Chromium Code Reviews Chromium Code Reviews
Issue 2704623002:
Add non-application-data SSL messages to NetLog. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 229 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; | 229 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 230 | 230 |
| 231 bool AreLegacyECDSACiphersEnabled() { | 231 bool AreLegacyECDSACiphersEnabled() { |
| 232 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); | 232 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); |
| 233 } | 233 } |
| 234 #endif | 234 #endif |
| 235 | 235 |
| 236 const base::Feature kShortRecordHeaderFeature{ | 236 const base::Feature kShortRecordHeaderFeature{ |
| 237 "SSLShortRecordHeader", base::FEATURE_DISABLED_BY_DEFAULT}; | 237 "SSLShortRecordHeader", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 238 | 238 |
| 239 std::unique_ptr<base::Value> NetLogSSLAlertCallback( | |
| 240 const void* bytes, | |
| 241 size_t len, | |
| 242 NetLogCaptureMode capture_mode) { | |
| 243 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); | |
| 244 dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, len)); | |
| 245 return std::move(dict); | |
| 246 } | |
| 247 | |
| 248 std::unique_ptr<base::Value> NetLogSSLMessageCallback( | |
| 249 bool is_write, | |
| 250 const void* bytes, | |
| 251 size_t len, | |
| 252 NetLogCaptureMode capture_mode) { | |
| 253 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); | |
| 254 if (len == 0) { | |
| 255 NOTREACHED(); | |
| 256 return std::move(dict); | |
| 257 } | |
| 258 | |
| 259 // The handshake message type is the first byte. Include it so elided messages | |
| 260 // still report their type. | |
| 261 uint8_t type = reinterpret_cast<const uint8_t*>(bytes)[0]; | |
| 262 dict->SetInteger("type", type); | |
| 263 | |
| 264 // Elide client certificate messages unless logging socket bytes. | |
| 265 if (!is_write || type != SSL3_MT_CERTIFICATE || | |
| 266 capture_mode.include_socket_bytes()) { | |
| 267 dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, len)); | |
| 268 } | |
| 269 | |
| 270 return std::move(dict); | |
| 271 } | |
| 272 | |
| 239 } // namespace | 273 } // namespace |
| 240 | 274 |
| 241 class SSLClientSocketImpl::SSLContext { | 275 class SSLClientSocketImpl::SSLContext { |
| 242 public: | 276 public: |
| 243 static SSLContext* GetInstance() { | 277 static SSLContext* GetInstance() { |
| 244 return base::Singleton<SSLContext, | 278 return base::Singleton<SSLContext, |
| 245 base::LeakySingletonTraits<SSLContext>>::get(); | 279 base::LeakySingletonTraits<SSLContext>>::get(); |
| 246 } | 280 } |
| 247 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | 281 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| 248 SSLClientSessionCache* session_cache() { return &session_cache_; } | 282 SSLClientSessionCache* session_cache() { return &session_cache_; } |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 292 | 326 |
| 293 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); | 327 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); |
| 294 | 328 |
| 295 // Deduplicate all certificates minted from the SSL_CTX in memory. | 329 // Deduplicate all certificates minted from the SSL_CTX in memory. |
| 296 SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); | 330 SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); |
| 297 | 331 |
| 298 if (base::FeatureList::IsEnabled(kShortRecordHeaderFeature)) { | 332 if (base::FeatureList::IsEnabled(kShortRecordHeaderFeature)) { |
| 299 SSL_CTX_set_short_header_enabled(ssl_ctx_.get(), 1); | 333 SSL_CTX_set_short_header_enabled(ssl_ctx_.get(), 1); |
| 300 } | 334 } |
| 301 | 335 |
| 336 SSL_CTX_set_msg_callback(ssl_ctx_.get(), MessageCallback); | |
| 337 | |
| 302 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, | 338 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, |
| 303 &TokenBindingAddCallback, | 339 &TokenBindingAddCallback, |
| 304 &TokenBindingFreeCallback, nullptr, | 340 &TokenBindingFreeCallback, nullptr, |
| 305 &TokenBindingParseCallback, nullptr)) { | 341 &TokenBindingParseCallback, nullptr)) { |
| 306 NOTREACHED(); | 342 NOTREACHED(); |
| 307 } | 343 } |
| 308 } | 344 } |
| 309 | 345 |
| 310 static int TokenBindingAddCallback(SSL* ssl, | 346 static int TokenBindingAddCallback(SSL* ssl, |
| 311 unsigned int extension_value, | 347 unsigned int extension_value, |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 391 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 427 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 392 return socket->PrivateKeyCompleteCallback(out, out_len, max_out); | 428 return socket->PrivateKeyCompleteCallback(out, out_len, max_out); |
