Remove NPN from SSLConfig and SSLClientSocket*.

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
@@ skipping 52 matching lines @@
 #endif
 
 namespace net {
 
 namespace {
 
 // This constant can be any non-negative/non-zero value (eg: it does not
 // overlap with any value of the net::Error range, including net::OK).
 const int kNoPendingResult = 1;
 
-// If a client doesn't have a list of protocols that it supports, but
-// the server supports NPN, choosing "http/1.1" is the best answer.
-const char kDefaultSupportedNPNProtocol[] = "http/1.1";
-
 // Default size of the internal BoringSSL buffers.
 const int kDefaultOpenSSLBufferSize = 17 * 1024;
 
 // TLS extension number use for Token Binding.
 const unsigned int kTbExtNum = 24;
 
 // Token Binding ProtocolVersions supported.
 const uint8_t kTbProtocolVersionMajor = 0;
 const uint8_t kTbProtocolVersionMinor = 8;
 const uint8_t kTbMinProtocolVersionMajor = 0;
@@ skipping 154 matching lines @@
     ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
     DCHECK_NE(ssl_socket_data_index_, -1);
     ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
     SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL);
     SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL);
     SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL);
     // This stops |SSL_shutdown| from generating the close_notify message, which
     // is currently not sent on the network.
     // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed.
     SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1);
-    // Note that SSL_OP_DISABLE_NPN is used to disable NPN if
-    // ssl_config_.next_proto is empty.
-    SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
-                                     NULL);
 
     // Disable the internal session cache. Session caching is handled
     // externally (i.e. by SSLClientSessionCache).
     SSL_CTX_set_session_cache_mode(
         ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
     SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback);
 
     if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
                                        &TokenBindingAddCallback,
                                        &TokenBindingFreeCallback, nullptr,
@@ skipping 44 matching lines @@
 
   static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) {
     SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
         store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
 
     return socket->CertVerifyCallback(store_ctx);
   }
 
-  static int SelectNextProtoCallback(SSL* ssl,
-                                     unsigned char** out,
-                                     unsigned char* outlen,
-                                     const unsigned char* in,
-                                     unsigned int inlen,
-                                     void* arg) {
-    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
-    return socket->SelectNextProtoCallback(out, outlen, in, inlen);
-  }
-
   static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->NewSessionCallback(session);
   }
 
   static int PrivateKeyTypeCallback(SSL* ssl) {
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyTypeCallback();
   }
 
@@ skipping 168 matching lines @@
       tb_negotiated_param_(TB_PARAM_ECDSAP256),
       tb_signed_ekm_map_(10),
       ssl_(NULL),
       transport_bio_(NULL),
       transport_(std::move(transport_socket)),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       next_handshake_state_(STATE_NONE),
       disconnected_(false),
-      npn_status_(kNextProtoUnsupported),
       negotiated_protocol_(kProtoUnknown),
-      negotiation_extension_(kExtensionUnknown),
       channel_id_sent_(false),
       certificate_verified_(false),
       signature_result_(kNoPendingResult),
       transport_security_state_(context.transport_security_state),
       policy_enforcer_(context.ct_policy_enforcer),
       pkp_bypassed_(false),
       net_log_(transport_->socket()->NetLog()),
       weak_factory_(this) {
   CHECK(cert_verifier_);
   CHECK(transport_security_state_);
@@ skipping 160 matching lines @@
   transport_write_error_ = OK;
 
   server_cert_verify_result_.Reset();
   completed_connect_ = false;
 
   cert_authorities_.clear();
   cert_key_types_.clear();
 
   start_cert_verification_time_ = base::TimeTicks();
 
-  npn_status_ = kNextProtoUnsupported;
   negotiated_protocol_ = kProtoUnknown;
 
   channel_id_sent_ = false;
   tb_was_negotiated_ = false;
   pending_session_ = nullptr;
   certificate_verified_ = false;
   channel_id_request_.Cancel();
 
   signature_result_ = kNoPendingResult;
   signature_.clear();
@@ skipping 347 matching lines @@
     SSL_enable_tls_channel_id(ssl_);
   }
 
   if (!ssl_config_.alpn_protos.empty()) {
     std::vector<uint8_t> wire_protos =
         SerializeNextProtos(ssl_config_.alpn_protos);
     SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0],
                         wire_protos.size());
   }
 
-  if (ssl_config_.npn_protos.empty())
-    SSL_set_options(ssl_, SSL_OP_DISABLE_NPN);
-
   if (ssl_config_.signed_cert_timestamps_enabled) {
     SSL_enable_signed_cert_timestamps(ssl_);
     SSL_enable_ocsp_stapling(ssl_);
   }
 
   if (cert_verifier_->SupportsOCSPStapling())
     SSL_enable_ocsp_stapling(ssl_);
 
   return OK;
 }
@@ skipping 117 matching lines @@
   if (!ssl_config_.dhe_enabled &&
       SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) {
     return ERR_SSL_OBSOLETE_CIPHER;
   }
 
