Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(237)

Side by Side Diff: net/ssl/openssl_ssl_util.cc

Issue 2728823002: Remove redundant 3-SHAKE mitigation. (Closed)
Patch Set: typo Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/openssl_ssl_util.h" 5 #include "net/ssl/openssl_ssl_util.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: 91 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:
92 return ERR_SSL_BAD_RECORD_MAC_ALERT; 92 return ERR_SSL_BAD_RECORD_MAC_ALERT;
93 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: 93 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:
94 return ERR_SSL_DECRYPT_ERROR_ALERT; 94 return ERR_SSL_DECRYPT_ERROR_ALERT;
95 case SSL_R_TLSV1_UNRECOGNIZED_NAME: 95 case SSL_R_TLSV1_UNRECOGNIZED_NAME:
96 return ERR_SSL_UNRECOGNIZED_NAME_ALERT; 96 return ERR_SSL_UNRECOGNIZED_NAME_ALERT;
97 case SSL_R_BAD_DH_P_LENGTH: 97 case SSL_R_BAD_DH_P_LENGTH:
98 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; 98 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY;
99 case SSL_R_SERVER_CERT_CHANGED: 99 case SSL_R_SERVER_CERT_CHANGED:
100 return ERR_SSL_SERVER_CERT_CHANGED; 100 return ERR_SSL_SERVER_CERT_CHANGED;
101 case SSL_R_CERTIFICATE_VERIFY_FAILED:
102 // The only way that the certificate verify callback can fail is if
103 // the leaf certificate changed during a renegotiation.
104 //
105 // TODO(davidben): This check has since moved within BoringSSL. Remove the
106 // Chromium-side machinery for it.
107 return ERR_SSL_SERVER_CERT_CHANGED;
108 // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after 101 // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after
109 // receiving ClientHello if there's no common supported cipher. Map that 102 // receiving ClientHello if there's no common supported cipher. Map that
110 // specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH to match the NSS 103 // specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH to match the NSS
111 // implementation. See https://goo.gl/oMtZW and https://crbug.com/446505. 104 // implementation. See https://goo.gl/oMtZW and https://crbug.com/446505.
112 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: { 105 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: {
113 uint32_t previous = ERR_peek_error(); 106 uint32_t previous = ERR_peek_error();
114 if (previous != 0 && ERR_GET_LIB(previous) == ERR_LIB_SSL && 107 if (previous != 0 && ERR_GET_LIB(previous) == ERR_LIB_SSL &&
115 ERR_GET_REASON(previous) == SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO) { 108 ERR_GET_REASON(previous) == SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO) {
116 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; 109 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
117 } 110 }
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
246 for (size_t i = 0; i < os_handles.size(); i++) { 239 for (size_t i = 0; i < os_handles.size(); i++) {
247 bssl::UniquePtr<X509> x509 = OSCertHandleToOpenSSL(os_handles[i]); 240 bssl::UniquePtr<X509> x509 = OSCertHandleToOpenSSL(os_handles[i]);
248 if (!x509) 241 if (!x509)
249 return nullptr; 242 return nullptr;
250 sk_X509_push(stack.get(), x509.release()); 243 sk_X509_push(stack.get(), x509.release());
251 } 244 }
252 return stack; 245 return stack;
253 } 246 }
254 247
255 } // namespace net 248 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_server_socket_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698