| 393 } | 429 } |
| 394 | 430 |
| 395 #if !defined(OS_NACL) | 431 #if !defined(OS_NACL) |
| 396 static void KeyLogCallback(const SSL* ssl, const char* line) { | 432 static void KeyLogCallback(const SSL* ssl, const char* line) { |
| 397 GetInstance()->ssl_key_logger_->WriteLine(line); | 433 GetInstance()->ssl_key_logger_->WriteLine(line); |
| 398 } | 434 } |
| 399 #endif | 435 #endif |
| 400 | 436 |
| 437 static void MessageCallback(int is_write, | |
| 438 int version, | |
| 439 int content_type, | |
| 440 const void* buf, | |
| 441 size_t len, | |
| 442 SSL* ssl, | |
| 443 void* arg) { | |
| 444 SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); | |
| 445 return socket->MessageCallback(is_write, content_type, buf, len); | |
| 446 } | |
| 447 | |
| 401 // This is the index used with SSL_get_ex_data to retrieve the owner | 448 // This is the index used with SSL_get_ex_data to retrieve the owner |
| 402 // SSLClientSocketImpl object from an SSL instance. | 449 // SSLClientSocketImpl object from an SSL instance. |
| 403 int ssl_socket_data_index_; | 450 int ssl_socket_data_index_; |
| 404 | 451 |
| 405 bssl::UniquePtr<SSL_CTX> ssl_ctx_; | 452 bssl::UniquePtr<SSL_CTX> ssl_ctx_; |
| 406 | 453 |
| 407 #if !defined(OS_NACL) | 454 #if !defined(OS_NACL) |
| 408 std::unique_ptr<SSLKeyLogger> ssl_key_logger_; | 455 std::unique_ptr<SSLKeyLogger> ssl_key_logger_; |
| 409 #endif | 456 #endif |
| 410 | 457 |
| (...skipping 1483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1894 | 1941 |
| 1895 signature_result_ = error; | 1942 signature_result_ = error; |
| 1896 if (signature_result_ == OK) | 1943 if (signature_result_ == OK) |
| 1897 signature_ = signature; | 1944 signature_ = signature; |
| 1898 | 1945 |
| 1899 // During a renegotiation, either Read or Write calls may be blocked on an | 1946 // During a renegotiation, either Read or Write calls may be blocked on an |
| 1900 // asynchronous private key operation. | 1947 // asynchronous private key operation. |
| 1901 RetryAllOperations(); | 1948 RetryAllOperations(); |
| 1902 } | 1949 } |
| 1903 | 1950 |
| 1951 void SSLClientSocketImpl::MessageCallback(int is_write, | |
| 1952 int content_type, | |
| 1953 const void* buf, | |
| 1954 size_t len) { | |
| 1955 switch (content_type) { | |
| 1956 case SSL3_RT_ALERT: | |
| 1957 net_log_.AddEvent( | |
| 1958 is_write ? NetLogEventType::SSL_ALERT_SENT | |
| 1959 : NetLogEventType::SSL_ALERT_RECEIVED, | |
| 1960 base::Bind(&NetLogSSLAlertCallback, base::Unretained(buf), len)); | |
|
eroman
2017/02/17 22:16:51
Is Unretained() needed here, or is it just for doc
davidben
2017/04/18 20:51:17
Oh, I didn't realize they weren't needed. Removed.
| |
| 1961 break; | |
| 1962 case SSL3_RT_HANDSHAKE: | |
| 1963 net_log_.AddEvent(is_write | |
| 1964 ? NetLogEventType::SSL_HANDSHAKE_MESSAGE_SENT | |
| 1965 : NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED, | |
| 1966 base::Bind(&NetLogSSLMessageCallback, !!is_write, | |
| 1967 base::Unretained(buf), len)); | |
| 1968 break; | |
| 1969 default: | |
| 1970 return; | |
| 1971 } | |
| 1972 } | |
| 1973 | |
| 1904 int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out, | 1974 int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out, |
| 1905 size_t* out_len, | 1975 size_t* out_len, |
| 1906 int* out_alert_value) { | 1976 int* out_alert_value) { |
| 1907 if (ssl_config_.token_binding_params.empty()) { | 1977 if (ssl_config_.token_binding_params.empty()) { |
| 1908 return 0; | 1978 return 0; |
| 1909 } | 1979 } |
| 1910 bssl::ScopedCBB output; | 1980 bssl::ScopedCBB output; |
| 1911 CBB parameters_list; | 1981 CBB parameters_list; |
| 1912 if (!CBB_init(output.get(), 7) || | 1982 if (!CBB_init(output.get(), 7) || |
| 1913 !CBB_add_u8(output.get(), kTbProtocolVersionMajor) || | 1983 !CBB_add_u8(output.get(), kTbProtocolVersionMajor) || |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2049 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2119 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 2050 !certificate_requested_) { | 2120 !certificate_requested_) { |
| 2051 net_error = ERR_SSL_PROTOCOL_ERROR; | 2121 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2052 } | 2122 } |
| 2053 } | 2123 } |
| 2054 | 2124 |
| 2055 return net_error; | 2125 return net_error; |
| 2056 } | 2126 } |
| 2057 | 2127 |
| 2058 } // namespace net | 2128 } // namespace net |
| OLD | NEW |
