE_ERROR, | 632 NetLogEventType::SSL_WRITE_ERROR, |
| 630 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | 633 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 631 } | 634 } |
| 632 return net_error; | 635 return net_error; |
| 633 } | 636 } |
| 634 | 637 |
| 635 int SSLServerSocketImpl::DoHandshakeLoop(int last_io_result) { | 638 int SSLServerSocketImpl::DoHandshakeLoop(int last_io_result) { |
| 636 int rv = last_io_result; | 639 int rv = last_io_result; |
| 637 do { | 640 do { |
| 638 // Default to STATE_NONE for next state. | 641 // Default to STATE_NONE for next state. |
| 639 // (This is a quirk carried over from the windows | 642 // (This is a quirk carried over from the windows |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 726 if (net_error == ERR_SSL_SERVER_CERT_CHANGED) | 729 if (net_error == ERR_SSL_SERVER_CERT_CHANGED) |
| 727 net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT; | 730 net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 728 | 731 |
| 729 // If not done, stay in this state | 732 // If not done, stay in this state |
| 730 if (net_error == ERR_IO_PENDING) { | 733 if (net_error == ERR_IO_PENDING) { |
| 731 GotoState(STATE_HANDSHAKE); | 734 GotoState(STATE_HANDSHAKE); |
| 732 } else { | 735 } else { |
| 733 LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " | 736 LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " |
| 734 << ssl_error << ", net_error " << net_error; | 737 << ssl_error << ", net_error " << net_error; |
| 735 net_log_.AddEvent( | 738 net_log_.AddEvent( |
| 736 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 739 NetLogEventType::SSL_HANDSHAKE_ERROR, |
| 737 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | 740 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 738 } | 741 } |
| 739 } | 742 } |
| 740 return net_error; | 743 return net_error; |
| 741 } | 744 } |
| 742 | 745 |
| 743 void SSLServerSocketImpl::DoHandshakeCallback(int rv) { | 746 void SSLServerSocketImpl::DoHandshakeCallback(int rv) { |
| 744 DCHECK_NE(rv, ERR_IO_PENDING); | 747 DCHECK_NE(rv, ERR_IO_PENDING); |
| 745 base::ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv); | 748 base::ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv); |
| 746 } | 749 } |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 944 SSL* ssl = SSL_new(ssl_ctx_.get()); | 947 SSL* ssl = SSL_new(ssl_ctx_.get()); |
| 945 return std::unique_ptr<SSLServerSocket>( | 948 return std::unique_ptr<SSLServerSocket>( |
| 946 new SSLServerSocketImpl(std::move(socket), ssl)); | 949 new SSLServerSocketImpl(std::move(socket), ssl)); |
| 947 } | 950 } |
| 948 | 951 |
| 949 void EnableSSLServerSockets() { | 952 void EnableSSLServerSockets() { |
| 950 // No-op because CreateSSLServerSocket() calls crypto::EnsureOpenSSLInit(). | 953 // No-op because CreateSSLServerSocket() calls crypto::EnsureOpenSSLInit(). |
| 951 } | 954 } |
| 952 | 955 |
| 953 } // namespace net | 956 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2315613002:
Extracted NetLog class's inner enum types into their own enum classes and (Closed)