   // Check that if token binding was negotiated, then extended master secret
   // must also be negotiated.
   if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_))
     return ERR_SSL_PROTOCOL_ERROR;
 
-  // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was.
-  if (npn_status_ == kNextProtoUnsupported) {
-    const uint8_t* alpn_proto = NULL;
-    unsigned alpn_len = 0;
-    SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len);
-    if (alpn_len > 0) {
-      base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto),
-                              alpn_len);
-      negotiated_protocol_ = NextProtoFromString(proto);
-      npn_status_ = kNextProtoNegotiated;
-      negotiation_extension_ = kExtensionALPN;
-    }
+  const uint8_t* alpn_proto = NULL;
+  unsigned alpn_len = 0;
+  SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len);
+  if (alpn_len > 0) {
+    base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto),
+                            alpn_len);
+    negotiated_protocol_ = NextProtoFromString(proto);
   }
 
   RecordNegotiatedProtocol();
   RecordChannelIDSupport();
 
   const uint8_t* ocsp_response_raw;
   size_t ocsp_response_len;
   SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);
   std::string ocsp_response;
   if (ocsp_response_len > 0) {
@@ skipping 750 matching lines @@
     return 0;
   }
   if (old_der != new_der) {
     LOG(ERROR) << "Server certificate changed between handshakes";
     return 0;
   }
 
   return 1;
 }
 
-// SelectNextProtoCallback is called by OpenSSL during the handshake. If the
-// server supports NPN, selects a protocol from the list that the server
-// provides. According to third_party/boringssl/src/ssl/ssl_lib.c, the
-// callback can assume that |in| is syntactically valid.
-int SSLClientSocketImpl::SelectNextProtoCallback(unsigned char** out,
-                                                 unsigned char* outlen,
-                                                 const unsigned char* in,
-                                                 unsigned int inlen) {
-  if (ssl_config_.npn_protos.empty()) {
-    *out = reinterpret_cast<uint8_t*>(
-        const_cast<char*>(kDefaultSupportedNPNProtocol));
-    *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
-    npn_status_ = kNextProtoUnsupported;
-    return SSL_TLSEXT_ERR_OK;
-  }
-
-  // Assume there's no overlap between our protocols and the server's list.
-  npn_status_ = kNextProtoNoOverlap;
-
-  // For each protocol in server preference order, see if we support it.
-  for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
-    for (NextProto next_proto : ssl_config_.npn_protos) {
-      const std::string proto = NextProtoToString(next_proto);
-      if (in[i] == proto.size() &&
-          memcmp(&in[i + 1], proto.data(), in[i]) == 0) {
-        // We found a match.
-        negotiated_protocol_ = next_proto;
-        *out = const_cast<unsigned char*>(in) + i + 1;
-        *outlen = in[i];
-        npn_status_ = kNextProtoNegotiated;
-        break;
-      }
-    }
-    if (npn_status_ == kNextProtoNegotiated)
-      break;
-  }
-
-  // If we didn't find a protocol, we select the last one from our list.
-  if (npn_status_ == kNextProtoNoOverlap) {
-    negotiated_protocol_ = ssl_config_.npn_protos.back();
-    // NextProtoToString returns a pointer to a static string.
-    const char* proto = NextProtoToString(negotiated_protocol_);
-    *out = reinterpret_cast<unsigned char*>(const_cast<char*>(proto));
-    *outlen = strlen(proto);
-  }
-
-  negotiation_extension_ = kExtensionNPN;
-  return SSL_TLSEXT_ERR_OK;
-}
-
 long SSLClientSocketImpl::MaybeReplayTransportError(BIO* bio,
                                                     int cmd,
                                                     const char* argp,
                                                     int argi,
                                                     long argl,
                                                     long retvalue) {
   if (cmd == (BIO_CB_READ | BIO_CB_RETURN) && retvalue <= 0) {
     // If there is no more data in the buffer, report any pending errors that
     // were observed. Note that both the readbuf and the writebuf are checked
     // for errors, since the application may have encountered a socket error
@@ skipping 90 matching lines @@
   if (ssl_config_.channel_id_enabled)
     result.append("channelid");
 
   return result;
 }
 
 bool SSLClientSocketImpl::IsRenegotiationAllowed() const {
   if (tb_was_negotiated_)
     return false;
 
-  if (npn_status_ == kNextProtoUnsupported)
+  if (negotiated_protocol_ == kProtoUnknown)
     return ssl_config_.renego_allowed_default;
 
   for (NextProto allowed : ssl_config_.renego_allowed_for_protos) {
     if (negotiated_protocol_ == allowed)
       return true;
   }
   return false;
 }
 
 int SSLClientSocketImpl::PrivateKeyTypeCallback() {
@@ skipping 203 matching lines @@
   }
   UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
                             CHANNEL_ID_USAGE_MAX);
 }
 
 bool SSLClientSocketImpl::IsChannelIDEnabled() const {
   return ssl_config_.channel_id_enabled && channel_id_service_;
 }
 
 }  // namespace net